This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RBS56505
Participant
‎2021-05-30 12:38 AM
Jump to solution

When to perform Database update in checkpoint GW

Hi All,

Im new to checkpoint and have some queries.

What are the few occasions when we need to perform database update ?

What are the few common changes we cannot perform on a GW through Management server if we have physical Gateway vs Virtual system.

I have come to know that route addition on vsx can be done via Smart dash board.

On Physical GW, we need to do it via cli or Gateway GUI

 

 

 

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend
‎2021-05-31 12:28 AM
In response to RBS56505
Jump to solution

No - see Security Management R81 Administration Guide, e.g. p166:

Installing the User Database

When you make changes to user definitions through SmartConsole, they are saved to the user database on the Security Management Server. User authentication methods and encryption keys are also saved in this database. The user database does not contain information about users defined externally to the Security Gateway (such as users in external User Directory groups), but it does contain information about the external groups themselves (for example, on which Account Unit the external group is defined). Changes to external groups take effect only after the policy is installed, or the user database is downloaded from the Security Management Server.

You must choose to install the policy or the user database, based on the changes you made:

n Install the policy, if you modified additional components of the Policy Package (for example, added new Security Policy rules) that are used by the installation targets

n Install the user database, if you only changed the user definitions or the administrator definitions - from the Menu, select Install Database

The user database is installed on:

n Security Gateways - during policy installation

n Check Point hosts with one or more Management Software Blades enabled - during database installation

You can also install the user database on Security Gateways and on a remote server, such as a Log Server, from the command line interface on the Security Management Server.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2021-05-30 07:47 PM
Jump to solution

What do you mean by "database update" exactly?
Screenshots of exactly what you're talking about might be helpful.

In general, there are a couple of differences between VSX and regular gateways:

There are possibly others, but those are the ones that immediately come to mind.

0 Kudos
RBS56505
Participant
‎2021-05-30 11:57 PM
In response to PhoneBoy
Jump to solution

Hello Sir,

Thank you for your response. 

First of all my used term is wrong. It should be "install database"

I dont have a a snapshot however let me give some background here.

We are migrating our checkpoint infrastructure to R80.30

As a interim steps, we are migrating all our existing infrastructure to a new R77.30.

Now while migrating one of the Mgt Server (managing 4 GWs) , there was OPSEC server(SKYBOX).

They did reset that communication for OPSEC server. My understanding is they initiated SIC from new Mgt Server.

Corresponding changes at SKYBOX is pending. (New CMA IP etc)

Now they kept saying that until we install updates this will not work.

My understanding is when we migrated to new Mgt server, we did install policy and that includes install database.

Am i wrong ?

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-05-31 12:28 AM
In response to RBS56505
Jump to solution

No - see Security Management R81 Administration Guide, e.g. p166:

Installing the User Database

When you make changes to user definitions through SmartConsole, they are saved to the user database on the Security Management Server. User authentication methods and encryption keys are also saved in this database. The user database does not contain information about users defined externally to the Security Gateway (such as users in external User Directory groups), but it does contain information about the external groups themselves (for example, on which Account Unit the external group is defined). Changes to external groups take effect only after the policy is installed, or the user database is downloaded from the Security Management Server.

You must choose to install the policy or the user database, based on the changes you made:

n Install the policy, if you modified additional components of the Policy Package (for example, added new Security Policy rules) that are used by the installation targets

n Install the user database, if you only changed the user definitions or the administrator definitions - from the Menu, select Install Database

The user database is installed on:

n Security Gateways - during policy installation

n Check Point hosts with one or more Management Software Blades enabled - during database installation

You can also install the user database on Security Gateways and on a remote server, such as a Log Server, from the command line interface on the Security Management Server.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events