Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Iron

SG Ready for Use or User Acceptance Test Cases

Is there any document that goes over the test cases or commands when deploying/migrating a new Security GW ? I am looking for test cases that can be run with the end user before handing over the SG. 

3 Replies
Highlighted
Pearl

Test cases for new Check Point deployments 📕

Checks to be performed prior to migration

📌 Check of end users monitoring system (everything green?)

📌 Check of end users most import traffic connections (end user has to provide a check list)

📌 Run CPCheckMe security self-test

📌 Run Check Point Hardware Diagnostic Tool

📌 Run Gaia Healthcheck script (everything green?)

📌 Run ccc on all Check Point systems (no warnings?)

📌 Can the security policy be installed without any issues?

📌 Are there any error messages on the firewall or system logs?

📌 Are there any errors in the LOM service processor (everything green)?

📌 What is the ARP refresh time of the next-hop switches? Should be a low setting during the migration

📌 What was agreed in the kick-off protocol? Is everything prepared as discussed?

📌 Are the end users employees and C-level informed about the migration schedule and possible downtime?

📌 Do you have a fallback scenario planned?

📌 Are the end users VPN remote users informed to update the VPN client configuration and who to contact if something fails?

📌 Are all the PSKs and other VPN configuration details from the old firewall environment known?

📌 Are the end users VPN partners informed to be available in case the VPNs don't get up correctly and need to troubleshooted?

📌 Is the maintenance window for the planned migration long enough to be able to fix minor issue in case they occur? (you want a migration success and no second chance, right?)

📌 Are the licenses and contract in the Check Point UserCenter correctly assigned, documented and downloaded?

Checks to be performed after migration

 Check of end users monitoring system (everything green?)

Check of end users most important traffic connections

Run CPCheckMe security self-test

 Run Gaia Healthcheck script (everything green?)

Run Check Point Hardware Diagnostic Tool

Run ccc on all Check Point systems (no warnings?)

 Can the security policy be installed without any issues?

Are there any error messages on the firewall or system logs?

Are there any errors in the LOM service processor (everything green)?

Can all Check Point systems properly communicate to Check Point services? (sk83520)

Do all Check Point SmartConsole components work properly? (SmartView, Monitoring, Logs, Reports, Hit count etc.)

Is everything properly documented? Even in the Gaia WebUI (Interfaces, Routes, ..)?

Are the Check Point default passwords changed to secure ones? Was the end users password policy configured?

Are there any default settings left that haven't been discussed yet with the end user?

Are scheduled backups / migrate exports properly configured and performed?

Did the end user receive a proper documentation / migration protocol?

Did the end user confirm the migration success?

Highlighted
Iron

Thanks Danny. Is there a document that goes over all the options and outputs in your ccc tool ? Also do you know the commands that one can use to check the interface level errors and counters, power supply redundancy, led status remotely ?
Highlighted
Pearl

If your gateway has an integrated LOM (service processor), you can connect to it and check all appliance specific settings remotely (LED status, PSU redundancy etc.) My ccc tool also informs you about RAID status, PSU redundancy etc., but there is no description about every output it produces as it features around 200 Check Point commands and you are the expert that has to know how to use them. Interface level errors are partially detected by the Gaia Healthcheck script but if it gets specific (bond settings, duplex setting etc.) it's again up to check what is configured and to create a detailed plan for checking all your settings.

0 Kudos