Friday, August 31, 2012

Interface rx-drp on Checkpoint firewalls

If your eth-driver is bnx2 apply the related driver upgrade at sk80640
I also know that there are driver upgrades for e1000 search it from support
to see the driver # ethtool -i eth0

Also note to check the buffer size on related eth
# ethtool -g eth0
The related sk is sk42181

# netstat -i will show you the drop counts on interfaces.

Error: Page cannot be displayed. An error occurred while processing the request.

I have encountered a strange error on Mobile Access Blade, In my case this was related to IPS, Try this;uncheck IPS and mobile access on firewall properties, install policy, then recheck them and reinstall the security policy.

Saturday, August 4, 2012

How to upgrade the software and migrate a distributed SmartCenter to a Full HA Cluster

This procedure is my solution method...

Take an upgrade_export file from the source SMC and import it to your vm machine with the same name and upgrade it to the version u want.
This is a MNG so you cant export and import it to a standalone firewall machine,
lets fake the system that its also a firewall with the command
# cpprod_util FwSetFirewallModule 1
check it via # cpprod_util FwIsFireWallModule
close SmartDashboard and relogin, you will see the firewall tab.
take a new upgrade_export for the utm box
You have to install the appliance as full HA primary cluster member and then,
# cp_conf fullha disable   disable its cluster membership...
import the config reboot and
# cp_conf fullha enable  to set it back to fullhacluster



Thats it, Goodluck
Cagdas