install vpn checkpoint di linux

link referensi dari sini

download disni :  https://drive.google.com/open?id=0B8GDi0lY8FDgQ0RCZVFFdVg4d3M

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk65210

SSL Network Extender E75

Rate This

Solution ID	sk65210
Product	SSL Network Extender
Version	E75
Platform / Model	Intel/PC
Date Created	09-Oct-2013
Last Modified	10-Feb-2016

Solution

Table of Contents

• Overview
• What's New
• Supported Security Gateways
• Endpoint Platforms
• Linux Supported Platforms
• E75 Documentation
• E75 Downloads

	For more information on Check Point releases see: release map, upgrade map, backward compatibility map.
	For more information on SSL Network Extender E75, refer to sk65669 (SSL Network Extender E75 Known Limitations).You can also visit our Mobile Access / SSL VPN forum or any other Check Point discussion forum to ask questions and get answers from technical peers and Support experts.
	See sk91060: Removing old Check Point packages and files after an upgrade.

Overview

SSL Network Extender is a secure connectivity framework for remote access to a corporate network. SSL Network Extender uses a thin VPN client installed on the user's remote computer that connects to an SSL-enabled web server. The web server and the client are in the same VPN.
Note: SSL Network Extender requires that Java is installed on the endpoint computer. Java is not installed on Mac OS X 10.7 (Lion). For more information see sk65144 (SSL Network Extender - Java Availablity).

What's New

These features are new for SSL Network Extender E75:

• Support for Mac OS X 64-bit.
• Support for new Linux platforms 32 and 64-bit.
• Proxy server auto-detection is now supported for browsers that run Java or ActiveX.
• Improved user experience that explains how to install Java when necessary.

Supported Security Gateways

This hotfix can be installed on top of these Security Gateways (refer to "E75 Downloads" section below):

• R70.40
• R71.40
• R75.10
• R75.20
• VSX NGX R67.10

Note: Any Security Gateway version higher than those listed above, includes SSL Network Extender based on E75 version. It is relevant for R76 and higher, as well.
Important: R70.40 Security Gateways must have the security hotfix installed as described in sk62410. Failure to do so can make the Security Gateway susceptible to attacks.

Endpoint Platforms

SSL Network Extender is supported on these Operating Systems.
Windows

• XP Home and Professional (SP2, SP3) (32-bit and 64-bit)
• Vista (SP1) (32-bit and 64-bit)
• Windows 7 (including SP1) Ultimate, Enterprise, Professional, and Home (32-bit and 64-bit)
• Windows 8 (all versions and editions, not including Windows RT)

Note: SSL Network Extender is not supported on 64-bit browsers in Windows.
Macintosh

• Mac OS X 10.6.8 (Snow Leopard) (32-bit and 64-bit)
• Mac OS X 10.7, 10.7.1, 10.7.2, 10.7.3, 10.7.4, 10.7.5 (Lion) (32-bit and 64-bit)
• OS X 10.8, 10.8.1, 10.8.2 (Mountain Lion) (64-bit)
• OS X 10.9.x (Mavericks)
• OS X 10.10 (Yosemite)

Linux

• Ubuntu 11.10 (32-bit and 64-bit)
• openSUSE 11.4 (32-bit and 64-bit)
• Fedora 15 and 16 (32-bit and 64-bit) (Requires xterm (standard terminal emulator) for deployment)
• RHEL 5.7 and 6.1 (32-bit and 64-bit)

Note: All Linux OSs require Oracle JRE to install.
Use the snx -h command to make sure that the SSL Network Extender client is installed correctly.

