checkpoint ngx secure platform pro and advanced routing suite cli

7/31/2019 Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI

1/828

SecurePlatform Pro &Advanced Routing CommandLine Interface

NGX (R60)

For additional technical information about Check Point products, consult Check Points SecureKnowledge at

http://support.checkpoint.com/kb/

See the latest version of this document in the User Center at

https://secureknowledge.checkpoint.com

May 2005
http://support.checkpoint.com/kb/https://secureknowledge.checkpoint.com/https://secureknowledge.checkpoint.com/http://support.checkpoint.com/kb/


2/828


3/828

Check Point Software Technologies Ltd.U.S. Headquarters: 800 Bridge Parkway, Redwood City, CA 94065, Tel: (650) 628-2000 Fax: (650) 654-4233, [email protected] Headquarters: 3A Jabotinsky Street, Ramat Gan, 52520, Israel, Tel: 972-3-753 4555 Fax: 972-3-575 9256, http://www.checkpoint.com

2003-2005 Check Point Software Technologies Ltd.

All rights reserved. This product and related documentation are protected by copyrightand distributed under licensing restricting their use, copying, distribution, anddecompilation. No part of this product or related documentation may be reproduced inany form or by any means without prior written authorization of Check Point. While everyprecaution has been taken in the preparation of this book, Check Point assumes noresponsibility for errors or omissions. This publication and features described herein aresubject to change without notice.

RESTRICTED RIGHTS LEGEND:

Use, duplication, or disclosure by the government is subject to restrictions as set forth insubparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause atDFARS 252.227-7013 and FAR 52.227-19.

TRADEMARKS:

2003-2005 Check Point Software Technologies Ltd. All rights reserved.

Check Point, Application Intelligence, Check Point Express, the Check Point logo,AlertAdvisor, ClusterXL, Cooperative Enforcement, ConnectControl, Connectra, CoSa,Cooperative Security Alliance, Eventia, Eventia Analyzer, FireWall-1, FireWall-1 GX,FireWall-1 SecureServer, FloodGate-1, Hacker ID, IMsecure, INSPECT, INSPECT XL,Integrity, InterSpect, IQ Engine, Open Security Extension, OPSEC, Policy LifecycleManagement, Provider-1, Safe@Home, Safe@Office, SecureClient, SecureKnowledge,

SecurePlatform, SecuRemote, SecureXL Turbocard, SecureServer, SecureUpdate,SecureXL, SiteManager-1, SmartCenter, SmartCenter Pro, Smarter Security,SmartDashboard, SmartDefense, SmartLSM, SmartMap, SmartUpdate, SmartView,SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker,SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM,User-to-Address Mapping, UserAuthority, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge,VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1VSX, VPN-1 XL, Web Intelligence, ZoneAlarm, ZoneAlarm Pro, Zone Labs, and the ZoneLabs logo, are trademarks or registered trademarks of Check Point SoftwareTechnologies Ltd. or its affiliates. All other product names mentioned herein aretrademarks or registered trademarks of their respective owners. The products describedin this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 6,496,935 and6,850,943 and may be protected by other U.S. Patents, foreign patents, or pending

applications.

THIRD PARTIES:

Entrust is a registered trademark of Entrust Technologies, Inc. in the United States andother countries. Entrusts logos and Entrust product and service names are alsotrademarks of Entrust Technologies, Inc. Entrust Technologies Limited is a wholly ownedsubsidiary of Entrust Technologies, Inc. FireWall-1 and SecuRemote incorporatecertificate management technology from Entrust.

Verisign is a trademark of Verisign Inc.

The following statements refer to those portions of the software copyrighted by Universityof Michigan. Portions of the software copyright1992-1996 Regents of the University of

Michigan. All rights reserved. Redistribution and use in source and binary forms arepermitted provided that this notice is preserved and that due credit is given to theUniversity of Michigan at Ann Arbor. The name of the University may not be used toendorse or promote products derived from this software without specific prior writtenpermission. This software is provided as is without express or implied warranty.CopyrightSax Software (terminal emulation only).

The following statements refer to those portions of the software copyrighted by CarnegieMellon University.

Copyright 1997 by Carnegie Mellon University. All Rights Reserved.

Permission to use, copy, modify, and distribute this software and its documentation forany purpose and without fee is hereby granted, provided that the above copyright noticeappear in all copies and that both that copyright notice and this permission notice appear

in supporting documentation, and that the name of CMU not be used in advertising orpublicity pertaining to distribution of the software without specific, written priorpermission.CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, INNO EVENT SHALL CMU BE LIABLE FOR ANY SPECIAL, INDIRECT ORCONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROMLOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR INCONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

The following statements refer to those portions of the software copyrighted by The OpenGroup.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF

MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND

NONINFRINGEMENT. IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANYCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THESOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

The following statements refer to those portions of the software copyrighted by TheOpenSSL Project. This product includes software developed by the OpenSSL Project foruse in the OpenSSL Toolkit (http://www.openssl.org/).

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY *EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THEIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULARPURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS

CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, ORPROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANYTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THEUSE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCHDAMAGE.

The following statements refer to those portions of the software copyrighted by EricYoung. THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANYEXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THEIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULARPURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR

CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, ORPROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANYTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THEUSE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCHDAMAGE. Copyright1998The Open Group.The following statements refer to those portions of the software copyrighted by Jean-loupGailly and Mark Adler Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler. Thissoftware is provided 'as-is', without any express or implied warranty. In no event will theauthors be held liable for any damages arising from the use of this software. Permissionis granted to anyone to use this software for any purpose, including commercial

applications, and to alter it and redistribute it freely, subject to the following restrictions:1. The origin of this software must not be misrepresented; you must not claim that youwrote the original software. If you use this software in a product, an acknowledgment inthe product documentation would be appreciated but is not required.

2. Altered source versions must be plainly marked as such, and must not bemisrepresented as being the original software.

3. This notice may not be removed or altered from any source distribution.

The following statements refer to those portions of the software copyrighted by the GnuPublic License. This program is free software; you can redistribute it and/or modify itunder the terms of the GNU General Public License as published by the Free SoftwareFoundation; either version 2 of the License, or (at your option) any later version. Thisprogram is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;without even the implied warranty of MERCHANTABILITY or FITNESS FOR APARTICULAR PURPOSE. See the GNU General Public License for more details.Youshould have received a copy of the GNU General Public License along with this program;if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,USA.

The following statements refer to those portions of the software copyrighted by ThaiOpen Source Software Center Ltd and Clark Cooper Copyright (c) 2001, 2002 Expatmaintainers. Permission is hereby granted, free of charge, to any person obtaining acopy of this software and associated documentation files (the "Software"), to deal in theSoftware without restriction, including without limitation the rights to use, copy, modify,merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permitpersons to whom the Software is furnished to do so, subject to the following conditions:The above copyright notice and this permission notice shall be included in all copies orsubstantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUTWARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITEDTO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULARPURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS ORCOPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHERLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,

ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USEOR OTHER DEALINGS IN THE SOFTWARE.GDChart is free for use in your applications and for chart generation. YOU MAY NOT re-distribute or represent the code as your own. Any re-distributions of the code MUSTreference the author, and include any and all original documentation. Copyright. BruceVerderaime. 1998, 1999, 2000, 2001. Portions copyright 1994, 1995, 1996, 1997, 1998,1999, 2000, 2001, 2002 by Cold Spring Harbor Laboratory. Funded under Grant P41-RR02188 by the National Institutes of Health. Portions copyright 1996, 1997, 1998, 1999,

2000, 2001, 2002 by Boutell.Com, Inc. Portions relating to GD2 format copyright 1999,


4/828

2000, 2001, 2002 Philip Warner. Portions relating to PNG copyright 1999, 2000, 2001,2002 Greg Roelofs. Portions relating to gdttf.c copyright 1999, 2000, 2001, 2002 JohnEllson ([email protected]). Portions relating to gdft.c copyright 2001, 2002 John Ellson([email protected]). Portions relating to JPEG and to color quantization copyright2000, 2001, 2002, Doug Becker and copyright (C) 1994, 1995, 1996, 1997, 1998, 1999,2000, 2001, 2002, Thomas G. Lane. This software is based in part on the work of theIndependent JPEG Group. See the file README-JPEG.TXT for more information.Portions relating to WBMP copyright 2000, 2001, 2002 Maurice Szmurlo and Johan Vanden Brande. Permission has been granted to copy, distribute and modify gd in anycontext without fee, including a commercial application, provided that this notice ispresent in user-accessible supporting documentation. This does not affect your

ownership of the derived work itself, and the intent is to assure proper credit for theauthors of gd, not to interfere with your productive use of gd. If you have questions, ask."Derived works" includes all programs that utilize the library. Credit must be given inuser-accessible documentation. This software is provided "AS IS." The copyright holdersdisclaim all warranties, either express or implied, including but not limited to impliedwarranties of merchantability and fitness for a particular purpose, with respect to thiscode and accompanying documentation. Although their code does not appear in gd 2.0.4,the authors wish to thank David Koblas, David Rowley, and Hutchison Avenue SoftwareCorporation for their prior contributions.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use thisfile except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0

The curl license

COPYRIGHT AND PERMISSION NOTICECopyright (c) 1996 - 2004, Daniel Stenberg, .All rights reserved.

