 | ||
 Need help with Edge x8's and management | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2006-09-08 | |||
| |||
 Need help with Edge x8's and management Our company is currently running R55 with a smart center server(Win2k), and two modules runing Secure Platform.(3 servers total). I am trying to get my Edge x8 devices to talk to my smart console server and have done the following: 1. moved smart center server to a DMZ to allow external access to the smart center server(only from Edge devices to smart center). 2. created a profile object in smart dashboard. 3. Created a VPN-1 Edge/Embeded Gateway. unchecked VPN (we only want to manage these devices, no VPN required), assigned an IP Address of the Edge device(external address of WAN interface on Edge device), assigned it to the profile object, generated a Registration key( is there somewhere to enter this on Edge device?), entered the MAC Address of the Edge. 4. Then tried to connect to service center on the Edge listing the external address of the smart center server. 5. created a rule on our external firewall to allow traffic from the edge device to the smart center server in the DMZ ( i can see the traffic from the edge device through the external firewall being accepted and routed to correct interface) What am I missing? Still can't connect. Started to look at SmartLMS, but can't seem to get that to start. Say no licence or not enable....tried running 'LMSEnable on' command from smartcenter server. I'm not even sure I need SmartLMS? Again, any help would be greatly appreciated. Steve  |
| 2006-09-08 | |||
| |||
| Re: Need help with Edge x8's and management You should enter the registration key on the edge when connecting to service center, in your case, the smartcenter. You can enter the key on the same page where you entered the ip address or host name for the Smartcenter. Are you allowing from edge---->smartcenter swtp_sms protocol?? And from Smartcenter----->Edge swtp_gateway protocol? |
| 2006-09-08 | |||
| |||
| Re: Need help with Edge x8's and management Thanks for the response!!! a little more detail... we have an external firewall that is managed by a third party(level3), and we also have the internal firewall modules with a smart center. we moved the smart center server to one of our dmz's so we didn't have to poke a whole to our internal network in order for the edge devices to comunicate with the smart center server. That is why we moved it to the DMZ. so....i have a rule/route in our external/managed fw for udp 9281/9282 traffic from the edge to the smart center. i don't have any rules defined on the internal fw modules, just the edge profile, and edge gw object have been created. i am not quite sure what it should look like....maybe? source: gw dest: smartcenter object vpn: any? (not using vpn) service: udp 9281/9282 Install on: one of my modules?both? maybe i am missing some other steps as well? |
| 2006-09-09 | |||
| |||
| Re: Need help with Edge x8's and management 1st rule: Src: Edge-obj Dst: Smartcnter VPN: Any traffic Service: swtp_sms(9282 udp) 2nd rule: Src:Smartcenter Dst: Edge-obj VPN: Any traffic Service: swtp_gateway(9281 udp) This you need to make initial contact with your smartcenter. Install these on the module where your DMZ is connected. Test from Smartcenter if you can reach the Edge on port 981(tcp),just to make sure connectivity is ok.From Edge webui go to servicecenter and contact Smartcenter. Make sure your VPN Domains are correct on module and Edge. Setup community, make rules, VPN should run than. |
| 2006-09-14 | |||
| |||
| Re: Need help with Edge x8's and management Thanks for everyone's help. I am finally comunicating with the Smart Center. After following your advice with the result of STILL not working, I took a step back, and started to look for other reasons. To my surprise, it was a layer 4 switch between the smart center server and the edge device. I had the management ports open on the layer 4, but didn't have UDP enable (was a sub menu item on the switch). Anyway thanks for all your help!!! One last question for you. Now that I can see the device, it says its connected and I see the log files from the device: How do I go about creating a rule base specifically for the edge devices? The edge devices were deployed before we had remote management working, and all have local rules installed. Ideally I would like to be able to pull the rule base from one device, and then push to the other devices we have installed. Hope this makes sense. Thanks. Steve |
| 2006-09-14 | |||
| |||
| Re: Need help with Edge x8's and management Steve, Good to hear connectivity is working with your smartcenter. Get rid of the rules which are deployed locally on you Edge. Smartcenter RULES now!;-) 2 options: You can fit in your rules for your Edge(s) on your existing rulebase and use the Edge objects in the ' install on' field in your rulebase as a target. Only these rules will be pushed to the Edge(s) Create new policy package and make separate rulebase just only for your Edges. 'File', ' new'. I hope this makes sense to you. Cheerz. |
| 2006-09-14 | |||
| |||
| Re: Need help with Edge x8's and management thank you dbedit. we will create a new policy package(just for edge devices - so we can push rules to just the edge devices and not affect other users) and I will remove all the rules from my edge device. |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
