Solved

Check Point Firewall on Nokia box

Posted on 2011-09-08
9
836 Views
Last Modified: 2012-05-12
How can I find out whether a Check Point Firewall installed on a Nokia box running IPSO is in "Legacy mode" or "Traditional Mode" ?
0
Comment
Question by:amacyber
  • 5
  • 4
9 Comments
 
LVL 18

Expert Comment

by:deimark
Comment Utility
Not sure what you mean here bud.

I know of a simplified and traditional mode as differernt types of VPN, but not sure what you mean by legacy mode.

To tell which type of VPN mode you are in look at smartdashboard.  If you have a policy action of "encrypt" and no option of defining a VPN community, then you are in traditional mode VPN.

If this does not answer your question, can you elaborate a little further?
0
 

Author Comment

by:amacyber
Comment Utility
When configuring VLAN on a Nokia based Check Point Firewall, the configuration of the monitored interfaces can either be in Legacy mode or Simplified mode:

1/ A Firewall is in Simplified Mode, when the command following is used to add the monitoring interfaces:

add mcvr vrid [vrid number] backup-address [backup address ip]

Example:
add mcvr vrid 160 backup-address 10.156.147.56

2/ A Firewall is in Legacy Mode, when the command below is used to add the monitoring interfaces:

set vrrp interface [name of interface to be monitored] monitored-circuit vrid [vrid number] monitored-interface [monitoring interface name] on
set vrrp interface [name of interface to be monitored] monitored-circuit vrid [vrid number] monitored-interface [monitoring interface name] priority-delta 2

example:
set vrrp interface eth-s39p40c39 monitored-circuit vrid 90 monitored-interface eth-s32p56c20 on
set vrrp interface eth-s39p40c39 monitored-circuit vrid 90 monitored-interface eth-s32p56c20 priority-delta 2

My question is how would you know that the firewall is in simplified or legacy mode and use the appropriate command?
0
 
LVL 18

Accepted Solution

by:
deimark earned 50 total points
Comment Utility
First of all. Look at using voyager to configure vrrp. Ot will be clearer for you to see the differences there bud.

I'd you are using later versions of ipso ie from 4.2 or later then always use simplified mode. Legacy mode is just that, legacy and is only needed on much older systems.
0
 

Author Comment

by:amacyber
Comment Utility
So from what you are saying by using voyager I should be able to spot the difference, is that correct?  
I am so used to the command line and always prefer to use it rather than voyager.  if the difference is clear in voyager, I am sure that there is a way to find out in the CLI.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 18

Assisted Solution

by:deimark
deimark earned 50 total points
Comment Utility
I normally prefer cli as well bud but voyager is a very good web ui and is certaiby preferred with nokia as check point.
0
 

Assisted Solution

by:amacyber
amacyber earned 0 total points
Comment Utility
Thanks demark, I will check Voyager to find the feature and come back to llet you know.
0
 

Author Closing Comment

by:amacyber
Comment Utility
Thanks Deimark for your help finding an answer.
0
 

Author Comment

by:amacyber
Comment Utility
deimark comments help me find the answer easily.
0
 
LVL 18

Expert Comment

by:deimark
Comment Utility
Glad I could help bud.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now