Check Point 21000 Appliances G-70, 21000 Appliances G-72, 21000 Appliances G-50 Getting Started Manual

Download

20 February 2013

Getting Started Guide

21000 Appliances

Models: G-72, G-70 & G-50

Classification: [Protected] P/N 705215

licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph

(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR

52.227-19. TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of

relevant copyrights and third-party licenses.

Contents

Important Information ............................................................................................. v

Health and Safety Information ............................................................................... 6

Introduction ............................................................................................................. 8

Welcome ............................................................................................................. 8

Overview of the 21000 Appliances ...................................................................... 8

Shipping Carton Contents.................................................................................... 9

Rack Mounting with Telescoping Rails ............................................................... 10

General Requirements for Racks ........................................................................10

Telescoping Rails Hardware ...............................................................................11

Attaching the Appliance Rails .............................................................................12

Attaching the Rack Rails ....................................................................................12

Installing the Appliance .......................................................................................13

Removing the Appliance .....................................................................................15

21000 Appliances Hardware ................................................................................. 16

Front Panel Components ....................................................................................16

Check Point 21700 and 21600 Front Panel ....................................................16

Check Point 21700 and 21600 Front Panel LEDS .........................................17

Check Point 21400 Front Panel .....................................................................18

Check Point 21400 Front Panel LEDS ...........................................................19

Managing 21000 Appliances Using the LCD Panel ........................................20

Line Cards .....................................................................................................21

Rear Panel Components ....................................................................................22

21000 Appliances Rear Panel ........................................................................22

21700 and 21600 - Securing the Power Cable ...............................................23

Replacing and Upgrading Components ..............................................................25

Software Configuration ........................................................................................ 26

Connecting the Power Cables and Power On .....................................................26

Available Software Images .................................................................................26

Initial Configuration .............................................................................................26

Using the First Time Configuration Wizard on Gaia ............................................27

Starting the Gaia First Time Configuration Wizard .........................................27

Welcome ........................................................................................................27

Available Releases ........................................................................................27

Authentication Details ....................................................................................27

Date and Time Setup .....................................................................................28

Device Name .................................................................................................28

Network Connection.......................................................................................28

Products ........................................................................................................29

Security Management Administrator ..............................................................30

Security Management GUI Clients .................................................................30

License Activation .......................................................................................... 30

Dynamically Assigned IP ...............................................................................30

Secure Internal Communication (SIC) ............................................................30

Summary .......................................................................................................30

Using the First Time Configuration Wizard on SecurePlatform ...........................31

Starting the First Time Configuration Wizard ..................................................31

Welcome ........................................................................................................31

Appliance Date and Time Setup ....................................................................31

Network Connections .....................................................................................32

Routing Table ................................................................................................32

Host, Domain Settings, and DNS Servers ......................................................32

Management Type .........................................................................................32

Summary .......................................................................................................33

Creating the Network Object ...............................................................................33

Advanced Configuration .....................................................................................34

Connecting to the 21000 Appliances CLI .......................................................34

Restoring Factory Defaults .................................................................................. 35

Restoring Using the WebUI ................................................................................35

Gaia ...............................................................................................................35

SecurePlatform ..............................................................................................35

Restoring Using the Console Boot Menu ............................................................35

Restoring Using the LCD Panel ..........................................................................37

Registration and Support ..................................................................................... 38

Registration ........................................................................................................38

Support ...............................................................................................................38

Where To From Here? ........................................................................................38

Compliance Information ....................................................................................... 39

Declaration of Conformity ...................................................................................39

Date

Description

20 February 2013

Added 21700 appliance

16 October 2012

 Added 21600 appliance  Added First Time Configuration Wizard for Gaia  Added Rack Mounting for Telescoping Rails  Deleted Customer Replaceable Parts

1 November 2011

 Deleted a statement about Proposition 65 Chemicals from the

Health and Safety Information (on page 6).

 Added photos to the instructions for Installing and Removing

the System Board Battery and for Installing and Removing a LOM card.

1 August 2011

First release of this document

Important Information

Latest Software

We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks.

Latest Documentation

The latest version of this document is at:

http://supportcontent.checkpoint.com/documentation_download?ID=12317

For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com).

For more about this appliance, see the 21000 Appliances home page (http://supportcontent.checkpoint.com/solutions?id=sk68701).

Revision History

Feedback

Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments

(mailto:cp_techpub_feedback@checkpoint.com?subject=Feedback on 21000 Appliances Getting Started

Guide).

Health and Safety Information

Note - The Check Point 21000 Appliances correlate with the following model

numbers for certification purposes: G72, G70, and G50.

Warning - Do not block air vents. A minimum 1/2-inch clearance is required.

Warning - DANGER OF EXPLOSION IF BATTERY IS INCORRECTLY

REPLACED. REPLACE ONLY WITH SAME OR EQUIVALENT TYPE RECOMMENDED BY THE MANUFACTURER. DISCARD USED BATTERIES ACCORDING TO THE MANUFACTURER’S INSTRUCTIONS.

Health and Safety Information

Read the following warnings before setting up or using the appliance.

To prevent damage to any system board, it is important to handle it with care. The following measures are generally sufficient to protect your equipment from static electricity discharge:

 When handling the board, to use a grounded wrist strap designed for static discharge elimination.  Touch a grounded metal object before removing the board from the antistatic bag.  Handle the board by its edges only. Do not touch its components, peripheral chips, memory modules or

gold contacts.

