kiwi syslog server notes

You can setup several displays. Display 00 is default and is usually everything

Configure circular logging
Its a good idea to setup display 01 as (drop-deny)
Create a new rule call it drop/deny
Add a filter choose simple filter put in "drop" "deny"
Add the action of display and choose display 01
In the setup section go to display 01 and update the name to display 01 (drop-deny)
You can add other actions like send email etc
You can create lots of displays for VPN troubleshooting etc
Also enable the highlighting options, defaults are decent, you can edit as needed.

You can also tick an option to auto scale width to fit messages

I like this file name

E:\syslog\%IPAdd4-%DateISO.txt

Worth installing tail also. (cygwin is good)

packet capture on checkpoint firewall

Use the topology table on the checkpoint to see what interface you need to monitor

netstat -nr | grep x.x.x.x can be useful too

tcpdump -i eth5 -s0 host 192.168.1.50 -w /var/tmp/packet-capture.pcap


Copy your .pcap file off with win scp and open in wireshark

or read on CLI
tcpdump -r /var/tmp/packet-capture.pcap

hairpin / u-turn on ASA

Anyconnect NAT
Say you want anyconnect users to connect but then get to the internet via your public IP. You'll need the same securitycommands too

Same as your anyconnect pool
object network OBJ-10.50.150.0
 subnet 10.50.150.0 255.255.255.0

object network OBJ-10.50.150.0
 nat (OUTSIDE,OUTSIDE) dynamic interface


Hair-pin NAT
This is a NAT where I wanted to access a DMZ server on its public IP from the inside LAN
Need to set some objects up first.

nat (INSIDE,DMZ) source static OBJ-10.59.0.0-19 OBJ-10.59.0.0-19 destination static OBJ-SERVER-PUB-IP OBJ-172.59.0.10 no-proxy-arp 

Re-write DNS
Simple solution than above
object network DMZ-WEBSERVER
 nat (DMZ,OUTSIDE) static 100.190.220.74 dns

Use the created xlate to rewrite DNS record