Upload
hemrsud
View
248
Download
0
Embed Size (px)
Citation preview
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
1/828
SecurePlatform Pro &Advanced Routing CommandLine Interface
NGX (R60)
For additional technical information about Check Point products, consult Check Points SecureKnowledge at
http://support.checkpoint.com/kb/
See the latest version of this document in the User Center at
https://secureknowledge.checkpoint.com
May 2005
http://support.checkpoint.com/kb/https://secureknowledge.checkpoint.com/https://secureknowledge.checkpoint.com/http://support.checkpoint.com/kb/7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
2/828
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
3/828
Check Point Software Technologies Ltd.U.S. Headquarters: 800 Bridge Parkway, Redwood City, CA 94065, Tel: (650) 628-2000 Fax: (650) 654-4233, [email protected] Headquarters: 3A Jabotinsky Street, Ramat Gan, 52520, Israel, Tel: 972-3-753 4555 Fax: 972-3-575 9256, http://www.checkpoint.com
2003-2005 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyrightand distributed under licensing restricting their use, copying, distribution, anddecompilation. No part of this product or related documentation may be reproduced inany form or by any means without prior written authorization of Check Point. While everyprecaution has been taken in the preparation of this book, Check Point assumes noresponsibility for errors or omissions. This publication and features described herein aresubject to change without notice.
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth insubparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause atDFARS 252.227-7013 and FAR 52.227-19.
TRADEMARKS:
2003-2005 Check Point Software Technologies Ltd. All rights reserved.
Check Point, Application Intelligence, Check Point Express, the Check Point logo,AlertAdvisor, ClusterXL, Cooperative Enforcement, ConnectControl, Connectra, CoSa,Cooperative Security Alliance, Eventia, Eventia Analyzer, FireWall-1, FireWall-1 GX,FireWall-1 SecureServer, FloodGate-1, Hacker ID, IMsecure, INSPECT, INSPECT XL,Integrity, InterSpect, IQ Engine, Open Security Extension, OPSEC, Policy LifecycleManagement, Provider-1, Safe@Home, Safe@Office, SecureClient, SecureKnowledge,
SecurePlatform, SecuRemote, SecureXL Turbocard, SecureServer, SecureUpdate,SecureXL, SiteManager-1, SmartCenter, SmartCenter Pro, Smarter Security,SmartDashboard, SmartDefense, SmartLSM, SmartMap, SmartUpdate, SmartView,SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker,SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM,User-to-Address Mapping, UserAuthority, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge,VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1VSX, VPN-1 XL, Web Intelligence, ZoneAlarm, ZoneAlarm Pro, Zone Labs, and the ZoneLabs logo, are trademarks or registered trademarks of Check Point SoftwareTechnologies Ltd. or its affiliates. All other product names mentioned herein aretrademarks or registered trademarks of their respective owners. The products describedin this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 6,496,935 and6,850,943 and may be protected by other U.S. Patents, foreign patents, or pending
applications.
THIRD PARTIES:
Entrust is a registered trademark of Entrust Technologies, Inc. in the United States andother countries. Entrusts logos and Entrust product and service names are alsotrademarks of Entrust Technologies, Inc. Entrust Technologies Limited is a wholly ownedsubsidiary of Entrust Technologies, Inc. FireWall-1 and SecuRemote incorporatecertificate management technology from Entrust.
Verisign is a trademark of Verisign Inc.
The following statements refer to those portions of the software copyrighted by Universityof Michigan. Portions of the software copyright1992-1996 Regents of the University of
Michigan. All rights reserved. Redistribution and use in source and binary forms arepermitted provided that this notice is preserved and that due credit is given to theUniversity of Michigan at Ann Arbor. The name of the University may not be used toendorse or promote products derived from this software without specific prior writtenpermission. This software is provided as is without express or implied warranty.CopyrightSax Software (terminal emulation only).
The following statements refer to those portions of the software copyrighted by CarnegieMellon University.
Copyright 1997 by Carnegie Mellon University. All Rights Reserved.
Permission to use, copy, modify, and distribute this software and its documentation forany purpose and without fee is hereby granted, provided that the above copyright noticeappear in all copies and that both that copyright notice and this permission notice appear
in supporting documentation, and that the name of CMU not be used in advertising orpublicity pertaining to distribution of the software without specific, written priorpermission.CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, INNO EVENT SHALL CMU BE LIABLE FOR ANY SPECIAL, INDIRECT ORCONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROMLOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR INCONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
The following statements refer to those portions of the software copyrighted by The OpenGroup.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANYCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THESOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
The following statements refer to those portions of the software copyrighted by TheOpenSSL Project. This product includes software developed by the OpenSSL Project foruse in the OpenSSL Toolkit (http://www.openssl.org/).
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY *EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THEIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULARPURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, ORPROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANYTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THEUSE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCHDAMAGE.
The following statements refer to those portions of the software copyrighted by EricYoung. THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANYEXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THEIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULARPURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, ORPROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANYTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THEUSE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCHDAMAGE. Copyright1998The Open Group.The following statements refer to those portions of the software copyrighted by Jean-loupGailly and Mark Adler Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler. Thissoftware is provided 'as-is', without any express or implied warranty. In no event will theauthors be held liable for any damages arising from the use of this software. Permissionis granted to anyone to use this software for any purpose, including commercial
applications, and to alter it and redistribute it freely, subject to the following restrictions:1. The origin of this software must not be misrepresented; you must not claim that youwrote the original software. If you use this software in a product, an acknowledgment inthe product documentation would be appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not bemisrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
The following statements refer to those portions of the software copyrighted by the GnuPublic License. This program is free software; you can redistribute it and/or modify itunder the terms of the GNU General Public License as published by the Free SoftwareFoundation; either version 2 of the License, or (at your option) any later version. Thisprogram is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;without even the implied warranty of MERCHANTABILITY or FITNESS FOR APARTICULAR PURPOSE. See the GNU General Public License for more details.Youshould have received a copy of the GNU General Public License along with this program;if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,USA.
The following statements refer to those portions of the software copyrighted by ThaiOpen Source Software Center Ltd and Clark Cooper Copyright (c) 2001, 2002 Expatmaintainers. Permission is hereby granted, free of charge, to any person obtaining acopy of this software and associated documentation files (the "Software"), to deal in theSoftware without restriction, including without limitation the rights to use, copy, modify,merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permitpersons to whom the Software is furnished to do so, subject to the following conditions:The above copyright notice and this permission notice shall be included in all copies orsubstantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUTWARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITEDTO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULARPURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS ORCOPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHERLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USEOR OTHER DEALINGS IN THE SOFTWARE.GDChart is free for use in your applications and for chart generation. YOU MAY NOT re-distribute or represent the code as your own. Any re-distributions of the code MUSTreference the author, and include any and all original documentation. Copyright. BruceVerderaime. 1998, 1999, 2000, 2001. Portions copyright 1994, 1995, 1996, 1997, 1998,1999, 2000, 2001, 2002 by Cold Spring Harbor Laboratory. Funded under Grant P41-RR02188 by the National Institutes of Health. Portions copyright 1996, 1997, 1998, 1999,
2000, 2001, 2002 by Boutell.Com, Inc. Portions relating to GD2 format copyright 1999,
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
4/828
2000, 2001, 2002 Philip Warner. Portions relating to PNG copyright 1999, 2000, 2001,2002 Greg Roelofs. Portions relating to gdttf.c copyright 1999, 2000, 2001, 2002 JohnEllson ([email protected]). Portions relating to gdft.c copyright 2001, 2002 John Ellson([email protected]). Portions relating to JPEG and to color quantization copyright2000, 2001, 2002, Doug Becker and copyright (C) 1994, 1995, 1996, 1997, 1998, 1999,2000, 2001, 2002, Thomas G. Lane. This software is based in part on the work of theIndependent JPEG Group. See the file README-JPEG.TXT for more information.Portions relating to WBMP copyright 2000, 2001, 2002 Maurice Szmurlo and Johan Vanden Brande. Permission has been granted to copy, distribute and modify gd in anycontext without fee, including a commercial application, provided that this notice ispresent in user-accessible supporting documentation. This does not affect your
ownership of the derived work itself, and the intent is to assure proper credit for theauthors of gd, not to interfere with your productive use of gd. If you have questions, ask."Derived works" includes all programs that utilize the library. Credit must be given inuser-accessible documentation. This software is provided "AS IS." The copyright holdersdisclaim all warranties, either express or implied, including but not limited to impliedwarranties of merchantability and fitness for a particular purpose, with respect to thiscode and accompanying documentation. Although their code does not appear in gd 2.0.4,the authors wish to thank David Koblas, David Rowley, and Hutchison Avenue SoftwareCorporation for their prior contributions.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use thisfile except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
The curl license
COPYRIGHT AND PERMISSION NOTICECopyright (c) 1996 - 2004, Daniel Stenberg, .All rights reserved.