 When handling processor chips or memory modules, avoid touching their pins or gold edge fingers.  Restore the communications appliance system board and peripherals back into the antistatic bag when

they are not in use or not installed in the chassis. Some circuitry on the system board can continue operating even though the power is switched off.

 Under no circumstances should the lithium battery cell used to power the real-time clock be allowed to

short. The battery cell may heat up under these conditions and present a burn hazard.

 Disconnect the system board power supply from its power source before you connect or disconnect

cables or install or remove any system board components. Failure to do this can result in personnel injury or equipment damage.

 Avoid short-circuiting the lithium battery; this can cause it to superheat and cause burns if touched.  Do not operate the processor without a thermal solution. Damage to the processor can occur in

seconds.

 CLASS 1 LASER PRODUCT. A TOTALLY ENCLOSED LASER SYSTEM CONTAINING A CLASS 1

LASER.

For California:

Perchlorate Material - special handling may apply. See http://www.dtsc.ca.gov/hazardouswaste/perchlorate

The foregoing notice is provided in accordance with California Code of Regulations Title 22, Division 4.5, Chapter 33. Best Management Practices for Perchlorate Materials. This product, part, or both may include a lithium manganese dioxide battery which contains a perchlorate substance.

WARNING: Handling the cord on this product will expose you to lead, a chemical known to the State of California to

cause cancer, and birth defects or other reproductive harm. Wash hands after handling. Information to user: The user's manual or instruction manual for an intentional or unintentional radiator shall caution the user that

changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. In cases where the manual is provided only in a form other than paper, such as on a computer disk or over the Internet, the information required by this section may be included in the manual in that alternative form, provided the user can reasonably be expected to have the capability to access information in that form.

21000 Appliances Getting Started Guide | 6

Health and Safety Information

Product Disposal

This symbol on the product or on its packaging indicates that this product must not be disposed of with your other household waste. Instead, it is your responsibility to dispose of your waste equipment by handing it over to a designated collection point for the recycling of waste electrical and electronic equipment. The separate collection and recycling of your waste equipment at the time of disposal will help to conserve natural resources and ensure that it is recycled in a manner that protects human health and the environment. For more information about where you can drop off your waste equipment for recycling, please contact your local city office or your household waste disposal service.

21000 Appliances Getting Started Guide | 7

In This Chapter

Welcome 8 Overview of the 21000 Appliances 8 Shipping Carton Contents 9

Chapter 1

Introduction

Welcome

Thank you for choosing Check Point’s 21000 Appliances. We hope that you will be satisfied with this system

and our support services. Check Point products are the most up to date and secure solutions available today.

Check Point also delivers worldwide educational, professional and support services through a network of Authorized Training Centers, Certified Support Partners and Check Point technical support personnel. We make sure that you get the most out of your security investment.

For more about the Internet Security Product Suite and other security solutions, see the Check Point Web site (http://www.checkpoint.com), or call Check Point at 1(800) 429-4391. For more technical information about Check Point products, consult the Check Point Support Center (http://supportcenter.checkpoint.com).

Welcome to the Check Point family. We look forward to meeting all of your current and future network, application and management security needs.

Overview of the 21000 Appliances

The Check Point 21000 Appliances models are ideally suited for securing medium to large data center environments and high-end enterprise networks. The 21000 Appliances models are purpose-built Security Gateways in a compact 2U form factor. The acceleration options extend firewall throughput up to 100 Gbps with significantly lower packet latency.

The 21000 Appliances models remove complexity with central management of security protection services on one platform. With the Check Point security-leading Software Blades technology, these appliances can provide: VPN, IPS, Application Control, Mobile Access, Application and URL Filtering, DLP, Anti-Virus & Anti-Malware, Web Security and Anti-Spam & Email Security.

The 21000 Appliances models are highly modular, for greater scalability and flexibility. Up to 36 I/O ports are available with the optional 12x1GbE copper and fiber (SFP) Network Interface Cards. For 10GbE network connectivity, an optional 4x10GbE fiber (SFP+) module is also available. This makes the 21000 Appliances ideal for demanding network environments, and for securing many different networks.

The 21000 Appliances models deliver high serviceability and redundancy for these components that you can hot-swap: dual power-supplies, system fans, and dual hard-disk drive with RAID support. Accessories include NICs, memory upgrades and a LOM (Lights-Out Management) card module for out-of-band management.

This appliance supports the SecurePlatform and Gaia Operating Systems. Gaia is a single, unified network security Operating System that combines the best of Check Point's SecurePlatform and IPSO, the operating system from the Nokia security products. Gaia supports the full portfolio of Check Point Software Blades, Security Gateway and Security Management products.

For more about installing and using 21000 Appliances, see the appliance home page (http://supportcontent.checkpoint.com/solutions?id=sk68701).

21000 Appliances Getting Started Guide | 8

Item

Description

Check Point 21000 appliance

A single appliance

21000 appliance components *

 1 1GbE copper line card, 12 ports  2 front-facing slots for optional line cards  16 GB dynamic RAM (21700 and 21600 Appliance)  12 GB dynamic RAM (21400 Appliance)  2 hard disk drives with RAID  2 power supplies  Full complement of fans units (quantity 5)

Rack mounting accessories

Hardware mounting kit

Cables

2 power cables

Documentation

 Quick Start Guide  Image Management guide  User License Agreement

Shipping Carton Contents

Introduction

* Check Point product bundles can have special appliance components. See the Check Point Website

Product Catalog to learn about these special product configurations. It is necessary to log in to the Product Catalog (http://supportcenter.checkpoint.com).

