Check Point NG[s]AI

The beginning of this chapter started out by preparing you to install the Check Point VPN-1/FireWall-1 NG with Application Intelligence product on a computer. There are several steps you can take to prepare your host computer prior to turning it into a firewall. First, make sure that your hardware meets and exceeds the minimum system requirements provided by Check Point. You will then need to install a base operating system, apply OS patches, configure and test your network interface cards and DNS, enable IP forwarding, disable any unnecessary services, and populate your hosts file with at least the external IP address of your firewall, which is configured on the first interface card in your computer.

Next, you will need to prepare for the various Check Point installation screens, you should know in advance which server/gateway components to choose and to be prepared for the initial configuration options by obtaining a license in advance, deciding on administrators usernames, passwords, and privileges, and statically assigning IP addresses to your administrator s workstations so that you can add them as GUI clients .

If you are installing the VPN-1/FireWall-1 NG software on a Windows server, then you can start the installation wizard by inserting the CD or running windows \wrapper\demo32.exe. The SVN Foundation will be installed before any other Check Point components. After the installation wizard is done copying files, it will run through the initial configuration screens of Licenses, Administrators, GUI Clients, and then the CA initialization screens. Once the configuration is complete, you will need to reboot your firewall. To run the Configuration Tool again, select Start Programs Check Point SmartConsole R54 Check Point Configuration NG.

To uninstall the VPN-1/FireWall-1 NG software from a Windows System, you must uninstall the SVN foundation last. As the name suggests, this is the base of the VPN-1/FireWall-1 installation, and it cannot be removed prior to removing any components that depend on it. After uninstalling VPN-1/FireWall-1 you must reboot.

If you are installing the VPN-1/FireWall-1 NG software on Solaris 2.7 or 2.8, make sure you have the correct patches applied, and that you are in either 32- or 64-bit mode according to the system requirements in Table 2.1 in the beginning of the chapter. To install via CD-ROM, you will be running the ./UnixInstallScript. If you are installing from files, then you should unzip and untar the package, and then run pkgadd “d . from the directory where the package is located. The SVN Foundation package must be installed prior to installing VPN-1/FireWall-1; the UnixInstallScript will take care of this for you. After the installation program is done copying files, you will go through the initial configuration screens, which are Licenses, Administrators, GUI Clients, SNMP Extension, Group Permissions, and CA initialization. You can configure the firewall again at any time by running the cpconfig command. After installing VPN-1/FireWall-1, you must reboot.

After rebooting your firewall, an InitialPolicy will be installed that prohibits all connections to the firewall server. You can unload the InitialPolicy with the command fw unloadlocal . Keep in mind also that you must su to root with the dash ( su - ) in order to obtain the right environment variables to run the fw unload and most other FireWall-1 commands, including cpconfig .

To uninstall VPN-1/FireWall-1 on Solaris, use the pkgrm command. The first time you try to remove a Primary SmartCenter Server, the uninstall will fail. Simply run pkgrm a second time to successfully remove the package. Reboot your computer after uninstalling the VPN-1/FireWall-1 NG AI package.

If you are installing the VPN-1/FireWall-1 NG AI package on a Nokia appliance, make sure that you are on IPSO 3.7 before you begin. Like all the other platforms, you must install the SVN foundation prior to installing the VPN-1/FireWall-1 package. Also, you should reboot after each new package you install. You can toggle between installed packages in the Voyager GUI under the Manage Installed Packages link. Be sure to click Apply and Save after making any changes in Voyager. After the Check Point VPN-1/FireWall-1 package is installed, you must run cpconfig from the command line in order to finish the installation procedure.

Check Point s SecurePlatform provides a superb price/performance point while reducing administrative overhead and support complexity.

Категории