Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
G_W_Albrecht
Legend Legend
Legend

New R81.10.05 Locally Managed Advanced Settings

The following 28 new settings have been added compared to R80.20.35, and one setting has vanished.

Removed:

OS advanced settings - Force 4G network bool false Force cellular module to use 4G network  

 

 

Added:

Acceleration Settings - Acceleration state enabled bool true Indicates whether acceleration is enabled    
Admin Lockout - Mobile seamless login session timeout int 1 Allowed mobile application seamless login session before automatic logout is executed (in days)
Administrators RADIUS authentication - Default Shell options Clish Default shell for super administrators. To enable this feature please contact Check Point support.
Bypass CRL - Bypass CRL if the list exceeds the defined limit long 10000          
Cluster - Synchronization bool false Indicates if the synchronization mechanism is enabled. Switching the flag from false to true may cause failover
IPS engine settings - Apply filter bool true Filter IPS protections to improve performance  
Managed services - Disable logging to SD bool true Disable logging to SD when SMP is on    
Mobile settings - Connect to the gateway from the following mobile app options Watch Tower Which mobile app is used for this gateway    
Mobile settings - Enable seamless login bool false Allow users to do seamless login through the mobile app  
Notifications policy - Partition capacity threshold int 95 Define the percentage for the partition capacity threshold (notifies when the partition is full)
OS advanced settings - Cellular Network options Auto Select the preferred cellular network mode - Auto, 4G only or 3G only
OS advanced settings - Cellular connection establish timeout int 60 Indicates the timeout in seconds to wait for cellular connection to succeed
OS advanced settings - Cellular modem detection timeout int 120 Indicates the timeout in seconds to wait for the cellular modem to be detected
OS advanced settings - Drop cellular outbound packets if the source IP is mismatched bool false Drop cellular outbound packets if their source IP is not the interface IP
OS advanced settings - IPv6 prefix selection mode options Router preference - oldest Set the IPv6 prefix selection mode - in dynamic IPv6 Internet connections.
OS advanced settings - Reset cellular modem if not detected bool true Indicates whether to reset the cellular modem if it fails to be detected
OS advanced settings - Use secondary MCCMNC file bool false Set the use of the secondary MCCMNC file to automatically configure the APN from the extended secondary list.
SSL inspection policy - Enable ICA Portal bool true Indicates if ICA Portal is enabled    
SSL inspection policy - Trusted CA Auto Update Enabled bool true          
Smart Accel Services - Security logs enabled bool false Indicates whether Smart Accel security logs are enabled  
Smart Accel Settings - Accel Trusted HTTPS Domains Only bool true Indicates whether to accel only trusted HTTPS domains  
Smart Accel Settings - Ignore Errors bool false Ignore conflicts related to Smart Accel and firewall policy rules
Two-Factor Authentication - Enable selection of target where to send the passcode (SMS/email) bool false If set to true, the target selection (SMS/email) is displayed to the user
VPN Site to Site global settings - Collect VPN monitoring data for SMP Heartbeat bool true Applies only to a Cloud Services managed appliance. Collecting VPN monitoring data to a dedicated file for SMP Heartbeat
VPN Site to Site global settings - Harmony Connect VPN High Availability timeout (sec) int 30 Timeout - The amount of idle time (sec) before switching to another Harmony Connect VPN (0 to disable High Availability)
VPN Site to Site global settings - IKEV2 Key Type options Key ID Key type use for IKEV2 communication    
VPN Site to Site global settings - Indicates the interval in which a VPN tunnel down summary notification is sent options 1 Hour Applies only when collect VPN monitoring data for SMP Heartbeat is enabled
VPN Site to Site global settings - Maximum number of VPN tunnel down notifications per hour int 5 Applies only when collect VPN monitoring data for SMP Heartbeat is enabled

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
5 Replies
Mikael
Employee Employee
Employee

Did you ever find any documentation about these new flags?

Specifically "Cluster - Synchronization" that to me sounds like sync is disabled by default?!?

Cheers

G_W_Albrecht
Legend Legend
Legend

All these settings are explained in the comment. The unit the advanced settings are taken from is not clustered, so this setting must be off here !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Mikael
Employee Employee
Employee

Meaning that it must manually be enabled when you have a cluster?

Seems kind of counter-intuitive that it's not done automagically when you enable cluster...

Or have I missed that in the documentation somewhere?

Cheers 

G_W_Albrecht
Legend Legend
Legend

No - i would assume that it is on by default if a cluster is configured. Or did you configure a SMB cluster and this found this advanced setting was set to off?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Mikael
Employee Employee
Employee

Yes, we have 3 clusters all running R81.10.08 where this setting is off which got me confused as to the purpose of this setting...

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events