Permission to use, copy, modify, and distribute this software for any purpose

with or without fee is hereby granted, provided that the above copyright

notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE ANDNONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE

AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OROTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OROTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWAREOR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Except as contained in this notice, the name of a copyright holder shall not be used inadvertising or otherwise to promote the sale, use or other dealings in this Softwarewithout prior written authorization of the copyright holder.

The PHP License, version 3.0

Copyright (c) 1999 - 2004 The PHP Group. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, ispermitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list ofconditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list ofconditions and the following disclaimer in the documentation and/or other materialsprovided with the distribution.

3. The name "PHP" must not be used to endorse or promote products derived from thissoftware without prior written permission. For written permission, please [email protected].

4. Products derived from this software may not be called "PHP", nor may "PHP" appearin their name, without prior written permission from [email protected]. You may indicatethat your software works in conjunction with PHP by saying "Foo for PHP" instead ofcalling it "PHP Foo" or "phpfoo"

5. The PHP Group may publish revised and/or new versions of the license from time totime. Each version will be given a distinguishing version number. Once covered code hasbeen published under a particular version of the license, you may always continue to useit under the terms of that version. You may also choose to use such covered code underthe terms of any subsequent version of the license published by the PHP Group. No oneother than the PHP Group has the right to modify the terms applicable to covered codecreated under this License.

6. Redistributions of any form whatsoever must retain the following acknowledgment:

"This product includes PHP, freely available from ".

THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' ANDANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR APARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PHPDEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ORSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OROTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVENIF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This software consists of voluntary contributions made by many individuals on behalf ofthe PHP Group. The PHP Group can be contacted via Email at [email protected].

For more information on the PHP Group and the PHP project, please see . This product includes the Zend Engine, freely available at .

This product includes software written by Tim Hudson ([email protected]).

Copyright (c) 2003, Itai Tzur

All rights reserved.

Redistribution and use in source and binary forms, with or without modification, arepermitted provided that the following conditions are met:

Redistribution of source code must retain the above copyright notice, this list ofconditions and the following disclaimer.

Neither the name of Itai Tzur nor the names of other contributors may be used toendorse or promote products derived from this software without specific prior writtenpermission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS ANDCONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OFMERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AREDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS

BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, ORCONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENTOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; ORBUSINESS

INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCEOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd

Permission is hereby granted, free of charge, to any person obtaining a copy of thissoftware and associated documentation files (the "Software"), to deal in the Softwarewithout restriction, including without limitation the rights to use, copy, modify, merge,publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons

to whom the Software is furnished to do so, subject to the following conditions: Theabove copyright notice and this permission notice shall be included in all copies orsubstantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE ANDNONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHTHOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHERIN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF ORIN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS INTHE SOFTWARE.

Copyright 2003, 2004 NextHop Technologies, Inc. All rights reserved.

Confidential Copyright Notice

Except as stated herein, none of the material provided as a part of this document may becopied, reproduced, distrib-uted, republished, downloaded, displayed, posted ortransmitted in any form or by any means, including, but not lim-ited to, electronic,mechanical, photocopying, recording, or otherwise, without the prior written permission ofNextHop Technologies, Inc. Permission is granted to display, copy, distribute anddownload the materials in this doc-ument for personal, non-commercial use only,provided you do not modify the materials and that you retain all copy-right and otherproprietary notices contained in the materials unless otherwise stated. No materialcontained in this document may be "mirrored" on any server without written permission ofNextHop. Any unauthorized use of any material contained in this document may violatecopyright laws, trademark laws, the laws of privacy and publicity, and communicationsregulations and statutes. Permission terminates automatically if any of these terms orcondi-tions are breached. Upon termination, any downloaded and printed materials must

be immediately destroyed.Trademark Notice

The trademarks, service marks, and logos (the "Trademarks") used and displayed in thisdocument are registered and unregistered Trademarks of NextHop in the US and/or othercountries. The names of actual companies and products mentioned herein may beTrademarks of their respective owners. Nothing in this document should be construed asgranting, by implication, estoppel, or otherwise, any license or right to use any Trademarkdisplayed in the document. The owners aggressively enforce their intellectual propertyrights to the fullest extent of the law. The Trademarks may not be used in any way,including in advertising or publicity pertaining to distribution of, or access to, materials in

this document, including use, without prior, written permission. Use of Trademarks as a"hot" link to any website is prohibited unless establishment of such a link is approved inadvance in writing. Any questions concerning the use of these Trademarks should bereferred to NextHop at U.S. +1 734 222 1600.


5/828

U.S. Government Restricted Rights

The material in document is provided with "RESTRICTED RIGHTS." Software andaccompanying documentation are provided to the U.S. government ("Government") in atransaction subject to the Federal Acquisition Regulations with Restricted Rights. TheGovernment's rights to use, modify, reproduce, release, perform, display or disclose are

restricted by paragraph (b)(3) of the Rights in Noncommercial Computer Software andNoncommercial Computer Soft-ware Documentation clause at DFAR 252.227-7014 (Jun1995), and the other restrictions and terms in paragraph (g)(3)(i) of Rights in Data-General clause at FAR 52.227-14, Alternative III (Jun 87) and paragraph (c)(2) of theCommer-cial

Computer Software-Restricted Rights clause at FAR 52.227-19 (Jun 1987).

Use of the material in this document by the Government constitutes acknowledgment ofNextHop's proprietary rights in them, or that of the original creator. The Contractor/Licensor is NextHop located at 1911 Landings Drive, Mountain View, California 94043.Use, duplication, or disclosure by the Government is subject to restrictions as set forth inapplicable laws and regulations.

Disclaimer Warranty Disclaimer Warranty Disclaimer Warranty Disclaimer Warranty

THE MATERIAL IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTIESOF ANY KIND EITHER EXPRESS OR IMPLIED. TO THE FULLEST EXTENT POSSIBLEPURSUANT TO THE APPLICABLE LAW, NEXTHOP DISCLAIMS ALL WARRANTIES,

EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIEDWARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,NON INFRINGEMENT OR OTHER VIOLATION OF RIGHTS. NEITHER NEXTHOP NOR

ANY OTHER PROVIDER OR DEVELOPER OF MATERIAL CONTAINED IN THISDOCUMENT WARRANTS OR MAKES ANY REPRESEN-TATIONS REGARDING THEUSE, VALIDITY, ACCURACY, OR RELIABILITY OF, OR THE RESULTS OF THE USEOF, OR OTHERWISE RESPECTING, THE MATERIAL IN THIS DOCUMENT.

Limitation of Liability

UNDER NO CIRCUMSTANCES SHALL NEXTHOP BE LIABLE FOR ANY DIRECT,INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING,BUT NOT LIMITED TO, LOSS OF DATA OR PROFIT, ARISING OUT OF THE USE, ORTHE INABILITY TO USE, THE MATERIAL IN THIS DOCUMENT, EVEN IF NEXTHOPOR A NEXTHOP AUTHORIZED REPRESENTATIVE HAS ADVISED OF THEPOSSIBILITY OF SUCH DAMAGES. IF YOUR USE OF MATERIAL FROM THISDOCUMENT RESULTS IN THE NEED FOR SERVICING, REPAIR OR CORRECTIONOF EQUIPMENT OR DATA, YOU ASSUME ANY COSTS THEREOF. SOME STATES DO

NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL ORCONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAYNOT FULLY APPLY TO YOU.

