Entering Expert Mode automatically on log in

This post is for dealing with Check Point SPLAT firewalls and other SPLAT based appliances. 

Why would I need this?  Well, for one, if you plan to use SCP to access your SPLAT box you must have this enabled.  Other than that, typically you only enter the SPLAT box command line interface if you need to do something, not just for fun.  Any changes or commands you need to run outside of the ‘sysconfig’ or ‘cpconfig’ menu systems, requires you to be in Expert Mode.  You used to have to edit a file using ‘vi’ which isn’t the most user friendly editing program, but there is now a new method.  I recently found this and wanted to share it since it SO much easier than before.  Enjoy!

 To enter Expert mode automatically on each login, perform the following steps:

  1. Enter Expert mode.
  2. Run the ‘chsh -s /bin/tcsh admin’ command (to work in tsch).
    Run the ‘chsh -s /bin/bash admin’ command (to work in bash).

To revert back to the default login shell:

    Run the ‘chsh -s /bin/cpshell admin’ command
    Note: ‘admin’ is the user name in the above commands and can be substituted for any user name you have on the box.

Cannot copy file_name: The path is too deep

Ever get this error “Cannot copy file_name: The path is too deep” when trying to drag-and-drop a file?  Were you going through a firewall?

I recently came across this error and it had us stumped for quite a while.  I found several articles online that didn’t quite identify it correctly or didn’t apply to my situation.  After digging around on the knowledge base of the firewall manufacture, Check Point in this case, I came across a real solution that worked.  It wasn’t easy to find, even on their site because the situation wasn’t the same, but I figured “what the heck, I’ll try it”, and it worked. 

The problem had to do with the default windowing size allowed through the firewall.  If you aren’t familiar, “windowing” is how TCP negotiates the transfer of data.  It is variable and starts out slow until it can negotiate an acceptable packet-to-acknowledgement rate for both parties.  For example, first we exchange packets by me giving  you one packet and you responding (acknowledging) that you received it.  Then we try say 10 packets to one, if that worked without corruption, we increase it.  So on and so forth until we get to a maximum agreeable rate that both of us are comfortable with and we get data transfered at a much higher speed.  All that to say this…

Check Point firewalls have a max windowing size of 10K by default.  This sometimes gives you the “Path is too deep” error, espescially when on a LAN going to a DMZ or some other interface on the firewall.  To fix it you will want to do the following:

To increase the window size, run the fw ctl set int fwtcpstr_max_window 65536 command.

Note: This command does not survive a reboot.

To make the command survive a reboot:

  1. On Linux or SecurePlatform, edit the $FWDIR/boot/modules/fwkern.conf file using vi.
  2. Set a parameter name to a value, e.g.,
    fwtcpstr_max_window=65536
  3. Run the fw ctl get int fwtcpstr_max_window command to verify whether the new value is applied on the OS properly.

After the procedure completes, users should be able to successfully copy the files.