21000 Appliances Getting Started Guide | 9

In This Chapter

General Requirements for Racks 10 Telescoping Rails Hardware 11 Attaching the Appliance Rails 12 Attaching the Rack Rails 12 Installing the Appliance 13 Removing the Appliance 15

Note - There are two versions of rails that are shipped with the 21000 Appliances:

 Original rack mounting  Newer rack mounting

The newer rails come with the L-shaped bracket attached at both ends of the rails. If you are installing the original rails (without the L-shaped brackets attached), go to 21000 Appliances home page (http://supportcontent.checkpoint.com/solutions?id=sk68701) and see the 21400 Appliances Installing Telescoping Rails (Original) guide.

Rack Side

Clearance Requirement

Front

36 in (91.44 cm) plus additional clearance, if needed, for the mechanical lift used to move Check Point rails equipment.

Rear

16 in (40.64 cm) from the rear side of the rack or chassis, whichever is closest to the rear. (Without back door cabinet)

22 in (55.88 cm) from the rear side of the rack or chassis, whichever is closest to the rear. (With back door cabinet)

Sides

N/A (no accessible parts)

Chapter 2

Rack Mounting with Telescoping Rails

This chapter describes how to use telescoping rails to mount the appliance in a rack.

General Requirements for Racks

The 21000 Appliances are designed for a standard 19-inch (48.26 cm) rack (see specification EIA-310-D). Use the telescoping rails with racks that have these specifications:

 Minimum depth: 26 in (66 cm)  Maximum depth: 35 in (88.9 cm)

Front and rear rack doors must have equally distributed holes on at least 65% of the surface area to give sufficient airflow. Make sure that the racks have sufficient clearance to service the Check Point appliances that are mounted on telescoping rails.

The telescoping rails can be used with racks that have round holes or square holes.

21000 Appliances Getting Started Guide | 10

Rack Mounting with Telescoping Rails

Note - You must use the screw plates to attach the rack rails to these types of racks:

 Square holes  Round holes that are larger than the supplied large round-head screws

Appliance

Width

Depth

Height

21700, 21600 and 21400

17.24 in (43.8 cm)

29.5 in (74.93 cm )

3.44 in (8.8 cm) (2U)

Important - Two people are required to install the appliance in a rack in order to prevent any possible damage.

Item

Hardware Description

Qty.

Use

Rack rail

Attaches to the front of the rack.

Rack rail (rear)

2 Appliance rail

Attaches to the sides of the appliance.

Appliance rail (rear)

3 Small flat-head screws

Attaches the appliance rails to the appliance.

Large flat-head screws

Attaches the rack rails and the ear brackets of the appliance to the racks.

Rear screw plates (three holes)

Makes sure that the rail flange is securely attached to the rack for these types of racks:

 Square holes  Round holes that are larger than the supplied

large round-head screws

Front screw plates (six holes)

Appliance Physical Specifications

These are the physical specifications of the Check Point appliance models that can be mounted in the telescoping rails.

Telescoping Rails Hardware

21000 Appliances Getting Started Guide | 11

Rack Mounting with Telescoping Rails

Rack Mounting Tools

Philips screwdriver. We recommend a screwdriver with a magnetic head to hold screws and retrieve dropped screws.

Attaching the Appliance Rails

Disconnect the appliance rail and the rack rail and use four small screws to attach each appliance rail to the sides of the appliance.

To attach the appliance rails:

1. On the appliance rail, push the front release clip and remove the appliance rail from the rack rail.

2. Set the appliance rail on the side of the appliance. Make sure that the arrow-latch faces the front of the appliance.

3. Attach the appliance rails to the appliance with four small screws.

4. Do steps 1 - 3 again for the other side of the appliance.

Attaching the Rack Rails

Attach the rack rails and screw plate to the rack. Make sure that you have these pieces ready:

 2 Rack rails  8 Large round-head screws  2 Front screw plates (6 holes)  2 Rear screw plates (3 holes)

21000 Appliances Getting Started Guide | 12

Rack Mounting with Telescoping Rails

Item

Description

Front screw plate (6 holes)

Front face of the rack post

Front flange

Large flat-head screws

Note - For rack posts with threaded holes, do not use the screw plates. Screw the rail flanges directly to the threaded rack posts.

Important - A 2U appliance is heavy and two people are required to hold and install the appliance in the rack to prevent personal injury and damage to the appliance.

To attach the rack rails to the rack:

1. Put the front flange of the rack rail on the front face of the rack post.

2. For square hole racks and round holes that are larger than the large round-head screws, place the screw plate behind the rack post at the same location as the front flange.

Make sure that you align the bottom hole of the front screw plate with the bottom hold of the front flange of the rack rail.

3. Use two screws to attach the front flange to the front screw plate. Do not use a screw on the center hole of the front rail flange.

4. Do steps 1 - 3 again to attach the rear flange and rear screw plate to the rear of the rack.

5. Do steps 1 - 4 again for the other rack rail.

Installing the Appliance

Install the appliance in the telescoping rails in the rack.

