We are being forced to change ISP's as our current provider is discountinuing service in our area. Due to this I'll be needing to change IP's on our standalone, single firewall (R55 w/AI). I've already relicensed all of our products through Checkpoint's User Center and have the licenses available.
From what I can see 3 things need to be taken care of in regards to this IP change....
1) New licenses need to be installed on the firewall
2) NIC Card(s) need to have their IP addresses changed
3) Network Objects/NAT definitions need up be updated with new IP info and then new policy needs to be installed
My questions is, what is the proper order for accomplishing these tasks? Not sure if the above is the proper order or if steps 1 and 2 need to be flopped since the NIC may already need to reflect the proper IP address before the license can be installed.
One additional question, currently the couple of users who access our network using the VPN client are getting authenticated based on cerficates generated with our current config. Do these certificates need to be regenerated after the FW is relicensed and the IP addresses have changed?
Not 100% but i dont think ip address changes will make any difference to certificates. If smart dashboard doesnt mention it when you make the change then i imagine that adds even more certainty.
I bound the license to the private interface IP and it works. I'm not sure if this is how people normally do it. Support said that its fine, an IP for any of the interfaces.
