Just finished trying to get Check Point R71 running with IPv6. Funny thing about Check Point licensing, you can’t install the IPv6 Advanced feature pack unless you have a Firewall-1/VPN-1 license in your user center. I had downloaded the standard blade and security gateway evaluation licenses and these were not recognized as valid for the IPv6 pack.
Some interesting things that did work (at least for a while). Check Point SPLAT installed without any problems on VBox 3.2.8 r64453. During the installation process I selected RedHat Linux as the OS since SPLAT runs on a hardened version of RedHat. Otherwise I selcted the following options: 8G disk, 1M RAM *double check*. I also added three network interface, Intranet, DMZ and a bridged interface to the WLAN, which I defined as the management interface and gave a static address from the WLAN range. Once complete I was able to access the Mgmt interface with a browser and complete the configuration steps. I then downloaded the GUI and connected to the local SmartCenter. I also generated licenses and installed them via the web browser with cut/paste. Finally I added a basic rule entry to allow my Windows workstaion to access the firewall. Everything worked as planned, with one execption. I tried to open SmartTracker and the only entry I saw was that the disk for the log was too small. Could have something to do with the 8G disk I selected (although the installation didn’t complain). I then shut down the system and tried to add another disk under VBox to give the system an additional 32G. Unfortunately once I brought the firewall back up, I got the error message that it could not load the data base when I tried to access it with the management GUI. I tried to fix the problem by resetting the applications.C file but that did not help, since I got same error message after starting the firewall again.
Next steps… I need to reinstall the firewall, this time with 32G disk to start and see if that helps. I also need to get in touch with Check Point and see if I can’t get the test licensing worked out so that I can download the IPv6 feature pack. According to the release notes, IPv6 should have full support on R71, so I would be interesed in seeing it work.
Leave a Reply
You must be logged in to post a comment.