LSMcli AddROBO VPN1
Description
This command adds a new Check Point SmartLSM Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. to SmartProvisioning
Check Point Software Blade on a Management Server (the actual name is "Provisioning") that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: Large-Scale Management, SmartLSM, LSM. and assigns it a SmartLSM Security Profile.
If a one-time password is supplied, a SIC Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. certificate is created.
If an IP address is also supplied, the SIC certificate is pushed to the SmartLSM Security Gateway (in such cases, the SmartLSM Security Gateway SIC one-time password must be initialized first).
If no IP address is supplied, the SIC certificate is pulled from the SmartLSM Security Gateway afterwards.
You can also assign an IP address range to Dynamic Objects, and specify whether or not to add them to the VPN domain.
Syntax
|
Parameters
Parameter |
Description |
---|---|
|
Name or IP address of the Security Management Server |
|
User name of standard Check Point authentication method. |
|
Password of standard Check Point authentication method. |
|
Name of a SmartLSM Security Gateway. |
|
Name of a SmartLSM Security Profile that was defined in SmartConsole |
|
Name for an already defined SmartLSM Security Gateway that participates in the SmartLSM Cluster |
|
SIC one-time password (for this action, a certificate is generated). |
|
IP address of the Security Gateway (for this action, a certificate is pushed to the Security Gateway). |
|
Name of the Trusted CA object (created from SmartConsole). The IKE certificate request is sent to this CA. Default is Check Point Internal CA. |
|
Key identifier for third-party CA. |
|
Authorization Key for third-party CA. |
|
|
|
Single IP address for the Dynamic Object. |
|
Range of IP addresses for the Dynamic Object. |
Example 1
This command adds a new SmartLSM Security Gateway MyRobo
and assigns it the specified SmartLSM Security Profile AnyProfile
.
A SIC password and an IP address are supplied, so the SIC Activation Key can be sent to the new SmartLSM Security Gateway.
A Dynamic Object called FirstDO
is resolved to an IP address for this Security Gateway.
|
Example 2
|