You must disengage both the front and rear rail locks when installing the appliance. We recommend that you secure the ear brackets of the appliance to the rack after you move the appliance

into the rack.

To install the appliance in the rack:

1. Set the appliance until the appliance rails are level with the rack rails.

2. Move the appliance into the rack until the telescoping rails click.

21000 Appliances Getting Started Guide | 13

Rack Mounting with Telescoping Rails

Item

Description

Ear bracket

Screws that attach appliance to rack

The telescoping rails are locked.

3. Push the front release clips and move the appliance into the rack.

To secure the appliance to the rack:

1. Use two screws to attach the right ear bracket to the front face of the rack.

2. Use one screw to attach lower part of the left ear bracket to the front face of the rack. The LCD panel blocks the upper part of the left ear bracket.

21000 Appliances Getting Started Guide | 14

Rack Mounting with Telescoping Rails

Important - A 2U appliance is heavy and two people are required to hold and remove the

appliance from the rack to prevent personal injury and damage to the appliance.

Removing the Appliance

Unlock the telescoping rails to remove the appliance from the rack.

To remove the appliance from the rack:

1. Move the appliance away from the rack as far as possible.

2. Push the front release clips and move the appliance away from the rack rail.

3. Push the rear release clips and move the rack rails into the rack as far as possible.

21000 Appliances Getting Started Guide | 15

In This Chapter

Front Panel Components 16 Rear Panel Components 22 Replacing and Upgrading Components 25

Item

Description

System LEDs (System power, system status, and hard disk activity).

LCD display screen.

Keypad for LCD screen.

2 Hard disk drives. When monitoring the disks using the raid_diagnostic command, DiskID 0

is the top disk, and DiskID 1 is the bottom disk.

Hard disk power and activity LEDs.

Three slots for Ethernet interface line cards ("Line Cards" on page 21).

Reset button and ESD grounding plug.

Console port - for a serial connection to the appliance using a terminal emulation program such as HyperTerminal or PuTTY.

Chapter 3

21000 Appliances Hardware

Front Panel Components

This section describes the features and components located on the appliance front panel.

Check Point 21700 and 21600 Front Panel

21000 Appliances Getting Started Guide | 16

Item

Description

LOM (Lights Out Management) port for the optional LOM card.

Management port - for an Ethernet connection to a remote management computer.

SYNC port - For synchronizing with cluster members or a high availability peer.

USB port.

Item

Description

System Power.

 OFF - System power off  ON (Green) - System power on

System Status.

 Green – System OK  Orange – Alarm for voltage, temperature or fan.

Hard disk drive (HDD) Activity.

 OFF - No HDD Activity  ON (Green) - HDD Activity

Hard disk drive (HDD) Activity.

 OFF - No HDD Activity  ON (Amber) - HDD Activity

Hard disk drive (HDD) Power.

 OFF – HDD Power off  ON (Green) – HDD Power on

ESD grounding plug

Reset - Does a hardware reset.

Check Point 21700 and 21600 Front Panel LEDS

21000 Appliances Hardware

21000 Appliances Getting Started Guide | 17

Item

Description

Link

 OFF - No Link  ON (Green) - Link

Activity

 OFF - No Activity  Slow Blink (Amber) - Activity

Item

Description

System LEDs (System power, system status, and hard disk activity).

LCD display screen.

Keypad for LCD screen.

2 Hard disk drives. When monitoring the disks using the raid_diagnostic command, DiskID 0

is the top disk, and DiskID 1 is the bottom disk.

Hard disk power and activity LEDs.

Three slots for Ethernet interface line cards ("Line Cards" on page 21).

Console port - for a serial connection to the appliance using a terminal emulation program such as HyperTerminal.

LOM (Lights Out Management) port for the optional LOM card.

Management connection port - for an Ethernet connection to a remote management computer.

USB ports.

Check Point 21400 Front Panel

21000 Appliances Hardware

21000 Appliances Getting Started Guide | 18

Item

Description

System Power.

 OFF - System power off  ON (Green) - System power on

System Status.

 Green – System OK  Orange – Alarm for voltage, temperature or fan.

Hard disk drive (HDD) Activity.

 OFF - No HDD Activity  ON (Green) - HDD Activity

Hard disk drive (HDD) Activity.

 OFF - No HDD Activity  ON (Amber) - HDD Activity

Hard disk drive (HDD) Power.

 OFF – HDD Power off  ON (Green) – HDD Power on

Link

 OFF - No Link  ON (Green) - Link

Activity

 OFF - No Activity  Slow Blink (Amber) - Activity

Check Point 21400 Front Panel LEDS

21000 Appliances Hardware

21000 Appliances Getting Started Guide | 19

21000 Appliances Hardware

Sub-menu

Purpose

Network

DHCP

Enable or disable IP address allocation using DHCP

Set Internal IP or Set Mgmt IP

Set the management interface IP address (cannot be edited when DHCP is enabled)

Set Netmask

Set the management interface network mask (cannot be edited when DHCP is enabled)

Set Default GW

Set the management interface default gateway (cannot be edited when DHCP is enabled)

System

Reboot

Reboot the appliance

Press

Enter the main menu

Enter

Navigate the menu

Select a menu option

Enter

Go back to previous menu

ESC

Press

Move to the next digit

Enter

Move back to the previous digit

ESC Approve the change

Enter when the cursor is located on the last digit

Cancel the IP change

ESC when the cursor is located on the first digit

Change current digit

Managing 21000 Appliances Using the LCD Panel

The appliance has an LCD panel that you can use to do basic management operations. You can enable DHCP. You can configure the management IP address, netmask, and default gateway of the appliance. You can reboot the appliance.