Permission to use, copy, modify, and distribute this software for any purpose
with or without fee is hereby granted, provided that the above copyright
notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE ANDNONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OROTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OROTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWAREOR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Except as contained in this notice, the name of a copyright holder shall not be used inadvertising or otherwise to promote the sale, use or other dealings in this Softwarewithout prior written authorization of the copyright holder.
The PHP License, version 3.0
Copyright (c) 1999 - 2004 The PHP Group. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, ispermitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list ofconditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list ofconditions and the following disclaimer in the documentation and/or other materialsprovided with the distribution.
3. The name "PHP" must not be used to endorse or promote products derived from thissoftware without prior written permission. For written permission, please [email protected].
4. Products derived from this software may not be called "PHP", nor may "PHP" appearin their name, without prior written permission from [email protected]. You may indicatethat your software works in conjunction with PHP by saying "Foo for PHP" instead ofcalling it "PHP Foo" or "phpfoo"
5. The PHP Group may publish revised and/or new versions of the license from time totime. Each version will be given a distinguishing version number. Once covered code hasbeen published under a particular version of the license, you may always continue to useit under the terms of that version. You may also choose to use such covered code underthe terms of any subsequent version of the license published by the PHP Group. No oneother than the PHP Group has the right to modify the terms applicable to covered codecreated under this License.
6. Redistributions of any form whatsoever must retain the following acknowledgment:
"This product includes PHP, freely available from ".
THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' ANDANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR APARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PHPDEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ORSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OROTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVENIF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This software consists of voluntary contributions made by many individuals on behalf ofthe PHP Group. The PHP Group can be contacted via Email at [email protected].
For more information on the PHP Group and the PHP project, please see . This product includes the Zend Engine, freely available at .
This product includes software written by Tim Hudson ([email protected]).
Copyright (c) 2003, Itai Tzur
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, arepermitted provided that the following conditions are met:
Redistribution of source code must retain the above copyright notice, this list ofconditions and the following disclaimer.
Neither the name of Itai Tzur nor the names of other contributors may be used toendorse or promote products derived from this software without specific prior writtenpermission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS ANDCONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OFMERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AREDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, ORCONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENTOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; ORBUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCEOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd
Permission is hereby granted, free of charge, to any person obtaining a copy of thissoftware and associated documentation files (the "Software"), to deal in the Softwarewithout restriction, including without limitation the rights to use, copy, modify, merge,publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons
to whom the Software is furnished to do so, subject to the following conditions: Theabove copyright notice and this permission notice shall be included in all copies orsubstantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE ANDNONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHTHOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHERIN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF ORIN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS INTHE SOFTWARE.
Copyright 2003, 2004 NextHop Technologies, Inc. All rights reserved.
Confidential Copyright Notice
Except as stated herein, none of the material provided as a part of this document may becopied, reproduced, distrib-uted, republished, downloaded, displayed, posted ortransmitted in any form or by any means, including, but not lim-ited to, electronic,mechanical, photocopying, recording, or otherwise, without the prior written permission ofNextHop Technologies, Inc. Permission is granted to display, copy, distribute anddownload the materials in this doc-ument for personal, non-commercial use only,provided you do not modify the materials and that you retain all copy-right and otherproprietary notices contained in the materials unless otherwise stated. No materialcontained in this document may be "mirrored" on any server without written permission ofNextHop. Any unauthorized use of any material contained in this document may violatecopyright laws, trademark laws, the laws of privacy and publicity, and communicationsregulations and statutes. Permission terminates automatically if any of these terms orcondi-tions are breached. Upon termination, any downloaded and printed materials must
be immediately destroyed.Trademark Notice
The trademarks, service marks, and logos (the "Trademarks") used and displayed in thisdocument are registered and unregistered Trademarks of NextHop in the US and/or othercountries. The names of actual companies and products mentioned herein may beTrademarks of their respective owners. Nothing in this document should be construed asgranting, by implication, estoppel, or otherwise, any license or right to use any Trademarkdisplayed in the document. The owners aggressively enforce their intellectual propertyrights to the fullest extent of the law. The Trademarks may not be used in any way,including in advertising or publicity pertaining to distribution of, or access to, materials in
this document, including use, without prior, written permission. Use of Trademarks as a"hot" link to any website is prohibited unless establishment of such a link is approved inadvance in writing. Any questions concerning the use of these Trademarks should bereferred to NextHop at U.S. +1 734 222 1600.
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
5/828
U.S. Government Restricted Rights
The material in document is provided with "RESTRICTED RIGHTS." Software andaccompanying documentation are provided to the U.S. government ("Government") in atransaction subject to the Federal Acquisition Regulations with Restricted Rights. TheGovernment's rights to use, modify, reproduce, release, perform, display or disclose are
restricted by paragraph (b)(3) of the Rights in Noncommercial Computer Software andNoncommercial Computer Soft-ware Documentation clause at DFAR 252.227-7014 (Jun1995), and the other restrictions and terms in paragraph (g)(3)(i) of Rights in Data-General clause at FAR 52.227-14, Alternative III (Jun 87) and paragraph (c)(2) of theCommer-cial
Computer Software-Restricted Rights clause at FAR 52.227-19 (Jun 1987).
Use of the material in this document by the Government constitutes acknowledgment ofNextHop's proprietary rights in them, or that of the original creator. The Contractor/Licensor is NextHop located at 1911 Landings Drive, Mountain View, California 94043.Use, duplication, or disclosure by the Government is subject to restrictions as set forth inapplicable laws and regulations.
Disclaimer Warranty Disclaimer Warranty Disclaimer Warranty Disclaimer Warranty
THE MATERIAL IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTIESOF ANY KIND EITHER EXPRESS OR IMPLIED. TO THE FULLEST EXTENT POSSIBLEPURSUANT TO THE APPLICABLE LAW, NEXTHOP DISCLAIMS ALL WARRANTIES,
EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIEDWARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,NON INFRINGEMENT OR OTHER VIOLATION OF RIGHTS. NEITHER NEXTHOP NOR
ANY OTHER PROVIDER OR DEVELOPER OF MATERIAL CONTAINED IN THISDOCUMENT WARRANTS OR MAKES ANY REPRESEN-TATIONS REGARDING THEUSE, VALIDITY, ACCURACY, OR RELIABILITY OF, OR THE RESULTS OF THE USEOF, OR OTHERWISE RESPECTING, THE MATERIAL IN THIS DOCUMENT.
Limitation of Liability
UNDER NO CIRCUMSTANCES SHALL NEXTHOP BE LIABLE FOR ANY DIRECT,INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING,BUT NOT LIMITED TO, LOSS OF DATA OR PROFIT, ARISING OUT OF THE USE, ORTHE INABILITY TO USE, THE MATERIAL IN THIS DOCUMENT, EVEN IF NEXTHOPOR A NEXTHOP AUTHORIZED REPRESENTATIVE HAS ADVISED OF THEPOSSIBILITY OF SUCH DAMAGES. IF YOUR USE OF MATERIAL FROM THISDOCUMENT RESULTS IN THE NEED FOR SERVICING, REPAIR OR CORRECTIONOF EQUIPMENT OR DATA, YOU ASSUME ANY COSTS THEREOF. SOME STATES DO
NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL ORCONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAYNOT FULLY APPLY TO YOU.
Copyright ComponentOne, LLC 1991-2002. All Rights Reserved.
