[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Procedure for Separating Management Module and Firewall Module
Brian, I am a little bit less new then you ... I think I can answer most of your questions, finf the answers in the text. Met vriendelijke groeten - Bien à vous - Kind regards Guy ROELANDTS EMEA CS Internet Expertise Centre Compaq Software Engineer - Belgium E-mail : [email protected] Tel: +32(02)729.77.44 (options 3 - 3 - 1) Fax: +32(02)729.77.65 -----Original Message----- From: Kinsey, Brian A. [mailto:[email protected]] Sent: Wednesday, April 11, 2001 6:02 PM To: 'fw1 mailing list' Subject: [FW1] Procedure for Separating Management Module and Firewall Module I have 2 Chenkpont Firewall-1/VPN-1 4.1 SP3 boxes running Windows NT 4.0. One of the machines is a Management Module and Firewall, the other is only a Firewall, managed by the first one with the Management Module. I also have a machine set up in a DMZ between both machines that has the GUI client installed. What I'd like to do is move the management and logging from the first firewall to the DMZ machine. Question 1: Do I need to relicense both firewalls? They are currently licensed to their external interfaces amd the first firewall license is for both management and firewall. Do the licenses need to registered to the interface where policy will be pushed to? Also do I need to have the license for the management and the firewall seperated for the first firewall? + As you don't have a Internet Gateway license, but rather a Firewall-1/VPN-1 + module + a Management License you can separate them from each other, by + just re-licensing the Management part on the CheckPoint site Question 2: Do I need to install anything on the DMZ machine that will handle the management and logging or is it just the GUI client installed there with some configuration files on the Firewall machines pointing to the DMZ machine? + Yes ... the GUI part is only this, when installing CheckPoint you are asked + to choose between Stand Alone and Distributed ... choose Distributed then + VPN-1 & Firewall-1 Enterprise Management ... this will give you a Management + Server and the logging functionalities Question 3: Do I need to reinstall Checkpoint onto the machine that has the Firewall + Management and install only the FW? + Not sure here, but I think that if you modify create a masters file, do the + putkeys and configure the control.map, it should work ... not tried it though Question 4: Is there anything I missed? Anything I need to keep in mind while doing this? Anything I may not be thinking about? + Yes, you need to copy your security policy and so on from the Firewall acting + as management server to your new management server .. take a look on PhoneBoy + most of this is explained. Go to http://www.phoneboy.com/fw1 I'm pretty new to the game here, so feel free to speak as if I am completely ignorant. Any White Papers or URLs will also be appreciated. I have seen info on moving the Management from one machine to another, but they all seem to concern machines that already have the Management on a different machine that the Firewall. Is the process similar? TIA and I qppreciate your time -Brian Kinsey ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|