Menu Options

LCD Panel Keys

When Entering an IP Address

21000 Appliances Getting Started Guide | 20

21000 Appliances Hardware

Item

Line Card

Description

Supported Transceivers

Transceiver Lever Color

10GbE SFP+ Line Card, 4 Port

10 Gb Ethernet PCI-e line card for SFP+ transceivers

Fiber-optic (short range)

Beige Fiber-optic (long range)

Blue

1GbE SFP Line Card, 12 Port

12 port 1Gb Ethernet PCI-e line card for SFP transceivers

Fiber-optic (short range)

Black Fiber-optic (long range)

Blue

1GbE Copper Line Card, 12 port

12 port 1000BaseT PCI-e line card

Copper

Yellow

10GbE SFP+ acceleration ready Line Card, 4 Port

10 Gb Ethernet acceleration ready line card

Fiber-optic (short range)

Beige

Fiber-optic (long range)

Blue

Line Cards

The 21000 Appliances front panel has three slots for cold-swappable Line Cards (also known as Network interface Cards (NICs)).

Supported Line Cards

These Line Cards are available:

Line Card Slot and Port Numbering

Line Card slots are numbered from 1 to 3, top to bottom. The Line Card ports are numbered from 1, left to right. For example, in a 12-port card, the slots are

numbered 1 to 12, left to right.

21000 Appliances Getting Started Guide | 21

Item

Description

Activity

 OFF - No Activity  Slow Blink (Amber) - Activity

Link

 OFF - No Link  ON (Green) - Link

Link

 OFF - No Link  ON (Green) - 10Mbps or 1Gbps Link  ON (Amber) - 100Mbps Link

Accelerated Port

 OFF – Port served by Motherboard without Acceleration  ON (Blue) – Port served by Security Acceleration Module

Note - The previous diagram shows the 21400 appliance.

Item

Description

2 redundant, hot-swappable AC power supplies. Each power supply connects to an electric outlet.

LED indicator for power supply, one for each power supply:

 OFF - power off  ON (Green) - power on

Main power switch.

Power supply alarm suppression button. When a power supply fails or is not connected to the outlet, an alarm sounds continuously. Press here to turn off the alarm.

Line Card LEDs

21000 Appliances Hardware

Rear Panel Components

This section describes components located on the rear panel of the appliance.

21000 Appliances Rear Panel

21000 Appliances Getting Started Guide | 22

21000 Appliances Hardware

Item

Description

Grounding point for ESD strap.

5 replaceable CPU cooling fan units, behind the grille. Each fan unit operates independently, and provides redundancy in the event of failure.

Fan grille retaining screw.

The fans are redundant pairs. They are numbered from right to left: 1A/B, 2A/B, 3A/B, 4A/B, 5A/B.

Extraction handles and retaining thumb screws.

Slot for optional Security Acceleration Module tray.

Note - Some of the details for your model can be different than the previous diagram.

Note - Make sure that the power cable is connected to the power supply unit before you

attach the power cable tie.

Item

Description

Anchor that connects the power cable tie to the appliance

Cable clip that secures the power cable

21700 and 21600 - Securing the Power Cable

It is necessary to secure the power cable to the power supply unit on a 21700 or 21600 appliance. Connect the power cable tie to the appliance and then tighten it to secure the power cable.

21000 Appliances Getting Started Guide | 23

Item

Description

Power supply unit release lever

Power supply LED

Anchor hole

To connect the power cable tie to the appliance:

1. Insert the anchor into the anchor hole on the power supply unit.

21000 Appliances Hardware

2. Make sure that you cannot remove the cable clip from the appliance.

To secure the power cable:

1. Place the cable clip around the power cable.

2. Slide the cable clip so that it is near the appliance.

3. Tighten the cable clip.

4. Make sure that you cannot disconnect the power cable from the power supply unit.

21000 Appliances Getting Started Guide | 24

21000 Appliances Hardware

Replacing and Upgrading Components

The 21000 Appliances has parts that you can easily replace to minimize downtime. There are also upgrade components that you can install on the appliance. These are the parts and components that can be used with the appliance:

 Line cards  Security Acceleration Module  Transceivers  Power supplies  Hard disk drives  System memory  Cooling fan units  LOM card

For more information about installing these parts and components, see the appliance home page (http://supportcontent.checkpoint.com/solutions?id=sk68701).

Unless directed to do so by Check Point technical support, you are prohibited by warranty and support agreements from replacing any parts.

21000 Appliances Getting Started Guide | 25

In This Chapter

Connecting the Power Cables and Power On 26 Available Software Images 26 Initial Configuration 26 Using the First Time Configuration Wizard on Gaia 27 Using the First Time Configuration Wizard on SecurePlatform 31 Creating the Network Object 33 Advanced Configuration 34

Note - When a power supply fails or is not connected to the outlet, an alarm sounds continuously. If you hear the alarm, replace the faulty power supply immediately, and connect the new unit to an A/C outlet.

Note - Gaia is available for R75.40 and higher.

