70 Check Point VPN-1/FireWall-1 on AIX: A Cookbook for Stand-Alone and High Availability Solutions
2.5 Basic configuration of VPN-1/FireWall-1
Now, we are back on track with the "Configuring FireWall-1" section in the
Quick Start Guide.
Start
cpconfig and press Enter to continue (after being asked to do so):
# cpconfig
Welcome to VPN-1 & FireWall-1 Configuration Program
=================================================
Please read the following license agreement.
Hit 'ENTER' to continue...
Read the license agreement (you can exit any time by pressing q), and accept
the license by entering
y and pressing Enter:
[...]
Do you accept all the terms of this license agreement (y/n) ? y
A menu appears. We want to be able to install both VPN-1/FireWall-1
modules onto one machine, but be able to manage Gateway/Server Modules
# cat >> ~/.profile
FWDIR=/usr/lpp/CPfw1-41 ; export FWDIR
PATH=$PATH:$FWDIR/bin:/usr/local/bin ; export PATH
MANPATH=$MANPATH:$FWDIR/man ; export MANPATH
CTRL-D
#
# exit
[...]
AIX Version 4
(C) Copyrights by IBM and by others 1982, 1996.
Console login:
root
root's Password:
*******************************************************************************
* *
* *
* Welcome to AIX Version 4.3! *
* *
* Please see the README file in /usr/lpp/bos for information pertinent to *
* this release of the AIX Operating System. *
* *
*******************************************************************************
# echo $PATH
/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin:/usr/lpp/CPfw1-41/bin:/usr
/local/bin
#
Chapter 2. Implementation of VPN-1/FireWall-1 on AIX 71
on other machines, so we select the Distributed Installation option. Press 2
and press Enter:
Checking available options. Please wait.....................
Choosing Installation
------------------------
(1) VPN-1 & FireWall-1 Stand Alone Installation
(2) VPN-1 & FireWall-1 Distributed Installation
Option (1) will install VPN-1 & FireWall-1
Internet GateWay (Management Server and Enforcement Module)
on a single machine.
Option (2) will allow you to install specific
components of the VPN-1 & FireWall-1 Enterprise Products
on different machines.
Enter your selection (1-2/a): 2
You are prompted to decide if you want both the Enterprise Management and
Gateway/Server Module installed or just one of them. We want both, so Press
1 and Enter:
Installing VPN-1 & FireWall-1 Distributed Installation.
Which Module would you like to install ?
-------------------------------------------
(1) VPN-1 & FireWall-1 Enterprise Management and Gateway/Server Module
(2) VPN-1 & FireWall-1 Gateway/Server Module
(3) VPN-1 & FireWall-1 Enterprise Management
Enter your selection (1-3/a) [1]: 1
We want the Unlimited hosts module installed, so press 2 and Enter:
Which Module would you like to install ?
-------------------------------------------
(1) VPN-1 & FireWall-1 - Limited hosts (25, 50, 100 or 250)
(2) VPN-1 & FireWall-1 - Unlimited hosts
(3) VPN-1 & FireWall-1 - SecureServer
Enter your selection (1-3/a) [2]: 2
We do not wish to have VPN-1/FireWall started automatically. Instead, we will
do it manually later. Press n, then press Enter:
72 Check Point VPN-1/FireWall-1 on AIX: A Cookbook for Stand-Alone and High Availability Solutions
Do you wish to start VPN-1 & FireWall-1 automatically from /etc/rc.net
(y/n) [y]
?n
We do not add a license now. We will do that later in a better way:
Do you want to add licenses (y/n) [n] ? n
Now, we need to create at least one VPN-1/FireWall administrative account.
Create an VPN-1/FireWall Administrator called
root with a root password.
Give it read/write permission as follows:
Configuring Administrators...
=============================
No VPN-1 & FireWall-1 Administrators are currently
defined for this Management Station.
Do you want to add users (y/n) [y] ? y
User: root
Permissions ([M]onitor-only,[R]ead-only,[U]sers-edit,read/[W]rite): W
Password:
Verify Password:
User root added successfully
Add another one (y/n) [n] ? n
The next step is to configure the VPN-1/FireWall GUI clients. Press y and
Enter. Whenever you change this list using the cpconfig menu, you need to
re-enter all of the GUI clients.
Enter the IP addresses of all nodes that will be allowed to use a
VPN-1/FireWall-1 GUI to connect to this firewall. Input at least the IP address
of the GUI workstation in the adm network and press Enter. When you are
finished, press the Ctrl and D keys at the same time.
You are asked if your input was correct. If your answer is not y, the step will be
repeated.
Configuring GUI clients...
==========================
GUI clients are trusted hosts from which VPN-1 & FireWall-1
Administrators are allowed to log on to this Management Station
using Windows/X-Motif GUI.
Do you want to add GUI clients (y/n) [y] ? y

Get Check Point VPN-1 / FireWall-1 on AIX: A Cookbook for Stand-Alone and High Availability Solutions now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.