Linux Supported Platforms

Latest Linux Distribution	32-bit Prerequisites	64-bit Prerequisites
Ubuntu 11.10	libstdc++5 (i386)	libstdc++5 (amd64)
Ubuntu 12.04/12.10	libstdc++5 (i386)	ia32-libs libpam0g:i386 (the 32-bit version if libpam0g)
Ubuntu 14.04	libpam0g:i386 libx11-6:i386 libstdc++6:i386 libstdc++5:i386	libpam0g:i386 libx11-6:i386 libstdc++6:i386 libstdc++5:i386
openSUSE 11.4	libstdc++33	pam-32bit libstdc++33 32bit Install all dependencies required by pam and libstdc++33 packages.
openSuSE 12.2	compat-libstdc++	pam-32bit pam-modules-32bit compat-libstdc++.i586
Fedora 15	xterm.i686 libXaw.so.7 libstdc++.so.5	Xterm.86_64 (with libXaw.86_64 dependency) libX11.i686 pam-devel.i686 (which contains: libaudit.so.1, libcrack.so.2, lindb-4.8.so, libselinux.so.1, libpam.so.0) libstdc++.so.5
Fedora 16/18	xterm.i686 libstdc++.so.5	xterm.x86_64 (with libXaw.86_64 dependency) elf_utils-libelf.i686 libX11.i686 libaudit.so.1 libcrack.so.2 libdb-4.8.so libselinux.so.1 libpam.so.0 libstdc++.so.5
RHEL 5.7	None	None
RHEL 6.1	Same as Fedora 16 32-bit	Same as Fedora 16 64-bit

E75 Documentation

Important: You must read the instructions in the Release Notes before installing the relevant download.

• SSL Network Extender E75 Release Notes
• sk65669 - SSL Network Extender E75 Known Limitations
• sk67141 - SSL Network Extender not launching using 64 bit web browser in Windows
• sk90240 - SSL Network Extender E75 CLI Support for Mobile Access Blade

E75 Downloads

Important: Installing SSL Network Extender consists of two parts:

• Upgrading SSL Network Extender on Security Gateways
• Deploying the clients from the Security Gateways to endpoint devices

Upgrading SSL Network Extender on Security Gateways depends on your Security Gateway. Select the hotfix link that is relevant for your Security Gateway version and OS. Then you can continue deploying the clients from the Security Gateways to endpoint devices, as per the instructions provided in the SSL Network Extender E75 Release Notes.
Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.
SSL Network Extender E75 for Security Gateway R70.40

• SSL Network Extender E75 for Security Gateway R70.40 Hotfix - SecurePlatform
• SSL Network Extender E75 for Security Gateway R70.40 Hotfix - Solaris
• SSL Network Extender E75 for Security Gateway R70.40 Hotfix - IPSO
• SSL Network Extender E75 for Security Gateway R70.40 Hotfix - Windows

SSL Network Extender E75 for Security Gateway R71.40

• SSL Network Extender E75 for Security Gateway R71.40 Hotfix - SecurePlatform
• SSL Network Extender E75 for Security Gateway R71.40 Hotfix - Solaris
• SSL Network Extender E75 for Security Gateway R71.40 Hotfix - IPSO
• SSL Network Extender E75 for Security Gateway R71.40 Hotfix - Windows

SSL Network Extender E75 for Security Gateway R75.10

• SSL Network Extender E75 for Security Gateway R75.10 Hotfix - SecurePlatform, Solaris, IPSO and Windows

SSL Network Extender E75 for Security Gateway R75.20

• SSL Network Extender E75 for Security Gateway R75.20 Hotfix - SecurePlatform
• SSL Network Extender E75 for Security Gateway R75.20 Hotfix - Solaris
• SSL Network Extender E75 for Security Gateway R75.20 Hotfix - IPSO
• SSL Network Extender E75 for Security Gateway R75.20 Hotfix - Windows

Security Gateway VSX R67.10 Hotfix for SSL Network Extender E75

• Security Gateway VSX - R67.10 Hotfix for SSL Network Extender E75 - SecurePlatform, Solaris, IPSO and Windows

Related Links:

• Mobile Access Product Page
• Remote Access (VPN) / Endpoint Security Clients Product Page

This solution is about products that are no longer supported and it will not be updated

check port and service di hpux

netstat -af inet

netstat -anf inet

zabbix api

https://github.com/express42/zabbixapi

zabbix pdf report

v0.1 Beta
# - Generate dynamic PDF report from custom graphs 
# - All Hosts or Single Host
# - Timeperiods of Hour, Day, Week, Month, Year

paket yang penting harus terinstall di zabbix

untuk curl
curl.x86_64                        7.19.7-46.el6                     @base
libcurl.x86_64                     7.19.7-46.el6                     @base
libcurl-devel.x86_64               7.19.7-46.el6                     @base
python-pycurl.x86_64               7.19.0-8.el6                      @anaconda-CentOS-201303020151.x86_64/6.4

CENTOS: Sending Email using SENDMAIL, Relay via GMAIL

on request.