Copyright ComponentOne, LLC 1991-2002. All Rights Reserved.

BIND: ISC Bind (Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC"))

Copyright 1997-2001, Theo de Raadt: the OpenBSD 2.9 Release

PCRE LICENCE

PCRE is a library of functions to support regular expressions whose syntax andsemantics are as close as possible to those of the Perl 5 language. Release 5 of PCREis distributed under the terms of the "BSD" licence, as specified below. Thedocumentation for PCRE, supplied in the "doc" directory, is distributed under the sameterms as the software itself.

Written by: Philip Hazel

University of Cambridge Computing Service, Cambridge, England. Phone:

+44 1223 334714.

Copyright (c) 1997-2004 University of Cambridge All rights reserved.

Redistribution and use in source and binary forms, with or without modification, arepermitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright notice, this list ofconditions and the following disclaimer.

* Redistributions in binary form must reproduce the above copyright notice, this list ofconditions and the following disclaimer in the documentation and/or other materialsprovided with the distribution.

* Neither the name of the University of Cambridge nor the names of its contributors maybe used to endorse or promote products derived from this software without specific priorwritten permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS ANDCONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AREDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORSBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, ORCONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENTOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; ORBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OFLIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDINGNEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THISSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


6/828


7/828

7

Table Of Contents

Chapter 1 IntroductionOverview 19

SecurePlatform Hardware Requirements 20

SecurePlatform Pro 20

Chapter 2 About this ManualOverview 23

Audience 23

Fonts 23

Advanced Routing Suite Command Line Interface Sections 24

Chapter 3 Preparing to Install SecurePlatformPreparing the SecurePlatform Machine 27

Hardware Compatibility Testing Tool 28BIOS Security Configuration Recommendations 31

Chapter 4 InstallationInstallation Using the Network 34

Installation on Computers without Floppy or CDROM Drives 40

Installation Using the SecurePlatform CD 40

Upgrading 42

Chapter 5 ConfigurationUsing the Command Line 49

Using the Web Interface 52

First Time Reboot and Login 74

Chapter 6 AdministrationManaging Your SecurePlatform System 76

SecurePlatform Shell 82

SNMP Support 125

Check Point Dynamic Routing 129

SecurePlatform Boot Loader 133

Chapter 7 SecurePlatform Pro - Advanced Routing SuiteIntroduction 135

Check Point Advanced Routing Suite 135


8/828

8

Appendix A Installation on Computers without Floppy or CDROM DrivesGeneral Procedure 139

