[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Configuring a mangement station to recognize another fi rewall

To: "'fw-1-mailinglist@lists.us.checkpoint.com'" <fw-1-mailinglist@lists.us.checkpoint.com>
Subject: RE: [FW1] Configuring a mangement station to recognize another fi rewall
From: "McMeekin, Scott" <Mcmeesm@rbos.co.uk>
Date: Mon, 11 Oct 1999 17:38:36 -0000


Assuming you've added your management station IP address into the Nokia's
masters file, and you have verified connectivity between the two machines...

To add a new firewall:

1) create the firewall object in the Manage->Network Objects dialog window
in the policy editor. Try to define all the information required for this
firewall at this time - it'll save you grief later. If you do nothing else,
make sure you define the interfaces (or get them via snmp). You'll thank me
for it.

2) If you're using a seperate management server, you need to get the
management server and the new firewall to exchange security keys so that
they can talk to each other securely:

  a) Stop any "system status" gui programs you may be running (I've noticed
     that if you do a putkeys for a firewall while this is running, it'll 
     crash the gui. No big loss, but I figured I'd mention it. =)

  b) on the firewall, as your admin user for the firewall s/w, type:

         fw putkey <ip address of the management server>
     e.g fw putkey 10.0.0.1

     You will be prompted for a password. Make this password seriously
obscure
     - use strong password selection - trust me. You'll never need to
remember
     it, as long as the two are talking ok.

  c) on the management station, as the admin user for the management
software,
     type:

         fw putkey <the LICENSED address of the new firewall>
     e.g fw putkey 10.0.0.254

3) Once this is done, you should be set and the two should be gibbering away
to
   each other quite happily. You can check this by simply running the System
   Status monitor - if the firewall shows up as a "?" then it's not working
-
   redo the putkeys on both machines and repeat.

Yes - if you've defined the firewall object in the policy editor and saved
the
policy, this will also have saved the new object database and you should be
allowed to send policies to the new firewall, assuming that you have set
that
firewall to have fw-1 installed, and set it to "internal".

regards,

Scott.

-============================-
 Scott McMeekin (x25086)
   Senior Technical Analyst
         IT Telecoms
  The Royal Bank of Scotland
  Phone: +44(0)1315235086
  Email: mcmeesm@rbos.co.uk
-============================-


> -----Original Message-----
> From:	Haji, Mohmed [SMTP:HajiM@logica.com]
> Sent:	Monday, October 11, 1999 2:43 PM
> To:	'fw-1-mailinglist@lists.us.checkpoint.com'
> Subject:	[FW1] Configuring a mangement station to recognize another
> firewall
> 
> 
> *** Warning : this message originates from the Internet ****
> 
> 
> Hello,
> 
> We have a single management module - single firewall configuration. We use
> the administration GUI to install policies onto the firewall. 
> 
> The firewalls are Nokia IP650 units running Checkpoint version 4.0 and the
> management module is a SUN solaris box. 
> 
> I wish to add a second firewall to the system. I have already configured
> the
> firewall so that it knows of the management station. I now need to tell my
> management station of the existence of this new firewall. How do I do
> this?
> Someone told me to use the FW PUTKEY command. Is this all that needs to be
> done? Can someone tell me the syntax just in case things go wrong?
> 
> Once I define the firewall as a firewall network object on the GUI, will I
> automtically be given the choice of installing the security policy on both
> firewalls?
> 
> Thanks in advance for any help. It's much appreciated.
> 
> 
> 
> 
> ==========================================================================
> ======
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
The Royal Bank of Scotland plc is registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB.

The Royal Bank of Scotland plc is regulated by IMRO, SFA and Personal Investment Authority.

This e-mail message is confidential and for use by the addressee only.  If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer.

'Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent.'



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Time limitation disable
Next by Date: Re: [FW1] Cable Modems
Prev by thread: Re: [FW1] Problem with range services
Next by thread: [FW1] License
Index(es):
- Date
- Thread