cpconfig

Description

This command starts the Check Point Configuration Tool.

This tool configures specific settings for the installed Check Point products.

Important:

In a Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing., you must configure all the Cluster Members in the same way.
On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

Syntax on a Security Gateway / Cluster Member in Gaia Clish or the Expert mode

cpconfig

Syntax on a Scalable Platform Security Group in Gaia gClish or the Expert mode

cpconfig

Menu Options

Note - The options shown depend on the configuration and installed products.

Menu Option	Description
Licenses and contracts	Manages Check Point licenses and contracts on this Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. or Cluster Member Security Gateway that is part of a cluster..
SNMP Extension	Obsolete. Do not use this option anymore. To configure SNMP, see the R81.20 Gaia Administration Guide - Chapter System Management - Section SNMP.
PKCS#11 Token	Register a cryptographic token, for use by Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Operating System. See details of the token, and test its functionality.
Random Pool	Configures the RSA keys, to be used by Gaia Operating System.
Secure Internal Communication	Manages SIC Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. on the Security Gateway or Cluster Member. This change requires a restart of Check Point services on the Security Gateway or Cluster Member. For more information, see: The R81.20 Security Management Administration Guide. sk65764: How to reset SIC.
Enable cluster membership for this gateway	Enables the cluster membership on the Security Gateway. This change requires a reboot of the Security Gateway. For more information, see the: R81.20 Installation and Upgrade Guide. R81.20 ClusterXL Administration Guide. Note - This section does not apply to Scalable Platforms (Maestro and Chassis).
Disable cluster membership for this gateway	Disables the cluster membership on the Security Gateway. This change requires a reboot of the Security Gateway. For more information, see the: R81.20 Installation and Upgrade Guide. R81.20 ClusterXL Administration Guide. Note - This section does not apply to Scalable Platforms (Maestro and Chassis).
Enable Check Point Per Virtual System State	Enables Virtual System Load Sharing VSX Cluster technology that assigns Virtual System traffic to different Active Cluster Members. Acronym: VSLS. on the VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Cluster Member. For more information, see the R81.20 VSX Administration Guide. Note - This section does not apply to Scalable Platforms (Maestro and Chassis).
Disable Check Point Per Virtual System State	Disables Virtual System Virtual Device on a VSX Gateway or VSX Cluster Member that implements the functionality of a Security Gateway. Acronym: VS. Load Sharing A redundant cluster mode, where all Cluster Members process all incoming traffic in parallel. For more information, see "Load Sharing Multicast Mode" and "Load Sharing Unicast Mode". Synonyms: Active/Active, Load Balancing mode. Acronym: LS. on the VSX Cluster Member. For more information, see the R81.20 VSX Administration Guide. Note - This section does not apply to Scalable Platforms (Maestro and Chassis).
Enable Check Point ClusterXL for Bridge Active/Standby	Enables Check Point ClusterXL Cluster of Check Point Security Gateways that work together in a redundant configuration. The ClusterXL both handles the traffic and performs State Synchronization. These Check Point Security Gateways are installed on Gaia OS: (1) ClusterXL supports up to 5 Cluster Members, (2) VRRP Cluster supports up to 2 Cluster Members, (3) VSX VSLS cluster supports up to 13 Cluster Members. Note: In ClusterXL Load Sharing mode, configuring more than 4 Cluster Members significantly decreases the cluster performance due to amount of Delta Sync traffic. for Bridge mode Security Gateway or Virtual System that works as a Layer 2 bridge device for easy deployment in an existing topology.. This change requires a reboot of the Cluster Member. For more information, see the: R81.20 Installation and Upgrade Guide. R81.20 ClusterXL Administration Guide. Note - This section does not apply to Scalable Platforms (Maestro and Chassis).
Disable Check Point ClusterXL for Bridge Active/Standby	Disables Check Point ClusterXL for Bridge mode. This change requires a reboot of the Cluster Member. For more information, see the: R81.20 Installation and Upgrade Guide. R81.20 ClusterXL Administration Guide. Note - This section does not apply to Scalable Platforms (Maestro and Chassis).
Check Point CoreXL	Manages CoreXL Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores. and Firewall mode on the Security Gateway / Cluster Member / Scalable Platform Security Group. After all changes in CoreXL configuration, you must reboot the Security Gateway / Cluster Member / Security Group. For more information, see the R81.20 Performance Tuning Administration Guide.
Automatic start of Check Point Products	Shows and controls which of the installed Check Point products start automatically during boot.
Exit	Exits from the Check Point Configuration Tool.

Example 1 - Menu on a single Security Gateway

[Expert@MySingleGW:0]# cpconfig
This program will let you re-configure
your Check Point products configuration.
 
 
Configuration Options:
----------------------
(1) Licenses and contracts
(2) SNMP Extension
(3) PKCS#11 Token
(4) Random Pool
(5) Secure Internal Communication
(6) Enable cluster membership for this gateway
(7) Check Point CoreXL
(8) Automatic start of Check Point Products
 
(9) Exit
 
Enter your choice (1-9) :

Example 2 - Menu on a Cluster Member

[Expert@MyClusterMember:0]# cpconfig
This program will let you re-configure
your Check Point products configuration.
 
 
Configuration Options:
----------------------
(1) Licenses and contracts
(2) SNMP Extension
(3) PKCS#11 Token
(4) Random Pool
(5) Secure Internal Communication
(6) Disable cluster membership for this gateway
(7) Enable Check Point Per Virtual System State
(8) Enable Check Point ClusterXL for Bridge Active/Standby
(9) Check Point CoreXL
(10) Automatic start of Check Point Products
 
(11) Exit
 
Enter your choice (1-11) :