What about advanced routing then ..... Help!!

[Sborrone]

I hoping someone can help.

I am running R65 Splat 2.6 on ESX 3i version 3.5 and it runs fine. BUT splat 2.6 is not supported on a virtual platform. I've installed the correct VE on splat 2.4 on one of our sites however this site doesn't require any routing entries or OSPF.

However, I now need to install a version that does support dynamic routing eg OSPF I know that I can update a file to keep the routes alive after a reboot but nothing to enable the advanced routing protocols?

I would expect the simple answer is to install splat 2.4!!

List of comparisons between VE and standard version


Please can anyone advise?

[Thorpuse]

SecurePlatform PRO is supported in the 2.4 kernel. At the command prompt, type in the command "pro enable" then reboot. Whether it's supported in VE is another question.

[Sborrone]

Many thanks for that, I don't see any difference at the moment but then again I've not conencted fw to a SmartCenter.

I'm just configuring a few boxes in my virtual lab environment to test.

Will let you know the outcome.

[Sborrone]

SecurePlatform PRO is supported in the 2.4 kernel. At the command prompt, type in the command "pro enable" then reboot. Whether it's supported in VE is another question.

Thanks again Thorpuse, Lab tests worked and just received confirmation from Check Point, VE is supported in SPLAT PRO format and "enable pro" is the way to go.

Check Point took their time in responding!

Thanks again...

[Thorpuse]

No worries - I received confirmation of exactly the same thing today as well.

Be interested to know if Vmotion works with it? CP claims it does, if you have the chance to test it let us all know.

[mcnallym]

They have updated the VE so that supports VMTools. The initial release didn't support VMTools, so didn't support vmotion.

[jeroen]

Hi mcnallym,

I have just downloaded the latest release of NGX R65 VE and the vmware tools are not installed. WHen I try to install tem it looks like Perl is requried.
Also, I cannot find on the checkpoint site anywhere where they say vmtools is supported.
Can you clarify a bit?

Thanks,

jeroeJ

[tomrowan]

You don't strictly need VMware Tools for vmotion... it's only a warning.

[ppetrovic]

hi,

SecurePlatform Pro will work with VPN-1 VE and I am using it in my infrastructure. Regarding the support, well to be honest I have raised several cases and the support team always resolved the problem. I have spoken to several guys from Checkpoint and they have said that it will run but if new issues are present (ones which are not registered on Secure Knowledge) then you do not have support.

I am running SecurePlatform Pro in ClusterXL environment with OSPF (Load-Sharing multicast) and iBGP (New HA mode).

Regarding vMotion, it will work only if you are using a single box for everything (SmartCenter and Security Gateway). In all other scenarios vMotion is not supported, this can cause issues in clustered environments.

[CBN_IN_NZ]

i talked to our local VM SE and he said checkpoint werent even keen to do a demo for them :-)

should download this and have a play, gotta be better than vshield!!

cheers,

[ppetrovic]

Hi,

Well I have participated in the EA and its a lot better than vShield zones. I have deployed it in the Avatar mode and L3 mode. Avatar allows you to inspect inter-vm traffic in the same subnet with IPS signatures and other stuff. I would like to have DLP embedded (IMO).