CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 3 of 3

Thread: Standalone 2200 with R80.10 and up

  1. #1
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    380
    Rep Power
    15

    Default Standalone 2200 with R80.10 and up

    I recently needed to get a personal Check Point license for some development work I'm doing. Getting a new software license would be hundreds to thousands of dollars, while Check Point branded servers may come with a permanent license. 2200s are compact, relatively quiet, and particularly cheap used. Sounds like a perfect candidate for a personal box.



    First, a few things to note:

    Buying a used box is a risk. Used Check Point appliances don't always have a usable license. When a company decommissions a box, they can just stop renewing support for it, or they can "trade it in" for a small discount on another purchase. If the box is traded in, the license is permanently invalidates in Check Point's User Center. If the seller is willing to check the license for you, that can minimize the risk. A sales rep may also be able to look up the box's MAC address to tell you if the license is still valid.

    Check Point won't support doing this. It's only really good for personal labs. If you're going to go without official support, you may as well open it up and make a few improvements. Bumping the RAM to 4 GB is cheap. I would also recommend throwing an SSD in it. Even upgraded as far as it can go, though, a 2200 will never be a particularly fast box.



    I picked up a used 2200 with a valid license. Once I had it, I learned Check Point no longer supported them as standalone boxes or as SmartCenters as of R80. Firewall must be installed, and SmartCenter must not be installed. The initial configuration wizard doesn't allow you to select the option to install management.

    There's a tool called config_system which lets you specify answers to the initial config wizard in a file. It will then configure the system according to the values in that file. This is great for quick configuration of RMA devices and such. If you try to specify "install_mgmt_primary=true", it throws an error saying "Security Management must be false". Fortunately, it's really easy to patch out this check.

    config_system is actually a script. You can open and edit it. Here's an excerpt starting at line 1123:

    Code:
    # Validate Security Management configuration
    do_validate_mgmt() {
    
        # If Security Management is not editable, compare with default
        [[ "$MGMT_EDIT" = $FALSE && "$MGMT_DEFAULT" != "$install_security_managment" && 
    	"$install_mds_primary" != $TRUE && "$install_mds_secondary" != $TRUE && "$install_mlm" != $TRUE ]] && \
    	{ ERROR_MSG="$TAG_MGMT must be $MGMT_DEFAULT"; return 1; }

  2. #2
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    380
    Rep Power
    15

    Default Re: Standalone 2200 with R80.10 and up

    Remove the "return 1;" from the end of line 1129, and config_system will happily set up your 2200 as a standalone system.



    For some reason, I couldn't post (or preview) with that final line of explanation in place, so here it is in a reply.

  3. #3
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    380
    Rep Power
    15

    Default Re: Standalone 2200 with R80.10 and up

    I just confirmed the 2200 can handle 8 GB of DDR3 RAM in the form of two 4 GB SODIMMs. Mine have eight chips on each side, 16 chips per stick, so 256 MB per chip. I hear sticks with 512 MB chips don't work with the Atom D525, but I didn't find an explanation of why, and I don't have any such sticks available to test.

    With 4 GB of RAM, the system runs with the "Standalone 4GB to 7GB" profile, which results in 512 MB of CPM heap and 256 MB of API heap. With 8 GB of RAM, it switches automatically to the "Small Medium env resources profile", which results in 1 GB of CPM heap, but still just 256 MB of API heap.

Similar Threads

  1. CP FW 2200 blocking traffic
    By shahkalpeshj@gmail.com in forum R77.30
    Replies: 9
    Last Post: 2016-05-31, 10:33
  2. Upgrading Checkpoint appliance 2200 from R75.40 to R77.00
    By Shawshank in forum Installing And Upgrading
    Replies: 3
    Last Post: 2015-07-06, 03:57
  3. Upgrade from splat r75.40 to r77 - 2200 appliance
    By romgo75 in forum Installing And Upgrading
    Replies: 0
    Last Post: 2014-05-06, 08:59
  4. Management on 2200 Appliance
    By 20100 in forum Check Point 2012 Appliances
    Replies: 0
    Last Post: 2014-02-27, 23:53
  5. CP 2200 Appliance R75.10 - Cannot connect to WebUI
    By MULLE in forum Check Point 2012 Appliances
    Replies: 1
    Last Post: 2012-07-28, 10:33

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •