Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
HongTH
Participant

How to know if Checkpoint Appliance installed with Security Management+Gateway as bundle?

Hi All,

As per my understanding, checkpoint appliance can be installed with Gateway & SMS as a bundle or separately. Hence, is there anyway that I could know the deployment method of the security appliance?

I'm taking over checkpoint appliance with limited info onhand, how should I identify above? 

Thanks

0 Kudos
6 Replies
genisis__
Advisor

Expert@MGMT:0]# fwm ver
This is Check Point Security Management Server R81 - Build 11
[Expert@MGMT:0]#

- Also check the Management IP you login to

- Check the licensing, you may have central licensing.

- Expert@MGMT:0]# cpprod_util CPPROD_GetInstalledProducts

- cpprod_util FwIsFirewallMgmt (If it returns a 1 then the device is the manager

[Expert@MGMT:0]# cpprod_util FwIsStandAlone (If it returns 0 then this is just a gateway)

 

HongTH
Participant

Hi,

Thank you very much for your info. I have ran the command above in my staging VM and it shows what I need.

 

[Expert@gw-cp-ASUS:0]# cpprod_util FwIsFirewallMgmt
1
[Expert@gw-cp-ASUS:0]# cpprod_util FwIsStandAlone
1

Should the existing appliance comes along with both GW+Security Management installation, would it be possible if I manage from the SMS? having to say, I'm having a plan to reorganize the firewalls under 1 hood.  As in current setup, some firewalls are managed via SMS, some are not, which lead me to the doubt why they are not managed under 1 hood.

 

Thanks

 

0 Kudos
G_W_Albrecht
Legend
Legend

That is the good approach to centrally manage under one hood, as you have logs and events from all GWs:

- check the current central SMS license for number of GWs and SmartEvent 😎

- for the StandAlone GWs i would do a fresh install of current version and apply central management

HongTH
Participant

Hi,

Thanks for your kind input. I will definitely check on it. I guess I know the reason now why gateways weren't managed under SMS previously which could due to licensing issue.

Meanwhile, should I conclude that standalone GW is not manageable from SMS, in which fresh installation with GW installation only needed in this scenario?

Thank you

0 Kudos
G_W_Albrecht
Legend
Legend

Yes, there is a different number of GWs included in the SMS license, that could be the reason for StandAlone deployment. A StandAlone GW can be turned to central management without, but fresh install is my advice.

0 Kudos
G_W_Albrecht
Legend
Legend

Look into Checkpoint Usercenter - customers account. You will find the ordered appliance blades listed. CP Gateway appliances mostly include a SMS license.

Go to Product Center and select the device (4607 is the example used here):

Bildschirmfoto 2021-06-14 um 18.48.29.png

On double-click, you will see the licenses: 

Bildschirmfoto 2021-06-14 um 18.47.47.png

You see here CPSB-NPM / LOGS -For-GW, so we have a included SMS license here.

This is bound to the hardware, so the best SMS solution (VM) would need an additional license (including SmartEvent, a clear muss for security).

0 Kudos