Checkpoint UTM-1 Edge X Configuration Tips and Resources - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Monday, May 12, 2014

Checkpoint UTM-1 Edge X Configuration Tips and Resources

Still having some Sofaware UTM-1 Edge devices in our production environment. They are perfectly support by Checkpoint Management Server when using firmware 8.2.50



There is a couple of things admin needs to pay attention to:

1. Local Firewall rules take precedence on Security Management Server Policies

If you are using Security Management Server to do central management, the local rules in Edge device has to be disabled or deleted, else it will take effect before the security policies from management server.

2. SNMPv3 does not support


3. Port 981 is for remote management


4. Set Time to sync with a NTP time server in the Tools of Setup menu.

Note: The switch to daylight saving time does not affect UTC. It refers to time on the zero or Greenwich meridian, which is not adjusted to reflect changes either to or from Daylight Saving Time.

5. SSH to the edge device

You are able to log into Edge device through SSH. There are some other interesting things to do with SSH. You can find one post regarding CheckPoint VPN-1/UTM Edge automatic SSH login

6. Reset Checkpoint Edge and SofaWare box to defaults

Please do the following:
  • Unplug the power cord.
  • Hold the reset button on the back of the box.
  • Plug in the power cord while holding the button until the pwr/sec led is steady red.
  • Leave the reset button for 3 seconds.
  • Press the reset button again for 10 seconds until the pwr/sec led starts blinking red.
  • Reconfigure your box and install certs.

7. Inside Check Point Edge Device from Notes from a CCSE+ Lanchmann Blog


  • The Edge X runs with a MIPS CPU from Brecis with 166 MHz.
  • The operating system is a uCLinux running kernel 2.4.20.
  • As filesystem SquashFS is used along with LZMA compression.
  • WiFi is provided by Atheros.

8. Some other good resources I found from the Internet:

No comments:

Post a Comment