System boot ….
Aug 12 01:48:28 FW [LOG_NOTICE] kernel: sio0: type 16550A
Aug 12 01:48:28 FW [LOG_NOTICE] kernel: sio1: type 16550A
Hostname? Firewall-001
Hostname set to "Firewall-001", OK? [y]
Aug 12 01:48:28 FW [LOG_NOTICE] kernel: sio0: type 16550A
Aug 12 01:48:28 FW [LOG_NOTICE] kernel: sio1: type 16550A
Hostname? Firewall-001
Hostname set to "Firewall-001", OK? [y]
Please enter password for user admin:<type admin’s password>
Please re-enter password for confirmation:<type admin’s password again>
Please re-enter password for confirmation:<type admin’s password again>
You can configure your system in two ways:
1) configure an interface and use our Web-based Voyager via a remote
browser
2) VT100-based Lynx browser
browser
2) VT100-based Lynx browser
Please enter a choice [ 1-2, q ]:1
Select an interface from the following for configuration:
1) eth1
2) eth2
3) eth3
4) eth4
5) quit this menu
2) eth2
3) eth3
4) eth4
5) quit this menu
Enter choice [1-5]:4
Enter the IP address to be used for eth4: x.x.x.x
Enter the masklength: 24
Do you wish to set the default route [ y ] ? n
Do you wish to configure this interface for 100 mbs [ n ] ? y
This interface is configured as half duplex by default.
Do you wish to configure this interface as full duplex [ n ] ? y
Do you wish to configure this interface as full duplex [ n ] ? y
You have entered the following parameters for the eth4 interface:
IP address: 10.18.4.4
masklength: 24
Speed: 100M
Duplex: full
masklength: 24
Speed: 100M
Duplex: full
Is this information correct [ y ] ?
You may now configure your interfaces with the Web-based Voyager by
typing in the IP address "10.18.4.4" at a remote browser.
typing in the IP address "10.18.4.4" at a remote browser.
Cpconfig
Do you accept all the terms of this license agreement (y/n) ? y
Which Module would you like to install ?
-------------------------------------------
(1) ×××-1 & FireWall-1Enterprise Primary Management and Enforcement Module
(2) ×××-1 & FireWall-1 Enforcement Module
(3) ×××-1 & FireWall-1Enterprise
-------------------------------------------
(1) ×××-1 & FireWall-1
(2) ×××-1 & FireWall-1 Enforcement Module
(3) ×××-1 & FireWall-1
Enter your selection (1-3/a-abort) [1]:
IP forwarding disabled
Hardening OS Security: IP forwarding will be disabled during boot.
Generating default filter
Default Filter installed
Hardening OS Security: Default Filter will be applied during boot.
This program will guide you through several steps where you
will define your Check Point products configuration.
At any later time, you can reconfigure these parameters by
running cpconfig
IP forwarding disabled
Hardening OS Security: IP forwarding will be disabled during boot.
Generating default filter
Default Filter installed
Hardening OS Security: Default Filter will be applied during boot.
This program will guide you through several steps where you
will define your Check Point products configuration.
At any later time, you can reconfigure these parameters by
running cpconfig
Configuring Licenses...
=======================
Host Expiration Features
=======================
Host Expiration Features
Note: The recommended way of managing licenses is using SecureUpdate.
This window can be used to manage local licenses only on this machine.
This window can be used to manage local licenses only on this machine.
Do you want to add licenses (y/n) [y] ?n
Configuring Administrators...
=============================
No Check Point Administrators are currently
defined for this Management Station.
Administrator name: admin
Password:
Verify Password:
Permissions for all Management Clients (Read/[W]rite All, [R]ead Only All, [C]us
tomized)w
Administrator admin was added successfully and has
Read/Write permission to all management clients
=============================
No Check Point Administrators are currently
defined for this Management Station.
Administrator name: admin
Password:
Verify Password:
Permissions for all Management Clients (Read/[W]rite All, [R]ead Only All, [C]us
tomized)w
Administrator admin was added successfully and has
Read/Write permission to all management clients
Add another one (y/n) [n] ?
Configuring GUI clients...
==========================
GUI clients are trusted hosts from which
Administrators are allowed to log on to this Management Station
using Windows/X-Motif GUI.
Do you want to [C]reate a new list, [A]dd or [D]elete one?:C
Please enter the list hosts that will be GUI clients.
Enter hostname or IP address, one per line, terminating with CTRL-D or your EOF
character.
10.18.4.38 (Press Ctrl+D)
Is this correct (y/n) [y] ?
Please enter the list hosts that will be GUI clients.
Enter hostname or IP address, one per line, terminating with CTRL-D or your EOF
character.
10.18.4.38 (Press Ctrl+D)
Is this correct (y/n) [y] ?
Configuring Groups...
