The purpose of this document is to detail the installation and configuration of a Lantronix Local Managers (LM) to manage and facilitate remote connectivity to a Checkpoint firewall.
Connect a free serial port on the Lantronix to the Checkpoint's RS-232 console management port with a standard Cat-5 cable.
To configure the Lantronix LM for connection to a Checkpoint firewall, navigate to the port that the Checkpoint is connected to, run the command config init, and follow the prompts as below (substituting your Checkpoint's IP address for 203.0.113.16):
[admin@LantronixLM (port1/4)]# config init
--- Enter New Values ---
description: Checkpoint firewall
make [native]: enhanced
management IP: 203.0.113.16
Configure dedicated ethernet port? (y/n) [n]:
command prompt [[#>]]:
login prompt [(ogin:\s]: [(?<!Last\s)login:\s
password prompt [assword:\s]: Password:\s
logout command [exit\r]:
wakeup command [\r]:
console username []: admin
console password []: ********
confirm password []: ********
Serial Bit Rate [9600]:
Serial Data Bit [8]:
Serial Parity [none]:
Serial Stop Bit [1]:
Serial Flow Control [none]:
Do you want to commit these changes? (y/n): y
Testing login will take a few moments...
Login successful; credentials are valid.
Scheduling default jobs
Testing job rulesMonitor
Job rulesMonitor was successful
Job rulesMonitor was scheduledThe default console settings for the Checkpoint firewall are 9600 bit rate, 8 serial data bit, no serial parity, serial stop bit 1, no flow control.
The Lantronix Local Manager can save up to twenty backup images on the LM's filesystem for use in restoring a configuration or pushing a configuration to a new Checkpoint.
To save the Checkpoint's configuration to the LM, navigate to the port that the Checkpoint is connected to, use the terminal command to connect to the console port of the Checkpoint, start the TFTP server with the command ~t, and then run the backup command on the checkpoint as in the example below (substituting the LM's IP address for 64.129.60.134). Once the backup has been transferred to the LM, use ~t and press 3 to save the uploaded backup. Verify the backup was saved to the LM's file system with the command show directory.
[admin@LantronixLM]# port 2/7
enhanced CLISH
Checkpoint GAIA
[admin@LantronixLM (port2/7)]# terminal
Press ~[ENTER] to exit.
Connecting ...
login: admin
Password:
Last login: Mon Mar 24 14:49:11 on ttyS0
gw-50ed44>
~t
Start the TFTP server? (y/n) [y]: y
TFTP server started.
The TFTP server is currently running on /64.129.60.134:69.
No files are currently available for download
No files have been uploaded
1) Add file to download list
2) Remove file from download list
3) Save uploaded file
4) Stop TFTP server
5) Return
Please select an option: 5
gw-50ed44> add backup tftp ip 64.129.60.134
Creating backup package. Use the command 'show backups' to monitor creation progress.
After backup is finished, please verify it was sucessfully transfered to the remote machine.
gw-50ed44> show backups
Backup package is under creation now.
gw-50ed44>
show backups
gw-50ed44>
gw-50ed44>
~t
The TFTP server is currently running on /64.129.60.134:69.
No files are currently available for download
Uploaded files:
backup_gw-50ed44_24_3_2014_15_13.tgz
1) Add file to download list
2) Remove file from download list
3) Save uploaded file
4) Stop TFTP server
5) Return
Please select an option: 3
Uploaded files:
1) backup_gw-50ed44_24_3_2014_15_13.tgz
2) Cancel
Please select an option: 1
Save 'backup_gw-50ed44_24_3_2014_15_13.tgz'? (y/n) [y]: y
1) OS Image
2) Running Configuration
3) Startup Configuration
4) Cancel
Please select an option: 2
'backup_gw-50ed44_24_3_2014_15_13.tgz' was saved successfully.
1) Add file to download list
2) Remove file from download list
3) Save uploaded file
4) Stop TFTP server
5) Return
Please select an option: 5
gw-50ed44>
~<ENTER>
Console session ended.
Disconnecting ...
Logging out of device...
[admin@LantronixLM (port2/7)]# show dir
Type Version Name
------- --------- ------------
Config
Running*
current backup_gw-50ed44_24_3_2014_15_13.tgz
previous backup_gw-430c6e_11_Mar_2014_15_12.tgz
OS
current backup_gw-50ed44_19_3_2014_14_51.tgz
previous backup_gw-50ed44_19_3_2014_13_16.tgz
* additional archived versions are available. Execute show dir -vTo restore a backup image to a Checkpoint firewall, navigate to the port the Checkpoint is connected to, use the terminal command to connect to the Checkpoint's CLI, and use ~t to stage the file to be used. Then run the set backup restore command on the Checkpoint, substituting the IP address of the LM being used for 64.129.60.134. Check the restore status with show backups, and when the Checkpoint is finished restoring restart with reboot.
[admin@LantronixLM]# port 2/7
enhanced CLISH
Checkpoint GAIA
[admin@LantronixLM (port2/7)]# terminal
Press ~[ENTER] to exit.
Connecting ...
Console session started. Press ~[ENTER] to exit.
gw-50ed44>
~t
The TFTP server is currently running on /64.129.60.134:69.
1) Add file to download list
2) Remove file from download list
3) Save uploaded file
4) Stop TFTP server
5) Return
Please select an option: 1
1) OS Image
2) Running Configuration
3) Startup Configuration
4) Cancel
Please select an option: 2
1) Current
2) Previous
3) Done
Please select an option: 1
backup_gw-50ed44_24_3_2014_15_13.tgz has been made available for download.
1) Add file to download list
2) Remove file from download list
3) Save uploaded file
4) Stop TFTP server
5) Return
Please select an option: 5
gw-50ed44>
This system is for authorized use only.
login: admin
Password:
Login incorrect
login: admin
Password:
Last login: Mon Mar 24 15:12:26 on ttyS0
gw-50ed44> set backup restore tftp ip 64.129.60.134 file backup_gw-430c6e_11_Mar__2014_15_12.tgz
gw-50ed44> show backups
Restoring from backup package backup_gw-430c6e_11_Mar_2014_15_12.tgz.
Don't forget to reboot the machine after it's finished.
gw-50ed44> reboot
Are you sure you want to reboot?(Y/N)[N]
yThe Lantronix Local Manager can facilitate connections to the Checkpoint's web interface using the port forwarding feature. Run configure protocol forward on the port the Checkpoint is connected to and add an entry as below:
[admin@LantronixLM (port2/7)]# config protocol forward
[forward]# management 443 https
[forward]# exitUsers may now connect to the web interface through a SSH tunnel using the port forwarding feature. In the Lantronix CLI applet, click Terminal, then Forward. Select the Checkpoint's port, enter 443 for the port number, and click Apply. Now, port 443 on 127.0.0.1 on your workstation will connect through the SSH tunnel created by the LM to the web interface on the Checkpoint.