LSMcli AddROBO VPN1

Description

This command adds a new Check Point SmartLSM Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. to SmartProvisioningClosed Check Point Software Blade on a Management Server (the actual name is "Provisioning") that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: Large-Scale Management, SmartLSM, LSM. and assigns it a SmartLSM Security Profile.

If a one-time password is supplied, a SICClosed Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. certificate is created.

If an IP address is also supplied, the SIC certificate is pushed to the SmartLSM Security Gateway (in such cases, the SmartLSM Security Gateway SIC one-time password must be initialized first).

If no IP address is supplied, the SIC certificate is pulled from the SmartLSM Security Gateway afterwards.

You can also assign an IP address range to Dynamic Objects, and specify whether or not to add them to the VPN domain.

Syntax

LSMcli [-d] <Mgmt Server> <Username> <Password> AddROBO VPN1 <ROBOName> <Profile> [-RoboCluster=<OtherROBOName>] [-O=<ActivationKey> [-I=<IP>]] [[-CA=<CaName> [-R=<CertificateIdentifier#>] [-KEY=<AuthorizationKey>]]] [-D]:<DynamicObjectName>=<IP1>[-<IP2] [-D]:...

Parameters

Parameter

Description

<Mgmt Server>

Name or IP address of the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. or Domain Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

<Username>

User name of standard Check Point authentication method.

<Password>

Password of standard Check Point authentication method.

<RoboName>

Name of a SmartLSM Security Gateway.

<Profile>

Name of a SmartLSM Security Profile that was defined in SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..

<OtherROBOName>

Name for an already defined SmartLSM Security Gateway that participates in the SmartLSM ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. with the newly created Security Gateway (if the "-RoboCluster" argument is provided).

<ActivationKey>

SIC one-time password (for this action, a certificate is generated).

<IP>

IP address of the Security Gateway (for this action, a certificate is pushed to the Security Gateway).

<CaName>

Name of the Trusted CA object (created from SmartConsole).

The IKE certificate request is sent to this CA. Default is Check Point Internal CA.

<CertificateIdentifier#>

Key identifier for third-party CA.

<AuthorizationKey>

Authorization Key for third-party CA.

<DynamicObjectName>

Name of the Dynamic ObjectClosed Special object type, whose IP address is not known in advance. The Security Gateway resolves the IP address of this object in real time..

<IP1>

Single IP address for the Dynamic Object.

<IP1-IP2>

Range of IP addresses for the Dynamic Object.

Example 1

This command adds a new SmartLSM Security Gateway MyRobo and assigns it the specified SmartLSM Security Profile AnyProfile.

A SIC password and an IP address are supplied, so the SIC Activation Key can be sent to the new SmartLSM Security Gateway.

A Dynamic Object called FirstDO is resolved to an IP address for this Security Gateway.

LSMcli mySrvr name pass AddROBO VPN1 MyRobo AnyProfile -O=MyPass -I=192.0.2.4 -DE:FirstDO=192.0.2.100

Example 2

LSMcli mySrvr name pass AddROBO VPN1 MyRobo AnyProfile -O=MyPass -I=10.10.10.1 -DE:FirstDO=10.10.10.5 -CA=OPSEC_CA -R=cert123 -KEY=abc456