=====================
Check Point access and execution permissions
-------------------------------------------
Usually, a Check Point module is given group permission
for access and execution.
You may now name such a group or instruct the installation
procedure to give no group permissions to the Check Point module.
In the latter case, only the Super-User will
be able to access and execute the Check Point module.
=====================
Check Point access and execution permissions
-------------------------------------------
Usually, a Check Point module is given group permission
for access and execution.
You may now name such a group or instruct the installation
procedure to give no group permissions to the Check Point module.
In the latter case, only the Super-User will
be able to access and execute the Check Point module.
Please specify group name [<RET> for no group permissions]:
No group permissions will be granted. Is this ok (y/n) [y] ?
No group permissions will be granted. Is this ok (y/n) [y] ?
Configuring Random Pool...
==========================
You are now asked to perform a short random keystroke session.
The random data collected in this session will be used in
various cryptographic operations.
==========================
You are now asked to perform a short random keystroke session.
The random data collected in this session will be used in
various cryptographic operations.
Please enter random text containing at least six different
characters. You will see the '*' symbol after keystrokes that
are too fast or too similar to preceding keystrokes. These
keystrokes will be ignored.
characters. You will see the '*' symbol after keystrokes that
are too fast or too similar to preceding keystrokes. These
keystrokes will be ignored.
Please keep typing until you hear the beep and the bar is full.
[ ] <press a lot of keys until you can hear a sound>
Thank you.
Thank you.
Configuring Certificate Authority...
====================================
The system uses an internal Certificate Authority
to provide Secured Internal Communication (SIC) Certificates
for the components in your System.
====================================
The system uses an internal Certificate Authority
to provide Secured Internal Communication (SIC) Certificates
for the components in your System.
Note that your components won't be able to communicate
with each other until the Certificate Authority is initialized
and they have their SIC Certificate.
with each other until the Certificate Authority is initialized
and they have their SIC Certificate.
Press 'Enter' to initialize the Certificate Authority... (press enter)
Internal Certificate Authority created successfully
Certificate was created successfully
Certificate Authority initialization ended successfully
Internal Certificate Authority created successfully
Certificate was created successfully
Certificate Authority initialization ended successfully
The FQDN (Fully Qualified Domain Name) of this Management Server
is required for proper operation of the Internal Certificate Authority.
Would you like to define it now (y/n) [y] ?
The management FQDN is Firewall-001. Do you want to change it? (y/n) [n] ?
The management FQDN is Firewall-001. Do you want to change it? (y/n) [n] ?
Press 'Enter' to send it to the Certificate Authority...
NOTE: If the FQDN is incorrect, the Internal CA cannot function properly,
and CRL retrieval will be impossible.
Are you sure Firewall-001 is the FQDN of this machine (y/n) [n] ?
The management FQDN is Firewall-001. Do you want to change it? (y/n) [n] ?
NOTE: If the FQDN is incorrect, the Internal CA cannot function properly,
and CRL retrieval will be impossible.
Are you sure Firewall-001 is the FQDN of this machine (y/n) [n] ?
The management FQDN is Firewall-001. Do you want to change it? (y/n) [n] ?
Press 'Enter' to send it to the Certificate Authority...
NOTE: If the FQDN is incorrect, the Internal CA cannot function properly,
and CRL retrieval will be impossible.
Are you sure Firewall-001 is the FQDN of this machine (y/n) [n] ? y
FQDN initialized successfully
NOTE: If the FQDN is incorrect, the Internal CA cannot function properly,
and CRL retrieval will be impossible.
Are you sure Firewall-001 is the FQDN of this machine (y/n) [n] ? y
FQDN initialized successfully
The FQDN was successfully sent to the CA
Configuring Certificate's Fingerprint...
========================================
The following text is the fingerprint of this Management machine:
NAIR GUNK HIKE WYNN TOW HER GUY CAST TRAG CROW TONE DIRT
Do you want to save it to a file? (y/n) [y] ?
Please enter the file name[/opt/CPshared-50-02/conf]:cp020812-key
The fingerprint was successfully saved.
generating GUI-clients INSPECT code
initial_management:
Compiled OK.
generating GUI-clients INSPECT code
initial_management:
Compiled OK.
Hardening OS Security: Initial policy will be applied
until the first policy is installed
until the first policy is installed
In order to complete the installation of module
you must reboot the machine.
Do you want to reboot? (y/n) [y] ?
you must reboot the machine.
Do you want to reboot? (y/n) [y] ?
(system reboot )
cleaning up...
syncing disks... done
Aug 12 08:43:16 Firewall-001 [LOG_CRIT] kernel:
Rebooting..
syncing disks... done
Aug 12 08:43:16 Firewall-001 [LOG_CRIT] kernel:
Rebooting..
无心插柳 2011-12-20
quanxianhong 2011-05-25