Unique Configurations
- /var/ace - RSA Authentication RSA Authentication (sdconf.rec, sdopts.rec (clientIP) , securID (node secret), sdstatus.12 (traffic info between FW and Auth Manager)
- trac_client_1.ttm for VPN MEP
/var/opt/CPsuite-R81.10/fw/conf/trac_client_1.ttm
make a backup copy of trac_client_1.ttm
search for :automatic_mep_topology
- Disable HTTP2 Header Length on VPN
To disable http2:
ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 IGNORE_ALPN_EXTENSION 1
cpstop;cpstart
To enable http2 again:
ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 IGNORE_ALPN_EXTENSION 0
cpstop;cpstart
No production impact, low risk.
- Configure Interface rx/tx rings
set interface eth1-04 rx-ringsize 1024 or (2048)set interface eth1-04 tx-ringsize 1024 or (2048)save config
- Configure Routes
- What is the OSPF cryptographic key 1 algorithm md5 secret
- What is tacacs-servers Key
set clienv on-failure continue
set clienv on-failure stop
Key Check outs and Validation
Install Checkpoint R81.10
Apply JHF
Apply Standard Template DNS/NTP
Configure Interface IP /Speed/Duplex
Configure Management Interface
Configure Bond interface if applicable
Configure Routing / Static/dynamic - ospf
Ship Firewalls to destination
Rack and Stack
Cable / Fiber Run
Out of band management Access
Duel Power Supply
Validate
Hostname
DNS
NTP
Interface, Subnet Mask, Broadcast Address,
Login Banner
Tacacs Login
Indeni
Day of Cutover
Sync with Management Server SIC issues
Import Interfaces
Push Policy
Apply License
Cluster
Routes
Logs to Management
Geo Blocks
