General discussion

Locked

Checkpoint NG

By noelw ·
Do anyone have any information on Checkpoint NG Management Server? What I am trying to find out, can I install firewall-1 without setting up a Management Server. Also can I create/manage my security policies from the system that has Firewall-1 installed on it alone. I have read through the documents that came with the software, but no answers there.

Thanks

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Checkpoint NG

by mshavrov In reply to Checkpoint NG

You have to have at least one management server installed - it's integrated part of Checkpoint Firewall. Checkpoint Management Server implements policies to security points, holds authentication information, etc. You may have one Management Server and several Firewall modules under it's management, but you SHOULD have at least one.

You can install it to one machine, you can install it on separate machines. But when you choose to install firewall module, it should ask you IP address and password for Management Server and it won't install without that.

Regards,

Michael Shavrov
MCSE, CCSA, CCNA, CCDA

Collapse -

Checkpoint NG

by noelw In reply to Checkpoint NG

The question was auto-closed by TechRepublic

Collapse -

Checkpoint NG

by Joseph Moore In reply to Checkpoint NG

Try Checkpoint's document library:
http://cgi.us.checkpoint.com/rl/resourcelib.asp

hope this helps

Collapse -

Checkpoint NG

by noelw In reply to Checkpoint NG

The question was auto-closed by TechRepublic

Collapse -

Checkpoint NG

by null_connection In reply to Checkpoint NG

You do need a management console loaded somewhere, if only as a local management console on the firewall box itself. Although it is sometimes convenient to have a remote console, it's not required.

The earlier versions of Checkpoint installed a local management console by default on installation. I think NG still continues this practice. I not certain the local management console can be removed from a CheckPoint box. It wouldn't seem prudent to do so, in any case.

In practice, you will wind up doing a lot of your security configuration work directly on the CheckPoint box local console since a remote management console will not allow you to modify routing tables, or check OS event logs.

It would be a very bad idea to provide remote access via terminal services or 3rd party remote access software for these tasks. Follow instructions for pre-installation armoring of your operating system carefully before you install.

Good luck.

Collapse -

Checkpoint NG

by noelw In reply to Checkpoint NG

The question was auto-closed by TechRepublic

Collapse -

Checkpoint NG

by Some Guy in Seattle In reply to Checkpoint NG

Like all versions of Firewall-1, you can install just the firewall module itself. During installation, just select "Firewall-1/VPN-1" and then select "enforcement point" when it gives you that option. However, this is pretty useless by itself unless you have a management server that will be controlling it (accepting logs and pushing policy). You can load the management server on a separate machine in what's called a "distributed setup," or have everything on one box in a "standalone configuration." There's a lot to be said for having them on separate boxes, in that your firewall resources won't be taken up with anything other than firewalling, leaving your management server to deal with the hassles of logging, FW-1 GUI servicing, etc.You can also take down your management server at will for servicing without worrying about killing traffic through your firewall.

Hope that helps,

Collapse -

Checkpoint NG

by noelw In reply to Checkpoint NG

The question was auto-closed by TechRepublic

Collapse -

Checkpoint NG

by noelw In reply to Checkpoint NG

This question was auto closed due to inactivity

Back to Security Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums