ccolonbackslash

Just another WordPress.com site

Tag Archives: splat

ISP Redundancy on Checkpoint R75.45 Gaia – does not work

I installed R75.45 Gaia on a UTM-1 270 appliance recently, installation from USB went fine and performance was adequate with a low load, VPN, default IPS and a short QOS rule set.

In order to support a degree of resilience we’re using ISP Redundancy at all sites with multiple internet connections, despite configuring this site identically I was not able to get the failover to work. Usually, the script cp_isp_update runs and updates the gateways default route to match that of the secondary ISP, however when i tested this on R75.45 the route was not updated when primary was disconnected.

I contacted Checkpoint support and was informed that ISP Redundancy does not work in either version of Gaia, R75.45 or R75.40 – however there is a patch available for R75.40 if you contact them and reference this sk. I applied this patch on 75.40 but still didn’t see the solution work as expected so instead deployed R75.30 as I have at other ISP redundant sites.

I should also mention that my in no way scientific, cursory observations indicated that load on the CPU was much lower (15-20pc lower) on SPLAT (with 75.30) than on either version of GAIA. Something to bear in mind for older appliances like the UTM-1 270.

Advertisements

vi primer/introduction/basics – handy for checkpoint or any linux appliance management

If you do anything with linux, even at the simplest level, you have to get to grips with vi for config changes, the most accessible and useful resource i found on it to get started was here:  http://acms.ucsd.edu/info/vi_tutorial.shtml . Well worth a look if your administering SPLAT’s but are otherwise a Windows shop and have no previous linux experience.