BIND: ISC Bind (Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC"))
Copyright 1997-2001, Theo de Raadt: the OpenBSD 2.9 Release
PCRE LICENCE
PCRE is a library of functions to support regular expressions whose syntax andsemantics are as close as possible to those of the Perl 5 language. Release 5 of PCREis distributed under the terms of the "BSD" licence, as specified below. Thedocumentation for PCRE, supplied in the "doc" directory, is distributed under the sameterms as the software itself.
Written by: Philip Hazel
University of Cambridge Computing Service, Cambridge, England. Phone:
+44 1223 334714.
Copyright (c) 1997-2004 University of Cambridge All rights reserved.
Redistribution and use in source and binary forms, with or without modification, arepermitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list ofconditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list ofconditions and the following disclaimer in the documentation and/or other materialsprovided with the distribution.
* Neither the name of the University of Cambridge nor the names of its contributors maybe used to endorse or promote products derived from this software without specific priorwritten permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS ANDCONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AREDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORSBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, ORCONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENTOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; ORBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OFLIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDINGNEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THISSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
6/828
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
7/828
7
Table Of Contents
Chapter 1 IntroductionOverview 19
SecurePlatform Hardware Requirements 20
SecurePlatform Pro 20
Chapter 2 About this ManualOverview 23
Audience 23
Fonts 23
Advanced Routing Suite Command Line Interface Sections 24
Chapter 3 Preparing to Install SecurePlatformPreparing the SecurePlatform Machine 27
Hardware Compatibility Testing Tool 28BIOS Security Configuration Recommendations 31
Chapter 4 InstallationInstallation Using the Network 34
Installation on Computers without Floppy or CDROM Drives 40
Installation Using the SecurePlatform CD 40
Upgrading 42
Chapter 5 ConfigurationUsing the Command Line 49
Using the Web Interface 52
First Time Reboot and Login 74
Chapter 6 AdministrationManaging Your SecurePlatform System 76
SecurePlatform Shell 82
SNMP Support 125
Check Point Dynamic Routing 129
SecurePlatform Boot Loader 133
Chapter 7 SecurePlatform Pro - Advanced Routing SuiteIntroduction 135
Check Point Advanced Routing Suite 135
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
8/828
8
Appendix A Installation on Computers without Floppy or CDROM DrivesGeneral Procedure 139
Client Setup 140
Server Setup 140
Chapter 8 Using the Advanced Routing Suite CLIIntroduction 145
Starting the Advanced Routing Suite CLI 145
Basic Features 147
CLI Modes 150
CLI Behavior Commands 153
Querying the Advanced Routing Suite CLI 164
Chapter 9 General ConceptsAddress and Prefix Formats 175
Preferences Overview 176
Assigning Preferences 176
Chapter 10 InterfacesOverview 179autonomous-system 179
disable 181
preference 181
primary-alias 182
unnumbered 184
Chapter 11 Kernel InterfaceOverview 187kernel background limit 188
kernel background priority 189
kernel flash limit 191
kernel flash type 192
kernel no-change 193
kernel no-flush-at-exit 194
kernel no-install 195
kernel remnant-holdtime 196
kernel routes 197
kernel trace file 199
kernel trace flag 200
show kernel 204
Chapter 12 Martian AddressesOverview 207
martian 208
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
9/828
Table of Contents 9
Chapter 13 MulticastOverview 211
clear ip mroute 211
ip multicast boundary 212ip multicast ttl-threshold 213
show ip mroute 214
show ip multicast boundary 216
show ip multicast ttl-threshold 216
Chapter 14 Trace OptionsOverview 219
trace file 219trace flag 221
Chapter 15 Border Gateway Protocol (BGP)Overview 223
address-family 229
bgp always-compare-med 230
bgp as-path-loops 231
bgp bestpath as-path ignore 233
bgp bestpath compare-cluster-list-length 234
bgp bestpath compare-originator-id 235
bgp bestpath compare-router-id 236
bgp bestpath med confed 237
bgp bestpath med missing-as-worst 238
bgp cluster-id 239
bgp confederation identifier 240
bgp confederation peers 241
bgp non-leading-confeds 242bgp open-on-accept 244
bgp pass-optional-nontrans 245
bgp restart-defer 246
bgp restart-delete-remnants 247
bgp restart-time 248
bgp restart-timeout 249
bgp router-id 251
bgp send-group-always 252
bgp tie-break-on-age 253
clear ip bgp 254
default-metric 255
distance 256
distribute-list 257
enable 259
maximum-routes 260
neighbor add-communities 261
neighbor aggregator-id 263neighbor allow 264
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
10/828
10
neighbor as-loop 266
neighbor as-override 267
neighbor aspath-prepend 269
neighbor capability orf comm-filter 270
neighbor capability orf extcomm-filter 271
neighbor capability orf prefix-filter 273
neighbor cluster-id 274
neighbor distance 275
neighbor dynamic 277
neighbor enable 278
neighbor end-of-rib 279
neighbor export-localpref 280
neighbor graceful-restart 281neighbor ignore-leading-as 283
neighbor import-localpref 284
neighbor keep 285
neighbor keepalives-always 287
neighbor local-as 288
neighbor log-up-down 290
neighbor maximum-routes 291
neighbor metric-out 293
neighbor multi-protocol-nexthop 294neighbor next-hop-self 296
neighbor orf comm-list 297
neighbor orf extcomm-list 298
neighbor orf prefix-list 299
neighbor out-delay 301
neighbor passive 302
neighbor password 303
neighbor pedantic 304
neighbor peer-group 305
neighbor preference2 307
neighbor receive-buffer 308
neighbor remote-as 310
neighbor remove-private-as 311
neighbor route-map 312
neighbor route-reflector-client 313
neighbor route-to-peer 315
neighbor send-buffer 316neighbor send-community 317
neighbor soft-reconfiguration inbound 319
neighbor timers 320
neighbor ttl 321
neighbor update-source 323
neighbor use-med 324
neighbor v4-gateway 326
neighbor version 327
network 328
preference2 330
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
11/828
Table of Contents 11
redistribute 331
router bgp 333
show ip bgp 334
show ip bgp instance 336
show ip bgp neighbors 337
show ip bgp orf 338
show ip bgp paths 340
show ip bgp peer-group 340
show ip bgp summary 342
timers bgp 343
trace file 345
trace flag 346
Chapter 16 Internet Control Message Protocol (ICMP)Overview 349
router icmp 350
trace file 351
trace flag 352
Chapter 17 Fast Open Shortest Path First (OSPF)Overview 355router ospf 361
advertise-subnet 362
authentication 364
compatible rfc1583 366
dead-interval 368
distance 369
enable 370
enable-te 371hello-interval 372
igp-shortcut 374
inherit-metric 375
monitor-auth-key 376
multicast-rib 377
network area 378
nssa-inherit-metric 379
nssa-stability-interval 380
poll-interval 381priority 383
redistribute 384
redistribute-nssa 387
require-vbit 388
restart-allow-changes 389
restart-enable 390
restart-max-sync-time 392
restart-type 393
retransmit-interval 394
router-id 396
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
12/828
12
timers spf 397
trace file 398
trace flag 399
transmit-delay 402
area advertise-subnet 403
area authentication 404
area dead-interval 407
area filter 409
area hello-interval 410
area nssa 411
area nssa-range 413
area nssa-translate-always 414
area poll-interval 415area priority 417
area range 419
area retransmit-interval 420
area stub 422
area stubhost 423
area stubnetwork 424
area transmit-delay 426
area virtual-link 427
default-metric 429default-nssa-metric 430
default-nssa-type 431
default-preference 432
default-tag 433
default-type 434
advertise-subnet 436
allow-all 437
authentication 438
cost 441
dead-interval 442
enable 444
hello-interval 445
neighbor 446
network 448
no-multicast 449
passive-interface 450
poll-interval 451priority 452
retransmit-interval 454
