Frequently Asked Questions

• Processing the wrong type of file?
• My Cisco switch has routing capabilities?
• Which files do I need to process CheckPoint configs?

Processing the wrong type of file?

Nipper looks for certain lines within a devices configuration file in order to determine whether or not it is processing the right type of configuration for the device type specified. This means that if you are processing a Juniper NetScreen device but have told Nipper that it is a Cisco PIX, it will stop.

This can cause problems if you only have access to a portion of a configuration, such as just the ACL from a Cisco PIX device. It can also cause problems if the configuration doesn't contain certain lines, Cisco wireless router configurations have been known to cause this issue. Nipper has an option to disable the configuration file checks in order to bypass this problem, it is --force.

If you experience this issue with a complete configuration, please let me know so that I can update the checks.

My Cisco switch has routing capabilities?

Process the configuration using the --ios-catalsyt option. If Nipper finds any routing configuration when processing the file, they too will be included in the security audit and configuration report.

Which files do I need to process CheckPoint configs?

The files that Nipper will need changes depending on where the configuration came from (firewall modules, management module or Nokia IP) and the name of the configured policy. The files required may also change based on the contents of other files. So on CheckPoint/Nokia IP devices, grab a copy of the whole "conf" or "database" directories (depending on your device). The directory containing the configuration files is then specified as the input, rather than a single file like for other types of device.