Defining encryption domains per VPN peer in CheckPoint

Vendors generally implement VPNs in a way where phase 1 and phase 2 settings are defined per VPN peer (aka 3rd party we will be establishing the VPN tunnel with) which gives us the flexibility in regards to subnets we will be using for phase 2.

CheckPoint, however, does things a little bit differently which can sometimes give us couple of hours of pain when troubleshooting. Learn how to force CheckPoint to switch to the “traditional” way of configuring phase 2 settings in this guide!

Continue reading

Zabbix – Monitoring SSL certificate expiry dates and alerting when it’s due to expire

Nowadays almost every website provides an encrypted way of communication between itself and end user. I would love to say it’s because web administrators these are concerned about their visitors’ data safety but, while that might also be true in some cases, browsers these days will show a big “ERRRR, SOMETHING’S WRONG!” warning message when we try to connect to a non-HTTPS website.

While obtaining the certificates is pretty much free nowadays (as long as we’re OK with the amount of trustworthiness we get by running a Let’s Encrypt! certificate) and some providers will even help us put them in the right place, we still have to remember to renew our certificates every now and then. If we don’t then, oh well. We’re back to square one because having expired certificate is as good as having no certificate at all when it comes to browsers screaming at us.

Continue reading

OPNSense – Monitor number of connected OpenVPN users with Zabbix

Hello everyone!

Recently I’ve been toying around with my new, fully featured lab. I couldn’t decide what kind of firewall I’d like to use (obviously considering the fact that I was trying to avoid getting anything commercial). I really enjoyed using pfSense in the past but felt like the UI was a bit dated. Fortunately, OPNSense exists!

After configuring everything and setting up remote access I decided to set up a Zabbix server in my new environment to keep an eye on various things. The one thing I couldn’t monitor, however, was the amount of remote users connected to my OpenVPN server hosted on my OPNSense firewall.

I read a couple of articles, as well as few stackoverflow questions and thought to myself – alright, that won’t be pretty. And it’s not. But hey, it works!

Continue reading

Deploying NGINX-based web server | Part 3 – Monitoring with Zabbix

It’s a great feeling to have a server! It’s lovely to have it running. It’s nice to know that it’s running. It’s not so nice to come back after few days just to find out our server has, in fact, decided to stop running.

In this article, I’d like to walk you through basic Zabbix installation on a new VM so in future we can set up some alerts that are going to warn us when something funny is happening to our precious website!

Unless the monitoring dies as well, of course…

Continue reading