Monday, September 27, 2010

Control UTM-1 Edge appliances

The Edge gets its policy from the SmartCenter server over the SofaWare Management Server process (sms).
The interval of pulling the policy is defined over Global Properties -> UTM-1 Edge Gateway -> Update configuration settings every XX minutes
Global Properties for UTM-1 Edge appliances
If you want to update an Edge immideately, you can do this be using the WebUI (access your SmartCenter over http://:9283/) or you can use the command line.
The directory /opt/CPEdgecmp-R7x/bin contains the tool swcmdwhich can be used to issue commands directly to the Edge appliance.
swcmd UpdateNowAll will tell the Edges to update their policy immediately.
swcmd Reboot will reboot the gateway.

Certificate Signing Request (CSR) key size

In a recent blog entry I described how you can use 3rd party certificates within your Check Point gateway.
Now I was informed by Brian that some commercial CA don't sign any longer if the key size is only 1024 bit, you need at least 2048 bit.
How can we change the behaviour of the Check Point while issuing the CSR?
Just go to Global Properties -> SmartDashboard Customination -> Configure -> Certificates and PKI properties.
SmartDashboard Customization" title="Global Properties -> SmartDashboard Customization" width="500" height="479" class="alignnone size-full wp-image-393" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; max-width: 100%; border-top-style: none; border-right-style: none; border-bottom-style: none; border-left-style: none; border-width: initial; border-color: initial; ">
There we have an option the define the key size for the certificates. Available values are 1024, 2048 and 4096 bit.
Certificate and PKI properties
Change this value according to your need and the requirements of the CA you chose for signing.
Starting with R71 they standard key size 2048.