SMB units SMS files for VPN fine-tuning

Document created by Günther W. Albrecht on Mar 6, 2018Last modified by Günther W. Albrecht on Mar 26, 2018
Version 4Show Document
  • View in full screen mode

SMB units SMS files for VPN fine-tuning are found in the CMP directories lib folder. There are several SKs for special configuration files on the SMS. For a SMS version managing a GW version, a special folder contains the - identically named - .def files. Here is an overview of the corresponding SKs:

 

sk108600 VPN Site-to-Site with 3rd party shows fine-tuning VPN for special purposes using the user.def or the crypt.def file on SMS according to GW version. sk44852 How to configure a Site-to-Site VPN with a universal tunnel and sk30919 Creating customized rules for Check Point Security Gateway - 'user.def' file only make use of user.def. The user.def itself is somehow special as it resides in the $FWDIR/conf/ folder and is named corresponding to the GW version it will configure. An example for SMB devices managed by R80.10 SMS:

1100 with R75.20.x $FWDIR/conf/user.def.SFWR75CMP
1100 / 1200R / 1400 with R77.20.x $FWDIR/conf/user.def.SFWR77CMP

The locations of the user.def is listed in sk98239 Location of 'user.def' files on Security Management Server, for location of the crypt.def file we have sk98241 Location of 'crypt.def' files on SMS. Another example for SMB devices managed by R80.10 SMS:

1100 with R75.20.x /opt/CPSG80R75CMP-R80/lib/crypt.def
1100 / 1200R / 1400 with R77.20.x /opt/CPSFWR77CMP-R80/lib/crypt.def

Also very important is the vpn_route.conf from sk69726 VPN Routing does not work and traffic to other satellites leaves in "clear" when setting up SmartLSM profile in Star Community and choosing option "To center and to other satellites through center".

 

And you can find the other relevant documents by searching for the filenames: ftp.def (sk61781), vpn_table.def (sk923312), implied_rules.def (sk92281), base.def (sk95147), table.def (sk98339) and communities.def (sk101052) in Support Center. To find all of them on the unit itself, in expert mode issue :

[Expert]# find /opt -name "xxxx.def"

It is very interesting that locally managed SMB units also have that files - crypt.def can be found there in /pfrm2.0/config[1 / 2]/fw1/lib/ and in /opt/fw1/lib/crypt.def. See Locally managed SMBs and .def files for details!

1 person found this helpful

Attachments

    Outcomes