PDA

View Full Version : Checkpoint R70.40 Manager re-install



oharek
2016-01-25, 16:03
Hello,

I have an older Checkpoint in my production network. Its working fine
Model: IP690
Software Release: 6.2-GA024
Software Version: releng 1 09.04.2009-042026

The server where SPLAT is installed is old and needs to be turned off soon (windows 2003). I have a R70.40 Manager pushing out the firewall rulebase (only about 25 rules on it)


I have a Checkpoint Smart 210 appliance with RR.30 GAIA on it. If i type in the rulebase would i be able to push out successfully to this older firewall. Or do i need to reinstall R70.40 on a new server and then re-connect

I am not that concerned about upgrading the actual firewall from 6.2-GA024 at this time

Thanks for any advice

Kevin

slowfood27
2016-01-25, 17:17
Hm, seems that you mix up things, makes an advice difficult

From what I can read you have

1. an "old " Check Point Environment consisting of:

A Nokia IP690 Gateway running IPSO 6.2, but which Version of Check Point Software?
A Windows 2003 based Mgmt Server running R70.40

2. a "new" Check Point environment consisting of
A Smart 210 Appliance running Gaia and R77.30, but is it a single Gateway Installation (Mgmt AND FW Gateway on the same machine), or is it a dedicated Mgmt Server as well?

Correct?
If we get the whole picture, we can start advising ;-)

oharek
2016-01-25, 20:27
Point 1 is correct with a version of Software Version: releng 1 09.04.2009-042026


Point 2 - the smart 210 appliance (R77.30 gaia) it is a dedicated Mgmt Server which I am using to push policies to 4 checkpoints on my corporate network (all working fine)



so - can I use the smart 210 appliance and create a new rulebase for this old checkpoint?
or do I do a new install on a new server


thanks in advance

EricAnderson
2016-01-25, 23:22
Point 1 is correct with a version of Software Version: releng 1 09.04.2009-042026

As slowfood27 said, this is the IPSO release, not the CP software version. Please verify what version is installed to ensure backward compatibility (see below).



so - can I use the smart 210 appliance and create a new rulebase for this old checkpoint?
or do I do a new install on a new server

As long as the Nokia box is running R65 or newer, you should be OK. R77.20 is "backward compatible" (able to manage) all versions of R7x and R65. You will, however, need to reset SIC before the Smart-1 210 can take over management. Be aware that this will generate a new certificate for the IP690.


-E

oharek
2016-01-26, 06:30
As slowfood27 said, this is the IPSO release, not the CP software version. Please verify what version is installed to ensure backward compatibility (see below).

The CP software version is R70.40


As long as the Nokia box is running R65 or newer, you should be OK. R77.20 is "backward compatible" (able to manage) all versions of R7x and R65. You will, however, need to reset SIC before the Smart-1 210 can take over management. Be aware that this will generate a new certificate for the IP690.


-E

The CP software version is R70.40

oharek
2016-02-08, 12:18
As slowfood27 said, this is the IPSO release, not the CP software version. Please verify what version is installed to ensure backward compatibility (see below).


As long as the Nokia box is running R65 or newer, you should be OK. R77.20 is "backward compatible" (able to manage) all versions of R7x and R65. You will, however, need to reset SIC before the Smart-1 210 can take over management. Be aware that this will generate a new certificate for the IP690.


-E

Scenario: I have a Smart 210 checkpoint Firewall manager and want to push out policy’s to an existing Firewall (details below)

Model IP690
Software release 6.2-GA024
Current software R70.40
New Manager R77.30

I have the Rulebase setup on the Smart210 but when I establish the SIC on both sides I can’t push out the policy. It gets to about 80% and then fails because of a license issue.

Do I need a new license installed on the Gateway or the Manager?
Do I need to do anything else to get this working?

PhoneBoy
2016-02-08, 13:11
The gateway itself needs a license.
Also your management must be licensed to managed the number of gateways you are attempting to manage.
Both of these can be installed from the management using SmartUpdate.

oharek
2016-02-15, 11:58
This is an old Checkpoint I took over and when I tried to push out the policy after resetting the sic - it did not work. So I had to reset the sic on the initial mgr and abort the changeover for now

How do I know if the Checkpoint installed on this IP690 is standalone or distributed ie is their a command I can run?

I think I need to check this first before I can go any further