Wednesday, January 20, 2016

RMA or Rebuild a Checkpoint Firewall Cluster -


Checkpoint Firewall - 

  1. Checkpoint-special-config-files   
  2. RMA Rebuild FW   
  3. Checklist Build  First Time Gaia Configuration      
  4. Backup-Restore   
  5. Upgrade-7710-to-7720-take-150-task list
  6. Installing Checkpoint Gateway            
  7. Upgrade FWM Cluster - R7720 to R77.30
  8. FWM- Sync-Migrate_Export
  9. SSL Inspection

Revert back to factory default
--------------------------------
Example:
dlpdemo> set fcd revert Gaia_R77.20
reverting to factory defaults Gaia_R77.20
dlpdemo>
Broadcast message from admin (Tue Jan  6 13:38:20 2015):

The system is going down for reboot NOW!


1. Copy the configuration file from "# to backbone off" to a file call config
2. Revert back to factory default
3. From console login admin/admin
4. gw-36a7cb>
5. expert mode
6. vi file call config
7. copy and past last configuration into config file.
8.Load configuration  eg gw-36a7cb>> set clienv on-failure continue
8. Load configuration eg gw-36a7cb> load configuration config
9. Setup management interface and turn it on
set interface eth3-04 state on
set interface eth3-04 ipv4-address 10.15.249.117 mask-length 28
set management interface eth3-04
5. Run the first time WebUI https://10.15.249.117  First Time WebUI

-----------------------------------------------------------------------
revert back to factory default
-----------------------------------------------------------------------
Example:
dlpdemo> set fcd revert Gaia_R77.20
reverting to factory defaults Gaia_R77.20
dlpdemo>
Broadcast message from admin (Tue Jan  6 13:38:20 2015):

The system is going down for reboot NOW!


copy the configuration file from "# to backbone off" to a file call config
then load config   eg gw-36a7cb> load configuration config
run the first time WebUI

----------------------------------------
How to Load Configuration to a Gateway
----------------------------------------
[Expert@gw-36a7cb:0]# exit
exit
gw-36a7cb> load config
gw-36a7cb> load configuration config
In order to complete the configuration, you also need to save configuration and reboot.
Command (tecli) already exist in the database.
Processing line 178 out of 403


-------------------------------------------------

1.backup the following:
license
fwkern.conf
show configuration   - (remove the SNMP stuff for interfaces - it would not import)
ace files
track.ttm file


2. install R77.20
vi create config  - paste show configuration
load configuration config

3. Web wizard via https://myvpn-fwa.domain.com:4434
fw uninstall  (otherwise it will stuck at 99%)

4. install Take 91
reboot

5. reset sic
push policy (which create /var/ace directory)
copy ace file
copy track.ttm file
copy fwkern.conf file (important for ClusterXL to function)

6. reboot
install GA fw1
install GA Sim



[Expert@myvpn-fwa:0]# cat $CPDIR/conf/cp.license
Sign {
LICENSE 10.10.7.250 never CPAP-SG1260X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS CPSB-URLF CPSB-APCL CPSB-AV CPSB-ABOT-L CPSB-ASPM CK-00-1C-7F-36-A8-05
}= 76sdQuNjnhC4AGzuG4ZwfdTixxBbbv9JBsk Index=3 Version=0
[Expert@myvpn-fwa:0]#

[Expert@myvpn-fwa:0]# cat /var/opt/fw.boot/modules/fwkern.conf
fwha_mac_magic=218
fwha_mac_forward_magic=217
[Expert@myvpn-fwa:0]#

[Expert@myvpn-fwa:0]# fw ctl arp
No proxy ARP entries
[Expert@myvpn-fwa:0]# netstat -rn | wc -l
298
[Expert@myvpn-fwa:0]#




Posted by at