Now this was news to us, as we had been running Smartview Monitor for the last 2 years on this system without skipping a beat.
The Checkpoint guy promptly advised us that the use of SmartView Monitor was not supported, and was not even supposed to work unless the node was also a firewall. Now there are ways to prevent the initial policy from loading at bootup, but I am always after a cleaner install, and less hacking of a nice fresh clean system, so we gave Checkpoint a call. (now, trying to perform an " fw unloadlocal" resulted in the SPAT box telling us that it could not, because it was not a firewall. Restarting the firewall services saw everything working fine:Ĭprestartbut a reboot left us in the exact same position, with the node loading the "initial" firewall policy on boot, even though it was now reporting itself not to be a firewall enforcement node. Rebuilding our Checkpoint Secondary management Server this week after a hardware failure gave us an interesting surprise: The Checkpoint Secure Platform installation process kept making the dedicated secondary management server also be a firewall policy enforcement point.įound this page that described the same problem, and a likely solution:Ĭpprod_util FwIsFireWallModuleThe management station returned a 1, indicating that it was indeed a firewall so we unloaded the firewall policy:įw unloadlocalgot rid of the installed policy temporarily and we then changed the setting: