Disabling Communication from the Security Gateway to the HSM Server

You can disable communication from the Check Point Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. / ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members / Scalable Platform Security Group to an HSM Server. For example, when the HSM Server is under maintenance.

Important:

Step Instructions

1

Connect to the command line on the Security Gateway / each Cluster Member/ Security Group.

2

Log in to the Expert mode.

3

Edit the $FWDIR/conf/hsm_configuration.C file:

vi $FWDIR/conf/hsm_configuration.C

4

Configure the value "no" for the parameter "enabled":

:enabled ("no")

5

Save the changes in the file and exit the editor.

6

On the Scalable Platform Security Group, you must copy the updated file to all Security Group Members:

asg_cp2blades $FWDIR/conf/hsm_configuration.C

7

On the Security Gateway / each Cluster Member / Security Group, restart Check Point services:

cprestart

Important - Traffic does not flow through until the services start.