I think I ended up confused... and have my SecurePlatform with both the
FW/VPN engine, and the SmartCenter. I have the SmartConsole on the
Windows box. I licensed for the SmartConsole IP instead of a SmartCenter
IP.
Question -- in a small environmment such as mine (generally just a single
firewall), is there anything to be gained by installing the SmartCenter on
a different host than the enforcement module?
-Rick
On Mon, 1 Oct 2007, Sergio Alvarez wrote:
To add something to Reinhard's post... in local mode you can use any IP of
the firewall module, it doesn't really matter if it is an external or
internal interface.
It is important for you to be clear on the fact that SmartConsole is
actually just the console, which you can install on any desktop on your
network, the management server on the other side, is called SmartCenter. In
your case since you have your SmartCenter on a Windows machine, most likely
you also have SmartConsole installed on that same system.
Now, since you have been using local mode on your old Windows NG firewall
module and you are planning to replace it with a new machine running NGX
with different IPs then definitely you must go to the UserCenter and either
keep working with local mode and change the IP to one of the new ones, or
change to central mode and use the SmartCenter IP. Also, since you have been
working with NG, you must upgrade that license to NGX, as they work
different. Bare in mind you will need a valid software subscription for that
license, otherwise the Usercencer will not allow you to do the upgrade.
Regards
On 10/1/07, Reinhard Stich <[EMAIL PROTECTED]> wrote:
hi,
you can choose between:
'local license'
for every module (smartcenter, gateway1, gateway2, etc) you create
the license with an IP-address of the module. on the mgmt-server you
use the mgmt's IP, on the firewall-module you use any firewall's
'central license'
all licenses are defined with the managedment's IP and moved to the
gateway-modules using the "smartupdate" tool
br
reinhard
At 19:28 01.10.2007, you wrote:
I have a quick, dumb, question about IP addresses and licensing.
I've got an older VPN-1 gateway (version NG) running on a Windows
host that I am upgrading to new hardware and new software.
The new software will be the VPN UTM package running on
SecurePlatform. I've got the SecurePlatform and firewall software
installed on the new hardware, using temporary IP addresses for the
interfaces (since I will ultimately replace the old gateway and use those
IPs).
I have the SmartConsole software installed on a Windows box on the
inside network.
I thought I had read that when setting up the license in the
CheckPoint web site, that the IP address I should use was the IP
address of the management computer, so I used the IP of the Windows
system running SmartConsole. I trust I made the wrong choice?
My NG firewall was licensed in 'local' mode, so it's licensed
against the external IP address.
What IP address should the NGX be licensed on? Internal?
External? What is the difference between 'local' and 'central' mode?
-Rick
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
--
Reinhard Stich [EMAIL PROTECTED]
Internet Security AG, 1150 Wien, Johnstrasse 29
Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
--
Sergio Alvarez
(506)8301342
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
