This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HongTH
Participant
‎2021-06-14 09:06 AM

How to know if Checkpoint Appliance installed with Security Management+Gateway as bundle?

Hi All,

As per my understanding, checkpoint appliance can be installed with Gateway & SMS as a bundle or separately. Hence, is there anyway that I could know the deployment method of the security appliance?

I'm taking over checkpoint appliance with limited info onhand, how should I identify above? 

Thanks

0 Kudos
6 Replies
genisis__
MVP Silver
MVP Silver
‎2021-06-14 09:36 AM

Expert@MGMT:0]# fwm ver
This is Check Point Security Management Server R81 - Build 11
[Expert@MGMT:0]#

- Also check the Management IP you login to

- Check the licensing, you may have central licensing.

- Expert@MGMT:0]# cpprod_util CPPROD_GetInstalledProducts

- cpprod_util FwIsFirewallMgmt (If it returns a 1 then the device is the manager

[Expert@MGMT:0]# cpprod_util FwIsStandAlone (If it returns 0 then this is just a gateway)

 

HongTH
Participant
‎2021-06-14 09:48 AM
In response to genisis__

Hi,

Thank you very much for your info. I have ran the command above in my staging VM and it shows what I need.

 

[Expert@gw-cp-ASUS:0]# cpprod_util FwIsFirewallMgmt
1
[Expert@gw-cp-ASUS:0]# cpprod_util FwIsStandAlone
1

Should the existing appliance comes along with both GW+Security Management installation, would it be possible if I manage from the SMS? having to say, I'm having a plan to reorganize the firewalls under 1 hood.  As in current setup, some firewalls are managed via SMS, some are not, which lead me to the doubt why they are not managed under 1 hood.

 

Thanks

 

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2021-06-14 10:00 AM
In response to HongTH

That is the good approach to centrally manage under one hood, as you have logs and events from all GWs:

- check the current central SMS license for number of GWs and SmartEvent 8)

- for the StandAlone GWs i would do a fresh install of current version and apply central management

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
HongTH
Participant
‎2021-06-14 10:08 AM
In response to G_W_Albrecht

Hi,

Thanks for your kind input. I will definitely check on it. I guess I know the reason now why gateways weren't managed under SMS previously which could due to licensing issue.

Meanwhile, should I conclude that standalone GW is not manageable from SMS, in which fresh installation with GW installation only needed in this scenario?

Thank you

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2021-06-14 12:42 PM
In response to HongTH

Yes, there is a different number of GWs included in the SMS license, that could be the reason for StandAlone deployment. A StandAlone GW can be turned to central management without, but fresh install is my advice.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2021-06-14 09:55 AM

Look into Checkpoint Usercenter - customers account. You will find the ordered appliance blades listed. CP Gateway appliances mostly include a SMS license.

Go to Product Center and select the device (4607 is the example used here):

Bildschirmfoto 2021-06-14 um 18.48.29.png

On double-click, you will see the licenses: 

Bildschirmfoto 2021-06-14 um 18.47.47.png

You see here CPSB-NPM / LOGS -For-GW, so we have a included SMS license here.

This is bound to the hardware, so the best SMS solution (VM) would need an additional license (including SmartEvent, a clear muss for security).

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events