Disabling Communication from the Security Gateway to the HSM Server

You can disable communication from the Check Point Security Gateway (Cluster Members) to an HSM Server. For example, when the HSM Server is under maintenance.

Important:

  • In a Cluster, you must configure all the Cluster Members in the same way.

  • In a VSX environment, you must perform this step in the context of every Virtual System (on the VSX Gateway or every VSX Cluster Member).

Step Instructions

1

Connect to the command line on the Security Gateway (every Cluster Member).

2

Log in to the Expert mode.

3

Edit the $FWDIR/conf/hsm_configuration.C file:

vi $FWDIR/conf/hsm_configuration.C

4

Configure the value "no" for the parameter "enabled":

:enabled ("no")

5

Save the changes in the file and exit the editor.

6

Fetch the local policy:

fw fetch local