Category: CheckPoint

Posted on

IP Appliance – Flash, Disk-based or Hybrid

IP Appliance – Flash, Disk-based or Hybrid

You can tell whether your IP Appliance is flash, disk-based or hybrid based on the mount points of the /var and /opt partitions:

  • On Disk-based systems, both the /var and /opt partitions are mounted on the hard disk (wd0)
  • On Flash-based (diskless) systems, the /var and /opt partitions are mounted on v9fs (a file system based in the RAM – loaded at startup)
  • On Hybrid systems (the HDD is used for local logging) the /opt partition is mounted on v9fs and the /var partition is mounted on the optional hard disk (wd1), assuming the customer has previously enabled the optional HDD for local logging as per kb article 1350934)

Use the “df -k” CLI command to verify your configuration as shown in the examples below. These apply to IP390, IP560 and IP12XX.

Disk-based installation verification information
————————————————————–

IPGW[admin]# df -k
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/wd0f 598029 85871 464316 16% /
/dev/wd0a 37556 32 34520 0% /config
/dev/wd0d 30978766 287029 28213436 1% /var
/dev/wd0e 5268700 268396 4578808 6% /opt
procfs 4 4 0 100% /proc

Flash-Only installation verification information
————————————————————–

IPGW[admin]# df -k
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/wd0f 266383 44080 200993 18% /
v9fs 755824 50548 705276 7% /image/IPSO-4.1-BUILD013-03.27.2006-223017-1515/rfs
/dev/wd0a 31775 161 29072 1% /config
/dev/wd0h 664831 205478 406167 34% /preserve
procfs 4 4 0 100% /proc
v9fs 716840 11564 705276 2% /var
mfs:97 7607 0 6998 0% /var/tmp2/upgrade
v9fs 825888 120612 705276 15% /opt

Hybrid Installation verification information
——————————————————–

IPGW[admin]# df -k
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/wd0f 266383 44080 200993 18% /
v9fs 767388 50548 716840 7% /image/IPSO-4.1-BUILD013-03.27.2006-223017-1515/rfs
/dev/wd0a 31775 161 29072 1% /config
/dev/wd0h 664831 205476 406169 34% /preserve
/dev/wd1d 37905549 23674 34849432 0% /var
procfs 4 4 0 100% /proc
mfs:92 7607 0 6998 0% /var/tmp2/upgrade
v9fs 837452 120612 716840 14% /opt

Hope this helps!

 

No related posts.

Posted on

Restore the SmartUpdate Generate CPInfo Menu Option

This article describes how to restore the SmartUpdate “Generate CPInfo” menu option which has been disabled by default since the R77 release.

Background

A CPInfo can be generated by the standard “cpinfo -z -o <filename>” command on the console and then either FTP’d from the gateway / management centre to a local server or copied off using WinSCP or equivalent.

There can however be issues here, including:

  • there is no local FTP server to transfer the file to or technicians do not know how to use FTP from the command line
  • A security rule prevents FTP / SCP / SFTP between the gateway / management station and the FTP/SCP/SFTP client
  • WinSCP sometimes has buffer issues and the copy fails
  • The default shell on the gateway / management centre must be changed to /bin/bash for the WinSCP connection to work

A much easier way for the less technically minded is to use SmartUpdate – the Checkpoint console application – to generate and save a copy of the cpinfo on the local machine.

Since R77 however, this option has been disabled and the only option is to “Upload diagnostics CPInfo to Checkpoint.” This is fine if you have a direct-to-vendor support contract all companies except the largest corporations go through a reseller who will require a CPInfo for support purposes.

Using SmartUpdate to Generate a CPInfo

To re-enable the local “Generate CPInfo” menu, follow these instructions. Click on the images to see them full-size:

1. File -> Tools -> Upload diagnostics (CPInfo) to Checkpoint -> Settings

SmartUpdate Generate CPInfo
Open the settings menu

2. Enable the Generate CPInfo menu

SmartUpdate Generate CPInfo
Enable “Generate cpinfo” menu

3. Exit and restart the application

4. Locate the gateway, right click and choose “Generate CPInfo”:

SmartUpdate Generate CPInfo
Choose “Generate CPInfo”

Now you can generate CPInfos and save them from the application directly to your desktop – just like in the old days!

Related posts:

Posted on

Manually Start CoreXL

Manually Start CoreXL

Sometimes it is necessary to manually start coreXL – this short article describes how to do this quickly from the command line.

Firstly, check that coreXL is indeed disabled with the “fw ctl multik stat” command:

[Expert@gateway:0]# fw ctl multik stat
fw: CoreXL is disabled

Then you can start it using “fw ctl multik start”:

[Expert@gateway:0]# fw ctl multik start
Instance -1 started (1 of 1 are active)
[Expert@gateway:0]#

Note: you need to run this command once per instance so 6 instances = 6 times running the command!

—–

CoreXL is part of the “Acceleration And Clustering Software Blade” and comprises of CoreXL, SecureXL and ClusterXL :

The Check Point Acceleration and Clustering Software Blade delivers a set of advanced technologies, SecureXL and ClusterXL, that work together to maximize performance and security in high-performance environments. These work with CoreXL, which is included with the blade containers, to form the foundation of the Open Performance Architecture, which delivers throughput designed for data center applications and the high levels of security needed to protect against today’s application-level threats.

CoreXL: Multicore acceleration
As the first security technology to fully leverage general-purpose multi-core processors, CoreXL introduces advanced core-level load balancing that increases throughput for the deep inspection required to achieve intrusion prevention and high throughput on the firewall. With CoreXL, high performance and high security can be achieved simultaneously.

SecureXL: Security acceleration
Patented SecureXL is a technology interface that accelerates multiple, intensive security operations, including operations that are carried out by Check Point’s Stateful Inspection firewall. Using SecureXL, the firewall offloads operations to a performance-optimized software or hardware device, dramatically increasing throughput.

 

ClusterXL: Smart Load Balancing
ClusterXL provides high availability and load sharing that keeps businesses running without interruption. ClusterXL distributes traffic between clusters of redundant gateways, combining the computing capacity of multiple machines to increase total throughput. In the event of a gateway or network failure, connections are seamlessly redirected to a designated backup, maintaining business continuity.

No related posts.