Client Setup 140

Server Setup 140

Chapter 8 Using the Advanced Routing Suite CLIIntroduction 145

Starting the Advanced Routing Suite CLI 145

Basic Features 147

CLI Modes 150

CLI Behavior Commands 153

Querying the Advanced Routing Suite CLI 164

Chapter 9 General ConceptsAddress and Prefix Formats 175

Preferences Overview 176

Assigning Preferences 176

Chapter 10 InterfacesOverview 179autonomous-system 179

disable 181

preference 181

primary-alias 182

unnumbered 184

Chapter 11 Kernel InterfaceOverview 187kernel background limit 188

kernel background priority 189

kernel flash limit 191

kernel flash type 192

kernel no-change 193

kernel no-flush-at-exit 194

kernel no-install 195

kernel remnant-holdtime 196

kernel routes 197

kernel trace file 199

kernel trace flag 200

show kernel 204

Chapter 12 Martian AddressesOverview 207

martian 208


9/828

Table of Contents 9

Chapter 13 MulticastOverview 211

clear ip mroute 211

ip multicast boundary 212ip multicast ttl-threshold 213

show ip mroute 214

show ip multicast boundary 216

show ip multicast ttl-threshold 216

Chapter 14 Trace OptionsOverview 219

trace file 219trace flag 221

Chapter 15 Border Gateway Protocol (BGP)Overview 223

address-family 229

bgp always-compare-med 230

bgp as-path-loops 231

bgp bestpath as-path ignore 233

bgp bestpath compare-cluster-list-length 234

bgp bestpath compare-originator-id 235

bgp bestpath compare-router-id 236

bgp bestpath med confed 237

bgp bestpath med missing-as-worst 238

bgp cluster-id 239

bgp confederation identifier 240

bgp confederation peers 241

bgp non-leading-confeds 242bgp open-on-accept 244

bgp pass-optional-nontrans 245

bgp restart-defer 246

bgp restart-delete-remnants 247

bgp restart-time 248

bgp restart-timeout 249

bgp router-id 251

bgp send-group-always 252

bgp tie-break-on-age 253

clear ip bgp 254

default-metric 255

distance 256

distribute-list 257

enable 259

maximum-routes 260

neighbor add-communities 261

neighbor aggregator-id 263neighbor allow 264


10/828

10

neighbor as-loop 266

neighbor as-override 267

neighbor aspath-prepend 269

neighbor capability orf comm-filter 270

neighbor capability orf extcomm-filter 271

neighbor capability orf prefix-filter 273

neighbor cluster-id 274

neighbor distance 275

neighbor dynamic 277

neighbor enable 278

neighbor end-of-rib 279

neighbor export-localpref 280

neighbor graceful-restart 281neighbor ignore-leading-as 283

neighbor import-localpref 284

neighbor keep 285

neighbor keepalives-always 287

neighbor local-as 288

neighbor log-up-down 290

neighbor maximum-routes 291

neighbor metric-out 293

neighbor multi-protocol-nexthop 294neighbor next-hop-self 296

neighbor orf comm-list 297

neighbor orf extcomm-list 298

neighbor orf prefix-list 299

neighbor out-delay 301

neighbor passive 302

neighbor password 303

neighbor pedantic 304

neighbor peer-group 305

neighbor preference2 307

neighbor receive-buffer 308

neighbor remote-as 310

neighbor remove-private-as 311

neighbor route-map 312

neighbor route-reflector-client 313

neighbor route-to-peer 315

neighbor send-buffer 316neighbor send-community 317

neighbor soft-reconfiguration inbound 319

neighbor timers 320

neighbor ttl 321

neighbor update-source 323

neighbor use-med 324

neighbor v4-gateway 326

neighbor version 327

network 328

preference2 330


11/828

Table of Contents 11

redistribute 331

router bgp 333

show ip bgp 334

show ip bgp instance 336

show ip bgp neighbors 337

show ip bgp orf 338

show ip bgp paths 340

show ip bgp peer-group 340

show ip bgp summary 342

timers bgp 343

trace file 345

trace flag 346

Chapter 16 Internet Control Message Protocol (ICMP)Overview 349

router icmp 350

trace file 351

trace flag 352

Chapter 17 Fast Open Shortest Path First (OSPF)Overview 355router ospf 361

advertise-subnet 362

authentication 364

compatible rfc1583 366

dead-interval 368

distance 369

enable 370

enable-te 371hello-interval 372

igp-shortcut 374

inherit-metric 375

monitor-auth-key 376

multicast-rib 377

network area 378

nssa-inherit-metric 379

nssa-stability-interval 380

poll-interval 381priority 383

redistribute 384

redistribute-nssa 387

require-vbit 388

restart-allow-changes 389

restart-enable 390

restart-max-sync-time 392

restart-type 393

retransmit-interval 394

router-id 396


12/828

12

timers spf 397

trace file 398

trace flag 399

transmit-delay 402

area advertise-subnet 403

area authentication 404

area dead-interval 407

area filter 409

area hello-interval 410

area nssa 411

area nssa-range 413

area nssa-translate-always 414

area poll-interval 415area priority 417

area range 419

area retransmit-interval 420

area stub 422

area stubhost 423

area stubnetwork 424

area transmit-delay 426

area virtual-link 427

default-metric 429default-nssa-metric 430

default-nssa-type 431

default-preference 432

default-tag 433

default-type 434

advertise-subnet 436

allow-all 437

authentication 438

cost 441

dead-interval 442

enable 444

hello-interval 445

neighbor 446

network 448

no-multicast 449

passive-interface 450

poll-interval 451priority 452

retransmit-interval 454

traffic-eng administrative-weight 455

traffic-eng attribute-flags 457

traffic-eng bandwidth 458

transmit-delay 459

ip ospf advertise-subnet 461

ip ospf allow-all 462

ip ospf area 463

ip ospf authentication 464


13/828


ip ospf cost 467

ip ospf dead-interval 468

ip ospf enable 469

ip ospf hello-interval 470

ip ospf neighbor 471

ip ospf network 473

ip ospf no-multicast 474

ip ospf passive-interface 475

ip ospf poll-interval 476

ip ospf priority 477

ip ospf retransmit-interval 479

ip ospf traffic-eng administrative-weight 480

ip ospf traffic-eng attribute-flags 481ip ospf traffic-eng bandwidth 483

ip ospf transmit-delay 484

show ip ospf 485

show ip ospf border-routers 486

show ip ospf database 487

show ip ospf interface 488

show ip ospf neighbor 490

show ip ospf request-list 491

show ip ospf retransmission-list 492show ip ospf summary-address 493

show ip ospf virtual-links 494

Chapter 18 Redirect ProcessingOverview 495

ip redirect 495

router redirect 496

trace file 497trace flag 498

Chapter 19 Router DiscoveryOverview 501

ip router-discovery address-policy 502

ip router-discovery enable 504

ip router-discovery trace file 505

ip router-discovery trace flag 506router-discovery lifetime 508

router-discovery maximum-interval 509

router-discovery minimum-interval 511

Chapter 20 Routing Information Protocol (RIP)Overview 513

router rip 517

default-metric 518distribute-list 519


14/828

14

ecmp 522

enable 523

flash-update-time 524

ignore-host-routes 525

ignore-must-be-zero 526

network 527

preference 529

query-authentication 530

redistribute 532

send-updates 535

source-gateways 537

split-horizon 538

term-updates 540timers basic 541

trace file 543

trace flag 544

trusted-gateways 546

ip rip authentication 548

ip rip enable 550

ip rip metric-in 551

ip rip metric-out 552

ip rip no-receive 553ip rip no-send 554

ip rip secondary-authentication 555

ip rip version 558

show ip rip database 560

show ip rip gateway-summary 562

Chapter 21 SNMP Multiplexing (SMUX)Overview 565smux password 566

smux port 567

smux trace file 568

smux trace flag 569

Chapter 22 Distance Vector Multicast Routing Protocol (DVMRP)Overview 571

ip dvmrp 572ip dvmrp default-metric 573

ip dvmrp disable 574

ip dvmrp distance 575

ip dvmrp metric-offset 576

ip dvmrp nodvmrpout 577

ip dvmrp noretransmit 578

ip dvmrp prune-lifetime 579

ip dvmrp trace file 581

ip dvmrp trace flag 582

ip dvmrp unicast-routing 585


15/828


show ip dvmrp interfaces 586

show ip dvmrp neighbors 588

show ip dvmrp route 589

tunnel mode dvmrp 591

Chapter 23 Internet Group Management Protocol (IGMP)Overview 593

clear ip igmp group 594

ip igmp 596

ip igmp ignore-v1-messages 597

ip igmp ignore-v2-messages 598

ip igmp last-member-query-count 599

ip igmp last-member-query-interval 601ip igmp query-interval 603

ip igmp query-max-response-time 605

ip igmp require-router-alert 607

ip igmp robustness 608

ip igmp send-router-alert 610

ip igmp startup-query-count 611

ip igmp startup-query-interval 613

ip igmp static-group 615ip igmp trace file 617

ip igmp trace flag 618

ip igmp version 620

show ip igmp groups 621

show ip igmp interface 626

show ip igmp interface-summary 630

show ip igmp static-groups 631

Chapter 24 Protocol Independent MulticastOverview 633

ip pim assert-holdtime 634

ip pim dr-priority 636

ip pim hello-holdtime 637

ip pim hello-interval 638

ip pim jp-holdtime 639

ip pim jp-interval 641

ip pim lan-delay 642ip pim mrt-interval 643

ip pim mrt-stale-multiplier 644

ip pim override-interval 645

ip pim triggered-hello-delay 646

show ip pim control-counters 647

show ip pim interface 649

show ip pim neighbor 652

Chapter 25 Protocol Independent Multicast - Dense Mode (PIM-DM)


16/828

16

Overview 655

ip pim dense-mode 656

ip pim graft-retry-interval 657

ip pim require-genid 658

ip pim source-lifetime 659

ip pim state-refresh-capable 660

ip pim state-refresh-interval 661

ip pim state-refresh-rate-limit 662

ip pim state-refresh-ttl 663

ip pim dense trace file 664

ip pim dense trace flag 666

show ip pim dense-mode interface-summary 668

show ip pim dense-mode mrt 669show ip pim dense-mode mrt-summary 671

show ip pim grafts 672

Chapter 26 Protocol Independent Multicast - Sparse Mode (PIM-SM)Overview 675

ip pim associate-msdp 676

ip pim bsr-admin-scope 677

ip pim bsr-border 678ip pim bsr-candidate 680

ip pim bsr-candidate global 681

ip pim bsr-candidate group 682

ip pim bsr-candidate interval 683

ip pim bsr-candidate priority 684

ip pim bsr-holdtime 685

ip pim dr-switch-immediate 686

ip pim mrt-spt-multiplier 687

ip pim probe-interval 689ip pim register-suppression-timeout 690

ip pim rp-address 691

ip pim rp-candidate 692

ip pim rp-candidate advertisement-interval 693

ip pim rp-candidate group 694

ip pim rp-candidate holdtime 696

ip pim rp-candidate priority 697

ip pim rp-switch-immediate 698

ip pim sparse-mode 699

ip pim threshold 700

ip pim threshold-dr 701

ip pim threshold-rp 703

ip pim trace file 704

ip pim trace flag 706

ip pim whole-packet-checksum 708

show ip pim bsr-router 709

show ip pim cbsr 710show ip pim rp 711


17/828


show ip pim rp-candidate 712

show ip pim rp-hash 713

show ip pim sparse-mode join-prune xmit 713

show ip pim sparse-mode mrt 714

Chapter 27 Access ListsOverview 717

access-list 717

access-list sequence-number 720

ip access-list sequence-number 721

ip access-list standard 722

permit | deny 723

show access-list 725show ip access-list 727

Chapter 28 AS Paths and AS Path ListsOverview 731

ip as-path access-list 733

ip as-path name 734

show ip as-path-access-list 736

show ip bgp paths 737

Chapter 29 BGP Communities and Community ListsOverview 739

ip community-list 739

ip community-set 741

Chapter 30 Prefix Lists and Prefix TreesOverview 745ip prefix-list 745

ip prefix-list sequence-number 747

ip prefix-tree 749

show ip prefix-list 751

show ip prefix-tree 752

Chapter 31 Route Aggregation and GenerationOverview 755

aggregate-address 756

router aggregate 761

Chapter 32 Route Flap DampingOverview 763

dampen-flap 764

keep-history 764

max-flap 765

reach-decay 767


18/828

18

reach-tick 768

reuse-below 769

suppress-above 770

unreach-decay 771

Chapter 33 Route MapsOverview 773

match aggregate-contributors 774

match as 775

match as-path 777

match as-path-list 778

match community 779

match community-set 781match distance 782

match extended-community-set 783

match instance 785

match interface 786

match ip address access-list 787

match ip address prefix-list 788

match ip address prefix-tree 789

match ip gateway 791

match ip next-hop 792

match ip route-source prefix-tree 793

match localpref 794

match med 795

match metric 796

match metric-type 797

match protocol 798

match ribs 799

match tag 800route-map 801

set as-path prepend 802

set community-set 803

set dampen-flap 805

set ip next-hop 806

set local-preference 807

set med 808

set metric 809

set metric-type 810

set origin 811

set preference 813

set propagate 814

set ribs 815

set tag 816


19/828

19

CHAPTER 1

Introduction

In This Chapter

OverviewThank you for using SecurePlatform NGX (R60). This document describes how to

install and configure SecurePlatform NGX (R60).

