Dear Checkpoint admins
I have a smartcenter server (NGX R62) and a gateway (NGAI R55) in distributed
configuration. I have to change the IP addresses assigned to the Smartcenter
and the gateway (the host address and the Ip assigned to the external
interface) as our ISP is changing our qos.
This is the procedure I intend to follow. Your feedback would be greatly
appreciated.
Usercenter
Generate a new central licence for the new IP.
Edit the central licence settings for each additional software item that has
been attached a central licence
Get the new central licence and save it to a licence file
Smartcenter server
Backup existing licences in the repository
Backup policies
Login to smartupdate
Detach the existing licence from the firewall module
Logout of smartupdate
Disconnect the gateway from the smartcenter server
Cpstop to stop all Checkpoint services
Change the IP address bound to the NIC
Modify the gateway IP address in tcp/ip settings
Edit the hosts file and include the IP address of the firewall module
Go into DBedit and modify the smartcenter server IP settings.
Login to Smart dashboard
Remove the firewall module object from any VPN communities that it is a
member of (site to site and remote access)
Go into the VPN properties of the firewall module and remove the IKE
certificate from the FW Module
On removal of the certificate, go into general properties on the firewall
module object
Uncheck VPN-1 Pro in the CheckPoint products list
Save the current security policy and close smartdashboard
On the Firewall module/gateway
disable the firewall.
change the host ip and the Ip assigned to the external interface as well as
the default gateway
Update the hosts file to match the new host IP
Enter the new smartcenter IP under access list
Reboot gateway
Reset SIC
On the Smartcenter
Login to smartdashboard
Delete the gateway object
Log out of smartdashboard
Login to smartupdate
Get the new licence from the licence file created earlier. The new licence
will be attached to the smartcenter server
logout of smartupdate
Connect the smartcenter server to the gateway
login to smartdashboard
Recreate the gateway object
On the gateway object, go into communication and enter the new SIC password
Attempt to re-establish trust with the gateway
Once trust is established, do a get topology on the gateway object.
Configure the interfaces as they were prior to deletion (external, internal,
this network, etc)
On the gateway object under General Properties, select VPN-1 as a Checkpoint
product
Re-add this gateway to each of the existing VPN communities that it was a
member of prior to removal.
Install policy
Logout of smartdashboard
Login to smartupdate and attach the licence to the firewall module
Logout of smartupdate
Regards
Shiroma
I
---------------------------------
Building a website is a piece of cake.
Yahoo! Small Business gives you all the tools to get online.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
