This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
cdooer
Contributor
yesterday
Jump to solution

Best way to deploy remote EOL devices

Hey folks. We've got a number of 5000 series appliances that are coming up on EOL, and we need to replace them. In some cases, the devices are remote, with no technical staff nearby to support them. Is the easiest way simply to configure them with the proper IP's and SIC info, have the onsite person rack and cable it, shut the old one off and bring the new one online, SIC it and push a policy to it?

My only concern is that we've sometimes seen a new firewall load the local policy upon startup, and block all access to it. I see something called SmartProvisioning...would this work in our scenario? Running R81.10.

Thx in advance. 

1 Solution

Accepted Solutions
the_rock
MVP Platinum
MVP Platinum
yesterday
Jump to solution

You could use smart provision, though needs separate license, I believe.

https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_SmartProvisioning_AdminGuide...

Now, for local (aka initial policy), keep in mind, it STILL allows access to port 443 and ssh via implied rules, so that would work as well. Honestly, person on site does not even need to be that technical, as long as they know how to navigate through device manager if console is needed and connect console cable, thats it.

Best,
Andy

View solution in original post

0 Kudos
7 Replies
the_rock
MVP Platinum
MVP Platinum
yesterday
Jump to solution

You could use smart provision, though needs separate license, I believe.

https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_SmartProvisioning_AdminGuide...

Now, for local (aka initial policy), keep in mind, it STILL allows access to port 443 and ssh via implied rules, so that would work as well. Honestly, person on site does not even need to be that technical, as long as they know how to navigate through device manager if console is needed and connect console cable, thats it.

Best,
Andy
0 Kudos
cdooer
Contributor
yesterday
In response to the_rock
Jump to solution

Thx Andy, I guess the best way is to just keep it simple, and maybe make sure to include a console cable when they ship. Thx for the advice.

the_rock
MVP Platinum
MVP Platinum
yesterday
In response to cdooer
Jump to solution

You know, remind me of chat I had with great guy last week, he lives in the same city as me, works for Canadian government, I said to him "You know Rob, cloud is the future" and he says "Is it really, Andy?" haha

Im starting to think maybe he is right, look at outages that happened recently, Azure, WS, now Cloudflare...sometimes, old school is the best, console and pen and paper 🤣

Best,
Andy
0 Kudos
cdooer
Contributor
yesterday
In response to the_rock
Jump to solution

Couldn't agree more. PS I also live in a Canadian city with a very heavy dose of government employees...wonder if it's the same one. lol

the_rock
MVP Platinum
MVP Platinum
yesterday
In response to cdooer
Jump to solution

Ottawa? lol

Best,
Andy
0 Kudos
cdooer
Contributor
yesterday
In response to the_rock
Jump to solution

Yessir.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
yesterday
In response to cdooer
Jump to solution

You may know him then, haha

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events