Chapter 4

Software Configuration

Connecting the Power Cables and Power On

To connect the power cables:

1. Connect the power cables to the power supplies in the rear panel.

2. Turn on the Power button to start the appliance.

After the appliance initializes and boots up, the status of the appliance shows on the LCD screen. The appliance is ready for use when the model number is displayed.

Available Software Images

The 21000 Appliances comes with different software images. Select the software image you want to use. Reverting to a software image takes a few minutes. To follow progress and see when the appliance is ready,

connect to the appliance using a serial console. For more about software images, see the 21000 Appliances home page

(http://supportcontent.checkpoint.com/solutions?id=sk68701).

Initial Configuration

Do the initial configuration of the appliance with the First Time Configuration Wizard. There are different First Time Configuration Wizard options for the Gaia and the SecurePlatform operating

system.

21000 Appliances Getting Started Guide | 26

Software Configuration

Note - The pages that you see in the wizard depend on the

software image and the options you select. You will not see all the pages that are in this section.

Note - The features configured in the First Time Configuration Wizard are accessible after completing the wizard using the WebUI menu. The WebUI menu can be accessed by navigating to https://<appliance_ip_address>.

Go to the applicable section:

 Using the First Time Configuration Wizard on Gaia (on page 27)  Using the First Time Configuration Wizard on SecurePlatform (on page 31)

Using the First Time Configuration Wizard on Gaia

Use the First Time Configuration Wizard to do the initial configuration of the Gaia appliance.

Starting the Gaia First Time Configuration Wizard

To start the First Time Configuration Wizard:

1. Connect a standard network cable to the appliance management interface and to your management network.

The management interface is marked MGMT. This interface is preconfigured with the IP address

192.168.1.1.

2. Connect to the management interface from a computer on the same network subnet. For example: IP address 192.168.1.x and net mask 255.255.255.0. This can be changed in the

WebUI, after you complete the First Time Configuration Wizard.

3. To access the management interface, open a connection from a browser to the default management IP address: https://192.168.1.1

4. The login page opens. Log in to the system using the default username and password: admin and admin

5. Click Login.

6. The First Time Configuration Wizard runs.

Welcome

The Welcome page introduces the product.

Available Releases

The appliance comes with different software images. Select the software image that you want to install. You can change to another software image after the First Time Configuration Wizard is completed.

If you select a SecurePlatform software image, use the SecurePlatform First Time Configuration Wizard to configure the appliance.

Authentication Details

The default password gives you access to the appliance. For security purposes, change it to a more secure password.

21000 Appliances Getting Started Guide | 27

Date and Time Setup

Set the system time and date for the appliance:

 Manually  From a time server, using Network Time Protocol (NTP)

Software Configuration

Device Name

Set the host name, domain name, and DNS servers for IPv4 addresses. The host name must start with a

letter and cannot be named com1, com2....com9.

You can use the Gaia WebUI to configure IPv6 DNS servers.

Network Connection

Connection Information - Configure the IPv4 interface information for the management interface. You can change the Management IP address. Connectivity is maintained with an automatically created secondary interface. After you complete the First Time Configuration Wizard, you can remove this interface in the

Interface Management > Network Interfaces page. DHCP Server - You can configure the Gaia appliance to be a Dynamic Host Configuration Protocol (DHCP)

server.

To define a DHCP server on the Gaia appliance MGMT interface:

1. In DHCP Server, select Enabled.

2. Define the IP Pool. This is the range of IPv4 addresses that the server assigns to hosts.

21000 Appliances Getting Started Guide | 28

Software Configuration

Products

Select the Gaia products that are installed on the appliance.

Advanced

Use these options to configure an appliance that is a cluster member or in a High Availability deployment.

 Unit is part of a cluster - the options are:

 ClusterXL - For more about ClusterXL configurations, see the applicable version of the ClusterXL

Administration Guide.

 VRRP - For more about VRRP clusters, see the applicable version of the Gaia Administration Guide.

 Define Security Management as - In a Management High Availability deployment, define this Security

Management server as Primary or Secondary. For more about Management High Availability, see the applicable version of the Security Management Administration Guide.

Search for these guides in the Support Center (http://supportcontent.checkpoint.com/solutions?id=sk91140).

21000 Appliances Getting Started Guide | 29

Software Configuration

Note - You only see this page when the Gaia appliance is a

Security Management server.

Note - You see this page when the appliance is a Security Management.

Note - You see this page when the appliance is a Security Gateway.

Note - We recommend that you back up the system configuration. You can use the Gaia add backup command.

Security Management Administrator

Define the name and password of an administrator that can connect to the Security Management server using SmartConsole clients.

Security Management GUI Clients

Define the clients that are allowed to connect to the appliance using a web browser or SSH client. These clients can manage the appliance using a web or SSH connection. For security reasons, we recommend that you do not use the Any IP address option.

License Activation

If you have a license for the appliance, you can automatically add the license to the appliance. If you need to obtain a license, visit the User Center (https://usercenter.checkpoint.com).

Select Activate later to use the limited trial license. This license is not permanent and expires.

To activate a license:

1. For a Security Gateway in a distributed configuration, enter the IP address of the Security Management server.

2. If there is a proxy server, select Use a proxy server and enter the settings.

3. Click Activate License.

Dynamically Assigned IP

A Dynamically Assigned IP (DAIP) gateway is a gateway where the external interface IP address is assigned dynamically by the ISP.

