Solved

Check Point Firewall on Nokia box

Posted on 2011-09-08
9
849 Views
Last Modified: 2012-05-12
How can I find out whether a Check Point Firewall installed on a Nokia box running IPSO is in "Legacy mode" or "Traditional Mode" ?
0
Comment
Question by:amacyber
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 18

Expert Comment

by:deimark
ID: 36508388
Not sure what you mean here bud.

I know of a simplified and traditional mode as differernt types of VPN, but not sure what you mean by legacy mode.

To tell which type of VPN mode you are in look at smartdashboard.  If you have a policy action of "encrypt" and no option of defining a VPN community, then you are in traditional mode VPN.

If this does not answer your question, can you elaborate a little further?
0
 

Author Comment

by:amacyber
ID: 36513691
When configuring VLAN on a Nokia based Check Point Firewall, the configuration of the monitored interfaces can either be in Legacy mode or Simplified mode:

1/ A Firewall is in Simplified Mode, when the command following is used to add the monitoring interfaces:

add mcvr vrid [vrid number] backup-address [backup address ip]

Example:
add mcvr vrid 160 backup-address 10.156.147.56

2/ A Firewall is in Legacy Mode, when the command below is used to add the monitoring interfaces:

set vrrp interface [name of interface to be monitored] monitored-circuit vrid [vrid number] monitored-interface [monitoring interface name] on
set vrrp interface [name of interface to be monitored] monitored-circuit vrid [vrid number] monitored-interface [monitoring interface name] priority-delta 2

example:
set vrrp interface eth-s39p40c39 monitored-circuit vrid 90 monitored-interface eth-s32p56c20 on
set vrrp interface eth-s39p40c39 monitored-circuit vrid 90 monitored-interface eth-s32p56c20 priority-delta 2

My question is how would you know that the firewall is in simplified or legacy mode and use the appropriate command?
0
 
LVL 18

Accepted Solution

by:
deimark earned 50 total points
ID: 36513807
First of all. Look at using voyager to configure vrrp. Ot will be clearer for you to see the differences there bud.

I'd you are using later versions of ipso ie from 4.2 or later then always use simplified mode. Legacy mode is just that, legacy and is only needed on much older systems.
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 

Author Comment

by:amacyber
ID: 36514181
So from what you are saying by using voyager I should be able to spot the difference, is that correct?  
I am so used to the command line and always prefer to use it rather than voyager.  if the difference is clear in voyager, I am sure that there is a way to find out in the CLI.
0
 
LVL 18

Assisted Solution

by:deimark
deimark earned 50 total points
ID: 36514462
I normally prefer cli as well bud but voyager is a very good web ui and is certaiby preferred with nokia as check point.
0
 

Assisted Solution

by:amacyber
amacyber earned 0 total points
ID: 36515978
Thanks demark, I will check Voyager to find the feature and come back to llet you know.
0
 

Author Closing Comment

by:amacyber
ID: 36555888
Thanks Deimark for your help finding an answer.
0
 

Author Comment

by:amacyber
ID: 36534593
deimark comments help me find the answer easily.
0
 
LVL 18

Expert Comment

by:deimark
ID: 36556163
Glad I could help bud.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question