SMB units SMS files for VPN fine-tuning

G_W_Albrecht — Tue, 06 Mar 2018 15:35:28 GMT

SMB units SMS files for VPN fine-tuning are found in the CMP directories lib folder. There are several SKs for special configuration files on the SMS. For a SMS version managing a GW version, a special folder contains the - identically named - .def files. Here is an overview of the corresponding SKs:

sk108600 VPN Site-to-Site with 3rd party shows fine-tuning VPN for special purposes using the user.def or the crypt.def file on SMS according to GW version. sk44852 How to configure a Site-to-Site VPN with a universal tunnel and sk30919 Creating customized rules for Check Point Security Gateway - 'user.def' file only make use of user.def. The user.def itself is somehow special as it resides in the $FWDIR/conf/ folder and is named corresponding to the GW version it will configure. An example for SMB devices managed by R80.10 SMS:

1100 with R75.20.x $FWDIR/conf/user.def.SFWR75CMP
1100 / 1200R / 1400 with R77.20.x $FWDIR/conf/user.def.SFWR77CMP

The locations of the user.def is listed in sk98239 Location of 'user.def' files on Security Management Server, for location of the crypt.def file we have sk98241 Location of 'crypt.def' files on SMS. Another example for SMB devices managed by R80.10 SMS:

1100 with R75.20.x /opt/CPSG80R75CMP-R80/lib/crypt.def
1100 / 1200R / 1400 with R77.20.x /opt/CPSFWR77CMP-R80/lib/crypt.def

Also very important is the vpn_route.conf from sk69726 VPN Routing does not work and traffic to other satellites leaves in "clear" when setting up SmartLSM profile in Star Community and choosing option "To center and to other satellites through center".

And you can find the other relevant documents by searching for the filenames: ftp.def (sk61781), vpn_table.def (sk923312), implied_rules.def (sk92281), base.def (sk95147), table.def (sk98339) and communities.def (sk101052) in Support Center. To find all of them on the unit itself, in expert mode issue :

[Expert]# find /opt -name "xxxx.def"

It is very interesting that locally managed SMB units also have that files - crypt.def can be found there in /pfrm2.0/config[1 / 2]/fw1/lib/ and in /opt/fw1/lib/crypt.def. See Locally managed SMBs and .def files for details!

Re: SMB units SMS files for VPN fine-tuning

Steffen_Appel — Fri, 11 Apr 2025 09:42:01 GMT

On R82 for crypt.def you have all these_

/opt/CPSFWR77CMP-R82/lib/crypt.def
/opt/CPSFWR80CMP-R82/lib/crypt.def
/opt/CPSFWR81CMP-R82/lib/crypt.def
/opt/CPSFWR82CMP-R82/lib/crypt.def

Re: SMB units SMS files for VPN fine-tuning

_Val_ — Mon, 14 Apr 2025 06:52:03 GMT

Is this a question?

Re: SMB units SMS files for VPN fine-tuning

Steffen_Appel — Mon, 28 Apr 2025 14:15:05 GMT

No just an addition.

topic Re: SMB units SMS files for VPN fine-tuning in Spark Firewall (SMB)

SMB units SMS files for VPN fine-tuning

Re: SMB units SMS files for VPN fine-tuning

Re: SMB units SMS files for VPN fine-tuning

Re: SMB units SMS files for VPN fine-tuning