cpconfig

Description

This command starts the Check Point Configuration Tool.

This tool configures specific settings for the installed Check Point products.

Important:

Syntax on a Security Gateway / Cluster Member in Gaia Clish or the Expert mode

cpconfig

Syntax on a Scalable Platform Security Group in Gaia gClish or the Expert mode

cpconfig

Menu Options

Note - The options shown depend on the configuration and installed products.

Menu Option

Description

Licenses and contracts

Manages Check Point licenses and contracts on this Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. or Cluster MemberClosed Security Gateway that is part of a cluster..

SNMP Extension

Obsolete. Do not use this option anymore.

To configure SNMP, see the R81.20 Gaia Administration Guide - Chapter System Management - Section SNMP.

PKCS#11 Token

Register a cryptographic token, for use by GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Operating System.

See details of the token, and test its functionality.

Random Pool

Configures the RSA keys, to be used by Gaia Operating System.

Secure Internal Communication

Manages SICClosed Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. on the Security Gateway or Cluster Member.

This change requires a restart of Check Point services on the Security Gateway or Cluster Member.

For more information, see:

Enable cluster membership for this gateway

Enables the cluster membership on the Security Gateway.

This change requires a reboot of the Security Gateway.

Note - This section does not apply to Scalable Platforms (Maestro and Chassis).

Disable cluster membership for this gateway

Disables the cluster membership on the Security Gateway.

This change requires a reboot of the Security Gateway.

Note - This section does not apply to Scalable Platforms (Maestro and Chassis).

Enable Check Point Per Virtual System State

Enables Virtual System Load SharingClosed VSX Cluster technology that assigns Virtual System traffic to different Active Cluster Members. Acronym: VSLS. on the VSXClosed Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Cluster Member.

For more information, see the R81.20 VSX Administration Guide.

Note - This section does not apply to Scalable Platforms (Maestro and Chassis).

Disable Check Point Per Virtual System State

Disables Virtual SystemClosed Virtual Device on a VSX Gateway or VSX Cluster Member that implements the functionality of a Security Gateway. Acronym: VS. Load SharingClosed A redundant cluster mode, where all Cluster Members process all incoming traffic in parallel. For more information, see "Load Sharing Multicast Mode" and "Load Sharing Unicast Mode". Synonyms: Active/Active, Load Balancing mode. Acronym: LS. on the VSX Cluster Member.

For more information, see the R81.20 VSX Administration Guide.

Note - This section does not apply to Scalable Platforms (Maestro and Chassis).

Enable Check Point ClusterXL for Bridge Active/Standby

Enables Check Point ClusterXLClosed Cluster of Check Point Security Gateways that work together in a redundant configuration. The ClusterXL both handles the traffic and performs State Synchronization. These Check Point Security Gateways are installed on Gaia OS: (1) ClusterXL supports up to 5 Cluster Members, (2) VRRP Cluster supports up to 2 Cluster Members, (3) VSX VSLS cluster supports up to 13 Cluster Members. Note: In ClusterXL Load Sharing mode, configuring more than 4 Cluster Members significantly decreases the cluster performance due to amount of Delta Sync traffic. for Bridge modeClosed Security Gateway or Virtual System that works as a Layer 2 bridge device for easy deployment in an existing topology..

This change requires a reboot of the Cluster Member.

Note - This section does not apply to Scalable Platforms (Maestro and Chassis).

Disable Check Point ClusterXL for Bridge Active/Standby

Disables Check Point ClusterXL for Bridge mode.

This change requires a reboot of the Cluster Member.

Note - This section does not apply to Scalable Platforms (Maestro and Chassis).

Check Point CoreXL

Manages CoreXLClosed Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores. and Firewall mode on the Security Gateway / Cluster Member / Scalable Platform Security Group.

After all changes in CoreXL configuration, you must reboot the Security Gateway / Cluster Member / Security Group.

For more information, see the R81.20 Performance Tuning Administration Guide.

Automatic start of Check Point Products

Shows and controls which of the installed Check Point products start automatically during boot.

Exit

Exits from the Check Point Configuration Tool.

Example 1 - Menu on a single Security Gateway

[Expert@MySingleGW:0]# cpconfig
This program will let you re-configure
your Check Point products configuration.
 
 
Configuration Options:
----------------------
(1) Licenses and contracts
(2) SNMP Extension
(3) PKCS#11 Token
(4) Random Pool
(5) Secure Internal Communication
(6) Enable cluster membership for this gateway
(7) Check Point CoreXL
(8) Automatic start of Check Point Products
 
(9) Exit
 
Enter your choice (1-9) :

Example 2 - Menu on a Cluster Member

[Expert@MyClusterMember:0]# cpconfig
This program will let you re-configure
your Check Point products configuration.
 
 
Configuration Options:
----------------------
(1) Licenses and contracts
(2) SNMP Extension
(3) PKCS#11 Token
(4) Random Pool
(5) Secure Internal Communication
(6) Disable cluster membership for this gateway
(7) Enable Check Point Per Virtual System State
(8) Enable Check Point ClusterXL for Bridge Active/Standby
(9) Check Point CoreXL
(10) Automatic start of Check Point Products
 
(11) Exit
 
Enter your choice (1-11) :