With NGX R65, you could install the UTM-1 ISO image into a VMware machine for testing purposes.
Starting with R70, the installation worked, but no network connectivity afterwards.
The reason for this is that a script probes if the hardware running the UTM-1 image is an appliance or not.
For that purpose the following commands are issued:
[Expert@cpfw01]# dmiparse "System Information" "Manufacturer:"
Crossbeam Systems Inc.
[Expert@cpfw01]# dmiparse "System Information" "Product Name:"
C2_UTM
This information is used to parse the file/etc/sysconfig/ethmap.database which contains information about the interface setup of the specific appliance.
This leads to the creation of a corresponding/etc/sysconfig/ethmap file, derived fromethmap.appliance.advance, ethmap.appliance.plus orethmap.appliance.regular.
This could look like this:
[Expert@cpmodule]# cat ethmap
Internal eth0
External eth1
DMZ eth2
Lan1 eth3
Lan2 eth4
Lan3 eth5
Lan4 eth6
Lan5 eth7
Lan6 eth8
Lan7 eth9
This information is also used when netconf.C is created. Since thedmiparse command doesn’t give the information that we’re dealing with an appliance from Check Point, the mapping goes wrong and we have wrong information in netconf.C.
[Expert@cpmodule]# cat netconf.C.backup
(conf
: (conns
: (conn
:ifname (Internal)
:type (1)
:ipaddr ("192.168.1.1/24")
:s-code (0)
)
: (conn
:ifname (lo)
:type (6)
:ipaddr ("127.0.0.1/8")
:s-code (0)
)
)
: (routes
: (route
:dest (default)
:via (192.168.1.254)
:metric (0)
)
)
)
The solution to that problem is to simply change the ifname innetconf.C to the appropriate interface name like eth0.
For that purpose, login to the console over the VMware client, usingadmin/admin as username / password combination. Change toexpert mode and edit the netconf.C like this:
[Expert@cpmodule]# cat netconf.C
(conf
: (conns
: (conn
:ifname (eth0)
:type (1)
:ipaddr ("212.1.57.221/23")
:s-code (0)
)
: (conn
:ifname (lo)
:type (6)
:ipaddr ("127.0.0.1/8")
:s-code (0)
)
)
: (routes
: (route
:dest (default)
:via (192.168.1.254)
:metric (0)
)
)
)
Now you can access the WebUI of your UTM-1 in the VMware and continue configuring like normal. There’s no problem configuring also all remaining interfaces, which are not in the netconf.C in the moment.
Post a Comment