Checkpoint防火墙安全配置手册V11 下载本文

Please specify group name [ for no group permissions]:

No group permissions will be granted. Is this ok (y/n) [y] ?

Setting Group Permissions... Done.

(为Checkpoint生成一个管理组,在此处不需要生成专门管理组,直接敲回车,不生成组)

Configuring Random Pool...

==========================

You are now asked to perform a short random keystroke session. The random data collected in this session will be used in various cryptographic operations.

Please enter random text containing at least six different characters. You will see the '*' symbol after keystrokes that are too fast or too similar to preceding keystrokes. These keystrokes will be ignored.

Please keep typing until you hear the beep and the bar is full.

[....................]

Thank you.

(随意敲入字符,以便Checkpoint用它作为随机的加密参数。随意敲任意,直到出现Thank you)

Configuring Certificate Authority...

==================================== The system uses an internal Certificate Authority

to provide Secured Internal Communication (SIC) Certificates for the components in your System.

Note that your components won't be able to communicate with each other until the Certificate Authority is initialized and they have their SIC Certificate.

Press 'Enter' to initialize the Certificate Authority... (输入回车开始生成证书)

Internal Certificate Authority created successfully Certificate was created successfully

Certificate Authority initialization ended successfully (证书生成完成)

The FQDN (Fully Qualified Domain Name) of this Management Server is required for proper operation of the Internal Certificate Authority. (默认的证书名称为FQDN)

Would you like to define it now (y/n) [y] ?

The management FQDN is IP350. Do you want to change it? (y/n) [n] ?

Press 'Enter' to send it to the Certificate Authority... (按回车键开始发送证书)

NOTE: If the FQDN is incorrect, the Internal CA cannot function properly, and CRL retrieval will be impossible.

Are you sure IP350 is the FQDN of this machine (y/n) [n] ? y FQDN initialized successfully

The FQDN was successfully sent to the CA

Configuring Certificate's Fingerprint...

======================================== The following text is the fingerprint of this Management machine:

SODA KNEE MEAT LIEN ADD LAP WISH JIBE JIM AMEN EACH SAID

Do you want to save it to a file? (y/n) [y] ? n

(询问是否将Management Server上的指纹存储到文件中) generating GUI-clients INSPECT code initial_management: Compiled OK.

Hardening OS Security: Initial policy will be applied until the first policy is installed

(在配置完成Checkpoint后,Checkpoint会将操作系统做一个加固,除Checkpoint GUI外,其它的任何服务都不能连接到防火墙)

In order to complete the installation of module you must reboot the machine. Do you want to reboot? (y/n) [y] ? n

(Checkpoint将询问是否重新启动,为便于使用命令行增加Checkpoint License,在此处点击n)

IP350[admin]#

cplic

putlic

eval

01Jan2003

dHEkKf7rt-BN9eeqjJx-9vxuF5EfN-X5TxP4Mqp CPMP-EVAL-1-3DES-NG CK-CP