Professional Documents
Culture Documents
Initial setup:
login: admin
Password: admin (not displayed)
Welcome to the Nortel Switched Firewall initialization.
------------------------------------------------------------
[Setup Menu]
join - Join an existing SFD cluster
new - Initialize SFD as a new installation
restore - Restore this SFD from a backup taken earlier
offline - Initialize SFD for offline switchless maintenance
boot - Boot Menu
naap - Set NAAP VLAN id
exit - Exit
>> Setup#
Select New and enter the Ip address for Firewall director and subnet
mask(172.17.5.2/24).
Enter the cluster Master IP address (MIP): 172.17.5.1
Generate a new Secure Shell (SSH) host key for use secure remote
administration sessions.
Once the Setup utility has been used for basic system
configuration,CLI main menu will displays.
[Main Menu]
info - Information Menu
cfg - Configuration Menu
boot - Boot Menu
maint - Maintenance Menu
diff - Show pending config changes [global command]
validate - Validate configuration
security - Display security status
apply - Apply pending config changes [global command]
revert - Revert pending config changes [global command]
paste - Restore saved config with key [global command]
help - Show command help [global command]
exit - Exit [global command, always available]
>> Main#
>> # /cfg/pnp/add
Enter the IP Address: 172.17.5.2 (address of the Firewall Director)
Enter the Expiry date for the License: <Expiration date>
Enter the Feature string: <Feature string>
Enter the License string: <License string>
Successfully added license/IP
Insert the Check Point software CD-ROM into the SmartCenter station
drive. The installation program starts automatically.
Select the check boxes for the following items and click Next
SmartCenter
SmartConsole
Make sure Gateway option(s) are not checked. The SmartConsole
selection includes all of the GUI Client tools need for the SMART
Client that administers the Check Point features on the Firewall.
Specify a valid Check Point license for the SmartCenter Server. Select
the Fetch From File... or Add... button (below, left) and specify the
appropriate license data (below, right)
Click the Add… button (below, left) and enter login information for
SmartCenter administrators (below, right).
Add any remote management clients (also known as SMART Clients).
Click Approve button to verify that the finger print is the same as the
during installation of smart Center tool.
In the Topology section of the Check Point Gateway window, click Get
Topology. This button retrieves the interfaces that were configured
from the Firewall Director.
Use Central Licensing
From the SmartDashboard tool menu bar, select Rules | Add Rule |
Top. A new rule will be added to the rulebase. The default action of
the new rule is “drop,” indicating that all traffic from any source to
any destination will not pass through the firewall.
Change the action of the new rule to accept by right-clicking on the
drop action icon and selecting accept as the new action from the list.
Select the firewall cluster object and click on the OK button. If the
effort to push policies fails, click Show Errors. A common cause of
errors is an expired license. If this is the case, update the license on
the SmartCenter Server using SmartUpdate and push policies again.
Procedure to Add a user.
>> # /cfg/sys/user
Select a group.
Set a password.
Re-enter to confirm:aaaaa
>> # /cfg/sys/accesslist
>> # /cfg/dump
a.$CPDIR/database/*(with subdirectories)
b.$FWDIR/database/*(with subdirectories)
6.Copy the SIC key from the registry backup to the registry of the new
machine.
10. If a new primary object was created then both objects have the
same SIC name.This is must be corrected.
a.Close SmartDashboard
b.Use Check Point Database Tool or dbedit to clear the SIC name
from the old object.
d.Fetch policy from one of the modules you installed policy on.