SecurePlatform NGX (R60) is distributed on a bootable CD ROM which includes

Check Points NGX (R60) product suite comprising: VPN-1 Pro, Check Point QoS,

SmartView Monitor, Policy Server, and UserAuthority Server.

The SecurePlatform NGX (R60) CD ROM can be installed on any PC with an Intel

Pentium III/IV, or AMD Athlon CPU. SecurePlatform NGX (R60) includes a

customized and hardened operating system, with no unnecessary components that

could pose security risks. The system is pre-configured and optimized to perform its

task as a network security device, requiring only minimal user configuration of basic

elements, such as IP addresses, routes, etc.

On most systems, this installation process runs less than five minutes, resulting in a

network security device ready to be deployed.

SecurePlatform allows easy configuration of your computer and networking aspects, as

well as the Check Point products installed. An easy-to-use shell provides a set of

commands, required for easy configuration and routine administration of a security

system, including: network settings, backup and restore utilities, upgrade utility, system

Overview page 19

SecurePlatform Hardware Requirements page 20

SecurePlatform Pro page 20

SecurePlatform Hardware Requirements


20/828

SecurePlatform Hardware Requirements

20

log viewing, control, and much more. A Web GUI enables most of the administration

configuration, as well as the first time installation setup, to be performed from an easy

touse Web interface.

SecurePlatform Hardware RequirementsOn SecurePlatform, the minimum hardware requirements for installing a VPN-1 Pro

SmartCenter Server, Enforcement Module or SmartPortal are:

Intel Pentium III 300+ MHz or equivalent processor

4 GB free disk space

256 Mbytes (512 Mbytes recommended) One or more supported network adapter cards

CD-ROM Drive (bootable)

1024 x 768 video adapter card

For details regarding SecurePlatform on specific hardware platforms, see

http://www.checkpoint.com/products/supported_platforms/recommended.html

SecurePlatform ProSecurePlatform Pro is an enhanced version of SecurePlatform. SecurePlatform Pro adds

advanced networking and management capabilities to SecurePlatform such as: Dynamic routing

Radius authentication for SecurePlatform administrators

To install SecurePlatform Pro select the SecurePlatform Pro option during the

installation.

To convert regular SecurePlatform to SecurePlatform Pro, from the expert mode

command line run: pro enable.

For information about RADIUS support, see: How to Authenticate Administrators via

RADIUS on page 78

Note - For more information about the recommended configuration of high-

performance systems running Check Point Performance Pack, see the Performance

Pack Guide.

Note - SecurePlatform Pro requires a separate license that must be installed on theSmartCenter Server that manages the SecurePlatform Pro enforcement modules.
http://www.checkpoint.com/products/supported_platforms/recommended.htmlhttp://www.checkpoint.com/products/supported_platforms/recommended.html


21/828

Chapter 1 Introduction 21

For information regarding advanced routing, see the SecurePlatform Pro & Advanced

Routing Command Line Interfaceguide.

For all intents and purposes, wherever the name SecurePlatform is used, SecurePlatform

Pro is implicitly included.

SecurePlatform Pro


22/828

22


23/828

23

CHAPTER 2

About this Manual

Overview

The Advanced Routing Suite CLI is provided as part of the SecurePlatform Pro

operating system. The CLI accepts user entered text commands and sends them to

Advanced Routing Suite. These commands can encode a configuration change as

well as queries for configuration information and dynamic protocol state.

This manual lists Advanced Routing Suite commands alphabetically within protocol

sections. For example, if you are looking for the authentication command in

RIP, look in Chapter 16, under the As. You can also use the Index to quickly

search for a command.

Audience

This manual is intended for VPN-1 Pro administrators and network engineers,responsible for enabling and maintaining network connectivity. It explains each

Advanced Routing Suite command in detail. You will need to understand basic

routing concepts and UNIX commands to understand this manual.

Fonts

Fonts in this manual consist of the following:

Command prompts are displayed in courier new format. For example,

(config-if)#

User-entered commands are displayed in bold, courier new format. For example,

(config-if)#interface fxp0

Advanced Routing Suite Command Line Interface Sections


24/828

24 Advanced Routing Suite - CLI

Advanced Routing Suite Command Line InterfaceSections

Most chapters in this manual consist of the following ten sections:

Overview (one per chapter)

Name

Syntax

Mode

Parameters

Descr iption

Default

Command History

Examples

See Also

Overview

Each chapter includes an Overview section. In most cases, this section describes a

protocol or policy. Unlike the remaining sections, each chapter includes only one

Overview section.

Name

The Name section lists the name and a short description of the command. For

example, the key command in RIP:

key - sets a RIP MD5 key

Syntax

The Syntax section lists the valid syntax configuration, including the no

configuration (where applicable). For example, configure the IGMP robustness to

be 4 using the following syntax:ip igmp robustness 4

Notation for parameters

In this manual, the allowed values for each parameter are listed similar to below:

Parameter:[max-sizesize[ k | m ] ] ?

Parameter:address-family [ ipv4 | ipv6 ] {0,2}


25/828

Chapter 1 About this Manual 25

The words in italics are user-entered commands that must be typed exactly as

shown. The words in italics give a type of value. Some common types are size, time,

or interface-name.

A pipe in a syntax (|) separates alternatives: one of them must occur. A double pipe

(A || B) means that either A or B or both must occur, in any order. Brackets ([])

are for grouping. Juxtaposition is stronger than the double bar, and the double bar

is stronger than the bar. Thus "a b | c || d e" is equivalent to "[ a b ] | [

c || [ d e ]]".

A pair of numbers in curly braces ({A,B}) indicates that the preceding type, word

or group is repeated at least A and at most B times.

Note: A question mark (?) indicates that the preceding type, word or group is

optional.

Therefore, in the preceding example, specifying amax-size is optional. However, if

you do specify amax-size, you must enter a value for the sizeand specify eitherk

orm.

Mode

The Mode section shows the modes in which the command is valid. Some

commands are valid in multiple modes. For those, the Description section details

how the affects of those configurations differ in Advanced Routing Suite.

Parameters

The Parameters section lists the information that is accepted in the referenced

configuration. It includes a description of what sort of parameter Advanced

Routing Suite expects (for example, the number of seconds for a query), and the

range of values Advanced Routing Suite expects. (For example, the startup-query

interval in IGMP accepts a value between 0 and 31744.)

Note: If the parameter is a value that is user-define, such as a time or a name, then

the parameter is displayed in italics (for example, timeorvalue). If the parameter isone of several predetermined options, such as version 1, 2, or 3 in IGMP, then that

parameter is displayed in bold courier new format (for example, version 3).

Description

The Description section includes a detailed description of the configuration.

Advanced Routing Suite Command Line Interface Sections


26/828

26 Advanced Routing Suite - CLI

Default

The Default section includes the default value(s) of the command and its content.

Command History

The Command History section indicates when the command was first introduced.

It can also indicate whether the command, its defaults, or any of its parameters have

changed.

Examples

The Examples section lists valid configurations for a specified command.

See Also

Some commands will include a relevant See Also section. The See Also section lists

other commands or sections of this guidethat might be useful. In addition, other

publicly available documents, such as RFCs, may be listed here.


27/828

27

CHAPTER 3

Preparing to InstallSecurePlatform

In This Chapter

Preparing the SecurePlatform Machine

SecurePlatform installation can be done from a CD drive, from a diskette, or from a

network server, using a special boot diskette.

Before you begin the SecurePlatform installation process, ensure that the following re-quirements are met:

If the target computer has a CD drive, make sure that the system BIOS is set to reboot

from this drive as the first boot option (this BIOS Setup Feature is usually named Boot

Sequence).

If your target computer cannot boot from a CD drive, or if you wish to install using a

remote file server, refer to Network Installation Using a Boot Diskette on page 34,for instructions on how to create a boot diskette.

Preparing the SecurePlatform Machine page 27

Hardware Compatibility Testing Tool page 28 BIOS Security Configuration Recommendations page 31

Warning - The installation procedure erases all hard disks, so the former operatingsystem cannot be recovered.

