Under R80.30 it is possible to encrypt CCP traffic. This is very useful to protect the cluster from manipulated CCP packets. Therefore new commands have been implemented on the CLI for this purpose.
This command also shows the current status “on" or "off” of the CCP encryption on the cluster:
# cphaprob ccp_encrypt
clish> show cluster members ccpenc
With the following command the encryption can be permanently enabled on the fly:
# cphaconf ccp_encrypt on
In this way the encryption can be disabled on the fly
# cphaconf ccp_encrypt off
More informations see here:
https://community.checkpoint.com/docs/DOC-3546-r8030-securexl-ccp-encryption
➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips