CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 9 of 9

Thread: How to use LOM interface on CP 12600

  1. #1
    Join Date
    2012-12-28
    Posts
    31
    Rep Power
    0

    Default How to use LOM interface on CP 12600

    Hi Everybody,

    recently we get a new Checkpoint Appliance. This appliance has a LOM interface.
    Is there anybody who can tell me how I can configure a IP address and how I can use this interface?


    Thank you very much in advance for helping me.

    BR
    ABC

  2. #2
    Join Date
    2007-06-04
    Posts
    3,306
    Rep Power
    17

    Default Re: How to use LOM interface on CP 12600

    http://dl3.checkpoint.com/paid/12/CP...51e43&xtn=.pdf

    Is the LOM Admin Guide for 12000 and 4800 appliances at the risk of being an RTFMer.

  3. #3
    Join Date
    2012-12-28
    Posts
    31
    Rep Power
    0

    Default Re: How to use LOM interface on CP 12600

    Thank you! Unfortunately, I'm not authorized to open this link.
    But I'm already found an LOM Admin Guide.

    https://downloads.checkpoint.com/fil...AdminGuide.pdf

    But now, i've got a new issue. The ip address (192.168.0.100) isn't the right on, our I use the wrong subnetmask (I use /24).
    To reset the LOM interface it is required to enter the BIOS, but the BIOS is password protected.
    Is there anybody who know the default Checkpoint BIOS password? Our is it necessary to open a TEC case?!

    Thank you very much in advance.

    BR
    ABC

  4. #4
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    7

    Default Re: How to use LOM interface on CP 12600

    Hi guys,

    I looked over that LOM Guide, but I couldn't find anything about:
    - how to setup IP address from CLI (lomipset is pretty vague)
    - how to see status/link of LOM interface from CLI
    - any GUI place on Gaia where I can do the two above

    Thanks!

  5. #5
    Join Date
    2007-06-04
    Posts
    3,306
    Rep Power
    17

    Default Re: How to use LOM interface on CP 12600

    sk92986

    lomipset <LOM_IP_ADDRESS> <LOM_NETMASK> <LOM_DEFAULT_GW_ADDRESS>

    If on R77.10 or newer

    Failing that use the ipmitool which is listed more in that SK.

  6. #6
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    7

    Default Re: How to use LOM interface on CP 12600

    Quote Originally Posted by mcnallym View Post
    sk92986

    lomipset <LOM_IP_ADDRESS> <LOM_NETMASK> <LOM_DEFAULT_GW_ADDRESS>

    If on R77.10 or newer

    Failing that use the ipmitool which is listed more in that SK.
    Ok, I now found time to read this short sk.
    Now before I enable this - is anyone using it? If YES, what's the setup?

    I am concerned this LOM is not firewalled, meaning it hasn't its own access-list. I'd like to assign on it a public IP. What do you guys think?

  7. #7
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,030
    Rep Power
    15

    Default Re: How to use LOM interface on CP 12600

    LOM is supposed to be placed in a secured management access internal segment. Exposing it to internet directly without additional filtering, event with an access list, is an extremely bad idea. To understand the implications, it is an separate and very unsophisticated embedded linux board that can turn on and off your FWs. I believe you are capable to figure out the rest
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  8. #8
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    7

    Default Re: How to use LOM interface on CP 12600

    Quote Originally Posted by varera View Post
    LOM is supposed to be placed in a secured management access internal segment. Exposing it to internet directly without additional filtering, event with an access list, is an extremely bad idea. To understand the implications, it is an separate and very unsophisticated embedded linux board that can turn on and off your FWs. I believe you are capable to figure out the rest
    I put it behind our VPN concentrator - thanks for the follow-up.

  9. #9
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,030
    Rep Power
    15

    Default Re: How to use LOM interface on CP 12600

    Quote Originally Posted by laf_c View Post
    I put it behind our VPN concentrator - thanks for the follow-up.
    Now, this is already a much better way
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

Similar Threads

  1. Reset LOM password
    By michtan in forum Check Point Smart-1 Security Management Appliances
    Replies: 7
    Last Post: 2013-09-18, 12:47
  2. 21400 Appliance + R75.46 = Constant LOM error messages
    By TheOtherPete in forum Check Point Power-1 Appliances
    Replies: 1
    Last Post: 2013-06-12, 02:23
  3. reset Power-1 11065 LOM
    By cciesec2006 in forum Check Point Power-1 Appliances
    Replies: 15
    Last Post: 2012-01-12, 14:41
  4. How to reset the Power-1 Lights-Out Management (LOM)?
    By tnkflx in forum Check Point Power-1 Appliances
    Replies: 2
    Last Post: 2011-09-26, 16:36
  5. VPN between CP and non-CP:
    By Yasushi Kono in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 5
    Last Post: 2007-09-07, 10:45

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •