W W W. C H E C K P O I NT. C OM
WE
SE CU RE
TH E
FU TU RE
P/N: 706536
All rights reserved. This product and related documentation are protected by copyright and distributed under licensing
restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be
reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has
been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication
and features described herein are subject to change without notice.
Restricted Rights Legend:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the
Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19.
Trademarks:
See the Copyright page
http://www.checkpoint.com/copyright.html for a list of our trademarks.
See the Third Party copyright notices http://www.checkpoint.com/3rd_party_copyright.html for a list of relevant copyrights.
©2003–2016 Check Point Software Technologies Ltd. All rights reserved.
C H EC K PO IN T
3000 SERIES
APPLIANCES
Getting Started Guide
01 April 2016
Getting Started Guide
Check Point 3000 Appliances
Classification: [Protected] P/N: 706536
Important Information
Latest Software
We recommend that you install the most recent software release to stay
up-to-date with the latest functional improvements, stability fixes, security
enhancements and protection against new and evolving attacks.
Check Point 3000 Appliances
For more about this release, see the 3000 Appliances home page
http://supportcontent.checkpoint.com/solutions?id=sk110052.
More Information
Visit the Check Point Support Center
http://supportcenter.checkpoint.com.
Latest Version of this Document
Download the latest version of this document
http://supportcontent.checkpoint.com/documentation_download?ID=45742.
To learn more, visit the Check Point Support Center
http://supportcenter.checkpoint.com.
Feedback
Check Point is engaged in a continuous effort to improve its documentation.
Please help us by sending your comments
cp_techpub_feedback@checkpoint.com?subject=Feedback on Check Point
3000 Appliances Getting Started Guide.
Revision History
Date Description
01 April 2016 First release of this document
© 2016 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright
and distributed under licensing restricting their use, copying, distribution, and
decompilation. No part of this product or related documentation may be reproduced in
any form or by any means without prior written authorization of Check Point. While
every precaution has been taken in the preparation of this book, Check Point assumes
no responsibility for errors or omissions. This publication and features described
herein are subject to change without notice.
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth
in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software
clause at DFARS 252.227-7013 and FAR 52.227-19.
TRADEMARKS:
Refer to the Copyright page
http://www.checkpoint.com/copyright.html for a list of our
trademarks.
Refer to the Third Party copyright notices
http://www.checkpoint.com/3rd_party_copyright.html for a list of relevant copyrights
and third-party licenses.
Contents
Important Information .................................................................................... 2
Safety and Environmental Notices ................................................................. 7
Remarques Relatives à la Sécurité, l'environnement et les Émissions
Électroniques ............................................................................................... 11
Hinweise zu Sicherheit, Umwelt und elektronischen Emissionen ............... 15
Introduction .................................................................................................. 19
Welcome .................................................................................................. 19
3000 Appliances Overview ........................................................................ 20
Shipping Carton Contents ........................................................................ 20
Terminology ............................................................................................. 21
Mounting the 3000 Appliances in a Rack ...................................................... 23
Appliance Physical Specifications ............................................................ 23
Appliance Air Vents .................................................................................. 24
Configuring 3000 Appliances ........................................................................ 25
Starting the Appliance .............................................................................. 25
Available Software Images ............................................................................25
Initial Configuration ................................................................................. 26
Creating the Network Object .................................................................... 26
Advanced Configuration ........................................................................... 26
Connecting to the 3000 Appliances CLI ..........................................................27
3000 Appliances Hardware .......................................................................... 29
Front Panel .............................................................................................. 30
Rear Panel ............................................................................................... 32
Dual Redundant BIOS ............................................................................... 33
Replacing and Upgrading Components .................................................... 34
Restoring Factory Defaults .......................................................................... 35
Restoring With the WebUI ........................................................................ 35
Restoring Using the Console Boot Menu .................................................. 36
Restoring Using the CLI ........................................................................... 37
Registration and Support ............................................................................. 39
Registration ............................................................................................. 39
Support .................................................................................................... 39
Where To From Here? .............................................................................. 39
Compliance Information .............................................................................. 41
Declaration of Conformity ........................................................................ 41
Safety and Environmental Notices
Check Point 3000 Appliances Getting Started Guide | 7
Safety and Environmental Notices
Read the following warnings before setting up or using the appliance.
Warning - Do not block air vents. A minimum 1/2-inch clearance is
required.
Before you install or remove a chassis, or work near power supplies, turn off the
power and unplug the power cord.
To prevent damage to any system board, it is important to handle it with care. The
following measures are generally sufficient to protect your equipment from static
electricity discharge:
x When handling the board, use a grounded wrist strap designed for static discharge
elimination.
x Touch a grounded metal object before removing the board from the antistatic bag.
x Handle the board by its edges only. Do not touch its components, peripheral chips,
memory modules or gold contacts.
x When handling processor chips or memory modules, avoid touching their pins or
gold edge fingers.
x Restore the communications appliance system board and peripherals back into the
antistatic bag when they are not in use or not installed in the chassis. Some
circuitry on the system board can continue operating even though the power is
switched off.
x Under no circumstances should the lithium battery cell used to power the
real-time clock be allowed to short. The battery cell may heat up under these
conditions and present a burn hazard.
Warning - DANGER OF EXPLOSION IF BATTERY IS INCORRECTLY
REPLACED. REPLACE ONLY WITH SAME OR EQUIVALENT TYPE
RECOMMENDED BY THE MANUFACTURER. DISCARD USED BATTERIES
ACCORDING TO THE MANUFACTURER’S INSTRUCTIONS.
Safety and Environmental Notices
8 | Check Point 3000 Appliances Getting Started Guide
x Disconnect the system board power supply from its power source before you
connect or disconnect cables or install or remove any system board components.
Failure to do this can result in personnel injury or equipment damage.
x Avoid short-circuiting the lithium battery; this can cause it to superheat and cause
burns if touched.
x Do not operate the processor without a thermal solution. Damage to the processor
can occur in seconds.
x Class 1 laser product warning - A totally enclosed laser system containing a class
1 laser.
Rack Mount Instructions
The following or similar rack-mount instructions are included with the installation
instructions:
1
. Elevated Operating Ambient - If installed in a closed or multi-unit rack assembly,
the operating ambient temperature of the rack environment may be greater than
room ambient. Therefore, consideration should be given to installing the
equipment in an environment compatible with the maximum ambient temperature
specified by the manufacturer.
2. Reduced Air Flow - Installation of the equipment in a rack should be such that the
amount of air flow required for safe operation of the equipment is not
compromised.
3. Mechanical Loading - Mounting of the equipment in the rack should be such that a
hazardous condition is not achieved due to uneven mechanical loading.
4. Circuit Overloading - Consideration should be given to the connection of the
equipment to the supply circuit and the effect that overloading of the circuits might
have on over current protection and supply wiring. Appropriate consideration of
equipment nameplate ratings should be used when addressing this concern.
5. Reliable Earthing - Reliable earthing of rack-mounted equipment should be
maintained. Particular attention should be given to supply connections other than
direct connections to the branch circuit (e.g. use of power strips).
For California:
Perchlorate Material - special handling may apply. See
http://www.dtsc.ca.gov/hazardouswaste/perchlorate
Safety and Environmental Notices
Check Point 3000 Appliances Getting Started Guide | 9
The foregoing notice is provided in accordance with California Code of Regulations
Title 22, Division 4.5, Chapter 33. Best Management Practices for Perchlorate
Materials. This product, part, or both may include a lithium manganese dioxide battery
which contains a perchlorate substance.
Proposition 65 Chemical
Chemicals identified by the State of California, pursuant to the requirements of the
California Safe Drinking Water and Toxic Enforcement Act of 1986, California Health &
Safety Code s. 25249.5, et seq. ("Proposition 65"), that is "known to the State to cause
cancer or reproductive toxicity" (see http://www.calepa.ca.gov)
WARNING:
Handling the cord on this product will expose you to lead, a chemical known to the
State of California to cause cancer, and birth defects or other reproductive harm.
Wash hands after handling.
Caution
Any changes or modifications not expressly approved by the grantee of this device
could void the user’s authority to operate the equipment.
I
nformation to user:
The user's manual or instruction manual for an intentional or unintentional radiator
shall caution the user that changes or modifications not expressly approved by the
party responsible for compliance could void the user's authority to operate the
equipment. In cases where the manual is provided only in a form other than paper,
such as on a computer disk or over the Internet, the information required by this
section may be included in the manual in that alternative form, provided the user can
reasonably be expected to have the capability to access information in that form.
Safety and Environmental Notices
10 | Check Point 3000 Appliances Getting Started Guide
Product Disposal
This symbol on the product or on its packaging indicates that this product must not be
disposed of with your other household waste. Instead, it is your responsibility to
dispose of your waste equipment by handing it over to a designated collection point for
the recycling of waste electrical and electronic equipment. The separate collection and
recycling of your waste equipment at the time of disposal will help to conserve natural
resources and ensure that it is recycled in a manner that protects human health and
the environment. For more information about where you can drop off your waste
equipment for recycling, please contact your local city office or your household waste
disposal service.
Remarques Relatives à la Sécurité, l'environnement et les Émissions Électroniques
Check Point 3000 Appliances Getting Started Guide | 11
Remarques Relatives à la Sécurité,
l'environnement et les Émissions
Électroniques
Avant de mettre en place ou d'utiliser l'appareil, veuillez lire les avertissements
suivants.
Avertissement: Ne pas obturer les aérations. Il faut laisser au moins 1,27 cm
d'espace libre.
Avant de manipuler une appliance ou ses blocs d’alimentations, l’éteindre et
débrancher son câble électrique.
Pour éviter d'endommager les cartes système, il est important de les manipuler avec
soin. Les mesures suivantes sont généralement suffisantes pour protéger votre
équipement contre les décharges d'électricité statique:
x Avant de manipuler la carte, portez aux poignet un bracelet antistatique relié à la
terre.
x Touchez un objet métallique relié à la terre avant d'extraire la carte de son sachet
antistatique.
x Ne tenez la carte que par ses bords. Ne touchez aucun composant, puce
périphérique, module mémoire ou contact plaqué or.
x Lorsque vous manipulez des processeurs ou des modules mémoire, évitez de
toucher leurs broches ou les pistes de contact dorées.
x Remettez dans leur sachet antistatique la carte système et les périphériques de
l'appareil de communications lorsqu'ils ne sont pas utilisés ou installés dans le
châssis. Certains circuits sur la carte système peuvent rester fonctionnels même
si l'appareil est éteint.
x Il ne faut jamais court-circuiter la pile au lithium qui alimente l'horloge
temps-réel. Elle risque de s'échauffer et de causer des brûlures.
Remarques Relatives à la Sécurité, l'environnement et les Émissions Électroniques
12 | Check Point 3000 Appliances Getting Started Guide
Avertissement: DANGER D'EXPLOSION SI LA PILE EST MAL REPLACÉE. NE
REMPLACER QU'AVEC UN TYPE IDENTIQUE OU ÉQUIVALENT, RECOMMANDÉ
PAR LE CONSTRUCTEUR. LES PILES DOIVENT ÊTRE MISES AU REBUT
CONFORMÉMENT AUX INSTRUCTIONS DE LEUR FABRICANT.
x Débrancher l'alimentation de la carte système de sa source électrique avant de
connecter ou déconnecter des câbles ou d'installer ou retirer des composants. À
défaut, les risques sont d'endommager l'équipement et de causer des blessures
corporelles.
x Ne pas court-circuiter la pile au lithium: elle risque de surchauffer et de causer
des brûlures en cas de contact.
x Ne pas faire fonctionner le processeur sans refroidissement. Le processeur peut
être endommagé en quelques secondes.
x Produit laser de classe 1: un système laser totalement clos et contenant un laser
de classe 1.
I
nstructions de montage en rack
Les instructions d'installation sont livrées avec les instructions de montage en rack
ci-après (ou similaires):
1. Fonctionnement à température plus élevée: Si l'appareil est installé dans une
armoire fermée ou un rack à plusieurs unités, la température du rack en
fonctionnement peut être supérieure à la température ambiante de la pièce. Avant
d'installer l'équipement, il faut donc s'assurer qu'il sera dans un environnement
compatible avec la température ambiante maximale indiquée par le constructeur.
