R81.20 Quantum Security Gateway Administration Guide

Disabling Communication from the Security Gateway to the HSM Server

You can disable communication from the Check Point Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. / Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members / Scalable Platform Security Group A logical group of Security Appliances (in Maestro) / Security Gateway Modules (on Scalable Chassis) that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances / Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. In Maestro, each Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. to an HSM Server. For example, when the HSM Server is under maintenance.

Important:

In a Cluster, you must configure all the Cluster Members in the same way.
In a VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. environment, you must perform this step in the context of each Virtual System (on the VSX Gateway Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0. or each VSX Cluster Member Security Gateway that is part of a cluster.).
On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

Step Instructions

1

Connect to the command line on the Security Gateway / each Cluster Member/ Security Group.

2

Log in to the Expert mode.

3

Edit the $FWDIR/conf/hsm_configuration.C file:

vi $FWDIR/conf/hsm_configuration.C

4

Configure the value "no" for the parameter "enabled":

:enabled ("no")

5

Save the changes in the file and exit the editor.

6

On the Scalable Platform Security Group, you must copy the updated file to all Security Group Members:

asg_cp2blades $FWDIR/conf/hsm_configuration.C

7

On the Security Gateway / each Cluster Member / Security Group, restart Check Point services:

cprestart

Important - Traffic does not flow through until the services start.

17 March 2024

© 2022 - 2024 Check Point Software Technologies Ltd.