CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it yet again - That's right, the 3rd edition is here!
You can read his announcement post here.
It's a massive upgrade focusing on current versions, and well worth checking out. -E

 

Conversation Between mcnallym and kevin_turner

11 Visitor Messages

Page 1 of 2 12 LastLast
  1. Please let me know if above steps are correct.
    if yes then:

    Q-1 Should we perform above steps by plugin the sync cable between both FW or without it.
    Q-2 Will this whole process interfere with the Active(secondary) FW which currently is passing the traffic? (as we want it to continue passing traffic after the primary comes back up as we will not be changing the priority of the FWs right now.
  2. I am planning to do the below steps, can u confirm if they r correct.

    We have restored from the backup we had so basically primary FW is ready & we just want to put it in the cluster & for the time being continue passing traffic to the secondary FW which is "active" right now.
    So this is what we are planning to do, please let me know if any modification is needed in the below steps:
    1) Go to FW module(secureplatform) & re-initialize SIC communication by entering activation key (all through CLI)
    2)Go to Dashboard & Reset SIC on the firewall object by :
    a)Double click on the Firewall Object on Policy
    b)Click on Communication.
    c)Click on Reset Button.
    d) Put the activation key
    e)Put the activation Key on Confirm Activation Key (this is the same we entered in Fw module)
    f)Click on Initialize button.
    g)Click on Test SIC status.
    h)Push the policy
  3. Hi mcnallym,

    We are currently running Checkpoint R55 AI on secureplatform in a cluster mode. A few days ago the primary module crashed and the secondary took over, so we have rebuilt a new Primary FW and have restored the config from backup.
    So now primary FW is ready, after plugging it what steps we need to follow so that both the FW are in Sync & steps to re-initialize the SIC(I think we need to do that for making it communicating to the smartcenter server).
  4. Hi,

    In ISP redundency, after setting up in the FW Properties, we will have 2 ISP with 2 different IP address, but if any external client connects to the FW, which IP will they use.....ISP1 IP or ISP2 IP?
  5. is it possible on the Checkpoint to create two VPN tunnels going to the same destination network, but terminating on different IP address vpn end points?.....how the checkpoints will work if we have two VPN tunnels going to the same destination network. For example will it load balance over the two VPN tunnels, or select one as the primary and if that fails use the other as backup.
  6. Two questions

    1) what does rule any-any-NBT-drop means?
    2) can 192.168.1.12(source) - 10.10.5.55(destination) - http - accept
    AND
    10.10.5.55(source) - 192.168.1.12(destination) - http - accept
    be put in single rule....if earlier they were in 2 different rules?
  7. Can you also tell me the steps to how to renew a certificate for cp_mgmt?
  8. Hi,
    i have done cprestart after sync the smartcenter and gui client clock....but stil getting the same message......when i backdated the smartcenter and gui client clock then it worked.......but the there is no trust between firewall and smartcenter server...........my smarcenter server and firewall is showing the status untrusted in the smarview monitor......and the staus between smarcenter server and amsterdam is showing OK......what should i do?....its such a mess.....help me!!!

    1 more thing.....if i reinitialize the SIC then u said that the VPN connectivity wil go down......so it wil go down for couple of min till the initialization is complete...right?......and do we need to do anything at the amsterdam and france firewall end too where we have site to site vpn connection from london?....1 important thing.....i have selected shared secret for SITE TO SITE VPN...so now also the vpn connectivity wil fail?

    I have also checked with ICA management tool that the certificate has expired.....how to create a new one...is this causing the problem?....plz give me steps by steps what to do?
  9. Kevin

    If you reset the SIC on the gateway then all VPN's to that gateway break as the gateway will do a cpstop;cpstart and load the initial policy that sits there only allowing the smartcenter to gateway connection. Until you get the policy reloaded then the VPN's are down. You would need to install to all to reinform them of the cert.

    if reset London then Amsterdam to London would fail and France to London would fail. Amsterdam to France would remain up.

    Regarding your SMARTCenter then set the correct time on the SMARTCenter and do a cprestart after setting the clock correctly.
  10. Hi...plz this is urgent.....

    if i want to re-initialize the SIC will my VPN connection break....i mean if i reset the sic in london wil the vpn in amsterdam,france etc break....if yest what can i do....or how can i reset SIC....i have the prob which i mentioned u earlier.....plz help me
Showing Visitor Messages 1 to 10 of 11
Page 1 of 2 12 LastLast