traffic-eng administrative-weight 455
traffic-eng attribute-flags 457
traffic-eng bandwidth 458
transmit-delay 459
ip ospf advertise-subnet 461
ip ospf allow-all 462
ip ospf area 463
ip ospf authentication 464
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
13/828
Table of Contents 13
ip ospf cost 467
ip ospf dead-interval 468
ip ospf enable 469
ip ospf hello-interval 470
ip ospf neighbor 471
ip ospf network 473
ip ospf no-multicast 474
ip ospf passive-interface 475
ip ospf poll-interval 476
ip ospf priority 477
ip ospf retransmit-interval 479
ip ospf traffic-eng administrative-weight 480
ip ospf traffic-eng attribute-flags 481ip ospf traffic-eng bandwidth 483
ip ospf transmit-delay 484
show ip ospf 485
show ip ospf border-routers 486
show ip ospf database 487
show ip ospf interface 488
show ip ospf neighbor 490
show ip ospf request-list 491
show ip ospf retransmission-list 492show ip ospf summary-address 493
show ip ospf virtual-links 494
Chapter 18 Redirect ProcessingOverview 495
ip redirect 495
router redirect 496
trace file 497trace flag 498
Chapter 19 Router DiscoveryOverview 501
ip router-discovery address-policy 502
ip router-discovery enable 504
ip router-discovery trace file 505
ip router-discovery trace flag 506router-discovery lifetime 508
router-discovery maximum-interval 509
router-discovery minimum-interval 511
Chapter 20 Routing Information Protocol (RIP)Overview 513
router rip 517
default-metric 518distribute-list 519
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
14/828
14
ecmp 522
enable 523
flash-update-time 524
ignore-host-routes 525
ignore-must-be-zero 526
network 527
preference 529
query-authentication 530
redistribute 532
send-updates 535
source-gateways 537
split-horizon 538
term-updates 540timers basic 541
trace file 543
trace flag 544
trusted-gateways 546
ip rip authentication 548
ip rip enable 550
ip rip metric-in 551
ip rip metric-out 552
ip rip no-receive 553ip rip no-send 554
ip rip secondary-authentication 555
ip rip version 558
show ip rip database 560
show ip rip gateway-summary 562
Chapter 21 SNMP Multiplexing (SMUX)Overview 565smux password 566
smux port 567
smux trace file 568
smux trace flag 569
Chapter 22 Distance Vector Multicast Routing Protocol (DVMRP)Overview 571
ip dvmrp 572ip dvmrp default-metric 573
ip dvmrp disable 574
ip dvmrp distance 575
ip dvmrp metric-offset 576
ip dvmrp nodvmrpout 577
ip dvmrp noretransmit 578
ip dvmrp prune-lifetime 579
ip dvmrp trace file 581
ip dvmrp trace flag 582
ip dvmrp unicast-routing 585
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
15/828
Table of Contents 15
show ip dvmrp interfaces 586
show ip dvmrp neighbors 588
show ip dvmrp route 589
tunnel mode dvmrp 591
Chapter 23 Internet Group Management Protocol (IGMP)Overview 593
clear ip igmp group 594
ip igmp 596
ip igmp ignore-v1-messages 597
ip igmp ignore-v2-messages 598
ip igmp last-member-query-count 599
ip igmp last-member-query-interval 601ip igmp query-interval 603
ip igmp query-max-response-time 605
ip igmp require-router-alert 607
ip igmp robustness 608
ip igmp send-router-alert 610
ip igmp startup-query-count 611
ip igmp startup-query-interval 613
ip igmp static-group 615ip igmp trace file 617
ip igmp trace flag 618
ip igmp version 620
show ip igmp groups 621
show ip igmp interface 626
show ip igmp interface-summary 630
show ip igmp static-groups 631
Chapter 24 Protocol Independent MulticastOverview 633
ip pim assert-holdtime 634
ip pim dr-priority 636
ip pim hello-holdtime 637
ip pim hello-interval 638
ip pim jp-holdtime 639
ip pim jp-interval 641
ip pim lan-delay 642ip pim mrt-interval 643
ip pim mrt-stale-multiplier 644
ip pim override-interval 645
ip pim triggered-hello-delay 646
show ip pim control-counters 647
show ip pim interface 649
show ip pim neighbor 652
Chapter 25 Protocol Independent Multicast - Dense Mode (PIM-DM)
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
16/828
16
Overview 655
ip pim dense-mode 656
ip pim graft-retry-interval 657
ip pim require-genid 658
ip pim source-lifetime 659
ip pim state-refresh-capable 660
ip pim state-refresh-interval 661
ip pim state-refresh-rate-limit 662
ip pim state-refresh-ttl 663
ip pim dense trace file 664
ip pim dense trace flag 666
show ip pim dense-mode interface-summary 668
show ip pim dense-mode mrt 669show ip pim dense-mode mrt-summary 671
show ip pim grafts 672
Chapter 26 Protocol Independent Multicast - Sparse Mode (PIM-SM)Overview 675
ip pim associate-msdp 676
ip pim bsr-admin-scope 677
ip pim bsr-border 678ip pim bsr-candidate 680
ip pim bsr-candidate global 681
ip pim bsr-candidate group 682
ip pim bsr-candidate interval 683
ip pim bsr-candidate priority 684
ip pim bsr-holdtime 685
ip pim dr-switch-immediate 686
ip pim mrt-spt-multiplier 687
ip pim probe-interval 689ip pim register-suppression-timeout 690
ip pim rp-address 691
ip pim rp-candidate 692
ip pim rp-candidate advertisement-interval 693
ip pim rp-candidate group 694
ip pim rp-candidate holdtime 696
ip pim rp-candidate priority 697
ip pim rp-switch-immediate 698
ip pim sparse-mode 699
ip pim threshold 700
ip pim threshold-dr 701
ip pim threshold-rp 703
ip pim trace file 704
ip pim trace flag 706
ip pim whole-packet-checksum 708
show ip pim bsr-router 709
show ip pim cbsr 710show ip pim rp 711
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
17/828
Table of Contents 17
show ip pim rp-candidate 712
show ip pim rp-hash 713
show ip pim sparse-mode join-prune xmit 713
show ip pim sparse-mode mrt 714
Chapter 27 Access ListsOverview 717
access-list 717
access-list sequence-number 720
ip access-list sequence-number 721
ip access-list standard 722
permit | deny 723
show access-list 725show ip access-list 727
Chapter 28 AS Paths and AS Path ListsOverview 731
ip as-path access-list 733
ip as-path name 734
show ip as-path-access-list 736
show ip bgp paths 737
Chapter 29 BGP Communities and Community ListsOverview 739
ip community-list 739
ip community-set 741
Chapter 30 Prefix Lists and Prefix TreesOverview 745ip prefix-list 745
ip prefix-list sequence-number 747
ip prefix-tree 749
show ip prefix-list 751
show ip prefix-tree 752
Chapter 31 Route Aggregation and GenerationOverview 755
aggregate-address 756
router aggregate 761
Chapter 32 Route Flap DampingOverview 763
dampen-flap 764
keep-history 764
max-flap 765
reach-decay 767
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
18/828
18
reach-tick 768
reuse-below 769
suppress-above 770
unreach-decay 771
Chapter 33 Route MapsOverview 773
match aggregate-contributors 774
match as 775
match as-path 777
match as-path-list 778
match community 779
match community-set 781match distance 782
match extended-community-set 783
match instance 785
match interface 786
match ip address access-list 787
match ip address prefix-list 788
match ip address prefix-tree 789
match ip gateway 791
match ip next-hop 792
match ip route-source prefix-tree 793
match localpref 794
match med 795
match metric 796
match metric-type 797
match protocol 798
match ribs 799
match tag 800route-map 801
set as-path prepend 802
set community-set 803
set dampen-flap 805
set ip next-hop 806
set local-preference 807
set med 808
set metric 809
set metric-type 810
set origin 811
set preference 813
set propagate 814
set ribs 815
set tag 816
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
19/828
19
CHAPTER 1
Introduction
In This Chapter
OverviewThank you for using SecurePlatform NGX (R60). This document describes how to
install and configure SecurePlatform NGX (R60).
SecurePlatform NGX (R60) is distributed on a bootable CD ROM which includes
Check Points NGX (R60) product suite comprising: VPN-1 Pro, Check Point QoS,
SmartView Monitor, Policy Server, and UserAuthority Server.
The SecurePlatform NGX (R60) CD ROM can be installed on any PC with an Intel
Pentium III/IV, or AMD Athlon CPU. SecurePlatform NGX (R60) includes a
customized and hardened operating system, with no unnecessary components that
could pose security risks. The system is pre-configured and optimized to perform its
task as a network security device, requiring only minimal user configuration of basic
elements, such as IP addresses, routes, etc.
