System Configuration

Important - R80.20SP does not support IPv6 Address on GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Management InterfaceClosed (1) Interface on a Gaia Security Gateway or Cluster member, through which Management Server connects to the Security Gateway or Cluster member. (2) Interface on Gaia computer, through which users connect to Gaia Portal or CLI. (Known Limitation 01622840).

Important - After you enable or disable IPv6 on a Security GroupClosed A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. for Scalable Platforms, you must reboot all the Security Group Members at the same time:

  1. Connect to the command line on the Security Group.

  2. Run:

    reboot -b all


Before you can configure IPv6 addresses and IPv6 static routes, you must:

Step

Instructions

1

Enable the IPv6 support.

2

Reboot.

3

To configure IPv6 addresses, see Network Interfaces.

To configure IPv6 static routes, see IPv6 Static Routes.

To enforce a Security Policy for IPv6 traffic:

Step

Instructions

1

Enable the IPv6 support in Gaia OS on both the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. and the applicable Security Group.

2

Connect with SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Management Server.

3

Create the applicable IPv6 objects.

4

Create the applicable IPv6 rules in the Access Control Policy.

5

Install the Access Control Policy on the Security Group object.

Configuring IPv6 Support in Gaia Portal

Note - You must connect to the Gaia PortalClosed Web interface for the Check Point Gaia operating system. of the applicable Security Group.

Step

Instructions

1

With a web browser, connect to Gaia Portal at:

https://<IP address of Gaia Management Interface>

2

From the navigation tree, click System Management > System Configuration.

3

In the IPv6 Support section, select On.

4

Click Apply.

5

When prompted, select Yes to reboot.

Important - IPv6 support is not available until you reboot.

Configuring IPv6 Support in Gaia Clish

Note - You must run these commands in Gaia gClishClosed The name of the global command line shell in Check Point Gaia operating system for Security Appliances connected to Check Point Quantum Maestro Orchestrators. Commands you run in this shell apply to all Security Appliances in the Security Group. of the applicable Security Group.

  • To configure IPv6 support:

    set ipv6-state {on | off}

    Important - This change requires reboot.

  • To show the state of IPv6 support:

    show ipv6-state

Important - After you add, configure, or delete features, run the "save config" command to save the settings permanently.

Step

Instructions

1

Connect to the command line on the Security Group.

2

Log in to Gaia ClishClosed The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell)..

3

Go to Gaia gClish: enter gclish and press Enter.

4

Enable the IPv6 support:

set ipv6-state on

5

Save the changes:

save config

6

Reboot:

reboot -b all

Important - IPv6 support is not available until you reboot.