2. Circulation d'air réduite: L'installation dans un rack doit s'assurer de ne pas
limiter la circulation de l'air nécessaire au bon fonctionnement de l'équipement.
3. Charge mécanique: Lors du montage de l'équipement dans le rack, il faut faire
attention à ne pas déséquilibrer l'ensemble. Un rack se remplit en commençant
par le bas.
4. Surcharge: Pour la connexion de l'équipement au circuit électrique, il faut vérifier
les risques de surcharge et les éventuelles conséquences sur la protection contre
les surtensions et sur le câblage électrique. Dans ce contexte, il faut tenir compte
des informations mentionnées par l’étiquette apposée sur l’équipement.
5. Mise à la terre: Les équipements montés en rack doivent être en permanence
reliés à un terre fiable. Il faut faire particulièrement attention aux branchements
qui ne vont pas directement à la source électrique (par exemple des multiprises).
Remarques Relatives à la Sécurité, l'environnement et les Émissions Électroniques
Check Point 3000 Appliances Getting Started Guide | 13
Pour la Californie:
Matériau perchloraté: Manipulation spéciale potentiellement requise. Voir
http://www.dtsc.ca.gov/hazardouswaste/perchlorate.
L'avis suivant est fourni conformément au California Code of Regulations, titre 22,
division 4.5, chapitre 33. Meilleures pratiques de manipulation des matériaux
perchloratés. Ce produit, cette pièce ou les deux peuvent contenir une pile au dioxyde
de lithium manganèse, qui contient une substance perchloratée.
Produits chimiques « Proposition 65 »
Les produits chimiques identifiés par l'état de Californie, conformément aux exigences
du California Safe Drinking Water and Toxic Enforcement Act of 1986 du California
Health & Safety Code s. 25249.5, et seq. (« Proposition 65 »), qui sont « connus par
l'état pour être cancérigène ou être toxiques pour la reproduction » (voir
http://www.calepa.ca.gov).
AVERTISSEMENT:
La manipulation de ce cordon vous expose au contact du plomb, un élément reconnue
par l'état de Californie pour être cancérigène, provoquer des malformations à la
naissance et autres dommages relatifs à la reproduction. Se laver les mains après
toute manipulation.
Attention
Tout changement ou modification qui n’ont pas été approuvés formellement par le
titutlaire de l’appareil, pourrait annuler le droit d’utiliser l’équipement.
Remarques Relatives à la Sécurité, l'environnement et les Émissions Électroniques
14 | Check Point 3000 Appliances Getting Started Guide
Information à l'intention de l'utilisateur:
Le manuel utilisateur ou le manuel d'instruction d'un dispositif rayonnant (intentionnel
ou non) doit avertir que toute modification non approuvée expressément par la partie
responsable de la conformité peut annuler le droit de faire fonctionner l'équipement.
Si le manuel n'est pas fourni sous forme imprimée (par exemple sur le disque d'un
ordinateur ou via Internet), les informations requises par cette section doivent être
incluses dans ces versions du manuel, sous réserve que l'utilisateur soit
raisonnablement capable d'y accéder.
Mise au rebut du produit
Ce symbole apposé sur le produit ou son emballage signifie que le produit ne doit pas
être mis au rebut avec les autres déchets ménagers. Il est de votre responsabilité de
le porter à un centre de collecte désigné pour le recyclage des équipements
électriques et électroniques. Le fait de séparer vos équipements lors de la mise au
rebut, et de les recycler, contribue à préserver les ressources naturelles et s'assure
qu'ils sont recyclés d'une façon qui protège la santé de l'homme et l'environnement.
Pour obtenir plus d'informations sur les lieux où déposer vos équipements mis au
rebut, veuillez contacter votre municipalité ou le service de gestion des déchets.
