

















cpconfig
cplic

mdsenv <
>.
LSMenabler on
Check Point services should be restarted. Restart now
(y/n) [y] ?
 LSMenabler -r on
cpstop
cpstart
cpconfig

LSMenabler on




































https://<IP_address>
https://<IP_address>:981
https://<IP_address>:4434
 


cpconfig
 

'Registration Key' for the Gateway SIC setup is missing.

Do you want to continue?












 



















































 LSMcli < > < > < > Convert Gateway VPN1 < >
< >
 LSMcli < > < > < > Convert Gateway CPSG80
< > < >
 LSMcli < > < > < > Convert Gateway VPN1Edge < >
< >




 CN=gw-name, O=Management-domain-name















  LSMcli < > < > < > Convert ROBO VPN1 < >
 LSMcli < > < > < > Convert ROBO VPN1Edge < >



















 























 











 




PPPoE Advanced Settings







 

PPTP or L2TP Advanced Settings










 Note: There is no default route since
no Internet connection is enabled.


























 















 vpn_route.conf

vpn_route.conf


/var/opt/CPmds-R80.30/customers/<Domain Management
Server_name>/CPSG80CMP-R80.30/conf/vpn_route.conf
 
/opt/CPmds-R80.30/customers/<Domain Management
Server_name>/CPsuite-R80.30/fw1/conf/vpn_route.conf


/opt/CPSG80CMP-R80.30/conf/vpn_route.conf

/opt/CPsuite-R80.30/fw1/conf/vpn_route.conf

LSMenabler on






vpn_route.conf

vpn_route.conf

vpn_route.conf
 













AddROBO VPN1Cluster





fw fetch_robo -n -f

<prefix>cluster<suffix>























cpconfig
cplic

LSMenabler -r on
cpstop
cpstart
cpconfig
ROBO Interfaces External
LSMenabler on





LSMcli [-d] <Server> <User> <Pswd> <Action>

[-d]
LSMcli [-d] < > < > < > AddROBO VPN1 < > < >
[-RoboCluster=< >] [-O=< > [-I=< >]] [[-CA=< >
[-R=< >] [-KEY=< >]]]
[-D]:< >=< >
[-< >] [-D]:...]]

AddROBO VPN1

server

user
pswd
ROBOName
Profile

OtherROBOName

-RoboCluster
ActivationKey

IP

CaName

CertificateIdentifie
r#
AuthorizationKey
DynamicObjectName
IP1-IP2

LSMcli mySrvr name pass AddROBO VPN1 MyRobo AnyProfile -O=MyPass

-I=192.0.2.4 -DE:FirstDO=192.0.2.100
MyRobo
AnyProfile

FirstDO
LSMcli mySrvr name pass AddROBO VPN1 MyRobo AnyProfile -O=MyPass
-I=10.10.10.1 -DE:FirstDO=10.10.10.5 -CA=OPSEC_CA -R=cert1233 -KEY=ab345
LSMcli [-d] < > < > < > AddROBO VPN1Edge< > < >
< >
[-RoboCluster=< >] [-O=< >] [[-CA=< >
[-R=< >][-KEY=< >]]]
[-F=LOCAL|DEFAULT|< >]
[-M=< >] [-K=< >] [-D[E]:<D.O. name>=< >[-< >] [-D[E]:...]]

AddROBO UTM-1 Edge

server

user
pswd
RoboName
Profile

ProductType
OtherROBOName

-RoboCluster

RegistrationKey
CaName

CertificateIdentifier#
AuthorizationKey

Firmware-name
MAC

ProductKey

DO Name
E LSMcli
ModifyROBOManualVPNDomain
Ip1-Ip2

LSMcli mySrvr name pass AddROBO VPN1Edge MyRobo AnyProfile SBox-100

MyRobo
AnyProfile MyRobo
LSMcli mySrvr name pass AddROBO VPN1Edge MyRobo AnyProfile IP30 -O=AnyRegKey
-F=DEFAULT – M=00:08:AA:BB:CC:DD -K=123456-ABCDEF-ABC123
LSMcli mySrvr name pass AddROBO VPN1Edge MyRobo AnyProfile SBox-100
-F=Safe@_Safe@_3.0.23_Generic_Safe@_fcs
LSMcli [-d] < > < > < > ModifyROBO VPN1 < > [

[-P=Profile] [-RoboCluster=< >|-NoRoboCluster]

[-D:< >=< >[-< >] [-KeepDOs]...]

