Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
G_W_Albrecht
Legend
Legend

SMB units SMS files for VPN fine-tuning

SMB units SMS files for VPN fine-tuning are found in the CMP directories lib folder. There are several SKs for special configuration files on the SMS. For a SMS version managing a GW version, a special folder contains the - identically named - .def files. Here is an overview of the corresponding SKs:

sk108600 VPN Site-to-Site with 3rd party shows fine-tuning VPN for special purposes using the user.def or the crypt.def file on SMS according to GW version. sk44852 How to configure a Site-to-Site VPN with a universal tunnel and sk30919 Creating customized rules for Check Point Security Gateway - 'user.def' file only make use of user.def. The user.def itself is somehow special as it resides in the $FWDIR/conf/ folder and is named corresponding to the GW version it will configure. An example for SMB devices managed by R80.10 SMS:

1100 with R75.20.x $FWDIR/conf/user.def.SFWR75CMP
1100 / 1200R / 1400 with R77.20.x $FWDIR/conf/user.def.SFWR77CMP

The locations of the user.def is listed in sk98239 Location of 'user.def' files on Security Management Server, for location of the crypt.def file we have sk98241 Location of 'crypt.def' files on SMS. Another example for SMB devices managed by R80.10 SMS:

1100 with R75.20.x /opt/CPSG80R75CMP-R80/lib/crypt.def
1100 / 1200R / 1400 with R77.20.x /opt/CPSFWR77CMP-R80/lib/crypt.def

Also very important is the vpn_route.conf from sk69726 VPN Routing does not work and traffic to other satellites leaves in "clear" when setting up SmartLSM profile in Star Community and choosing option "To center and to other satellites through center".

And you can find the other relevant documents by searching for the filenames: ftp.def (sk61781), vpn_table.def (sk923312), implied_rules.def (sk92281), base.def (sk95147), table.def (sk98339) and communities.def (sk101052) in Support Center. To find all of them on the unit itself, in expert mode issue :

[Expert]# find /opt -name "xxxx.def"

It is very interesting that locally managed SMB units also have that files - crypt.def can be found there in /pfrm2.0/config[1 / 2]/fw1/lib/ and in /opt/fw1/lib/crypt.def. See Locally managed SMBs and .def files for details!

CCSE CCTE CCSM SMB Specialist
0 Kudos
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events