Hardware Compatibility Testing Tool


28/828

28


In This Section

The Hardware Compatibility Testing Tool enables you to determine whether

SecurePlatform is supported on a specific hardware platform.

The utility is available for download as a CD ISO image (hw.iso). The ISO image can

be burned on the blank CD-R or on the CD-RW media, using a CD-burning tool.

The Hardware Compatibility Testing Tool should be run in the same way that would be

used to install SecurePlatform on the hardware platform (for example, boot from CD,

boot from diskette and installation through network etc.).

The tool detects all hardware components on the platform, checks whether they are

supported, and displays its conclusions: whether SecurePlatform can be installed on the

machine (supported I/O devices found, support mass storage device was found), and

the number of supported and unsupported Ethernet controllers detected.

The user can view detailed information on all the devices, found on the machine.

The user can save the detailed information on a diskette, on TFTP server, or dump it

via the serial port. This information can be submitted to Check Point Support in orderto add support for unsupported devices.

The tool makes no modifications to the tested hardware platform, so it is safe to use.

Note - SecurePlatform can be installed on a computer, without a keyboard or VGA display, by

using a serial console, attached to a serial port.

Getting Started page 29

Using the Hardware Compatibility Testing Tool page 31

Note - You must specify that you are burning CD image and not single file.

Note - SecurePlatform requires the following hardware:

I/O Device (either Keyboard & Monitor, or Serial console).

mass storage device

at least one supported Ethernet Controller (If SecurePlatform is to be configured as aVPN-1 Pro gateway, more than one controller is needed)

Getting Started


29/828

Chapter 3 Preparing to Install SecurePlatform 29

Getting Started

In This Section

The user can run the tool either by booting from the CD that contains it, booting from

a disk and accessing a local CD, or booting from a diskette and accessing the CD

through the network.

If no keyboard and monitor are connected to the hardware platform, the serial console

can be used to perform the hardware detection.

Booting from the CD

To boot from the CD:

1 Configure the BIOS of the machine to boot from the CD drive.

2 Insert the CD into the drive.

3 Boot the machine.

Booting from a Diskette and Accessing a Local CD

This option should be used when the hardware platform cannot be configured to boot

from the CD drive (but will boot from a diskette), and has a CD drive.

To boot from a diskette and access a local CD:

1 Insert the CD into the drive.

2 Insert a diskette into the drive.

3 Browse to your CDROM drive and select the SecurePlatform/images folder.

4 Drop the boot.img file on the cprawrite executable.

Alternatively, using NT command shell (cmd), run the following command (where

D: is the CD-ROM drive):

5 Boot the machine.

Booting from the CD page 29

Booting from a Diskette and Accessing a Local CD page 29

Booting from a Diskette and Accessing the CD over the Network page 30

D:\SecurePlatform\images\cprawrite.exe D:\SecurePlatform\images\boot.img



30/828

30

Booting from a Diskette and Accessing the CD over the Network

This option should be used when the machine to be tested has no CD drive. In this

case, there will be two machines participating:

the machine, in which you will insert the CD

the machine, on which you will run the tool

To boot from a diskette and access a CD over the network:

On the Machine with the CD Drive

Proceed as follows:

1 Insert the CD into the drive of a (Microsoft Windows-based) machine.

2 Insert a diskette into its diskette drive.

3 Browse to the CD drive and select the SecurePlatform/images folder.

4 Drop the bootnet.img file on the cprawrite executable.

Alternatively, using NT command shell (cmd), run the following command (where

D: is the CD-ROM drive):

This step writes files to the diskette, which you will transfer to the other machine

(the machine on which the tool will be run).

5 Make the contents available on the network, either by allowing access to the CDdrive, or by copying the CD to a hard disk and enabling access to that disk (for

example, by FTP, HTTP, or NFS).

On the Machine You Are Testing

Proceed as follows:

1 Insert the diskette you created in step 4, above, into the diskette drive of the

machine you are testing.

2 Boot the machine.

3 Configure the properties of the interface, through which this machine is connected

to the network, including its IP address, Netmask, default gateway and DNS.

You can choose to configure this interface as a dynamic IP address interface.

4 Enable access to the files on the machine with the CD drive (see step 5).

5 Specify the following settings for the other machine:

D:\SecurePlatform\images\cprawrite.exe D:\SecurePlatform\images\bootnet.img

Using the Hardware Compatibility Testing Tool


31/828

Chapter 3 Preparing to Install SecurePlatform 31

IP address, or hostname

Package Directory

user/password (if necessary)

6 If you are installing using a serial console, instead of the keyboard and monitor,

make sure that your terminal emulation software is configured as follows:

9600 Baud rate

8 data bits

no parity

no flow control

Using the Hardware Compatibility Testing Tool

The hardware tool automatically tests the hardware for compatibility.

When it finishes, the tool displays a summary page with the following information:

statement whether the Platform is suitable for installing SecurePlatform

number of supported and unsupported mass storage devices found

number of supported and unsupported Ethernet Controllers found

Additional information can be obtained by pressing the Devices button. The devices

information window lists all the devices, found on the machine (grouped according tofunctionality).

Use the arrow keys to navigate through the list.

Pressing Enter on a specific device displays detailed information about that device.

The detailed information can be saved to a diskette, to a TFTP Server, or dumped

through the Serial Console. This action can be required in cases where some of the

devices are not supported.

BIOS Security Configuration Recommendations

The following are BIOS configuration recommendations:

Disable the boot from floppy option in the system BIOS, to avoid unauthorized

booting from a diskette and changing system configuration.

Apply a BIOS password to avoid changing the BIOS configuration. Make sure youmemorize the password, or keep it in a safe place.

Note - A simple, nave detection tool is included on the boot diskette. If for some reason,the complete detection tool is unavailable (e.g., the CDR drive is not supported), you can stilluse the simple tool to get some information on your hardware. The simple tool is availablefrom the Installation Method screen, by pressing the Probe Hardware button.

BIOS Security Configuration Recommendations


32/828

32


33/828

33

CHAPTER 4

Installation

In This Chapter

The available methods for installing SecurePlatform are from CD, floppy disk, or a

network. These methods load a linux kernel, and a ramdisk, with a minimal

environment, into memory, and then proceed to run the installer found on the ramdisk.

The CD installer fetches the packages from the CD.

Installation Using the Network page 34

Installation on Computers without Floppy or CDROM Drives page 40

Installation Using the SecurePlatform CD page 40

Upgrading page 42

Installation Using the Network

ll i i h k


34/828

34


In This Section

When installing from a floppy, the user is requested to specify a source for the packages

to be installed (FTP, HTTP, or an NFS image). A network installation loads kernel and

ramdisk from a server, and then proceeds the same way as a floppy installation.

Network Installation Using a Boot Diskette

In This Section

SecurePlatform can be installed using the network, by locating the CD distribution files

on a remote file server, accessible by the target machine. Three types of servers (and

protocols) can be used:

FTP

HTTP (web)

NFS

In order to perform a network based installation:

1 Prepare the file server.

2 Boot the target machine from the SecurePlatform boot diskette.

3 Point the installation program to your server.

Preparing a Network Installation ServerPrepare a Network Installation server by locating the CD distribution files on one of

the supported remote file servers.

Network Installation Using a Boot Diskette page 34

Preparing a Network Installation Server page 34

Preparing a Network Installation Boot Diskette page 36

Installation Process page 36

Note - A Windows machine cannot be used as an FTP, or HTTP server for installation.


FTP


35/828

Chapter 4 Installation 35

FTP

To prepare an FTP server as the Network Installation server:

1 Install an FTP server on a machine in your local network, or use an existing server.

2 Create a user account. (FTP installation can be either anonymous, or

authenticated.)

3 Create a file server directory that will accommodate the distribution files, and thatcan be accessed by an FTP client.

4 Copy the directory SecurePlatform from the SecurePlatform CD to the file server

directory, created in step 3.

5 Test the FTP connectivity from a remote machine, before performing theinstallation.

HTTP

To prepare an HTTP server as the Network Installation server:

1 Install an HTTP server on a machine in your local network, or use an existing

server.

2 Create a directory that will accommodate the distribution files and that can be

accessed by an HTTP client.

