PDA

View Full Version : How to use LOM interface on CP 12600



abc150781
2013-05-08, 09:37
Hi Everybody,

recently we get a new Checkpoint Appliance. This appliance has a LOM interface.
Is there anybody who can tell me how I can configure a IP address and how I can use this interface?


Thank you very much in advance for helping me.

BR
ABC

mcnallym
2013-05-09, 03:41
http://dl3.checkpoint.com/paid/12/CP_4800_12000_LOM_AdminGuide.pdf?HashKey=136809235 0_13dc3af5b10a7aed522039f464051e43&xtn=.pdf

Is the LOM Admin Guide for 12000 and 4800 appliances at the risk of being an RTFMer.

abc150781
2013-05-10, 03:16
Thank you! Unfortunately, I'm not authorized to open this link.
But I'm already found an LOM Admin Guide.

https://downloads.checkpoint.com/fileserver/SOURCE/direct/ID/12676/FILE/CP_4800_12000_LOM_AdminGuide.pdf

But now, i've got a new issue. The ip address (192.168.0.100) isn't the right on, our I use the wrong subnetmask (I use /24).
To reset the LOM interface it is required to enter the BIOS, but the BIOS is password protected.
Is there anybody who know the default Checkpoint BIOS password? Our is it necessary to open a TEC case?!

Thank you very much in advance.

BR
ABC

laf_c
2017-09-22, 10:06
Hi guys,

I looked over that LOM Guide, but I couldn't find anything about:
- how to setup IP address from CLI (lomipset is pretty vague)
- how to see status/link of LOM interface from CLI
- any GUI place on Gaia where I can do the two above

Thanks!

mcnallym
2017-09-22, 12:06
sk92986

lomipset <LOM_IP_ADDRESS> <LOM_NETMASK> <LOM_DEFAULT_GW_ADDRESS>

If on R77.10 or newer

Failing that use the ipmitool which is listed more in that SK.

laf_c
2017-09-28, 14:45
sk92986

lomipset <LOM_IP_ADDRESS> <LOM_NETMASK> <LOM_DEFAULT_GW_ADDRESS>

If on R77.10 or newer

Failing that use the ipmitool which is listed more in that SK.

Ok, I now found time to read this short sk.
Now before I enable this - is anyone using it? If YES, what's the setup?

I am concerned this LOM is not firewalled, meaning it hasn't its own access-list. I'd like to assign on it a public IP. What do you guys think?

varera
2017-10-24, 04:01
LOM is supposed to be placed in a secured management access internal segment. Exposing it to internet directly without additional filtering, event with an access list, is an extremely bad idea. To understand the implications, it is an separate and very unsophisticated embedded linux board that can turn on and off your FWs. I believe you are capable to figure out the rest

laf_c
2017-10-24, 04:51
LOM is supposed to be placed in a secured management access internal segment. Exposing it to internet directly without additional filtering, event with an access list, is an extremely bad idea. To understand the implications, it is an separate and very unsophisticated embedded linux board that can turn on and off your FWs. I believe you are capable to figure out the rest

I put it behind our VPN concentrator - thanks for the follow-up.

varera
2017-10-24, 09:11
I put it behind our VPN concentrator - thanks for the follow-up.

Now, this is already a much better way