On most systems, this installation process runs less than five minutes, resulting in a
network security device ready to be deployed.
SecurePlatform allows easy configuration of your computer and networking aspects, as
well as the Check Point products installed. An easy-to-use shell provides a set of
commands, required for easy configuration and routine administration of a security
system, including: network settings, backup and restore utilities, upgrade utility, system
Overview page 19
SecurePlatform Hardware Requirements page 20
SecurePlatform Pro page 20
SecurePlatform Hardware Requirements
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
20/828
SecurePlatform Hardware Requirements
20
log viewing, control, and much more. A Web GUI enables most of the administration
configuration, as well as the first time installation setup, to be performed from an easy
touse Web interface.
SecurePlatform Hardware RequirementsOn SecurePlatform, the minimum hardware requirements for installing a VPN-1 Pro
SmartCenter Server, Enforcement Module or SmartPortal are:
Intel Pentium III 300+ MHz or equivalent processor
4 GB free disk space
256 Mbytes (512 Mbytes recommended) One or more supported network adapter cards
CD-ROM Drive (bootable)
1024 x 768 video adapter card
For details regarding SecurePlatform on specific hardware platforms, see
http://www.checkpoint.com/products/supported_platforms/recommended.html
SecurePlatform ProSecurePlatform Pro is an enhanced version of SecurePlatform. SecurePlatform Pro adds
advanced networking and management capabilities to SecurePlatform such as: Dynamic routing
Radius authentication for SecurePlatform administrators
To install SecurePlatform Pro select the SecurePlatform Pro option during the
installation.
To convert regular SecurePlatform to SecurePlatform Pro, from the expert mode
command line run: pro enable.
For information about RADIUS support, see: How to Authenticate Administrators via
RADIUS on page 78
Note - For more information about the recommended configuration of high-
performance systems running Check Point Performance Pack, see the Performance
Pack Guide.
Note - SecurePlatform Pro requires a separate license that must be installed on theSmartCenter Server that manages the SecurePlatform Pro enforcement modules.
http://www.checkpoint.com/products/supported_platforms/recommended.htmlhttp://www.checkpoint.com/products/supported_platforms/recommended.html7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
21/828
Chapter 1 Introduction 21
For information regarding advanced routing, see the SecurePlatform Pro & Advanced
Routing Command Line Interfaceguide.
For all intents and purposes, wherever the name SecurePlatform is used, SecurePlatform
Pro is implicitly included.
SecurePlatform Pro
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
22/828
22
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
23/828
23
CHAPTER 2
About this Manual
Overview
The Advanced Routing Suite CLI is provided as part of the SecurePlatform Pro
operating system. The CLI accepts user entered text commands and sends them to
Advanced Routing Suite. These commands can encode a configuration change as
well as queries for configuration information and dynamic protocol state.
This manual lists Advanced Routing Suite commands alphabetically within protocol
sections. For example, if you are looking for the authentication command in
RIP, look in Chapter 16, under the As. You can also use the Index to quickly
search for a command.
Audience
This manual is intended for VPN-1 Pro administrators and network engineers,responsible for enabling and maintaining network connectivity. It explains each
Advanced Routing Suite command in detail. You will need to understand basic
routing concepts and UNIX commands to understand this manual.
Fonts
Fonts in this manual consist of the following:
Command prompts are displayed in courier new format. For example,
(config-if)#
User-entered commands are displayed in bold, courier new format. For example,
(config-if)#interface fxp0
Advanced Routing Suite Command Line Interface Sections
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
24/828
24 Advanced Routing Suite - CLI
Advanced Routing Suite Command Line InterfaceSections
Most chapters in this manual consist of the following ten sections:
Overview (one per chapter)
Name
Syntax
Mode
Parameters
Descr iption
Default
Command History
Examples
See Also
Overview
Each chapter includes an Overview section. In most cases, this section describes a
protocol or policy. Unlike the remaining sections, each chapter includes only one
Overview section.
Name
The Name section lists the name and a short description of the command. For
example, the key command in RIP:
key - sets a RIP MD5 key
Syntax
The Syntax section lists the valid syntax configuration, including the no
configuration (where applicable). For example, configure the IGMP robustness to
be 4 using the following syntax:ip igmp robustness 4
Notation for parameters
In this manual, the allowed values for each parameter are listed similar to below:
Parameter:[max-sizesize[ k | m ] ] ?
Parameter:address-family [ ipv4 | ipv6 ] {0,2}
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
25/828
Chapter 1 About this Manual 25
The words in italics are user-entered commands that must be typed exactly as
shown. The words in italics give a type of value. Some common types are size, time,
or interface-name.
A pipe in a syntax (|) separates alternatives: one of them must occur. A double pipe
(A || B) means that either A or B or both must occur, in any order. Brackets ([])
are for grouping. Juxtaposition is stronger than the double bar, and the double bar
is stronger than the bar. Thus "a b | c || d e" is equivalent to "[ a b ] | [
c || [ d e ]]".
A pair of numbers in curly braces ({A,B}) indicates that the preceding type, word
or group is repeated at least A and at most B times.
Note: A question mark (?) indicates that the preceding type, word or group is
optional.
Therefore, in the preceding example, specifying amax-size is optional. However, if
you do specify amax-size, you must enter a value for the sizeand specify eitherk
orm.
Mode
The Mode section shows the modes in which the command is valid. Some
commands are valid in multiple modes. For those, the Description section details
how the affects of those configurations differ in Advanced Routing Suite.
Parameters
The Parameters section lists the information that is accepted in the referenced
configuration. It includes a description of what sort of parameter Advanced
Routing Suite expects (for example, the number of seconds for a query), and the
range of values Advanced Routing Suite expects. (For example, the startup-query
interval in IGMP accepts a value between 0 and 31744.)
Note: If the parameter is a value that is user-define, such as a time or a name, then
the parameter is displayed in italics (for example, timeorvalue). If the parameter isone of several predetermined options, such as version 1, 2, or 3 in IGMP, then that
parameter is displayed in bold courier new format (for example, version 3).
Description
The Description section includes a detailed description of the configuration.
Advanced Routing Suite Command Line Interface Sections
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
26/828
26 Advanced Routing Suite - CLI
Default
The Default section includes the default value(s) of the command and its content.
Command History
The Command History section indicates when the command was first introduced.
It can also indicate whether the command, its defaults, or any of its parameters have
changed.
Examples
The Examples section lists valid configurations for a specified command.
See Also
Some commands will include a relevant See Also section. The See Also section lists
other commands or sections of this guidethat might be useful. In addition, other
publicly available documents, such as RFCs, may be listed here.
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
27/828
27
CHAPTER 3
Preparing to InstallSecurePlatform
In This Chapter
Preparing the SecurePlatform Machine
SecurePlatform installation can be done from a CD drive, from a diskette, or from a
network server, using a special boot diskette.
Before you begin the SecurePlatform installation process, ensure that the following re-quirements are met:
If the target computer has a CD drive, make sure that the system BIOS is set to reboot
from this drive as the first boot option (this BIOS Setup Feature is usually named Boot
Sequence).
If your target computer cannot boot from a CD drive, or if you wish to install using a
remote file server, refer to Network Installation Using a Boot Diskette on page 34,for instructions on how to create a boot diskette.
Preparing the SecurePlatform Machine page 27
Hardware Compatibility Testing Tool page 28 BIOS Security Configuration Recommendations page 31
Warning - The installation procedure erases all hard disks, so the former operatingsystem cannot be recovered.
Hardware Compatibility Testing Tool
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
28/828
28
Hardware Compatibility Testing Tool
In This Section
The Hardware Compatibility Testing Tool enables you to determine whether
SecurePlatform is supported on a specific hardware platform.
The utility is available for download as a CD ISO image (hw.iso). The ISO image can
be burned on the blank CD-R or on the CD-RW media, using a CD-burning tool.
The Hardware Compatibility Testing Tool should be run in the same way that would be
used to install SecurePlatform on the hardware platform (for example, boot from CD,
boot from diskette and installation through network etc.).
