• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 347
  • Last Modified:

Checkpoints !

Hello,

We have Checkpoint firewalls at branch offices which would be integrated to a Checkpoint Smart-center at the central HO.

I understand (although not sure) if its possible for us to edit / change the configurations for multiple of branch site firewalls at same time ? Does Smart-center permit such or is it the case that only one person can login to make changes to one given box ?

Thx in advance.




Regards,
AM.
0
rush2amol
Asked:
rush2amol
3 Solutions
 
deimarkCommented:
A single smartcentre can manage multiple firewalls and when we push the changes, it can go to more than one firewall at a time.

We can limit what firewalls users can modify through the user roles and permissions section, but in essence, the answer is yes.
0
 
ujitnosCommented:
At a given point of time, only one admin with read/write access can do changes in a SmartCenter Dashboard. If a second read/write admin tries to login, he/she will get a message saying that another admin is logged in, and he will have an option to login as a Read-Only user.
0
 
rush2amolAuthor Commented:
Hi Deimark, If I understand you correctly multiple admins can perfrom read/write in the smartcenter ? Can you pl. help in how we can do that ?
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

 
rush2amolAuthor Commented:
In addition to above can you gentlemen help me with following ? We are basically in mid of a migration and some things are really hurting us.

We are migrating from one Smart-center (under administration of different vendor) to another Smart-center (under our own administration). Is there a way like Cisco ASA that i can download the running configuration from one box using TFTP or FTP and upload it to another box ?

To my limited understanding of Checkpoint, i am not sure if above is possible, so that is why we have opted for a manual process where we are capturing a dump and re-writing the rules in the new Smart-center and to our misery this is increasing the opportunity to errors and lot of pains in the whole migration approach.

Your response would be highly appreciated. Thx in advance.




Regards,
AM.
0
 
FideliusCommented:
Hello,

Yes you can. SSH to management server, enter expert mode, and go to:
cd $FWDIR/bin/upgrade_tools/

Exit all SmartConsole GUI, and issue cpstop

Depending on version you have two options:
prior to R75.40
- use for export on old server:
./upgrade_export
- for import on new server:
./upgrade_import

Similar, for R75.40 and later:
./migrate export
./migrate import

Regards!
0
 
rush2amolAuthor Commented:
Ok great .. shall try this out.

Would it be ok if i can contact you via mail ? If i have any questions around this i would list them out and sent it across or perhaps have a IM chat.

*** email address removed - Qlemo ***

Thx in advance.
0

Featured Post

Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now