PDA

View Full Version : Provider-1, unable to add global policy.



hema_ckp
2009-04-15, 07:30
I'm new to provider-1. i'm setting up a evaluation setup for provider-1.
i have downloaded CP R70 Provider-1 and installed it. I have generated a license for the same and installed on Provider-1( 192.168.1.146). i have installed the provider-1 with a combined Manager and Container on 192.168.1.146 only.
I also have CP R70 Secure platform evaluation (1 month) with a smart center server and a gateway on a machine( 192.168.1.144), and install an allow all rule at the bottom.

I have installed the MDG on 192.168.1.106

I logged into 192.168.1.146 from 192.168.1.106 using the MDG.

I add a customer A by giving 192.168.1.144 address and it shows as acive.

Now i create a global policy to block some icmp traffic as the first rule.

Now i assign this policy to the Customer A and this rule does not get reflected in secure platform ( 192.168.1.144)

Why am i not able to install the global policy to the secure platform?

The other question is i'm not able to add a CMA to manage the provider-1 gateway. when i give 192.168.1.146 as the address, it says it is already used.
How do i manage the provider-1 ( 192.168.1.146) security gateway.

The admin guide says to add a CMA for the provider-1 also.

In the checkpoint user center i generated license for the provider-1 ? For evaluation purposes are there separate licenses for MDG and CMA ?

Again the admin guide mentions that during the trial period one could some CMAs.

I have only limited experience of working with NG AI R55 and NGX 6.5 only.

i'm trying to evaluate and understand provider-1 setup.

thanks in advance.



I assign this globa

sisu-up
2009-04-15, 11:35
When you assigned the global policy to the customer (CMA) did it actually work? When in the MDG you should be able to see if the customer did in fact get assigned to the policy. If this was successful, you then need to install the customer policy on the gateway for the global policy to take effect. You should see the global policy in the customer policy also.

If you do not see the global policy in the customer policy then you did not assign it properly.

Hope this helps.

hema_ckp
2009-04-16, 09:10
After assign the globaly policy to the customer and ticking to install the policy on the gateways, the dialog has this output:

Trying to connect to CMA at (GMT): 16Apr2009-12:58:26
Connection established
Command is Assign Global Policy and Install
Authenticated successfully
CMA rules and objects were loaded
Removing Global Rules from CMA database
Assign Global Policy operation started.
Removing Global IPS profiles.
Modifying Global Objects in CMA database
Adding Global Objects to CMA database
Copying all objects
Adding Global object gecho-reply to local database
Adding Global object gecho-request to local database
Adding Global object ginfo-reply to local database
Adding Global object ginfo-req to local database
Assign Global Policy operation finished successfully.

Starting Install Security Policy Process

Policy installation aborted - no candidates to install on

why is it saying in the last line that there are no candidated to install on ?
Whereas the 192.168.1.144 is a secure platform with a smart server also installed on it plus a firewall gateway.

hema_ckp
2009-06-22, 07:38
I need a CLI ,Which lists the all checkpoint devices in the management server.

How can I findout the list of checkpoint devices through the command line in R70(secure platform device )?

Could you please help me out in this ?