The tool detects all hardware components on the platform, checks whether they are
supported, and displays its conclusions: whether SecurePlatform can be installed on the
machine (supported I/O devices found, support mass storage device was found), and
the number of supported and unsupported Ethernet controllers detected.
The user can view detailed information on all the devices, found on the machine.
The user can save the detailed information on a diskette, on TFTP server, or dump it
via the serial port. This information can be submitted to Check Point Support in orderto add support for unsupported devices.
The tool makes no modifications to the tested hardware platform, so it is safe to use.
Note - SecurePlatform can be installed on a computer, without a keyboard or VGA display, by
using a serial console, attached to a serial port.
Getting Started page 29
Using the Hardware Compatibility Testing Tool page 31
Note - You must specify that you are burning CD image and not single file.
Note - SecurePlatform requires the following hardware:
I/O Device (either Keyboard & Monitor, or Serial console).
mass storage device
at least one supported Ethernet Controller (If SecurePlatform is to be configured as aVPN-1 Pro gateway, more than one controller is needed)
Getting Started
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
29/828
Chapter 3 Preparing to Install SecurePlatform 29
Getting Started
In This Section
The user can run the tool either by booting from the CD that contains it, booting from
a disk and accessing a local CD, or booting from a diskette and accessing the CD
through the network.
If no keyboard and monitor are connected to the hardware platform, the serial console
can be used to perform the hardware detection.
Booting from the CD
To boot from the CD:
1 Configure the BIOS of the machine to boot from the CD drive.
2 Insert the CD into the drive.
3 Boot the machine.
Booting from a Diskette and Accessing a Local CD
This option should be used when the hardware platform cannot be configured to boot
from the CD drive (but will boot from a diskette), and has a CD drive.
To boot from a diskette and access a local CD:
1 Insert the CD into the drive.
2 Insert a diskette into the drive.
3 Browse to your CDROM drive and select the SecurePlatform/images folder.
4 Drop the boot.img file on the cprawrite executable.
Alternatively, using NT command shell (cmd), run the following command (where
D: is the CD-ROM drive):
5 Boot the machine.
Booting from the CD page 29
Booting from a Diskette and Accessing a Local CD page 29
Booting from a Diskette and Accessing the CD over the Network page 30
D:\SecurePlatform\images\cprawrite.exe D:\SecurePlatform\images\boot.img
Hardware Compatibility Testing Tool
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
30/828
30
Booting from a Diskette and Accessing the CD over the Network
This option should be used when the machine to be tested has no CD drive. In this
case, there will be two machines participating:
the machine, in which you will insert the CD
the machine, on which you will run the tool
To boot from a diskette and access a CD over the network:
On the Machine with the CD Drive
Proceed as follows:
1 Insert the CD into the drive of a (Microsoft Windows-based) machine.
2 Insert a diskette into its diskette drive.
3 Browse to the CD drive and select the SecurePlatform/images folder.
4 Drop the bootnet.img file on the cprawrite executable.
Alternatively, using NT command shell (cmd), run the following command (where
D: is the CD-ROM drive):
This step writes files to the diskette, which you will transfer to the other machine
(the machine on which the tool will be run).
5 Make the contents available on the network, either by allowing access to the CDdrive, or by copying the CD to a hard disk and enabling access to that disk (for
example, by FTP, HTTP, or NFS).
On the Machine You Are Testing
Proceed as follows:
1 Insert the diskette you created in step 4, above, into the diskette drive of the
machine you are testing.
2 Boot the machine.
3 Configure the properties of the interface, through which this machine is connected
to the network, including its IP address, Netmask, default gateway and DNS.
You can choose to configure this interface as a dynamic IP address interface.
4 Enable access to the files on the machine with the CD drive (see step 5).
5 Specify the following settings for the other machine:
D:\SecurePlatform\images\cprawrite.exe D:\SecurePlatform\images\bootnet.img
Using the Hardware Compatibility Testing Tool
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
31/828
Chapter 3 Preparing to Install SecurePlatform 31
IP address, or hostname
Package Directory
user/password (if necessary)
6 If you are installing using a serial console, instead of the keyboard and monitor,
make sure that your terminal emulation software is configured as follows:
9600 Baud rate
8 data bits
no parity
no flow control
Using the Hardware Compatibility Testing Tool
The hardware tool automatically tests the hardware for compatibility.
When it finishes, the tool displays a summary page with the following information:
statement whether the Platform is suitable for installing SecurePlatform
number of supported and unsupported mass storage devices found
number of supported and unsupported Ethernet Controllers found
Additional information can be obtained by pressing the Devices button. The devices
information window lists all the devices, found on the machine (grouped according tofunctionality).
Use the arrow keys to navigate through the list.
Pressing Enter on a specific device displays detailed information about that device.
The detailed information can be saved to a diskette, to a TFTP Server, or dumped
through the Serial Console. This action can be required in cases where some of the
devices are not supported.
BIOS Security Configuration Recommendations
The following are BIOS configuration recommendations:
Disable the boot from floppy option in the system BIOS, to avoid unauthorized
booting from a diskette and changing system configuration.
Apply a BIOS password to avoid changing the BIOS configuration. Make sure youmemorize the password, or keep it in a safe place.
Note - A simple, nave detection tool is included on the boot diskette. If for some reason,the complete detection tool is unavailable (e.g., the CDR drive is not supported), you can stilluse the simple tool to get some information on your hardware. The simple tool is availablefrom the Installation Method screen, by pressing the Probe Hardware button.
BIOS Security Configuration Recommendations
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
32/828
32
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
33/828
33
CHAPTER 4
Installation
In This Chapter
The available methods for installing SecurePlatform are from CD, floppy disk, or a
network. These methods load a linux kernel, and a ramdisk, with a minimal
environment, into memory, and then proceed to run the installer found on the ramdisk.
The CD installer fetches the packages from the CD.
Installation Using the Network page 34
Installation on Computers without Floppy or CDROM Drives page 40
Installation Using the SecurePlatform CD page 40
Upgrading page 42
Installation Using the Network
ll i i h k
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
34/828
34
Installation Using the Network
In This Section
When installing from a floppy, the user is requested to specify a source for the packages
to be installed (FTP, HTTP, or an NFS image). A network installation loads kernel and
ramdisk from a server, and then proceeds the same way as a floppy installation.
Network Installation Using a Boot Diskette
In This Section
SecurePlatform can be installed using the network, by locating the CD distribution files
on a remote file server, accessible by the target machine. Three types of servers (and
protocols) can be used:
FTP
HTTP (web)
NFS
In order to perform a network based installation:
1 Prepare the file server.
2 Boot the target machine from the SecurePlatform boot diskette.
3 Point the installation program to your server.
Preparing a Network Installation ServerPrepare a Network Installation server by locating the CD distribution files on one of
the supported remote file servers.
Network Installation Using a Boot Diskette page 34
Preparing a Network Installation Server page 34
Preparing a Network Installation Boot Diskette page 36
Installation Process page 36
Note - A Windows machine cannot be used as an FTP, or HTTP server for installation.
Network Installation Using a Boot Diskette
FTP
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
35/828
Chapter 4 Installation 35
FTP
To prepare an FTP server as the Network Installation server:
1 Install an FTP server on a machine in your local network, or use an existing server.
2 Create a user account. (FTP installation can be either anonymous, or
authenticated.)
3 Create a file server directory that will accommodate the distribution files, and thatcan be accessed by an FTP client.
4 Copy the directory SecurePlatform from the SecurePlatform CD to the file server
directory, created in step 3.
5 Test the FTP connectivity from a remote machine, before performing theinstallation.
HTTP
To prepare an HTTP server as the Network Installation server:
1 Install an HTTP server on a machine in your local network, or use an existing
server.
2 Create a directory that will accommodate the distribution files and that can be
accessed by an HTTP client.
3 Copy the directory SecurePlatform from the SecurePlatform CD to the file server
directory, created in step 2.
4 Test accessing the relevant URL from a remote machine, before performing the installation.
NFS
To prepare an NFS server as the Network Installation server:
1 Install an NFS server on a machine, in your local network, or use an existing server.
2 Create a new directory, under a shared subdirectory, that will accommodate the
distribution files, and that can be accessed by an NFS client.
