SmartLSM Security Gateway Management Actions

AddROBO VPN1

This command adds a new Check Point SmartLSM Security Gateway to SmartProvisioning and assigns it a SmartLSM Security Profile. If a one-time password is supplied, a SIC certificate is created. If an IP address is also supplied, the SIC certificate is pushed to the SmartLSM Security Gateway (in such cases, the SmartLSM Security Gateway SIC one-time password must be initialized first). If no IP address is supplied, the SIC certificate is pulled from the SmartLSM Security Gateway afterwards. You can also assign an IP address range to Dynamic Objects, and specify whether or not to add them to the VPN domain.

Usage

LSMcli [-d] <server> <user> <pswd> AddROBO VPN1 <ROBOName> <Profile>
[-RoboCluster=<OtherROBOName>] [-O=<ActivationKey> [-I=<IP>]] [[-CA=<CaName>
[-R=<CertificateIdentifier#>] [-KEY=<AuthorizationKey>]]] [-D]:<DynamicObjectName>=<IP1>
[-<IP2>] [-D]:...]]

Parameters

AddROBO VPN1 Parameters

Parameter	Description
`server`	Name/IP address of the Security Management Server or Domain Management Server
`user`	User name of standard Check Point authentication method
`pswd`	Password of standard Check Point authentication method
`ROBOName`	Name of a SmartLSM Security Gateway
`Profile`	Name of a SmartLSM Security Profile that was defined in SmartConsole
`OtherROBOName`	Name for an already defined SmartLSM Security Gateway that participates in the SmartLSM Cluster with the newly created Security Gateway (if the `-RoboCluster` argument is provided).
`ActivationKey`	SIC one-time password (for this action, a certificate is generated).
`IP`	IP address of the Security Gateway (for this action, a certificate is pushed to the Security Gateway).
`CaName`	Name of the Trusted CA object (created from SmartConsole). The IKE certificate request is sent to this CA. Default is Check Point Internal CA.
`CertificateIdentifier#`	Key identifier for third-party CA.
`AuthorizationKey`	Authorization Key for third-party CA.
`DynamicObjectName`	Name of the Dynamic Object
`IP1-IP2`	IP address range for the Dynamic Object

Example

LSMcli mySrvr name pass AddROBO VPN1 MyRobo AnyProfile -O=MyPass
-I=192.0.2.4 -DE:FirstDO=192.0.2.100

This action adds a new SmartLSM Security Gateway MyRobo and assigns it the specified SmartLSM Security Profile AnyProfile. A SIC password and an IP address are supplied, so the SIC Activation Key can be sent to the new SmartLSM Security Gateway. A Dynamic Object called FirstDO is resolved to an IP address for this Security Gateway.

LSMcli mySrvr name pass AddROBO VPN1 MyRobo AnyProfile -O=MyPass
-I=10.10.10.1 -DE:FirstDO=10.10.10.5 -CA=OPSEC_CA -R=cert1233 -KEY=ab345