Hinweise zu Sicherheit, Umwelt und elektronischen Emissionen
Check Point 3000 Appliances Getting Started Guide | 15
Hinweise zu Sicherheit, Umwelt
und elektronischen Emissionen
Lesen Sie die folgenden Warnungen, bevor Sie Einstellungen vornehmen oder das
Gerät verwenden.
Warnhinweis – Die Lüftungsschlitze müssen frei gehalten werden. Der
Mindestabstand beträgt 0,5 Zoll (1,27 cm).
Schalten Sie das Gerät ab und ziehen Sie den Stecker, bevor Sie ein Gestell anbringen
oder entfernen oder wenn Sie in der Nähe der Stromzufuhr arbeiten.
Es ist wichtig, dabei sorgfältig vorzugehen, um Schäden an den Systemplatinen zu
vermeiden. Die folgenden Maßnahmen reichen in der Regel aus, um Ihre Anlage vor
elektrostatischer Entladung zu schützen:
x Tragen Sie eine geeignete Erdungsmanschette gegen die statische Entladung,
wenn Sie die Platine berühren.
x Berühren Sie einen geerdeten metallischen Gegenstand, bevor Sie die Platine aus
der antistatischen Schutzhülle nehmen.
x Berühren Sie die Platine nur an den Rändern. Berühren Sie nicht die
Komponenten, zugehörigen Chips, Speichermodule oder goldenen Kontakte.
x Wenn Sie mit Prozessor-Chips oder Speichermodulen arbeiten, berühren Sie nicht
die Pins oder die goldenen Einsteckstellen am Rand der Platine.
x Wenn die Systemplatine des Kommunikationsgerätes nicht verwendet oder
angebracht wird, verstauen Sie sie wieder in der antistatischen Schutzhülle. Einige
der Schaltkreise auf der Systemplatine werden unter Umständen auch dann
betrieben, wenn die Stromzufuhr unterbrochen wurde.
x An der Lithiumbatteriezelle, die den Absolutzeitgeber betreibt, sollte unter keinen
Umständen ein Kurzschluss möglich sein. In diesem Fall könnte sich die
Batteriezelle erhitzen und eine Verbrennungsgefahr darstellen.
Hinweise zu Sicherheit, Umwelt und elektronischen Emissionen
16 | Check Point 3000 Appliances Getting Started Guide
Warnhinweis – EXPLOSIONSGEFAHR BEI NICHT ORDNUNGSGEMÄSS
EINGESETZTER BATTERIE. NUR GEMÄSS HERSTELLEREMPFEHLUNGEN
DURCH GLEICHEN ODER ÄQUIVALENTEN TYP ERSETZEN. GEBRAUCHTE
BATTERIEN GEMÄSS HERSTELLERANWEISUNGEN ENTSORGEN.
x Trennen Sie die Stromversorgung der Systemplatine von der entsprechenden
Stromquelle, bevor Sie Kabel ein- bzw. ausstecken oder Komponenten der
Systemplatine entfernen. Wenn Sie dies nicht befolgen, können Personen verletzt
und die Anlage beschädigt werden.
x Schließen Sie die Lithiumbatterie nicht kurz; dies kann zur Überhitzung der
Batterie und bei Berühren zu Verbrennungen führen.
x Betreiben Sie den Prozessor nur mit einer geeigneten Lösung für die
Wärmekontrolle. Der Prozessor kann innerhalb von wenigen Sekunden beschädigt
werden.
x Produktwarnung Laserklasse 1 – ein vollständig geschlossenes Lasersystem mit
einem Laser der Klasse 1.
A
nleitung zur Rackmontage
Die nachfolgende Anleitung zur Rackmontage ist Teil der Installationsanleitung:
1. Erhöhte Betriebsumgebung – Wenn das Gerät in einer geschlossenen
Rackbaugruppe oder in einer Rackbaugruppe mit mehreren Einheiten installiert
wird, ist die Umgebungsbetriebstemperatur des Racks unter Umständen höher als
die Raumtemperatur. Deshalb sollte darauf geachtet werden, die Anlage in einer
Umgebung zu installieren, die mit der vom Hersteller angegebenen
Maximaltemperatur kompatibel ist.
