Re: New R81.10.05 Locally Managed Advanced Setting...

G_W_Albrecht · ‎2023-05-05

The following 28 new settings have been added compared to R80.20.35, and one setting has vanished.

Removed:

~~OS advanced settings - Force 4G network~~

~~bool~~

~~false~~

~~Force cellular module to use 4G network~~

Added:

Acceleration Settings - Acceleration state enabled	bool	true	Indicates whether acceleration is enabled
Admin Lockout - Mobile seamless login session timeout	int	1	Allowed mobile application seamless login session before automatic logout is executed (in days)
Administrators RADIUS authentication - Default Shell	options	Clish	Default shell for super administrators. To enable this feature please contact Check Point support.

Bypass CRL - Bypass CRL if the list exceeds the defined limit

long

10000

Cluster - Synchronization

bool

false

Indicates if the synchronization mechanism is enabled. Switching the flag from false to true may cause failover

IPS engine settings - Apply filter

bool

true

Filter IPS protections to improve performance

Managed services - Disable logging to SD	bool	true	Disable logging to SD when SMP is on
Mobile settings - Connect to the gateway from the following mobile app	options	Watch Tower	Which mobile app is used for this gateway
Mobile settings - Enable seamless login	bool	false	Allow users to do seamless login through the mobile app

Notifications policy - Partition capacity threshold

int

95

Define the percentage for the partition capacity threshold (notifies when the partition is full)

OS advanced settings - Cellular Network	options	Auto	Select the preferred cellular network mode - Auto, 4G only or 3G only
OS advanced settings - Cellular connection establish timeout	int	60	Indicates the timeout in seconds to wait for cellular connection to succeed
OS advanced settings - Cellular modem detection timeout	int	120	Indicates the timeout in seconds to wait for the cellular modem to be detected
OS advanced settings - Drop cellular outbound packets if the source IP is mismatched	bool	false	Drop cellular outbound packets if their source IP is not the interface IP

OS advanced settings - IPv6 prefix selection mode	options	Router preference - oldest	Set the IPv6 prefix selection mode - in dynamic IPv6 Internet connections.
OS advanced settings - Reset cellular modem if not detected	bool	true	Indicates whether to reset the cellular modem if it fails to be detected
OS advanced settings - Use secondary MCCMNC file	bool	false	Set the use of the secondary MCCMNC file to automatically configure the APN from the extended secondary list.

SSL inspection policy - Enable ICA Portal

bool

true

Indicates if ICA Portal is enabled

SSL inspection policy - Trusted CA Auto Update Enabled

bool

true

Smart Accel Services - Security logs enabled	bool	false	Indicates whether Smart Accel security logs are enabled
Smart Accel Settings - Accel Trusted HTTPS Domains Only	bool	true	Indicates whether to accel only trusted HTTPS domains
Smart Accel Settings - Ignore Errors	bool	false	Ignore conflicts related to Smart Accel and firewall policy rules

Two-Factor Authentication - Enable selection of target where to send the passcode (SMS/email)

bool

false

If set to true, the target selection (SMS/email) is displayed to the user

VPN Site to Site global settings - Collect VPN monitoring data for SMP Heartbeat

bool

true

Applies only to a Cloud Services managed appliance. Collecting VPN monitoring data to a dedicated file for SMP Heartbeat

VPN Site to Site global settings - Harmony Connect VPN High Availability timeout (sec)

int

30

Timeout - The amount of idle time (sec) before switching to another Harmony Connect VPN (0 to disable High Availability)

VPN Site to Site global settings - IKEV2 Key Type	options	Key ID	Key type use for IKEV2 communication
VPN Site to Site global settings - Indicates the interval in which a VPN tunnel down summary notification is sent	options	1 Hour	Applies only when collect VPN monitoring data for SMP Heartbeat is enabled

VPN Site to Site global settings - Maximum number of VPN tunnel down notifications per hour

int

5

Applies only when collect VPN monitoring data for SMP Heartbeat is enabled

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Mikael · ‎2024-05-14

Did you ever find any documentation about these new flags?

Specifically "Cluster - Synchronization" that to me sounds like sync is disabled by default?!?

Cheers

G_W_Albrecht · ‎2024-05-14

All these settings are explained in the comment. The unit the advanced settings are taken from is not clustered, so this setting must be off here !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Mikael · ‎2024-05-14

Meaning that it must manually be enabled when you have a cluster?

Seems kind of counter-intuitive that it's not done automagically when you enable cluster...

Or have I missed that in the documentation somewhere?

Cheers

G_W_Albrecht · ‎2024-05-14

No - i would assume that it is on by default if a cluster is configured. Or did you configure a SMB cluster and this found this advanced setting was set to off?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Mikael · ‎2024-05-14

Yes, we have 3 clusters all running R81.10.08 where this setting is off which got me confused as to the purpose of this setting...

Are you a member of CheckMates?

New R81.10.05 Locally Managed Advanced Settings