Checkpoint闃茬伀澧欏畨鍏ㄩ厤缃�鎵嬪唽V11 - 鐧惧害鏂囧簱

(2) VPN-1 & FireWall-1 Enforcement Module

(3) VPN-1 & FireWall-1 Enterprise Primary Management

Checkpoint Firewall-1/VPN-1支持多种安装模式，Firewall-1/VPN-1主要包括三个模块：

GUI：用户看到的图形化界面，用于配置安全策略，上面并不存储任何防火墙安全策

略和对象，安装于一台PC机上；

Management：存储为防火墙定义的各种安全策略和对象；

Enforcement Module：起过滤数据包作用的过滤模块，它只与Managerment通信，

其上的安全策略由管理模块下载；

以上三个选项中如果Management与Enforcement Module安装于同一台设备上，

则选择（1），如果Management与Enforcement Module分别安装于不同的设备上，则选择（2）或（3）。在此处我们选择（1）

Enter your selection (1-3/a-abort) [1]: 1 IP forwarding disabled

Hardening OS Security: IP forwarding will be disabled during boot. Generating default filter Default Filter installed

Hardening OS Security: Default Filter will be applied during boot. This program will guide you through several steps where you will define your Check Point products configuration.

At any later time, you can reconfigure these parameters by running cpconfig

Configuring Licenses...

======================= Host Expiration Features

Note: The recommended way of managing licenses is using SecureUpdate. This window can be used to manage local licenses only on this machine. Do you want to add licenses (y/n) [y] ? n

（询问用户是否需要安装Checkpoint License，可以在此时输入，也可在安装完毕时用命令行方式输入，因为使用命令行方式输入较为方便，建议用户在安装完毕后使用copy -> paste的方式输入License。在此处我们选择n）

Configuring Administrators...

============================= No Check Point Administrators are currently defined for this Management Station. Administrator name: fwadmin

(配置Checkpoint Firewall-1/VPN-1的管理员用户名，注意系统自身与Checkpoint的

管理员不相同)

Password: Verify Password:

（设置管理员的密码，Checkpoint管理员密码没有长度的限制）

Permissions for all Management Clients (Read/[W]rite All, [R]ead Only All, [C]us

tomized) W

（设置该管理员的用户权限，有三种权限，写权限W，读权限R，自定义权限C，在此处选择W，给予管理员最大的权限）

Administrator fwadmin was added successfully and has Read/Write permission to all management clients

Add another one (y/n) [n] ? （提示是否还加入其它用户）

Configuring GUI clients...

========================== GUI clients are trusted hosts from which

Administrators are allowed to log on to this Management Station using Windows/X-Motif GUI.

Do you want to [C]reate a new list, [A]dd or [D]elete one?: C

（Checkpoint GUI软件需要安装在一台PC机上，但该GUI的IP地址需要定义，在此处我们选择C，创建一个GUI IP地址表）

Please enter the list hosts that will be GUI clients.

Enter hostname or IP address, one per line, terminating with CTRL-D or your EOF character.

10.0.0.15

Is this correct (y/n) [y] ?

（输入完地址后需要按CTRL-D结束定义GUI）

Configuring Groups...

=====================

Check Point access and execution permissions -------------------------------------------

Usually, a Check Point module is given group permission for access and execution.

You may now name such a group or instruct the installation

procedure to give no group permissions to the Check Point module. In the latter case, only the Super-User will

be able to access and execute the Check Point module.