ModifyROBO VPN1

server

user
pswd
RoboName
Profile

OtherROBOName

-RoboCluster
-NoRoboCluster -NoRoboCluster
ModifyROBO VPN1

DO Name
IP1-IP2
-KeepDOs

LSMcli

LSMcli mySrvr name pass ModifyROBO VPN1 MyRobo -D:MyEmailServer=123.45.67.8

-D:MySpecialNet=10.10.10.1-10.10.10.6
LSMcli [-d] < > < > < > ModifyROBO VPN1Edge< >

[-P=< >] [-T=< >]

[-RoboCluster=< >|-NoRoboCluster]
[-O= RegistrationKey] [-F=LOCAL|DEFAULT|< >] [-M=< >]
[-K=< >] [-D[E]:< >=< >[-< >] [-KeepDOs]...]

ModifyROBO UTM-1 Edge

server

user
pswd
RoboName
Profile

ProductType
OtherROBOName

-RoboCluster
-NoRoboCluster -NoRoboCluster
ModifyROBO VPN1

RegistrationKey
Firmware
MAC

ProductKey

DO Name
E LSMcli
ModifyROBOManualVPNDomain.
Ip1-Ip2
-KeepDOs

LSMcli

LSMcli mySrvr name pass ModifyROBO VPN1Edge MyEdgeROBO

-P=MyNewEdgeProfile-NoRoboCluster
LSMcli [-d] < >< >< > ModifyROBOManualVPNDomain < >

-Add=< > -Delete=< ShowROBOTopology >

[-IfOverlappingIPRangesDetected=< >]

ModifyROBOManual VPN Domain

server

user

pswd

RoboName
FirstIP-LastIP
Index
IfOverlappingIPRangesDetected

LSMcli mySrvr name pass ModifyROBOManualVPNDomain MyRobo

-Add=192.0.2.1-192.0.2.20
LSMcli mySrvr name pass ModifyROBOManualVPNDomain MyRobo -Delete=1
LSMcli [-d] < > < > < > ModifyROBOTopology VPN1 < >
-VPNDomain=< >

ModifyROBOTopology VPN1

server

user
pswd
RoboName
VPNDomain

 not_defined:

ShowROBOTopology
 external_ip_only:
 topology:

 manual:
ModifyROBOManualVPNDomain

LSMcli mySrvr name pass ModifyROBOTopology VPN1 MyRobo -VPNDomain=manual

LSMcli [-d] < > < > < > ModifyROBOTopology VPN1Edge < >
[-VPNDomain=< >]

ModifyROBOTopology UTM-1 Edge

server

user
pswd
RoboName
VPNDomain

 not_defined:

ShowROBOTopology
 external_ip_only
 topology

 automatic:

 manual:

LSMcli mySrvr name pass ModifyROBOTopology VPN1Edge MyRobo -VPNDomain=manual

LSMcli [-d] < > < > < > ModifyROBOInterface VPN1 < >
< > [-i=< >] [-Netmask=< >]

[-IfOverlappingIPRangesDetected=< >]

ModifyROBOInterface VPN1

server

user

pswd

RoboName
InterfaceName
IPAddress
NetMask
IfOverlappingIPRangesDetected

LSMcli mySrvr name pass ModifyROBOInterface VPN1 MyRobo eth0 -i=192.0.2.1

-Netmask=255.255.255.0
LSMcli [-d] < > < > < > ModifyROBOInterface VPN1Edge < >
< > [-i=< >] [-NetMask=< >]
[-Enabled=< >] [-HideNAT=< >] [-DHCPEnabled=< >]
[-DHCPIpAllocation=< >|<F >|< >]
[-IfOverlappingIPRangesDetected=< >]

