As usual that is just another thing that was not carried over from IPSO. Additionally, there was a workaround at one point and now there is not. Why ..... Who knows what this company does and for what reason any longer. To me (someone doing NetSecEng for over 20 years), what better device to use as the Stratum 1 NTP servers than the most protected device on the network at the Internet edge. Then have your Stratum 2 servers get their updates from your Stratum 1's. However I don't understand why Check Point does not see it that way.

I think it is a bit late to complain about IPSO features, don't you think? 🙂

Anyhow, if you need this feature, please open an RFE

No it will never be too late to complain about IPSO features that were not carried over ..... Check Point should be reminded over and over again because IPSO was the diamond standard OS that Check Point should have completely converted into GAIA and did not because someone at Check Point did not see the value in those features. The users that immersed themselves into the IPSO OS saw the value in nearly every feature in uses within SMBs all the way up to major deployments in major corporations. In some cases, having features such as these meant less equipment to build and maintain. 

And please tell me more about wasting my time requesting an RFE. That has been the answer since Check Point merged SPlat and IPSO. I don't bother any longer as Check Point just ignores them anyway and I'm tired of beating my head against a wall.

RFE's submitted multiple times and ignored:

- DHCP reservations

- NTP Server

Appreciate your passion.

DHCP reservations are possible on SMB appliances (via GUI) and GAiA (sk92473), sure the latter implementation could be cleaner.

Cleaner? In IPSO it was clean ..... All handled right in the WEBUI ..... No vi editing ..... No start stop commands. That was the point.

Unless you're attaching GPS receivers and oven-controlled clocks to your firewalls, they'll never be stratum 1. I personally just throw an EndRun box at the problem. They're cheap, small, low-power, real stratum 1, and they have lifetime support included.

That said, I get what you mean about wanting some of the IPSO features which GAiA lacks. Just think. If GAiA had been based on IPSO instead of SecurePlatform, we could have ZFS, jails, and DTrace now! 😉

Hi, indeed not all IPSO features made across to Gaia. We see the main GW role in security, hence minor networking things that can be easily achieved with many other standard tools may been left behind. We did perform a thorough analysis of all before making a decision.

Also, NTP server is not a common RFE request therefor it’s not in our roadmap

Actually I have been working with Check Point products for over 20 years and I remember talking to the NYC account engineers that told us nearly all of the IPSO features were going to be ported over to Gaia. What we got was very far from that. Then they said "we will be adding more" as time goes on and only a few more made it over. So please don't tell me you performed a thorough analysis because you only talked to your largest customers and the SMBs were left out of the discussion. We who have been doing this for this long know what exactly happened and it has not been forgotten.

Missed the point ..... No extra equipment to purchase and maintain in an SMB. Built right into the FW, at least Stratum 2 or 3 when using NIST NTP servers, and secure as hell if you used the NTP protocol inspection objects.

NTP from the AD server just does not give me the warm fuzzies and Microsoft has that laundry list of built in NTP servers that is a PITA to modify.

Not sure on the ZFS, jails and Dtrace. 

By any chance, is it supported now?

version R81.20

Regards

It is supported on the SMBs on R81.10.15 according to this:  sk178604 - Check Point R81.10.X for 1500, 1600, 1800, 1900, and 2000 appliance Known Limitations

Supported and Unsupported Features

Note - All features available on a Locally Managed appliance are also available in the Spark Management App on the Infinity Portal (replacement for the old SMP portal).

Enter the string to filter this table: 

Hi,

Thanks for the response.

I was looking for document specific to Quantum firewall. we are using 6200 model.

WR

sk83820 states:

Important Note: You can configure Gaia OS only as an NTP Client.

It might be possible to use the procedure in sk83820 to configure as an NTP server using the appropriate directives in ntp.conf.
Whether it works is a separate question, but it is definitely not supported.