Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
G_W_Albrecht
Legend Legend
Legend

New R81.10.05 Locally Managed Advanced Settings

The following 28 new settings have been added compared to R80.20.35, and one setting has vanished.

Removed:

OS advanced settings - Force 4G network bool false Force cellular module to use 4G network  

 

 

Added:

Acceleration Settings - Acceleration state enabled bool true Indicates whether acceleration is enabled    
Admin Lockout - Mobile seamless login session timeout int 1 Allowed mobile application seamless login session before automatic logout is executed (in days)
Administrators RADIUS authentication - Default Shell options Clish Default shell for super administrators. To enable this feature please contact Check Point support.
Bypass CRL - Bypass CRL if the list exceeds the defined limit long 10000          
Cluster - Synchronization bool false Indicates if the synchronization mechanism is enabled. Switching the flag from false to true may cause failover
IPS engine settings - Apply filter bool true Filter IPS protections to improve performance  
Managed services - Disable logging to SD bool true Disable logging to SD when SMP is on    
Mobile settings - Connect to the gateway from the following mobile app options Watch Tower Which mobile app is used for this gateway    
Mobile settings - Enable seamless login bool false Allow users to do seamless login through the mobile app  
Notifications policy - Partition capacity threshold int 95 Define the percentage for the partition capacity threshold (notifies when the partition is full)
OS advanced settings - Cellular Network options Auto Select the preferred cellular network mode - Auto, 4G only or 3G only
OS advanced settings - Cellular connection establish timeout int 60 Indicates the timeout in seconds to wait for cellular connection to succeed
OS advanced settings - Cellular modem detection timeout int 120 Indicates the timeout in seconds to wait for the cellular modem to be detected
OS advanced settings - Drop cellular outbound packets if the source IP is mismatched bool false Drop cellular outbound packets if their source IP is not the interface IP
OS advanced settings - IPv6 prefix selection mode options Router preference - oldest Set the IPv6 prefix selection mode - in dynamic IPv6 Internet connections.
OS advanced settings - Reset cellular modem if not detected bool true Indicates whether to reset the cellular modem if it fails to be detected
OS advanced settings - Use secondary MCCMNC file bool false Set the use of the secondary MCCMNC file to automatically configure the APN from the extended secondary list.
SSL inspection policy - Enable ICA Portal bool true Indicates if ICA Portal is enabled    
SSL inspection policy - Trusted CA Auto Update Enabled bool true          
Smart Accel Services - Security logs enabled bool false Indicates whether Smart Accel security logs are enabled  
Smart Accel Settings - Accel Trusted HTTPS Domains Only bool true Indicates whether to accel only trusted HTTPS domains  
Smart Accel Settings - Ignore Errors bool false Ignore conflicts related to Smart Accel and firewall policy rules
Two-Factor Authentication - Enable selection of target where to send the passcode (SMS/email) bool false If set to true, the target selection (SMS/email) is displayed to the user
VPN Site to Site global settings - Collect VPN monitoring data for SMP Heartbeat bool true Applies only to a Cloud Services managed appliance. Collecting VPN monitoring data to a dedicated file for SMP Heartbeat
VPN Site to Site global settings - Harmony Connect VPN High Availability timeout (sec) int 30 Timeout - The amount of idle time (sec) before switching to another Harmony Connect VPN (0 to disable High Availability)
VPN Site to Site global settings - IKEV2 Key Type options Key ID Key type use for IKEV2 communication    
VPN Site to Site global settings - Indicates the interval in which a VPN tunnel down summary notification is sent options 1 Hour Applies only when collect VPN monitoring data for SMP Heartbeat is enabled
VPN Site to Site global settings - Maximum number of VPN tunnel down notifications per hour int 5 Applies only when collect VPN monitoring data for SMP Heartbeat is enabled

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
5 Replies
Mikael
Employee Employee
Employee

Did you ever find any documentation about these new flags?

Specifically "Cluster - Synchronization" that to me sounds like sync is disabled by default?!?

Cheers

0 Kudos
G_W_Albrecht
Legend Legend
Legend

All these settings are explained in the comment. The unit the advanced settings are taken from is not clustered, so this setting must be off here !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Mikael
Employee Employee
Employee

Meaning that it must manually be enabled when you have a cluster?

Seems kind of counter-intuitive that it's not done automagically when you enable cluster...

Or have I missed that in the documentation somewhere?

Cheers 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

No - i would assume that it is on by default if a cluster is configured. Or did you configure a SMB cluster and this found this advanced setting was set to off?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Mikael
Employee Employee
Employee

Yes, we have 3 clusters all running R81.10.08 where this setting is off which got me confused as to the purpose of this setting...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events