ModifyROBOInterface UTM-1 Edge

server

user

pswd

RoboName
InterfaceName
IPAddress
NetMask
Enabled
HideNAT

DHCPEnabled
DHCPIpAllocation

IfOverlappingIPRangesDetected

LSMcli mySrvr name pass ModifyROBOInterface VPN1Edge MyRobo DMZ -i=192.0.2.1

-Netmask=255.255.255.0 -Enabled=true -HideNAT=false -DHCPEnabled=true
-DHCPIpAllocation=automatic
LSMcli [-d] < > < > < > AddROBOInterface VPN1 < >
< >
-i=< > -NetMask=< >

AddROBOInterface VPN1

server

user
pswd
RoboName
InterfaceName
IPAddress
NetMask

LSMcli mySrvr name pass AddROBOInterface VPN1 MyRobo eth0 -i=192.0.2.1

-Netmask=255.255.255.0
LSMcli [-d] < > < > < > DeleteROBOInterface VPN1 < >
< >

DeleteROBOInterface VPN1

server

user
pswd
RoboName
InterfaceName

LSMcli mySrvr name pass DeleteROBOInterface VPN1 MyRobo eth0

LSMcli [-d] < > < > < > ResetSic < > < > [-I=< >]

ResetSic

server

user
pswd
RoboName
ActivationKey

IP

LSMcli mySrvr name pass ResetSic MyROBO aw47q1

LSMcli mySrvr name pass ResetSic MyFixedIPROBO sp36rt1 -I=10.20.30.1
LSMcli [-d] < > < > < > ResetIke < > [-CA=< >
[-R=< >] [-KEY=< >]]

ResetIke

server

user
pswd
RoboName
CaName

CertificateIdentifier
AuthorizationKey

LSMcli mySrvr name pass ResetIke MyROBO -CA=OPSEC_CA -R=cer3452s

-KEY=ad23fgh
$FWDIR/conf/

LSMcli [-d] < > < > < > ExportIke < > < > < >

ExportIke

server

user
pswd
RoboName

Password
FileName

LSMcli mySrvr name pass ExportIke MyROBO ajg42k93N MyROBOCert.p12

LSMcli [-d] < > < > < > UpdateCO < >

UpdateCO

server

user
pswd
Cogw
CogwCluster

LSMcli mySrvr name pass UpdateCO MyCO

LSMcli [-d] < > < > < > Remove < > < >

Remove

server

user
pswd
RoboName
ID

LSMcli mySrvr name pass Remove MyRobo 0.0.0.251

LSMcli [-d] < > < > < > Show [-N=< >] [-F= nbcitvpglskd]

Show

-N

-F
n
b
c
i
t
v
p
g
l
s
k
d

LSMcli mySrvr name pass Show -N=MyRobo

LSMcli mySrvr name pass Show -F=nibtp
 ModifyROBOManualVPNDomain

LSMcli [-d] < > < > < > ShowROBOTopology < >

ShowROBOTopology

server

user
pswd
RoboName

LSMcli mySrvr name pass ShowROBOTopology MyRobo

ModifyROBOConfigScript ShowROBOConfigScript

ModifyROBOConfigScript

Usage
LSMcli [-d] < >< >< > ModifyROBOConfigScript VPN1Edge < >
< >

Parameters
ModifyROBOConfigScript

server

user
pswd
RoboName
inputScriptFile

Example
LSMcli mySrvr name pass ModifyROBOConfigScript VPN1Edge MyRobo myScriptFile

Usage
LSMcli [-d] < > < > < > ShowROBOConfigScript VPN1Edge < >

Parameters
ShowROBOConfigScript

server

user
pswd
RoboName

Example
LSMcli mySrvr name pass ShowROBOConfigScript VPN1Edge MyRobo
 VerifyInstall
Install
uninstall

LSMcli [-d] < > < > < > VerifyInstall < > < > < >
< > < >

VerifyInstall

server

user
pswd
RoboName
Product
Vendor
Version
SP

LSMcli mySrvr name pass VerifyInstall MyRobo firewall checkpoint NG_AI fcs
 VerifyInstall

LSMcli [-d] < >< >< > Install < >< >< >< >
< >
[-P=Profile] [-boot] [-DoNotDistribute]