To send Email from Linux (Centos) shell using simple mail commands, you need to setup sendmail and use G-MAIL as relay (comes in handy). This was also required in radius manager setup where radius system sends various alerts to user like expiry alerts, quota alerts and my own customized alerting events.

First install required items.

1	yum -y install sendmail mailutils mailx sendmail-bin sendmail-cf cyrus-sasl-plain

Now issue following command to create Gmail authentication file in a folder in which you will add Gmail user name and password.

repo fedora

echo [fedora_repo] >> /etc/yum.repos.d/fedora_repo.repo #allow yum access to the fedora repo

echo name=fedora_repo >> /etc/yum.repos.d/fedora_repo.repo

echo baseurl=http://download1.fedora.redhat.com/pub/epel/\$releasever/\$basearch/ >> /etc/yum.repos.d/fedora_repo.repo

echo enabled=1 >> /etc/yum.repos.d/fedora_repo.repo

echo skip_if_unavailable=1 >> /etc/yum.repos.d/fedora_repo.repo

echo gpgcheck=0 >> /etc/yum.repos.d/fedora_repo.repo

yum -y install ssmtp

sed 's/^enabled=1/enabled=0/' -i /etc/yum.repos.d/fedora_repo.repo #disable fedora repo

install snx

http://kevin.deldycke.com/2012/04/check-point-snx-client-ubuntu/

yum install /lib/ld-linux.so.2 libX11.so.6 libpam.so.0 libstdc++.so.5

libgcc_s.so.1 must be installed for pthread_cancel to work

 yum install libgcc.i686

di centos drc simkpnas



link referensi : http://www.linuxquestions.org/questions/linux-newbie-8/libgcc_s-so-1-must-be-installed-for-pthread_cancel-to-work-4175474124/

How to fix /lib/ld-linux.so.2: bad ELF interpreter: No such file or directory

yum -y install glibc.i686


link referensi

http://www.howtodoityourself.org/how-to-fix-libld-linux-so-2-bad-elf-interpreter-no-such-file-or-directory.html

How To Configure ELB for HTTPS Listener – SelfSigned Certificate on AWS

Overview

The purpose of this guide is to configure Amazon AWS Load Balancer with 2 nodes (instance) and configure HTTPS Listener for Elastic Load Balancer (ELB).

We will install and configure OpenSSL Certificate that’s is self-signed certificate and we would be configuring “RSA”based chippers. 

OpenSSL Certificate may be configured for testing environments. OpenSSL (SelfSigned) certificate(s) should not be installed / configured for production environments.

To secure the environment, we will create a security group for ELB.

We would also need to configure stickiness if the request has been process from same node. It’s mandatory to enable it, if the application session replication is not supported. Amazon ELB supports round-robin (rr) method of Load Balancing.

The main purpose of load balancer is provide high availability.

Applies To

Amazon EC2 Instance

Windows 2012 Server

Security Group for communication between ELB and application instances

Pre-requisites

A minimum of 2 EC2 instances have to be running in order to configure ELB.

Common Name (ServerName)

OpenSSL files

Private key file in pem encoded format

Public key certificate file in pem encoded format

A http listener is already configured and working

Create – SSL Certificate

There is 3 step process to generate a SSL certificate.

Generate RSA Key File.

Create CSR (Certificate Signing Request) file.

Create SSL Certificate.