Select this option if this Security Gateway uses dynamically assigned IP addresses.

Secure Internal Communication (SIC)

Define the Secure Internal Communication (SIC) Activation Key. The same key is used by the gateway object in SmartDashboard.

Summary

Click Finish to complete the First Time Configuration Wizard and configure the appliance. You can log in to the WebUI after some minutes.

21000 Appliances Getting Started Guide | 30

Software Configuration

Note - The pages that you see in the wizard depend on the

software image and the options you select. You will not see all the pages that are in this section.

Note - Pop-ups must always be allowed on https://<appliance_ip_address>.

Note - The features configured in the wizard are accessible after completing the wizard via the WebUI menu. The WebUI menu can be accessed by navigating to https://<appliance_ip_address>:4434.

Using the First Time Configuration Wizard on SecurePlatform

Do the initial configuration of the SecurePlatform appliance with the First Time Configuration Wizard.

Starting the First Time Configuration Wizard

To start the First Time Configuration Wizard:

1. Connect a standard network cable to the appliance's management interface and to your management network.

The management interface is marked MGMT. This interface is preconfigured with the IP address

192.168.1.1.

2. Connect to the management interface, from a computer on the same network subnet as the management interface.

For example: IP address 192.168.1.x and netmask 255.255.255.0. This can be changed in the WebUI.

3. To access the management interface, open a connection from a browser to the default management IP address: https://192.168.1.1:4434.

The login page opens.

4. Log in to the system using the default login name/password: admin/admin and click Login.

5. Change the administrator password, as prompted. The default password gives you access to the appliance. For security purposes, you must change it to a more secure password.

In the Password recovery login token section, download a Login Token to use if you forget the password. We recommend that you save the password recovery login token file in a safe storage.

6. The First Time Configuration Wizard runs.

Welcome

The Welcome page summarizes the steps of the First Time Configuration Wizard.

Appliance Date and Time Setup

Configure date and time in the Date and Time Setup page. Click Apply.

21000 Appliances Getting Started Guide | 31

Software Configuration

Network Connections

Configure the network connections in the Network Connections page.

You can change the Management IP address. Connectivity is maintained with an automatically created secondary interface. You can remove this interface after you complete the First Time Configuration Wizard in the Network > Network Connections page.

Routing Table

Configure the routing settings on the Routing Table page.

Host, Domain Settings, and DNS Servers

Set the Host, Domain and DNS Servers in the Host, Domain Settings, and DNS Servers page.

The host name must start with a letter and cannot be named com1, com2....com9.

In the DNS section, set the DNS servers for the appliance.

Management Type

Set how the appliance is managed in the Management Type page.  Locally Managed Deployment: The appliance is a Security Gateway and a Security Management

server. The Security Management server manages the Security Policy that is enforced by the Security Gateway.

 Centrally Managed Deployment: The appliance is a Security Gateway, without a Security

Management server. The Security Gateway is managed by a remote Security Management server.

Locally Managed Deployment

This section describes how to configure the appliance for locally managed deployment.

Check Point Cluster

Configure the cluster type. If you select This appliance is part of a 21000 Appliances Cluster, the options are:

 Primary cluster member  Secondary cluster member

For information about clusters, see the ClusterXL Administration Guide (http://supportcenter.checkpoint.com) for your Check Point version.

21000 Appliances Getting Started Guide | 32

Software Configuration

Note - Do not use the Any value for security reasons.

Note - You should back up the system configuration. Open the WebUI interface and go to Appliance > Backup and Restore.

Web/SSH and GUI Clients Configuration

Define the clients that are allowed to connect to the appliance using a web browser or SSH client. These clients can manage the appliance using a web or SSH connection.

You can define a Host according to Hostname or IP address. Enter a comma-separated list of IP addresses from which you manage the appliance. Enter Any to manage the appliance from anywhere.

After you complete the First Time Configuration Wizard, more options are available using the WebUI menu.

Download SmartConsole Applications

Configuring a security policy for a Locally Managed 21000 Appliances (configured in the Management Type page) requires you to install the SmartConsole applications. In the Download SmartConsole Applications window, you can download SmartConsole and install it on Windows machines.

The release notes of your Check Point version in the Check Point Support Center (http://supportcenter.checkpoint.com), lists compatible Windows operating systems for SmartConsole.

Centrally Managed Deployment

This section describes how to configure the appliance for centrally managed deployment.

Gateway Type

Configure the gateway type for a Centrally Managed 21000 Appliances.

Web/SSH and GUI Clients Configuration

Define the clients that are allowed to connect to the appliance using a web browser or SSH client. These clients can manage the appliance using a web or SSH connection.

You can define a Host according to Hostname or IP address. Enter a comma-separated list of IP addresses from which you manage the appliance. Enter Any to manage the appliance from anywhere.

After you complete the First Time Configuration Wizard, more options are available using the WebUI menu.

SIC Setup

Configure the SIC (Secure Internal Communication) settings for a Centrally Managed appliance. Enter a SIC Activation Key. The same key is used by the gateway object in SmartDashboard.

Summary

The Summary page opens. Click Finish to complete the First Time Configuration Wizard. You can log in to the appliance after some

minutes.

Creating the Network Object

Configure the 21000 Appliances object as a gateway object in the Security Management server database.

1. Launch SmartDashboard.

21000 Appliances Getting Started Guide | 33

Software Configuration

Note - The sysconfig menu is only available after running

the First Time Configuration Wizard in the WebUI.

