Help on Instalation

[melchorm]

Hello to all, I have a problem, I am making a distributed installation and it fails me the internal communication SIC, I install in a Nokia the Enforce it Module, and in a server windows 2003 the managment module, but I cannot make that the internal communication exists, I need urgent help to solve this problem.

Best regards

 

[Piloria]

have you checked yor two boxes can communicate between each other? e.g. ping

 

[ChrisAC]

As far as I know, CheckPoint do not support Firewall-1/VPN-1 on Windows 2003, only NT and 2K.

Anyway, please describe the method you have used to set up SIC between the server and enforcement module.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[melchorm]

Well, I install the enforce module on the nokia, in the server 2003, I install the managment in primary mode, when I put the activation key in the enforce module the module say than the communication is initialized but trust not established, in the managment i create the certificate authority and it say than the certificate is initialized. I don't know what happend. Please need a hand.

Tanks

 

[ChrisAC]

When you install en enforecement module on a Nokia you have to put in a SIC key as part of the initial config using 'cpconfig'. I presume that this is what you have done.

When you install the management server, you need to create an object for the Nokia module. This should be created under 'CheckPoint > New CheckPoint > Gateway'. Give this object a name (nokia-gw for example), an IP address (as configured on the Nokia) and then click on 'Communication' under 'Secure Internal Communication'. Enter the SIC key that you created on the Nokia and then again to confirm and then hit 'Initialize'. If the Nokia firewall is reachable from the management server then you should see 'Trust Established' under the 'Trust State'. You should then be able to go to 'Topology' and then 'Get > Interfaces With Topology'.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[melchorm]

Thanks, but there are a problem I can't log in to the DashBoard, I have a error message, it say: No valid license found in SmaartCenter Server 'ip_address', but i have an unlimited ip licences.

 

[ChrisAC]

Is the licence correctly tied to an IP address on the SmartCentre server? If it's telling you that there is no valid licence, then there is no valid licence!

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[melchorm]

Sure, but I got a question, the license than I got is unlimited, why don´t let me in to the server???
May I use a eval license??

 

[ChrisAC]

Even though it's unlimited, you still have to register it to the IP address of one of the interfaces of the firewall.

I don't understand why you were saying that you had set up SIC between the firewalls if you can't even log into the management server in the first place? Were you able to log into it before? What's changed?

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[Piloria]

log in to (register if you havent before)

https://usercenter.checkpoint.com/usercenter/index.jsp

and check what IP your license is logged to. if it is the wrong IP then you can change it online and get a new license to download