Note - You will use the user account and path to access the files.
Note - You will use the URL to access the files.
Installation Using the Network
3 C th di t S Pl f f th S Pl f CD t th fil
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
36/828
36
3 Copy the directory SecurePlatform from the SecurePlatform CD to the file serverdirectory, created in step 2. Alternatively, you can export mount the CD itself.
4 Test accessing the mounted directory from a remote machine, before performingthe installation.
Preparing a Network Installation Boot Diskette
You can install SecurePlatform from the network, using an FTP, HTTP, or NFS server.To do so, you must prepare a special network installation boot diskette, using the
cpawrite utility.
You will need the following:
a clean (formatted) 1.44 inch diskette
the SecurePlatform CD
a Windows PC1 Insert the diskette and the CD into the PC.
2 Browse the CD to SecurePlatform/Images.
3 Drag the bootnet.img file to the cpawrite icon.
This will start the process that creates the network installation boot diskette.
Installation ProcessTo install SecurePlatform, using an FTP, HTTP, or NFS server:
1 Insert the floppy Boot Diskette that you created into the floppy drive and bootfrom there.
After rebooting, the SecurePlatform with Application Intelligence Installation screen
is displayed.
2 Click Enter to confirm the installation. If you choose not to continue,you will be
asked to remove the CD, or the diskette, and to reboot.
After confirmation, the Welcome menu is displayed.
Note - You will use the path to access the files.
Network Installation Using a Boot Diskette
FIGURE 4-1 SecurePlatform Installation Welcome menu
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
37/828
Chapter 4 Installation 37
FIGURE 4 1 SecurePlatform Installation Welcome menu
3 Select OK and press Enter. The Installation Method menu is displayed:
FIGURE 4-2 Installation Method menu
4 Select one of the following network installation methods, select OK,and press Enter.
NFS image
FTP
Installation Using the Network
HTTP
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
38/828
38
HTTP
The Interface Selection menu is displayed.
FIGURE 1-1 Interface Selection menu
5 Select the Network Interface Card, connected to the network, where the file serveris running, select OK and press Enter.
The Configure TCP/IP menu is displayed.
FIGURE 1-2 Configure TCP/IP menu
Network Installation Using a Boot Diskette
6 Specify the IP settings for this machine, select OK and press Enter. These IP setting
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
39/828
Chapter 4 Installation 39
6 Specify the IP settings for this machine, select OK and press Enter. These IP settingwill be used to create a TCP session to the file server, and will remain valid after
installation is completed.
Depending on your Network Installation Method (FTP, HTTP, NFS) a selectionwindow, asking for session parameters, will be displayed.
7 Enter the session details, select OK and press Enter. When asked for a path, enter thepath to the directory where SecurePlatform resides. If you are using non-
anonymous FTP, you will be asked for the account details.
The installation program will read the distribution files from the network, and the
Welcome menu (FIGURE 4-1 on page 37) will be displayed.
8 Refer to Installation Using the SecurePlatform CD step 3 on page 40 to continuethe installation process.
Note - Do not disconnect the network connection until you are asked to reboot the targetcomputer.
Installation on Computers without Floppy or CDROM Drives
Installation on Computers without Floppy or CDROM
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
40/828
40
Installation on Computers without Floppy or CDROMDrives
You must set up a server for network installation, and perform some client setup on the
host, on which SecurePlatform is being installed. For more detailed information, referto Installation on Computers without Floppy or CDROM Drives on page 139.
Installation Using the SecurePlatform CD
To install SecurePlatform, using the SecurePlatform CD:
1 Choose one of the following:
Insert the SecurePlatform CD into the CD drive and reboot the computer from
the SecurePlatform NGX CD, or
Insert the diskette you created into the floppy drive and boot from there.
After rebooting, the SecurePlatform NGX screen is displayed.
2 Select Enter to confirm the installation. If you do not press Enter, within a pre-designated interval, the computer will reboot from the hard disk.
After confirmation, the Welcome menu is displayed.
3 If you select Device List, the Hardware Scan Details menu is displayed. You can
select an item to get more information.The Hardware device categories include: OTHER DEVICES, NETWORK DEVICES and
AUDIO DEVICES. The information per hardware device includes: class, bus, driver,
device, detached, vendor Id, device Id, subVendor Id, subDevice Id and pci Type.
Press Back to return to the Hardware Scan Details menu. You can save the device
information to: Floppy, TFTP, orSerial.
4 If you select Add Driver, the Devices menu is displayed. You are asked if you have a
driver disk.
5 If you select Yes, you are prompted to insert your driver disk and press OK to
continue.
Note - Switch between available options using the Tab key.
Note - There are cases in which updated hardware is incompatible with the previousversions driver. You may receive an error at installation because the operating system couldnot find the appropriate hard disk driver. Alternatively, installation may be completed, butthe hardware does not function properly. The Add Driver feature solves this problem byenabling you to add the missing driver, at installation time.
Network Installation Using a Boot Diskette
6 If you select OK, the driver is installed.
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
41/828
Chapter 4 Installation 41
7 Select OK to proceed with the installation, orCancel to abort it.
The Keyboard Selection menu is displayed.
8 Select a keyboard type and select OK.
9 In the Network Interface Configuration menu, specify the Management Interface IPaddress, netmask and default gateway of the first network interface (eth0 on most
systems), and select OK.
After completing the installation, and rebooting the computer, connect your
browser to this IP address and complete the setup. This interface can be used to
access the SecurePlatform computer, after the installation is complete.
10 In the HTTPS Server Configuration menu, specify whether to enable SecurePlatform
to be configured using HTTPS, and on which port.
The Confirmation menu is displayed.
11 Select OK to proceed, orCancel to abort the installation process.
The following installation operations are performed:
hard drive formatting
package installation
post installation proceduresThis step can take several minutes, after which the Installation Complete menu is
displayed.
12 Select OK to complete the installation.
13 The system will now reboot. Make sure to remove the CD, or diskette that youused during the installation process. On most systems the CD will be ejected
automatically after selecting OKin the Installation Complete menu.
Warning - The installation procedure erases all the information on the hard disk.
Upgrading
Upgrading
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
42/828
42
pg g
In This Section
Introduction
SecurePlatform allows easy configuration of your computer and networking aspects, as
well as the Check Point products installed. An easy-to-use shell provides a set of
commands, required for easy configuration and routine administration of a security
system, including: network settings, backup and restore utilities, upgrade utility, system
log viewing, control, and much more. A Web GUI enables most of the administration
configuration, as well as the first time installation setup, to be performed from an easy
touse Web interface.
This chapter describes how to upgrade to SecurePlatform NGX.
Planning the Upgrade Process
To upgrade a SecurePlatform and all the Check Point products installed on it, you
should use the upgrade package located on the Product CD. The CD can be used to
upgrade SecurePlatform via the command line or using SmartUpdate.
Backup Command
The SecurePlatform upgrade process offers you two backup scenarios:
A Safe Upgrade that takes an automatic snapshot of the entire systems state so that
it can be restored if something goes wrong during the upgrade process. A manual backup, using the backup command as described in the following two
sections.
Backup Command for NG with Application Intelligence and Earlier
When backing up NG with Application Intelligence and earlier use the following
syntax.
Introduction page 42
Planning the Upgrade Process page 42
Upgrading SecurePlatform page 45
Note - When upgrading SecurePlatform all Check Point products installed on yourSecurePlatform server will be automatically upgraded as well.
Planning the Upgrade Process
Syntax
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
43/828
Chapter 4 Installation 43
Parameters
Backup Command for NG with Application Intelligence R55 and Later
When backing up NG with Application Intelligence R55 and later use the followingsyntax.
