Wednesday, September 10, 2014

How to configure RMA box for production UTM-1 Appliances




This document is related on how to configure RMA box for production which is applicable only to UTM-1 Appliances.



Version 1.0
Date: 20 May 2011

Author: Raghu T N





 Preface:


Whenever the CheckPoint customer faces any problem related to CheckPoint hardware he request for an RMA process which is done by CheckPoint TAC team.
After the RMA is processed a new box will be sent to the customer and their network security engineer need to configure the new box and put that into production.
If RMA box is working properly the customer has to send back the faulty device to CheckPoint.

The steps mentioned below are relevant to UTM-1 Appliances.



  Configuring RMA box for production:


Below are the steps which are to be performed before putting the RMA box into production:

 Step1:


Push the database on Security Management Server (SmartCenter Server). Pushing database is recommended because there might be chance of
previous database been corrupt due to change in some configuration or the other.

Note: If the RMA box is to work as a Security Management Server or as a Standalone box database should be pushed.
If the RMA box is a gateway ignore this step.

 Step2:


Take backup of the faulty device and place it in your ftp server.

 Step3:


From the RMA box save “ifconfig –a” command’s output. The output of this command is used after the Restore process.
After restore process the mac address of RMA box will be over written by the mac address present in the backup file which is the mac
address of faulty device which can cause problem in future. This output can be used to change mac address to their original mac address
as mentioned in step6. Also take the output of the following commands from the faulty device, this will give us the version and HFA installed.

fw ver
fwm ver

There are two advantage of this output:

3 1: You can come to know what software and HFA the faulty device is running on. This will help you to configure new RMA box.
2: You can know whether the box is running as management sever or as a firewall machine.

 Step4:


On the RMA box install same operating system, CheckPoint software and HFA.



 Step5:


Restore the backup file on the RMA box.
Please Note, the restore should be done to the same hardware type and not to a different one.



 Step6:


Login to the RMA box using WebUI and change the mac address to values obtained from the step3 i.e
ifconfig –a

Note: In some instance, without changing mac address to its original mac address box will work normally but to avoid
problems in future it is recommended to change mac address to its original address.

 Step7:


Once the above configuration is completed take down time and put the RMA box into production.


No comments: