Tag Archives: firewalls

CheckPoint Firewalls Can Suck My Whole Ass

Fuck CheckPoint, and fuck the people who both make them and buy them.  Yes, you!  Assholes!  Seriously?  It’s fucking 2009 and you’re still making a firewall product that requires motherfucking WINDOWS to configure?  No command-line interface at all?  The first time I used a CheckPoint firewall in NINETEEN NINETY SEVEN (12 years ago), it had the same limitations.  Back then it was passable, but now?  Now it’s just insulting.

The CheckPoints we have at work are to support 3rd parties and acquisitions.  We would never fucking actively use this bullshit.  NO fucking way.  Everything is color-coded and iconic, so I guess for enterprise donkeys who don’t know jack shit about security, maybe this is a plus.  But let’s be totally honest here:  It’s definitely not helping humanity progress.

MY PACKETS ARE GREEN, THAT MUST MEAN THEY ARE OK!

I am a Mac user, so to configure the CheckPoint firewalls we have at work I have to use Remote Desktop Connection into a Windows terminal server we have SPECIFICALLY for managing these firewalls.  So I TS into this machine, fire up the GUI-only Dashboard client, and then have to struggle thru managing firewall policies thru an archaic interface that literally has not changed in the twelve years since I first used it.

You’d think that would make me a pro, but no.  It just fucking pisses me off.  I can’t automate the shit, I can’t even dump the configuration files in a plain-text format.  No, that would be too motherfucking convenient.  No, no, no.  They’re stored in a proprietary binary format.  The absolute worst part is that everything has to be hand-entered line-by-line.  Click OK.  Are you sure?  Are you sure you’re sure?  YES DAMMIT JUST ADD THE FUCKING POLICY!

OH MY GOD I THINK I JUST MURDERED SOMEONE.

So if you’ve ever bought a CheckPoint firewall.  FUCK YOU.

If you make the CheckPoint firewalls.  FUCK YOU TOO.

FUCK FUCK FUCK FUCK FUCK

Gonna go smash my skull against the wall until the pain stops…

Creating read-only user accounts on ScreenOS

Need to create a read-only account on a NetScreen (ScreenOS 6.x or lower) firewall?

It’s simple:

netscreen(M)-> set admin user nocadmin password abc123 privilege read-only
And there you have it. Now let’s test it:
% ssh nocadmin@netscreen
nocadmin@netscreen's password:
For Authorized Use Only, Violators Will Be Prosecuted.
netscreen(M)->
It works! Notice the limited command set available:
netscreen(M)-> ?
exit                 exit command console
get                  get system information
mtrace               multicast traceroute from source to destination
ping                 ping other host
trace-route          trace route
netscreen(M)->
Now hop to it!