Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Lluis_Sole
Participant
Jump to solution

R80.10 Migration Uniqueness name problem

Just finished to import my policy and configuration from R77.10 to a new Management R80.10.

Some uniqueness name errors apeared and all of them could be solved until this one:

One of the node names in the Checkpoint FW object is "fw1" like the service "FW1" (port 256), neither of them allow me to change his names.

Service it seems to be read only ... and I suspect that changing node name isnt an option in the Management.

There is a way to solve this?

Thanks.

UPDATE: As described in sk40179 FW1 or fw1 are reserved names... Smiley Sad

The solution is to change the cluster node object resetting the SIC.

I'm thinking to change predefined service name FW1 using   some advice about it?

dbedit> print services FW1

Object Name: FW1
Object UID: {97AEB388-9AEA-11D5-BD16-0090272CCB30}
Class Name: tcp_service
Table Name: services
Last Modified by: System
Last Modified from: localhost
Last Modification time: Mon May  7 13:03:06 2018
Fields Details
--------------
    aggressive_aging_timeout: 600
    color: firebrick
    comments: Check Point Security Gateway Service
    default_aggressive_aging_timeout: 0
    delayed_sync_value: 30
    enable_aggressive_aging: true
    enable_tcp_resource: false
    etm_enabled: false
    has_detect: false
    include_in_any: true
    inspect_streaming: NULL
    is_default_aggressive_timeout: true
    port: 256
    prohibit_aggressive_aging: false
    proto_type: NULL
    protocol_uuid:
    reload_proof: false
    service_port_type: customize
    spoofed_rst_detect: true
    src_port:
    sync_on_cluster: true
    timeout: 3600
    type: Tcp
    unified_streaming: NULL
    updated_by_sd: false
    use_default_session_timeout: true
    use_delayed_sync: false

1 Solution

Accepted Solutions
Dave_Hoggan
Contributor

Hi Lluis,

I had this exact issue a couple of months ago and, like you, resolved it my changing the gateway name.

I don't think it would be recommended to change the name of a pre-defined service as it could cause issues next time you upgrade. 

Dave

View solution in original post

4 Replies
Dave_Hoggan
Contributor

Hi Lluis,

I had this exact issue a couple of months ago and, like you, resolved it my changing the gateway name.

I don't think it would be recommended to change the name of a pre-defined service as it could cause issues next time you upgrade. 

Dave

PhoneBoy
Admin
Admin

FW1 has long since been a reserved word.

Unfortunately, SmartDashboard (and predecessors) didn't always block creation of objects with this name.

In R80.x we block modifications to default services.

0 Kudos
Lluis_Sole
Participant

SOLVED: Finally we changed the gateway name.

We reset the SIC to change the node name:

Management shell:
  1. [Expert@HostName]# cp_conf sic init New_Activation_Key norestart
  2. [Expert@HostName]# cpwd_admin stop -name CPD -path "$CPDIR/bin/cpd_admin" -command "cpd_admin stop"
  3. [Expert@HostName]# cpwd_admin start -name CPD -path "$CPDIR/bin/cpd" -command "cpd"
Smart Dashboard:
  1. Click on the Security Gateway object.
  2. Click on 'Communication'.
  3. Click 'Reset' and confirm.
  4. Enter the New_Activation_Key (that was used in the 'cp_conf sic init ...' command on Security Gateway).
  5. Click on 'Initialize'.
  6. Install policy, if needed.

Thanks

0 Kudos
dc-checkpoint
Explorer

Sorry to revive such an old thread but I have the same situation and checkpoint told me to follow:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

I'm questioning the need to remove the cluster itself from every VPN community and disable VPN blade before renaming the member firewall.

Did you have to do that in order to get the name changed?  They are stating without that step it may cause IPSec VPN issues.  Did you experience any?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events