Check Point NG[s]AI

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to www.syngress.com/solutions and click on the Ask the Author form. You will also  gain access to thousands of  other  FAQs at ITFAQnet.com.

1.  

I see that there is a Read-Only option when I log into the GUI client. Is there a way to force a user to be read only all the time?

2.  

I ve installed my FW-1 inspection module on a separate machine as my Management module, and I m having trouble connecting to manage it now.

3.  

In older versions of FW-1, I could manually edit the objects.C file to alter or add objects. Can I still do this on FW-1 NG?

Answers

1.  

Yes. Using the cpconfig utility, you can add/delete/modify administrators. You can assign Read-Only permissions here. Note that, depending on the installed products, you may see a slightly different configuration panel. This panel also features a custom selection option, which allows different permissions for different Check Point components .

2.  

Make sure that you have properly set up the communication infrastructure. To do this, access the General panel of the workstation properties and select the Communication button. Verify that the Trust State is indicated as initialized or communicating.

3.  

The easy answer is no. Previously, there were two copies of the objects.C file. One existed with the management module, the other with the firewall module. This is no longer true. In Check Point FW-1 NG, the firewall module objects.C is created dynamically based on the objects_5_0.C file found on the management module. The preferred method of editing this file is through the use of the dbedit command (or the GUIdbEdit tool). Consult your documentation for the command reference.

Категории