Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
RBS56505
Participant

When to perform Database update in checkpoint GW

Jump to solution

Hi All,

Im new to checkpoint and have some queries.

What are the few occasions when we need to perform database update ?

What are the few common changes we cannot perform on a GW through Management server if we have physical Gateway vs Virtual system.

I have come to know that route addition on vsx can be done via Smart dash board.

On Physical GW, we need to do it via cli or Gateway GUI

 

 

 

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend
Legend

No - see Security Management R81 Administration Guide, e.g. p166:

Installing the User Database

When you make changes to user definitions through SmartConsole, they are saved to the user database on the Security Management Server. User authentication methods and encryption keys are also saved in this database. The user database does not contain information about users defined externally to the Security Gateway (such as users in external User Directory groups), but it does contain information about the external groups themselves (for example, on which Account Unit the external group is defined). Changes to external groups take effect only after the policy is installed, or the user database is downloaded from the Security Management Server.

You must choose to install the policy or the user database, based on the changes you made:

n Install the policy, if you modified additional components of the Policy Package (for example, added new Security Policy rules) that are used by the installation targets

n Install the user database, if you only changed the user definitions or the administrator definitions - from the Menu, select Install Database

The user database is installed on:

n Security Gateways - during policy installation

n Check Point hosts with one or more Management Software Blades enabled - during database installation

You can also install the user database on Security Gateways and on a remote server, such as a Log Server, from the command line interface on the Security Management Server.

View solution in original post

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

What do you mean by "database update" exactly?
Screenshots of exactly what you're talking about might be helpful.

In general, there are a couple of differences between VSX and regular gateways:

There are possibly others, but those are the ones that immediately come to mind.

0 Kudos
RBS56505
Participant

Hello Sir,

Thank you for your response. 

First of all my used term is wrong. It should be "install database"

I dont have a a snapshot however let me give some background here.

We are migrating our checkpoint infrastructure to R80.30

As a interim steps, we are migrating all our existing infrastructure to a new R77.30.

Now while migrating one of the Mgt Server (managing 4 GWs) , there was OPSEC server(SKYBOX).

They did reset that communication for OPSEC server. My understanding is they initiated SIC from new Mgt Server.

Corresponding changes at SKYBOX is pending. (New CMA IP etc)

Now they kept saying that until we install updates this will not work.

My understanding is when we migrated to new Mgt server, we did install policy and that includes install database.

Am i wrong ?

 

0 Kudos
G_W_Albrecht
Legend
Legend

No - see Security Management R81 Administration Guide, e.g. p166:

Installing the User Database

When you make changes to user definitions through SmartConsole, they are saved to the user database on the Security Management Server. User authentication methods and encryption keys are also saved in this database. The user database does not contain information about users defined externally to the Security Gateway (such as users in external User Directory groups), but it does contain information about the external groups themselves (for example, on which Account Unit the external group is defined). Changes to external groups take effect only after the policy is installed, or the user database is downloaded from the Security Management Server.

You must choose to install the policy or the user database, based on the changes you made:

n Install the policy, if you modified additional components of the Policy Package (for example, added new Security Policy rules) that are used by the installation targets

n Install the user database, if you only changed the user definitions or the administrator definitions - from the Menu, select Install Database

The user database is installed on:

n Security Gateways - during policy installation

n Check Point hosts with one or more Management Software Blades enabled - during database installation

You can also install the user database on Security Gateways and on a remote server, such as a Log Server, from the command line interface on the Security Management Server.

View solution in original post

0 Kudos