• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 872
  • Last Modified:

Check Point Firewall on Nokia box

How can I find out whether a Check Point Firewall installed on a Nokia box running IPSO is in "Legacy mode" or "Traditional Mode" ?
0
amacyber
Asked:
amacyber
  • 5
  • 4
3 Solutions
 
deimarkCommented:
Not sure what you mean here bud.

I know of a simplified and traditional mode as differernt types of VPN, but not sure what you mean by legacy mode.

To tell which type of VPN mode you are in look at smartdashboard.  If you have a policy action of "encrypt" and no option of defining a VPN community, then you are in traditional mode VPN.

If this does not answer your question, can you elaborate a little further?
0
 
amacyberAuthor Commented:
When configuring VLAN on a Nokia based Check Point Firewall, the configuration of the monitored interfaces can either be in Legacy mode or Simplified mode:

1/ A Firewall is in Simplified Mode, when the command following is used to add the monitoring interfaces:

add mcvr vrid [vrid number] backup-address [backup address ip]

Example:
add mcvr vrid 160 backup-address 10.156.147.56

2/ A Firewall is in Legacy Mode, when the command below is used to add the monitoring interfaces:

set vrrp interface [name of interface to be monitored] monitored-circuit vrid [vrid number] monitored-interface [monitoring interface name] on
set vrrp interface [name of interface to be monitored] monitored-circuit vrid [vrid number] monitored-interface [monitoring interface name] priority-delta 2

example:
set vrrp interface eth-s39p40c39 monitored-circuit vrid 90 monitored-interface eth-s32p56c20 on
set vrrp interface eth-s39p40c39 monitored-circuit vrid 90 monitored-interface eth-s32p56c20 priority-delta 2

My question is how would you know that the firewall is in simplified or legacy mode and use the appropriate command?
0
 
deimarkCommented:
First of all. Look at using voyager to configure vrrp. Ot will be clearer for you to see the differences there bud.

I'd you are using later versions of ipso ie from 4.2 or later then always use simplified mode. Legacy mode is just that, legacy and is only needed on much older systems.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
amacyberAuthor Commented:
So from what you are saying by using voyager I should be able to spot the difference, is that correct?  
I am so used to the command line and always prefer to use it rather than voyager.  if the difference is clear in voyager, I am sure that there is a way to find out in the CLI.
0
 
deimarkCommented:
I normally prefer cli as well bud but voyager is a very good web ui and is certaiby preferred with nokia as check point.
0
 
amacyberAuthor Commented:
Thanks demark, I will check Voyager to find the feature and come back to llet you know.
0
 
amacyberAuthor Commented:
Thanks Deimark for your help finding an answer.
0
 
amacyberAuthor Commented:
deimark comments help me find the answer easily.
0
 
deimarkCommented:
Glad I could help bud.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now