Install

server

user
pswd
RoboName
Product
Vendor
Version
SP
Profile

boot

-DoNotDistribute

LSMcli mySrvr name pass Install MyRobo firewall checkpoint NG_AI fcs
-P=AnyProfile -boot
 ShowInfo

LSMcli [-d] < > < > < > Uninstall < > < > < > < >
< >
[-P=Profile] [-boot]

Uninstall

server

user
pswd
ROBO
Product
Vendor
Version
SP
Profile

boot

LSMcli mySrvr name pass Uninstall MyRobo firewall checkpoint NG_AI fcs -boot
LSMcli [-d] < > < > < > Distribute < > < > < >
< > < >

Distribute

server

user
pswd
RoboName
Product
Vendor
Version
SP

LSMcli mySrvr name pass Distribute MyRobo fw1 checkpoint NG_AI R54
LSMcli [-d] < > < > < > VerifyUpgrade < >

VerifyUpgrade

LSMcli mySrvr name pass VerifyUpgrade MyRobo

LSMcli [-d] < > < > < > Upgrade < > [-P=Profile] [-boot]

Upgrade

server

user
pswd
RoboName
Profile

boot

LSMcli mySrvr name pass Upgrade MyRobo -P=myprofile -boot

 ShowInfo

LSMcli [-d] < > < > < > GetInfo < >

GetInfo

server

user
pswd
RoboName

LSMcli mySrvr name pass GetInfo MyRobo

 GetInfo

LSMcli [-d] < > < > < > ShowInfo < >

ShowInfo

server

user
pswd
VPN1EdgeRoboName

LSMcli mySrvr name pass ShowInfo MyRobo

LSMcli [-d] < > < > < > ShowRepository
 CPRID CPRID

LSMcli [-d] < > < > < > Stop < >

Stop

server

user
pswd

Robo Gateway

LSMcli mySrvr name pass Stop MyRobo

 CPRID CPRID

LSMcli [-d] < > < > < > Start < >

Start

server

user
pswd

Robo Gateway

LSMcli mySrvr name pass Start MyRobo

 CPRID CPRID

LSMcli [-d] < > < > < > Restart < >

Restart

server

user
pswd

Robo Gateway

LSMcli mySrvr name pass Restart MyRobo

 CPRID CPRID

LSMcli [-d] < > < > < > Reboot < >

Reboot

server

user
pswd

Robo Gateway

LSMcli mySrvr name pass Reboot MyRobo

 CPRID
CPRID

LSMcli [-d] < > < > < > PushPolicy < >

PushPolicy

server

user
pswd

Robo Gateway

LSMcli mySrvr name pass PushPolicy MyRobo

 PushPolicy

LSMcli [-d] < > < > < > PushDOs < >

PushDOs

server

user
pswd
RoboName

LSMcli mySrvr name pass PushDOs MyRobo

LSMcli [-d] < > < > < > GetStatus < >

GetStatus

server

user
pswd

Robo Gateway

LSMcli mySrvr name pass GetStatus MyRobo

LSMcli [-d] < > < > < > Convert ROBO VPN1 < > [-CO] [-Force]

Convert ROBO VPN1

server

user
pswd
Name
CO
Force

LSMenabler –r off

LSMenabler on

LSMcli mySrvr name pass Convert ROBO VPN1 MyRobo –CO

LSMcli mySrvr name pass Convert ROBO VPN1 MyRobo -Force
LSMcli [-d] < > < > < > Convert Gateway VPN1 < > < >
[< > [-I=INT]
[-D=DMZ] [-A=AUX]] [-NoRestart] [-Force]

Convert VPN Gateway

server

user
pswd
Name
Profile

EXT
INT
DMZ
AUX
NoRestart

Force

LSMenabler –r on

LSMcli mySrvr name pass Convert Gateway VPN1 MyGW MyProfile –E=hme0 –I=hme1
–D=hme2 -Force
LSMcli [-d] < > < > < > Convert ROBO VPN1Edge < >