3 Copy the directory SecurePlatform from the SecurePlatform CD to the file server

directory, created in step 2.

4 Test accessing the relevant URL from a remote machine, before performing the installation.

NFS

To prepare an NFS server as the Network Installation server:

1 Install an NFS server on a machine, in your local network, or use an existing server.

2 Create a new directory, under a shared subdirectory, that will accommodate the

distribution files, and that can be accessed by an NFS client.

Note - You will use the user account and path to access the files.

Note - You will use the URL to access the files.


3 C th di t S Pl f f th S Pl f CD t th fil


36/828

36

3 Copy the directory SecurePlatform from the SecurePlatform CD to the file serverdirectory, created in step 2. Alternatively, you can export mount the CD itself.

4 Test accessing the mounted directory from a remote machine, before performingthe installation.

Preparing a Network Installation Boot Diskette

You can install SecurePlatform from the network, using an FTP, HTTP, or NFS server.To do so, you must prepare a special network installation boot diskette, using the

cpawrite utility.

You will need the following:

a clean (formatted) 1.44 inch diskette

the SecurePlatform CD

a Windows PC1 Insert the diskette and the CD into the PC.

2 Browse the CD to SecurePlatform/Images.

3 Drag the bootnet.img file to the cpawrite icon.

This will start the process that creates the network installation boot diskette.

Installation ProcessTo install SecurePlatform, using an FTP, HTTP, or NFS server:

1 Insert the floppy Boot Diskette that you created into the floppy drive and bootfrom there.

After rebooting, the SecurePlatform with Application Intelligence Installation screen

is displayed.

2 Click Enter to confirm the installation. If you choose not to continue,you will be

asked to remove the CD, or the diskette, and to reboot.

After confirmation, the Welcome menu is displayed.

Note - You will use the path to access the files.


FIGURE 4-1 SecurePlatform Installation Welcome menu


37/828


FIGURE 4 1 SecurePlatform Installation Welcome menu

3 Select OK and press Enter. The Installation Method menu is displayed:

FIGURE 4-2 Installation Method menu

4 Select one of the following network installation methods, select OK,and press Enter.

NFS image

FTP


HTTP


38/828

38

HTTP

The Interface Selection menu is displayed.

FIGURE 1-1 Interface Selection menu

5 Select the Network Interface Card, connected to the network, where the file serveris running, select OK and press Enter.

The Configure TCP/IP menu is displayed.

FIGURE 1-2 Configure TCP/IP menu


6 Specify the IP settings for this machine, select OK and press Enter. These IP setting


39/828


6 Specify the IP settings for this machine, select OK and press Enter. These IP settingwill be used to create a TCP session to the file server, and will remain valid after

installation is completed.

Depending on your Network Installation Method (FTP, HTTP, NFS) a selectionwindow, asking for session parameters, will be displayed.

7 Enter the session details, select OK and press Enter. When asked for a path, enter thepath to the directory where SecurePlatform resides. If you are using non-

anonymous FTP, you will be asked for the account details.

The installation program will read the distribution files from the network, and the

Welcome menu (FIGURE 4-1 on page 37) will be displayed.

8 Refer to Installation Using the SecurePlatform CD step 3 on page 40 to continuethe installation process.

Note - Do not disconnect the network connection until you are asked to reboot the targetcomputer.

Installation on Computers without Floppy or CDROM Drives

Installation on Computers without Floppy or CDROM


40/828

40

Installation on Computers without Floppy or CDROMDrives

You must set up a server for network installation, and perform some client setup on the

host, on which SecurePlatform is being installed. For more detailed information, referto Installation on Computers without Floppy or CDROM Drives on page 139.

Installation Using the SecurePlatform CD

To install SecurePlatform, using the SecurePlatform CD:

1 Choose one of the following:

Insert the SecurePlatform CD into the CD drive and reboot the computer from

the SecurePlatform NGX CD, or

Insert the diskette you created into the floppy drive and boot from there.

After rebooting, the SecurePlatform NGX screen is displayed.

2 Select Enter to confirm the installation. If you do not press Enter, within a pre-designated interval, the computer will reboot from the hard disk.

After confirmation, the Welcome menu is displayed.

3 If you select Device List, the Hardware Scan Details menu is displayed. You can

select an item to get more information.The Hardware device categories include: OTHER DEVICES, NETWORK DEVICES and

AUDIO DEVICES. The information per hardware device includes: class, bus, driver,

device, detached, vendor Id, device Id, subVendor Id, subDevice Id and pci Type.

Press Back to return to the Hardware Scan Details menu. You can save the device

information to: Floppy, TFTP, orSerial.

4 If you select Add Driver, the Devices menu is displayed. You are asked if you have a

driver disk.

5 If you select Yes, you are prompted to insert your driver disk and press OK to

continue.

Note - Switch between available options using the Tab key.

Note - There are cases in which updated hardware is incompatible with the previousversions driver. You may receive an error at installation because the operating system couldnot find the appropriate hard disk driver. Alternatively, installation may be completed, butthe hardware does not function properly. The Add Driver feature solves this problem byenabling you to add the missing driver, at installation time.


6 If you select OK, the driver is installed.


41/828


7 Select OK to proceed with the installation, orCancel to abort it.

The Keyboard Selection menu is displayed.

8 Select a keyboard type and select OK.

9 In the Network Interface Configuration menu, specify the Management Interface IPaddress, netmask and default gateway of the first network interface (eth0 on most

systems), and select OK.

After completing the installation, and rebooting the computer, connect your

browser to this IP address and complete the setup. This interface can be used to

access the SecurePlatform computer, after the installation is complete.

10 In the HTTPS Server Configuration menu, specify whether to enable SecurePlatform

to be configured using HTTPS, and on which port.

The Confirmation menu is displayed.

11 Select OK to proceed, orCancel to abort the installation process.

The following installation operations are performed:

hard drive formatting

package installation

post installation proceduresThis step can take several minutes, after which the Installation Complete menu is

displayed.

12 Select OK to complete the installation.

13 The system will now reboot. Make sure to remove the CD, or diskette that youused during the installation process. On most systems the CD will be ejected

automatically after selecting OKin the Installation Complete menu.

Warning - The installation procedure erases all the information on the hard disk.

Upgrading

Upgrading


42/828

42

pg g

In This Section

Introduction

SecurePlatform allows easy configuration of your computer and networking aspects, as

well as the Check Point products installed. An easy-to-use shell provides a set of

commands, required for easy configuration and routine administration of a security

system, including: network settings, backup and restore utilities, upgrade utility, system

log viewing, control, and much more. A Web GUI enables most of the administration

configuration, as well as the first time installation setup, to be performed from an easy

touse Web interface.

This chapter describes how to upgrade to SecurePlatform NGX.

Planning the Upgrade Process

To upgrade a SecurePlatform and all the Check Point products installed on it, you

should use the upgrade package located on the Product CD. The CD can be used to

upgrade SecurePlatform via the command line or using SmartUpdate.

Backup Command

The SecurePlatform upgrade process offers you two backup scenarios:

A Safe Upgrade that takes an automatic snapshot of the entire systems state so that

it can be restored if something goes wrong during the upgrade process. A manual backup, using the backup command as described in the following two

sections.

Backup Command for NG with Application Intelligence and Earlier

When backing up NG with Application Intelligence and earlier use the following

syntax.

Introduction page 42

Planning the Upgrade Process page 42

Upgrading SecurePlatform page 45

Note - When upgrading SecurePlatform all Check Point products installed on yourSecurePlatform server will be automatically upgraded as well.

Planning the Upgrade Process

Syntax


43/828


Parameters

Backup Command for NG with Application Intelligence R55 and Later

When backing up NG with Application Intelligence R55 and later use the followingsyntax.

