!! Most SPLAT Devices
echo "<NAT-IP> <Physical-Interface-MAC-Address>" >> $FWDIR/conf/local.arp

!! SPLAT Devices with VMAC mode enabled
echo "<NAT-IP> <Virtual-MAC-Address>" <Physical-Int-IP> >> $FWDIR/conf/local.arp

Notes:

  • AutoNATs normally do not require a proxy arp. Ensure "merge manual proxy arp configuration" is enabled in the Global Properties -> NAT

[ # ]

useradd -u 0 -o -g 0 -m <username> -s /bin/rbash

[ # ]

route add -net <IP>/<cidr> gw <next hop IP>
route add -host <IP> gw <next hop IP>
route add default gw <gateway>
route del -net <IP>/<cidr> gw <next hop IP>
route --save

[ # ]

cphastop
mount -t iso9660 -o loop <iso_image> /mnt/cdrom
cd /mnt/cdrom
patch add cd

Notes:

  • It's best to verify these steps from Release Notes
  • After install, modify CP object in policy to reflect new version and push policy
  • HFAs will use ./UnixInstallScript instead of 'patch add cd'

[ # ]

lvresize -L 20GB /dev/vg_splat/lv_current         !! Sets the logical volume size
Reboot into maintenance mode   !! View boot menu to see 'Maintenance Mode' option - you do need the expert password.  if your current acct has expert type "passwd root" to reset it.
e2fsck -f /dev/mapper/vg_splat-lv_current
resize2fs /dev/mapper/vg_splat-lv_current
Reboot

Notes:

  • Especially useful for UTMs with small root partitions. Upgrades can fail due to this.

[ # ]

/usr/sbin/dmidecode

Notes:

  • Use '/usr/sbin/dmidecode | grep "Product Name" to view specific hardware name

[ # ]

cphaconf set_ccp multicast   !! Use Multicast (default mode, most efficient)
cphaconf set_ccp broadcast   !! Use Unicast

cphaprob -a if    !! Verify current mode and monitored interfaces

Documentation

[ # ]

vi $FWDIR/conf/objects_5_0.C
Change the following:
  :support_sofaware_profiles (false)
to
  :support_sofaware_profiles (true)
Restart Checkpoint Services

Notes:

  • With the above set to false, if you create the object via Network Objects Manager, upon verification, the following error may appear: "'s IP address is invalid (inside DAG_range)"

Documentation

[ # ]

/usr/bin/passwd <username>

Notes:

  • 'passwd ' is a special script by Checkpoint and does not work for changing passwords

[ # ]