Convert ROBO UTM-1 Edge

server

user
pswd
Name

LSMcli mySrvr name pass Convert ROBO VPN1Edge MyRobo

LSMcli [-d] < > < > < > Convert Gateway VPN1Edge < > < >

Convert Gateway UTM-1 Edge

server

user
pswd
Name
Profile

LSMcli mySrvr name pass Convert Gateway VPN1Edge MyRobo MyProfile

 LSMcli

LSMcli [-d] <server> <user> <pswd> <action>








AddROBO VPN1Cluster
AddROBO
VPN1Cluster
< >

AddROBO VPN1Cluster <Profile> < > < >

[-S=< >]
[-CA=< > [-R=< >] [-KEY=< >]]

Profile

MainIPAddress
SuffixName

SubstitutedName
Part
CAName

KeyIdentifier#

AuthorizationCode

ModifyROBO VPN1Cluster
ModifyROBO VPN1Cluster
< >
ModifyROBO VPN1Cluster < > -I=< >
< >
< >

ModifyROBO VPN1Cluster
< >

ModifyROBO VPN1Cluster < > -D:<D.O. Name>=< >

< >
<D.O. Name>
< > i

ModifyROBO VPN1Cluster
< >

ModifyROBOTopology VPN1Cluster < >

-VPNDomain=< >
ModifyROBOTopology VPN1
 ModifyROBOManualVPNDomain

< >

ModifyROBONetaccess
VPN1Cluster
< >

ModifyROBONetaccess VPN1Cluster < > < >

-Mode=< >
[-TopologyType=< >]
[-DMZAccess=< >]
[-InternalIP=< > [-AllowedGroup=< >]]
[-AntiSpoof=< >
[-AllowedGroup=< >][-SpoofTrack=< >]]

ClusterName
InterfaceName

-Mode by_profile override

-TopologyType
-TopologyType external internal

-DMZAccess true false

-InternalIP not_defined
this specific

-AntiSpoof true
AllowedGroup SpoofTrack
false
-AllowedGroup TopologyType=external AllowedGroup

TopologyType=internal AllowedGroup

-SpoofTrack none log alert

<action>
< >ClusterSubnetOverride VPN1Cluster < >
< > [-IName=< >] [-MNet=< >]
[-CIP=< > -CNetMask=< >]

ModifyClusterSubnetOverride

AddClusterSubnetOverride
DeleteClusterSubnetOverride

PrivateSubnetOverride

Add|Modify|Delete
ROBOClusterName
InterfaceName

-IName

-MNet

-CIP
-CNetMask ClusterIPAddress
 < >
<Add|Modify|Delete>PrivateSubnetOverride VPN1ClusterMember
< > < > [-IName=< >]
[-MNet=< >]

ModifyPrivateSubnetOverride

AddPrivateSubnetOverride
DeletePrivateSubnetOverride

Add|Modify|Delete
ROBOMemberName
InterfaceName
-IName

-MNet

< >
RemoveCluster < >
LSMcli [-d] < >< >< > AddROBO < > < >
[-O=< > [-I=< >]] [[-CA=< >
[-R=< >] [-KEY=< >]]

server

user
pswd
Appliance_Model

 CPSG80
 1200R
 1430/1450
 1470/1490
ROBOName
Profile

ActivationKey

IP

CaName

CertificateIdentifie
r#
AuthorizationKey

 LSMcli 192.168.3.26 aa aaaa AddROBO

CPSG80 Paris_GW small_office_profile
 LSMcli 192.168.3.26 aa aaaa AddROBO
1470/1490 Paris_GW small_office_profile
AddROBO Cluster < > < > < >
[-S=< >]
[-CA=< > [-R=< >] [-KEY=< >]]

<Appliance_Model>Cluster

 CPSG80Cluster
 1200RCluster

1430/1450Cluster

1470/1490Cluster
Profile

MainIPAddress
SuffixName

SubstitutedName
Part

CAName

KeyIdentifier#

AuthorizationCode

LSMcli 192.168.3.26 aa aaaa AddRobo 1430/1450Cluster

cluster_profile 1.1.1.1 Paris


LSMcli 192.168.3.26 aa aaaa ModifyROBO CPSG80 Paris_GW
-P=second_small_office_profile

LSMcli 192.168.3.26 aa aaaa ModifyROBO CPSG80 Paris_GW
-P=second_small_office_profile
