The upgrade_tools (or the migrate command) is a powerful and simple tool that allows us to perform a backup of our Checkpoint database, objects, policies…
Backing up periodically the Checkpoint configuration allows us to recover quickly from a disaster by setting up a new SMS (Security Management Server). This involves two steps:
Script that exports the Checkpoint configuration
This could … Read more
When trying to perform SNMP queries in an VSX environment, data related to virtual systems may be returned always as 0 value. By default, R77.10 and R77.20 vsx systems behave this way. For example, this is an SNMP query to get the concurrent connections of the phisical VSX and its virtual systems:
# /usr/bin/snmpwalk -v1 -c public 10.0.5.5 vsxCountersConnNum
… Read more
NAT (Network Address Translation) can be configured in our Checkpoint FW in 2 two different ways: Manual or Automatic
To configure the automatic NAT, the SERVER object properties has a NAT section.
So for example, if we want our host with internal private IP 10.10.50.50 to be published in Internet with public IP 188.8.131.52:
(I we only wanted … Read more
There are several reasons to force a failover on a firewall cluster (in this case a virtual system on a 2 node Checkpoint VSX cluster). For example, testing, analyzing or maintenance purposes.
First of all, we can check the cluster and virtual systems states by executing the command on the VS0 (on Gaia clish or expert mode):
… Read more