Syntax.

backup(system | cp | all) [tftp ]

TABLE 4-1 Parameters for SecurePlatform backup

parameter meaning

system backup system configuration

cp backup Check Point products configuration

all backup all of the configuration

name name of backup (to be restored to)

[tftp ] IP address of tftp server on which the configuration will be

backed up

backup [-h] [-d] [--purge DAYS] [--sched [on hh:mm | ] | off] [[--tftp []] |[--scp []] |[--file ]]

Note - 0 is not a valid option when using the backup utility with the purge option, forexample: backup --purge 0

Upgrading

Parameters


44/828

44

Patch Command

The Patch command enables you to install software products, patches, etc., on a

SecurePlatform operating system.The Patch command can access the following locations to fetch software packages:

TFTP server

CD ROM drive

TABLE 4-2 Backup Parameters

parameter meaning

-h obtain usage

-d debug flag

--purge DAYS delete old backups from previous backup attempts

[--sched [on hh:mm | ] | off]

schedule interval at which backup is to take place

On - specify time and day of week or day of

month

Off - disable schedule

--tftp []

List of IP addresses of TFTP servers, on which the

configuration will be backed up, and optionally the

filename. The ServerIPList is a list of server names

separated by commas (w/o spaces), like this:

192.168.1.1,192.168.1.2. The list can also contain one

IP, in which case there is no need for a comma.--scp []

List of IP addresses of SCP servers, on which the

configuration will be backed up, the username and

password used to access the SCP Server, and

optionally the filename.

--file When the backup is performed locally, specify an

optional filename

Note - If a Filename is not specified, a default name will be provided with the followingformat: backup_day of month_month_year_hour_minutes.tgz forexample:\backup_13_11_2003_12_47.tgz

Upgrading SecurePlatform

A specific location on the local hard drive.


45/828


Syntax

Parameters


In This Section

This section describes how to upgrade to SecurePlatform NGX.

Note - When upgrading to NGX R60, only patch add CD can be used.

patch add tftp patch add cd patch add patch log

TABLE 4-3 Patch Parameters

parameter meaning Shell

add install a new patch Expert/Restricted

log list all patches installed Expert/Restricted

cd install from CD Expert/Restricted

tftp install from TFTP server Expert/Restricted

ipIP address of the tftp server containing

the patch

Expert/Restricted

patch_name the name of the patch to be installed Expert/Restricted

password password, in expert mode Expert/Restricted

full_patch_paththe full path for the patch file (for

example, /var/tmp/mypatch.tgz)

Expert

VPN-1 Gateway Upgrade on SecurePlatform R54, R55 and Later Versions page 46

VPN-1 Gateway Upgrade on SecurePlatform NG FP2, FP3, FP3 Edition 2

page 47

Upgrading

SecurePlatform can be upgraded using the SecurePlatform NGX R60 CD ROM with

a # patch add cd commnd For the various Patch command options refer to Patch


46/828

46

a # patch add cd commnd. For the various Patch command options refer to Patch

Command on page 44.

VPN-1 Gateway Upgrade on SecurePlatform R54, R55 and LaterVersions

Upgrading to NGX (R60) over a SecurePlatform operating system requires updating

both operating system and software products installed. SecurePlatform users shouldfollow the relevant SecurePlatform upgrade process.

The process described in this section results in an upgrade of all components (Operating

System and software packages) in a single step. No further upgrades are required.

Using a CD ROM

The following steps depict how to upgrade SecurePlatform R54 and later versions using

a CD ROM drive.

1 Log into SecurePlatform (Expert mode is not necessary).

2 Apply the SecurePlatform NGX (R60) upgrade package:

# patch add cd.

3 Verify the MD5 checksum.

4 Answer the following question:Do you want to create a backup image for automatic revert? Yes/No

If you select Yes, a Safe Upgrade will be performed.

Safe Upgrade automatically takes a snapshot of the entire system so that it can be

restored if something goes wrong during the Upgrade process (for example,

hardware incompatibility). If the Upgrade process detects a malfunction, it will

automatically revert to the Safe Upgrade image.

When the Upgrade process is complete, upon reboot you will be given the option

to manually choose to start the SecurePlatform operating system using the upgraded

version image or using the image prior to the Upgrade process.

Note - Upgrading to SecurePlatform NGX R60 from an upgrade file is not supported.


VPN-1 Gateway Upgrade on SecurePlatform NG FP2, FP3, FP3Edition 2


47/828


Upgrading to NGX R60 over a SecurePlatform operating system requires updating

both operating system and software products installed. SecurePlatform users should

follow the relevant SecurePlatform upgrade process.

The process described in this section results in an upgrade of all components (Operating

System and software packages) in a single step. No further upgrades are required.

Refer to NGX (R60) SecurePlatform Guidefor additional information.

Upgrading pre R54 versions requires an upgrade of the patch command.

1 Insert the SecurePlatform NGX (R60) CD into the drive.

2 Enter the Expert mode: # expert.

3 Upgrade the patch command by selecting the following option:

Update the patch command using a CD ROM drive:# mount /mnt/cdrom

# patch add /mnt/cdrom/SecurePlatform/patch/CPpatch_command_*.tgz.

4 Apply the SecurePlatform NGX (R60) upgrade package by using a CD ROMdrive using the following command:

# patch add cd.

5 Verify the MD5 checksum.

6 Answer the following question:Do you want to create a backup image for automatic revert? Yes/No

If you chose Yes, a Safe Upgrade will be performed.

Safe Upgrade automatically takes a snapshot of the entire system so that it can be

restored if something goes wrong during the Upgrade process (for example,

hardware incompatibility). If the Upgrade process detects a malfunction, it will

automatically revert to the Safe Upgrade image.

When the Upgrade process is complete, upon reboot you will be given the option

to manually choose to start the SecurePlatform operating system using the upgradedversion image or using the image prior to the Upgrade process.

Upgrading


48/828

48

CHAPTER 5


49/828

49

Configuration

In This Chapter

SecurePlatform enables easy configuration of your computer and networking setup, and

the Check Point products installed on them.

Using the Command LineThis section describes the sysconfig application, which provides an interactive menu

system for all configuration aspects. Configuration can also be done using command

line utilities provided by the SecurePlatform Shell. The SecurePlatform Shell is

discussed in SecurePlatform Shell on page 82.

First Time Setup Using the Command Line

After the installation from the CD has been completed, and the computer has been

rebooted, a first time setup is required in order to:

configure the network settings

apply the license

select which products will be installed

perform the SmartCenter initial setup, if selected

Perform the first time setup, as follows:

1 Run the sysconfig command from the console to configure SecurePlatform, using

a text interface.

Using the Command Line page 49

Using the Web Interface page 52

Using the Command Line

2 The command line setup wizard begins, and guides you through the first-timeconfiguration.


50/828

50

3 Select nto proceed to the next menu, orq to exit the Wizard, and press Enter.

4 If you selected nand pressed Enter,the Network Configuration menu options aredisplayed. They are:

1) Host Name (Set/Show Host Name)

2) Domain Name (Set/Show Domain Name)

3) Domain Name Servers (Add/Remove/Show Domain Name Servers)

4) Network Connections (Add/Configure/Remove/Show Connection)

5) Routing (Set/Show Default Gateway)

5 You must configure the following:

the computers name

the domain name, and up to three DNS servers

the computers network interfaces

the default gateway

6 Enter the desired option number and press Enter.

The Choose an action menu operation options are displayed.

7 Enter the desired operation option number and press Enter. (Select eand pressEnter to return to the previous menu.)

8 When you have completed the Network Configuration, select nand press Enter

to proceed to the next menu, Time and Date Configuration. (Select pand pressEnter to return to the previous menu, or select q and press Enter toexit the

Wizard.)

In the Time and Date Configuration menu you can enter the current date and time,

as well as setting the time zone.

Using sysconfig

Once you have performed the first time setup, via the command line setup wizard, you

can use sysconfig to modify your configuration.

To run sysconfig, login to SecurePlatform and entersysconfig at the prompt.

Note - This concludes the SecurePlatform operating system installation. For detailedinstallation instructions for a specific product, refer to the relevant documentation for thatproduct.

Using sysconfig

The sysconfig main menu lists various configuration items, (note that all configuration

items must be defined). We recommend step by step configuration, by addressing each

i i f h h


51/828

Chapter 5 Configuration 51

menu item in sequence, one after the other.

Select a menu item by typing the relevant number and pressing Enter. Selecting a mainmenu option displays an additional menu for setting or viewing various configuration

items. To return to the main menu, select the menu item Done. To quit, select Exit

from the main menu.

When selecting a set optio

checkpoint ngx secure platform pro and advanced routing suite cli

Documents