2. Configure a new gateway object for the appliance.

3. Enter the IP address for the appliance.

4. For a centrally managed deployment, establish Secure Internal Communication (SIC). Enter the activation key you used in the First Time Configuration Wizard.

5. Configure the topology.

6. Install the security policy.

Advanced Configuration

Advanced configuration on Gaia

Advanced configuration on Gaia can be done using the WebUI or the CLI.

Advanced configuration on SecurePlatform

Advanced configuration on SecurePlatform can be done using the sysconfig menu from the CLI.

Connecting to the 21000 Appliances CLI

To connect to the command line interface of the 21000 Appliances, use one of these:  The provided serial console cable (DTE to DTE), with terminal emulation software, such as PuTTY (from

Windows) or Minicom (from Unix/Linux). Connection parameters for 21000 Appliances are: 9600bps, no parity, 1 stop bit (8N1), Flow Control -

None.

 An SSH connection to the management interface (if sshd is configured).

21000 Appliances Getting Started Guide | 34

In This Chapter

Restoring Using the WebUI 35 Restoring Using the Console Boot Menu 35 Restoring Using the LCD Panel 37

Important - If you restore factory defaults, all information on the appliance is deleted.

Chapter 5

Restoring Factory Defaults

If necessary, restore the appliance to its factory default settings.

Restoring Using the WebUI

Use the WebUI of the applicable operating system to restore the appliance to the factory default settings. You can select one of the software images that are available on the appliance.

Gaia

Use the Gaia WebUI to restore the default factory settings.

To restore a Gaia appliance with the WebUI:

1. Open an Internet browser to the management IP address, https://<appliance_ip_address>

2. Log in to the WebUI of the appliance using the administrator username and password.

3. In the WebUI, click Maintenance > Factory Defaults. The Factory Defaults window opens.

4. Select the image version that you are restoring.

5. Click Apply.

SecurePlatform

Use the SecurePlatform WebUI to restore the default factory settings.

To restore a SecurePlatform appliance with the WebUI:

1. Open Internet Explorer and navigate to the management IP address, https://<appliance_ip_address>:4434

2. Log in to the WebUI of the appliance using the administrator username and password.

3. In the WebUI, click Appliance > Image Management. The Image Management window opens.

4. Select the image version that you are restoring.

5. Click Revert.

Restoring Using the Console Boot Menu

To restore the appliance to its default factory configuration using the console boot menu:

1. Connect the supplied DB9 serial cable to the console port on the front of the appliance.

21000 Appliances Getting Started Guide | 35

Restoring Factory Defaults

2. Connect to the appliance using a terminal emulation program such as Microsoft HyperTerminal or PuTTY.

3. Configure the terminal emulation program:

 In the HyperTerminal Connect To window, select a port from the Connect using list.  In PuTTY select the Serial connection type.

4. Define the serial port settings: 9600 BPS, 8 bits, no parity, 1 stop bit.

5. From the Flow control list, select None.

6. Connect to the appliance.

7. Turn on the appliance.

8. The appliance initializes and status messages are shown in the terminal emulation program.

9. When this message is shown, you have approximately four seconds to hit any key to activate the Boot menu.

10. From the Boot menu, select the relevant Reset to factory defaults image.

11. Press Enter.

21000 Appliances Getting Started Guide | 36

Restoring Factory Defaults

Restoring Using the LCD Panel

To restore the appliance to its default factory configuration using the LCD Panel keys:

1. Reboot or turn on the appliance.

2. When the countdown begins, press an arrow key.

The Boot menu shows.

3. Use the arrow buttons to scroll to the default factory image.

4. Press .

5. Confirm the reset: press again. If you press a different button, the Action Canceled message shows.

At this point, if you press a key, the boot menu shows.

6. After you confirm the reset, wait for the appliance to restore the factory image. During the restore, a message shows continuously: Reverting image. Do not turn off. When the appliance is restored to its default factory configuration, it reboots and the initializing message

shows.

21000 Appliances Getting Started Guide | 37

In This Chapter

Registration 38 Support 38 Where To From Here? 38

Chapter 6

Registration and Support

Registration

The appliance requires a product-specific Check Point license. Get a license and register at the Check Point Appliance Registration site (http://register.checkpoint.com/cpapp).

Connect to the WebUI of the appliance to find the MAC address that is required to obtain a license.

 Gaia - From Advanced mode, select Maintenance > Licenses.  SecurePlatform - Select Information > Appliance Status.

Support

For additional technical information about Check Point products, consult the Check Point Support Center (http://supportcenter.checkpoint.com).

Where To From Here?

You have the basics to get started. The next step is to get more advanced knowledge of your Check Point software.

Check Point documentation is available on the Check Point Support Center (http://supportcenter.checkpoint.com).

Be sure to also use the Online Help when you are working with the Check Point SmartConsole clients.

21000 Appliances Getting Started Guide | 38

In This Appendix

Declaration of Conformity 39

Manufacturer’s Name:

Check Point Software Technologies Ltd.

Manufacturer’s Address:

5 Ha'Solelim Street, Tel Aviv 67897, Israel

Model Number:

G72, G70, G50

Product Options:

All

Serial Number:

1 to 100,000

Date First Applied:

2011

EMC

FCC, 47 CFR, Part 15, Class A