Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Check Point Firewall on Nokia box

Posted on 2011-09-08
9
Medium Priority
?
863 Views
Last Modified: 2012-05-12
How can I find out whether a Check Point Firewall installed on a Nokia box running IPSO is in "Legacy mode" or "Traditional Mode" ?
0
Comment
Question by:amacyber
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 18

Expert Comment

by:deimark
ID: 36508388
Not sure what you mean here bud.

I know of a simplified and traditional mode as differernt types of VPN, but not sure what you mean by legacy mode.

To tell which type of VPN mode you are in look at smartdashboard.  If you have a policy action of "encrypt" and no option of defining a VPN community, then you are in traditional mode VPN.

If this does not answer your question, can you elaborate a little further?
0
 

Author Comment

by:amacyber
ID: 36513691
When configuring VLAN on a Nokia based Check Point Firewall, the configuration of the monitored interfaces can either be in Legacy mode or Simplified mode:

1/ A Firewall is in Simplified Mode, when the command following is used to add the monitoring interfaces:

add mcvr vrid [vrid number] backup-address [backup address ip]

Example:
add mcvr vrid 160 backup-address 10.156.147.56

2/ A Firewall is in Legacy Mode, when the command below is used to add the monitoring interfaces:

set vrrp interface [name of interface to be monitored] monitored-circuit vrid [vrid number] monitored-interface [monitoring interface name] on
set vrrp interface [name of interface to be monitored] monitored-circuit vrid [vrid number] monitored-interface [monitoring interface name] priority-delta 2

example:
set vrrp interface eth-s39p40c39 monitored-circuit vrid 90 monitored-interface eth-s32p56c20 on
set vrrp interface eth-s39p40c39 monitored-circuit vrid 90 monitored-interface eth-s32p56c20 priority-delta 2

My question is how would you know that the firewall is in simplified or legacy mode and use the appropriate command?
0
 
LVL 18

Accepted Solution

by:
deimark earned 200 total points
ID: 36513807
First of all. Look at using voyager to configure vrrp. Ot will be clearer for you to see the differences there bud.

I'd you are using later versions of ipso ie from 4.2 or later then always use simplified mode. Legacy mode is just that, legacy and is only needed on much older systems.
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 

Author Comment

by:amacyber
ID: 36514181
So from what you are saying by using voyager I should be able to spot the difference, is that correct?  
I am so used to the command line and always prefer to use it rather than voyager.  if the difference is clear in voyager, I am sure that there is a way to find out in the CLI.
0
 
LVL 18

Assisted Solution

by:deimark
deimark earned 200 total points
ID: 36514462
I normally prefer cli as well bud but voyager is a very good web ui and is certaiby preferred with nokia as check point.
0
 

Assisted Solution

by:amacyber
amacyber earned 0 total points
ID: 36515978
Thanks demark, I will check Voyager to find the feature and come back to llet you know.
0
 

Author Closing Comment

by:amacyber
ID: 36555888
Thanks Deimark for your help finding an answer.
0
 

Author Comment

by:amacyber
ID: 36534593
deimark comments help me find the answer easily.
0
 
LVL 18

Expert Comment

by:deimark
ID: 36556163
Glad I could help bud.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out what's been happening in the Experts Exchange community.
A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question