Firewall - Check Point

More documents

Recommendations

Info

ClusterXL45. When configuring a Nokia IP Cluster, do not set the primary or secondary interfacesto Network Objective Private. Check Point recommends setting a Nokia IP Cluster’sprimary interface to Network Objective Cluster, and its secondary interface toNetwork Objective Cluster or Sync.Platform Specific — Solaris46. When configuring virtual interfaces on Solaris GigaSwift interfaces, the ClusterXLproduct may not recognize the virtual interfaces in cases where no correspondingphysical interface is defined. If the virtual interface is not recognized, it will notrun a monitoring mechanism and eventually it will not perform failover. In order tomake ClusterXL work properly on such virtual interfaces, the corresponding physicalinterface must be defined. For example, when a CE device with an instance of 0 isdefined on the system, the /etc/hostname.ce0 file must be created and mustcontain some arbitrary IP address that will be assigned to the physical interface.47. ClusterXL does not support defining VLANs on Solaris bge interfaces.48. When configuring VLAN tags, set the IP address on the VLAN physical interface. Ifthe physical (untagged) interface is not used, the IP address can be any IP address.For example:If the physical interface is ce1, andthe VLAN interfaces are ce1001 and ce2001, thence1 must also have an IP address.49. ClusterXL in Unicast mode (Pivot) is not supported on Solaris when using VLANtagging.50. When using a Fujitsu GigEthernet NIC (fjgi and fjge interfaces) with Check PointLoad Sharing (CPLS) multicast, packets can be received when the interface is setto promiscuous mode only.51. The local.arp file is not supported on ClusterXL gateways running Solaris. In orderto use manual NAT on Solaris, use the following workaround:On the command line, run the following command:arp -s pubFor this command to survive boot, add a file under /etc/rc3.d/ (the name does notmatter), and on each line enter an IP address to be NATed and its correspondingMAC address.arp -s pubarp -s pubetc...Enterprise Suite NGX R61 Known Limitations Supplement Last Update — February 7, 2007 42
ClusterXLSave the file and chmod 777.Platform Specific — Windows52. On Windows platforms, when switching from High Availability Legacy to HighAvailability New Mode or Load Sharing, the CCP transport mode is set to broadcastinstead of multicast. A workaround is to toggle the CCP mode via the followingcommand on each cluster member: cphaconf set_ccp multicast.53. Disabling a network connection (interface) is not supported on ClusterXL gatewayson Windows platforms. A workaround is to:1. Disconnect the network cable.2. Wait 15 seconds and then set the network connection as disabled.3. Reconnect the network cable after another 15 seconds.If required to enable this interface again, do the following:1. Disconnect the network cable.2. Wait 15 seconds and set the network connection as enabled.3. Reconnect the network cable after another 15 seconds.Services54. When using T.120 connections, make sure you manually add a rule that allowsT.120 connections.ISP Redundancy55. In a ClusterXL ISP Redundancy configuration, the names of the external interfacesof all cluster members must be identical and must correspond in turn to the namesof the external interfaces of the cluster object. For example, if the cluster objecthas two external interfaces called eth0 and eth1 which are connected to ISP-1 andISP-2, respectively; each cluster member must have two external interfaces calledeth0 and eth1 which should be connected to ISP-1 and ISP-2 respectively.Policy Installation56. When installing policy on a cluster with a Layer 2 bridge defined, the installationmay fail with the following error: Load on Module failed. To resolve this issue, do thefollowing:1. Set the environment variable FW_MANAGE_BRIDGE to 1 on the SmartCenter server.This is done by updating the files $CPDIR/tmp/.CPprofile.csh andCPDIR/tmp/.CPprofile.sh so that they include the environment variableFW_MANAGE_BRIDGE 1.Enterprise Suite NGX R61 Known Limitations Supplement Last Update — February 7, 2007 43
Page 1 and 2: ......Check Point Enterprise Suite.
Page 3 and 4: Firewall4. When the Web Intelligenc
Page 6 and 7: Firewall28. When using SmartDirecto
Page 8 and 9: Firewall47. When connecting to the
Page 10 and 11: FirewallDynamically Assigned IP Add
Page 12 and 13: SmartCenterSmartCenterIn This Secti
Page 14 and 15: SmartCenter10. When upgrading Smart
Page 16 and 17: SmartCenter23. In order to be able
Page 18 and 19: SmartCentersaved. The solution is t
Page 20 and 21: 1. Using a text editor, open the fi
Page 22 and 23: SecurePlatform1. Log into SecurePla
Page 24 and 25: SecurePlatform23. The Dynamic routi
Page 26 and 27: SecurePlatform34. BGP is not suppor
Page 28 and 29: SecurePlatform56. In legacy High Av
Page 31 and 32: LicensingSmartView Monitor9. If a l
Page 33 and 34: Eventia ReporterEventia ReporterIns
Page 35 and 36: ClusterXLClusterXLIn This SectionUp
Page 37 and 38: ClusterXL11. When setting an interf
Page 39 and 40: • For other out of state messages
Page 41: ClusterXL37. If two or more interfa
Page 45 and 46: • For other OPSEC certified clust
Page 47 and 48: • For Flows acceleration, the mes
Page 49 and 50: SSL Network Extender7. To install S
Page 51 and 52: IntegrityIntegrityIn This SectionIn
Page 53 and 54: IntegrityWhen you change the settin
Page 55 and 56: IntegrityIn order to prevent contin
Page 57 and 58: IntegrityIntegrity clients that rec
Page 59 and 60: IntegrityIn search fields in the In
Page 61: Safe@Office firmware 5.0.82 or earl

Firewall - Check Point

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?