So want to upgrade from a Checkpoint 4200 to a Checkpoint 6200.
I got a copy of the configuration off the 4200 via CLI, applied it to the 6200, added the new firewall to smart console and pushed the policy, but the devices do not work on the new firewall. Looking at the logs I see traffic getting dropped. I’ve tried to set the policy to any, any, set the interfaces to external, Disabled anti-spoofing on the interfaces, but it still drops the traffic before any of my settings are applied. So the question is what causes this? The vendor says the deep packet inspection must be disabled, is there a way to verify if this is on or off? If I swap the device connections back to the 4200, everything works fine. Both interfaces are external networks, only my Management interface in internal to the network. The basic topology is the phones use the corporate network to make calls, if the local network goes down for some reason, it fails over to satellite and the phone work via the satellite.
set interface eth1 comments "phones"
set interface eth1 link-speed 100M/full
set interface eth1 state on
set interface eth1 ipv4-address 192.168.210.1 mask-length 28
set interface eth2 comments "Satellite"
set interface eth2 state on
set interface eth2 auto-negotiation on
set interface eth2 mtu 1500
set interface eth2 ipv4-address 10.212.35.70 mask-length 28
Another question I have, If I make changes on the interfaces via smart console, are the changes applied immediately, or do I have to install policy before any changes take affect?