[HomeButton] [TOCButton] [IndexBtn] [FeedbackButton]

Configuring FireWall-1

This section contains three parts:

Overview

The DIGITAL IP Switch Processor includes version 3.0 of the Check Point FireWall-1 product integrated into the IP Switch software platform.

FireWall-1 consists of two primary modules:

The IP Switch Processor includes the FireWall-1 Module, but does not include the Management Console. Elsewhere in your network you will need to set up a Management Console, if you do not already have one. A single Management Console can control one or more FireWall-1 Modules.

The FireWall-1 Module implements the security policy, logs events, and communicates via the network with the Management Console using the FireWall-1 daemons running on the IP Switch Processor.

A FireWall-1 security policy is defined using the GUI on the Management Console. Inspection Code is then generated and installed on the FireWall-1 Modules that will enforce the security policy. The System Administrator defines and maintains the security policy on the Management Console, while the gateways where the FireWall-1 Module is installed enforce the security policy.

Most of the tasks involved in configuring the operation of your FireWall-1 relate to the definition and maintenance of your security policy, and are performed on the Management Console. These tasks are covered in great detail in several printed documents produced by Check Point.

FireWall-1 configuration tasks you perform on the IP Switch Processor include:

Obtaining Check Point Licenses

Before you configure FireWall-1, you need to have a license for each FireWall-1 Module you purchased. Go to http://license.checkpoint.com and use the Key from the CD-ROM case to get your valid licenses..

Configuring FireWall-1 with the IP Switch Processor

The following instructions tell how to configure the Check Point FireWall-1 with an DIGITAL IP Switch Processor configured as a gateway. Note that:

Management Console Tasks

    1. Enter a new key on the Management Console.


Caution: For <gateway ip address>, use an IP address that is an internal interface, meaning an interface that is behind the firewall.


    2. Enter a one-time authentication key on the Management Console.

    3. Restart the FireWall-1 Module on the Management Console.

IP Switch Processor Tasks

    4. On the IP Switch Processor, make sure there is a static host entry for the IP address used in step 1 and the hostname of the IP Switch Processor.

    5. Telnet to the IP Switch Processor, or use the console, to login as admin on the IP Switch Processor.

    6. Edit the .cshrc file and include /etc/fw/bin in the PATH statement.

    7. Save the .cshrc file.

    8. Enter the following command:

    9. Use the fwconfig command to enter your license, or use the command:

    10. Repeat step 9 for each Check Point FireWall-1 license.

    11. Use the fwconfig command to add your Management Console IP address.

DIGITAL clearVISN IP Switch Manager Tasks

    12. Using your web browser, type either of the following URLs in the Location edit box in your browser:

    13. Press the Enter button on your keyboard.

    14. Click [ConfigBtn] on the home page.

    15. Click the Check Point Firewall-1 link.

    16. On the FireWall-1 Control page, click the Start button, even if the firewall is already running.

    17. Click the Top button.

    18. Click [SaveBtn] at the bottom of the Config Tool configuration page to save the configuration.


Caution: You should perform a SAVE on the Config Tool main page after starting FireWall-1; failing to do this will result in this node operating with no FireWall-1 following the next reboot.



[HomeButton] [TOCButton] [IndexBtn] [FeedbackButton]

Copyright © 1997 Ipsilon Networks, Inc.
Portions copyright © Digital Equipment Corporation 1998. All rights reserved.
Updated January 8, 1998
Send comments to Digital Equipment Corporation, doc-quality@lkg.mts.dec.com