Create RSA Key File

First and foremost thing is the generate SSL certificate, is to generate RSA based chipper key generation, to generate the pem encoded format RSA key file with 2048 encryption bits, run the command; for easier identification we will name the file prefixing it as “-key” for the output file.

openssl genrsa -out reservopia-key.pem 2048

Create a CSR Key File

Next step is to create the CSR (Certificate signing Request) file which is also pem encoded format CSR file with the encryption algorithm to create CSR file, run the command; for easier identification we will name the file prefixing it as“csr” for the output file. 

Also you need to pass the RSA key file that was generated in the earlier step.

We will not set challenge password for the certificate.

openssl req -sha256 -new -key reservopia-key.pem -out reservopiacsr.pem

Create Certificate

Finally, we will create the certificate in a pem encoded format; for easier identification of the file we will name the file prefixing “-certificate” for the output file. You would also need to pass the “csr” and “-key” files for creating the certificate.

ARGUMENT	PARAMETER VALUE	COMMENTS
X509	NA	Self Signed Certificate
-days	365	Certificate Validity in Days
-in	reservopiacsr.pem	Input Certificate Sign Request
-signkey	reservopia-key.pem	RSA key File
-out	reservopia-certificate.pem	Output Filename

openssl x509 -req -days 365 -in reservopiacsr.pem -signkey reservopia-key.pem -out reservopia-certificate.pem

Install – SSL Certificate

Next step, after creating the certificate, you have to install it on the ELB HTTPS Listener port.
Alternatively, you can also perform the certificate installation via AWS CLI.

Configure Listener

Click on the “Load Balancers” and choose the Load Balancer Name where in you intend to install the created SSL certificate. Then click on “Listeners” tab and click on “Edit” button.

Edit Listener

Next step is to add the listener to add a new listener, click on “Add” button to add a new listener, configure listener according to the below table and click on “Change” option;

Listener Description	Option
Load Balancer Protocol	HTTPS (Secure HTTP)
Load Balancer Port	443
Instance Port	80
Cipher	N/A (Not Configured)
SSL Certificate	Change

 

Select Certificate

Next step is to choose “Certificate Type”, since we are deploying the certificate for testing environment, choose the option “Upload a new SSL certificate to AWS Identity and Access Management (IAM)”. 

Configure Certificate Information

Next step is to configure the certificate information in the respective fields; Open the respective files in a notepad, copy the contents of the file and paste it into the appropriate fields and click on “Save” button. 

Certificate Filed	Information
Certificate Name:*	Customizable or set it as Application Name
Private Key:*	RSA Key file contents “reservopia-key.pem”
Public Key Certificate:*	Public Key file contents “reservopia-certificate.pem”.
Certificate Chain:	Optional

Create Listener

After validating the certificate, certificate will be install on the Elastic Load Balancer and the listener is created automatically.

Create – ELB Security Group

After installing the certificate on ELB, next step is to secure the servers. In order to secure the environment we will create a new security group for ELB for communicating between the application servers for http and https access only.

Create Security Group

In order to create a new security group click on “Security Groups” and click on “Create Security Group”; Set security group name, description and most important choose the VPC wherein the ELB has been configured.

Add “Inbound” rules for http and https and source as anywhere and then click on “Create” button.

Configure Security

After configuring the inbound rules on the ELB security group, click on “Security” tab of the ELB and then click on“Edit” button.

ELB Security Group

Next step is to choose the security group that has been configured for “ELB” and click on “Save” button.

Configure App Security Group

In order to secure the application servers, we will configure inbound rules of application security group such that communication between ELB and application servers only is permitted.

Validate App Server Inbound Rules

After saving, validate the configured inbound rules and ensure the name of the “ELB Security group” in the source.

Configure Stickiness

Stickiness is one of the most important configuration when the application does not know as to how to handle sessions more than one server in a pool of servers, since the request would be sent in a round robin method unless stickiness is enabled.

Enable Stickiness

By default stickiness is disabled. To enable it click on “Edit” link.

Enable LB Cookies

In order to stickiness, cookie information has to be coupled with network packet; if application is able not able to session replication choose the option “Enable Load Balancer Generated Cookie Stickiness” option and leave blank “Expiration Period” and then click on “Save” button.

LB Stickiness Status

After saving, current stickiness configured will be displayed in the ELB description tab.