Syntax.
backup(system | cp | all) [tftp ]
TABLE 4-1 Parameters for SecurePlatform backup
parameter meaning
system backup system configuration
cp backup Check Point products configuration
all backup all of the configuration
name name of backup (to be restored to)
[tftp ] IP address of tftp server on which the configuration will be
backed up
backup [-h] [-d] [--purge DAYS] [--sched [on hh:mm | ] | off] [[--tftp []] |[--scp []] |[--file ]]
Note - 0 is not a valid option when using the backup utility with the purge option, forexample: backup --purge 0
Upgrading
Parameters
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
44/828
44
Patch Command
The Patch command enables you to install software products, patches, etc., on a
SecurePlatform operating system.The Patch command can access the following locations to fetch software packages:
TFTP server
CD ROM drive
TABLE 4-2 Backup Parameters
parameter meaning
-h obtain usage
-d debug flag
--purge DAYS delete old backups from previous backup attempts
[--sched [on hh:mm | ] | off]
schedule interval at which backup is to take place
On - specify time and day of week or day of
month
Off - disable schedule
--tftp []
List of IP addresses of TFTP servers, on which the
configuration will be backed up, and optionally the
filename. The ServerIPList is a list of server names
separated by commas (w/o spaces), like this:
192.168.1.1,192.168.1.2. The list can also contain one
IP, in which case there is no need for a comma.--scp []
List of IP addresses of SCP servers, on which the
configuration will be backed up, the username and
password used to access the SCP Server, and
optionally the filename.
--file When the backup is performed locally, specify an
optional filename
Note - If a Filename is not specified, a default name will be provided with the followingformat: backup_day of month_month_year_hour_minutes.tgz forexample:\backup_13_11_2003_12_47.tgz
Upgrading SecurePlatform
A specific location on the local hard drive.
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
45/828
Chapter 4 Installation 45
Syntax
Parameters
Upgrading SecurePlatform
In This Section
This section describes how to upgrade to SecurePlatform NGX.
Note - When upgrading to NGX R60, only patch add CD can be used.
patch add tftp patch add cd patch add patch log
TABLE 4-3 Patch Parameters
parameter meaning Shell
add install a new patch Expert/Restricted
log list all patches installed Expert/Restricted
cd install from CD Expert/Restricted
tftp install from TFTP server Expert/Restricted
ipIP address of the tftp server containing
the patch
Expert/Restricted
patch_name the name of the patch to be installed Expert/Restricted
password password, in expert mode Expert/Restricted
full_patch_paththe full path for the patch file (for
example, /var/tmp/mypatch.tgz)
Expert
VPN-1 Gateway Upgrade on SecurePlatform R54, R55 and Later Versions page 46
VPN-1 Gateway Upgrade on SecurePlatform NG FP2, FP3, FP3 Edition 2
page 47
Upgrading
SecurePlatform can be upgraded using the SecurePlatform NGX R60 CD ROM with
a # patch add cd commnd For the various Patch command options refer to Patch
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
46/828
46
a # patch add cd commnd. For the various Patch command options refer to Patch
Command on page 44.
VPN-1 Gateway Upgrade on SecurePlatform R54, R55 and LaterVersions
Upgrading to NGX (R60) over a SecurePlatform operating system requires updating
both operating system and software products installed. SecurePlatform users shouldfollow the relevant SecurePlatform upgrade process.
The process described in this section results in an upgrade of all components (Operating
System and software packages) in a single step. No further upgrades are required.
Using a CD ROM
The following steps depict how to upgrade SecurePlatform R54 and later versions using
a CD ROM drive.
1 Log into SecurePlatform (Expert mode is not necessary).
2 Apply the SecurePlatform NGX (R60) upgrade package:
# patch add cd.
3 Verify the MD5 checksum.
4 Answer the following question:Do you want to create a backup image for automatic revert? Yes/No
If you select Yes, a Safe Upgrade will be performed.
Safe Upgrade automatically takes a snapshot of the entire system so that it can be
restored if something goes wrong during the Upgrade process (for example,
hardware incompatibility). If the Upgrade process detects a malfunction, it will
automatically revert to the Safe Upgrade image.
When the Upgrade process is complete, upon reboot you will be given the option
to manually choose to start the SecurePlatform operating system using the upgraded
version image or using the image prior to the Upgrade process.
Note - Upgrading to SecurePlatform NGX R60 from an upgrade file is not supported.
Upgrading SecurePlatform
VPN-1 Gateway Upgrade on SecurePlatform NG FP2, FP3, FP3Edition 2
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
47/828
Chapter 4 Installation 47
Upgrading to NGX R60 over a SecurePlatform operating system requires updating
both operating system and software products installed. SecurePlatform users should
follow the relevant SecurePlatform upgrade process.
The process described in this section results in an upgrade of all components (Operating
System and software packages) in a single step. No further upgrades are required.
Refer to NGX (R60) SecurePlatform Guidefor additional information.
Upgrading pre R54 versions requires an upgrade of the patch command.
1 Insert the SecurePlatform NGX (R60) CD into the drive.
2 Enter the Expert mode: # expert.
3 Upgrade the patch command by selecting the following option:
Update the patch command using a CD ROM drive:# mount /mnt/cdrom
# patch add /mnt/cdrom/SecurePlatform/patch/CPpatch_command_*.tgz.
4 Apply the SecurePlatform NGX (R60) upgrade package by using a CD ROMdrive using the following command:
# patch add cd.
5 Verify the MD5 checksum.
6 Answer the following question:Do you want to create a backup image for automatic revert? Yes/No
If you chose Yes, a Safe Upgrade will be performed.
Safe Upgrade automatically takes a snapshot of the entire system so that it can be
restored if something goes wrong during the Upgrade process (for example,
hardware incompatibility). If the Upgrade process detects a malfunction, it will
automatically revert to the Safe Upgrade image.
When the Upgrade process is complete, upon reboot you will be given the option
to manually choose to start the SecurePlatform operating system using the upgradedversion image or using the image prior to the Upgrade process.
Upgrading
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
48/828
48
CHAPTER 5
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
49/828
49
Configuration
In This Chapter
SecurePlatform enables easy configuration of your computer and networking setup, and
the Check Point products installed on them.
Using the Command LineThis section describes the sysconfig application, which provides an interactive menu
system for all configuration aspects. Configuration can also be done using command
line utilities provided by the SecurePlatform Shell. The SecurePlatform Shell is
discussed in SecurePlatform Shell on page 82.
First Time Setup Using the Command Line
After the installation from the CD has been completed, and the computer has been
rebooted, a first time setup is required in order to:
configure the network settings
apply the license
select which products will be installed
perform the SmartCenter initial setup, if selected
Perform the first time setup, as follows:
1 Run the sysconfig command from the console to configure SecurePlatform, using
a text interface.
Using the Command Line page 49
Using the Web Interface page 52
Using the Command Line
2 The command line setup wizard begins, and guides you through the first-timeconfiguration.
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
50/828
50
3 Select nto proceed to the next menu, orq to exit the Wizard, and press Enter.
4 If you selected nand pressed Enter,the Network Configuration menu options aredisplayed. They are:
1) Host Name (Set/Show Host Name)
2) Domain Name (Set/Show Domain Name)
3) Domain Name Servers (Add/Remove/Show Domain Name Servers)
4) Network Connections (Add/Configure/Remove/Show Connection)
5) Routing (Set/Show Default Gateway)
5 You must configure the following:
the computers name
the domain name, and up to three DNS servers
the computers network interfaces
the default gateway
6 Enter the desired option number and press Enter.
The Choose an action menu operation options are displayed.
7 Enter the desired operation option number and press Enter. (Select eand pressEnter to return to the previous menu.)
8 When you have completed the Network Configuration, select nand press Enter
to proceed to the next menu, Time and Date Configuration. (Select pand pressEnter to return to the previous menu, or select q and press Enter toexit the
Wizard.)
In the Time and Date Configuration menu you can enter the current date and time,
as well as setting the time zone.
Using sysconfig
Once you have performed the first time setup, via the command line setup wizard, you
can use sysconfig to modify your configuration.
To run sysconfig, login to SecurePlatform and entersysconfig at the prompt.
Note - This concludes the SecurePlatform operating system installation. For detailedinstallation instructions for a specific product, refer to the relevant documentation for thatproduct.
Using sysconfig
The sysconfig main menu lists various configuration items, (note that all configuration
items must be defined). We recommend step by step configuration, by addressing each
i i f h h
7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI
51/828
Chapter 5 Configuration 51
menu item in sequence, one after the other.
Select a menu item by typing the relevant number and pressing Enter. Selecting a mainmenu option displays an additional menu for setting or viewing various configuration
items. To return to the main menu, select the menu item Done. To quit, select Exit
from the main menu.
When selecting a set optio