2. Verringerter Luftstrom – Die Anlage sollte so in das Rack installiert werden, dass
der für einen sicheren Betrieb der Anlage benötigte Luftstrom nicht beeinträchtigt
wird.
3. Mechanische Ladung – Die Anlage sollte so im Rack installiert werden, dass keine
Gefahr durch ungleichmäßig verteilte mechanische Ladung besteht.
4. Systemüberlastung – Es muss darauf geachtet werden, wie die Anlage an den
Versorgungskreis angeschlossen ist, und wie sich eine Überlastung des Systems
auf den Überstromschutz und die Versorgungskabel auswirken könnte. Bei diesem
Thema sollte auf ein angemessenes Typenschild der Anlage geachtet werden.
5. Zuverlässige Erdung – Die rackmontierte Anlage muss sicher geerdet werden.
Besondere Vorsicht ist bei Versorgungsanschlüssen geboten, die nicht direkt mit
Hinweise zu Sicherheit, Umwelt und elektronischen Emissionen
Check Point 3000 Appliances Getting Started Guide | 17
dem Netzstromkreis verbunden sind (z. B. beim Verwenden von
Mehrfachsteckdosen).
F
ür Kalifornien:
Perchloratmaterial – Evtl. spezielle Handhabung erforderlich. Siehe
http://www.dtsc.ca.gov/hazardouswaste/perchlorate
Der vorhergehende Hinweis gilt in Übereinstimmung mit dem „California Code of
Regulations“ Titel 22, Abschnitt 4.5, Kapitel 33. Best Management Practices für
Perchloratmaterialien. Dieses Produkt und/oder Teile davon umfassen eine
Lithium-Mangandioxid-Batterie, die eine perchlorate Substanz enthält.
Proposition 65, Chemikalien
Chemikalien, die vom US-Bundesstaat Kalifornien gemäß den Anforderungen des
„California Safe Drinking Water and Toxic Enforcement Act“ von 1986 (California
Health & Safety Code s. 25249.5 ff., „Proposition 65“) als mögliche Ursache für Krebs
oder eine fortpflanzungsgefährdende Toxizität eingestuft werden (siehe
http://www.calepa.ca.gov)
WARNUNG:
Im Kabel dieses Produktes befindet sich Blei; diese Chemikalie wird vom
US-Bundesstaat Kalifornien als mögliche Ursache für Krebs, Geburtsfehler oder
Einschränkungen der Fortpflanzungsfähigkeit eingestuft. Waschen Sie sich
anschließend die Hände.
Vorsicht
Alle Änderungen oder Modifikationen die nicht ausdrücklich vom Lizenzgeber dieses
Gerätes genehmigt wurden, können zum Erlöschen der Betriebserlaubnis des
Benutzers für das betreffende Gerät führen.
B
enutzerinformationen:
Die Betriebs- oder Gebrauchsanleitung eines beabsichtigten oder unbeabsichtigten
Radiators dienen dazu, den Benutzer vor Änderungen oder Umrüstungen zu warnen,
die nicht ausdrücklich von der zuständigen Stelle für Konformität genehmigt wurden,
da diese zu einem Entzug der Betriebserlaubnis für diese Anlage führen können.
Wenn das Handbuch nur in anderer als gedruckter Form zur Verfügung steht, zum
Beispiel auf einer Computerfestplatte oder über das Internet, ist die gemäß diesem
Abschnitt erforderliche Information im Handbuch möglicherweise in dieser
Hinweise zu Sicherheit, Umwelt und elektronischen Emissionen
18 | Check Point 3000 Appliances Getting Started Guide
alternativen Form enthalten, sofern vom Benutzer erwartet werden kann, dass er auf
Informationen dieser Form Zugriff hat.
Produktentsorgung
Dieses Symbol auf dem Produkt oder dessen Verpackung gibt an, dass das Produkt
nicht zusammen mit Restmüll entsorgt werden darf. Es obliegt daher Ihrer
Verantwortung, das Gerät an einer entsprechenden Stelle für die Entsorgung oder
Wiederverwertung von Elektrogeräten aller Art abzugeben. Die separate Sammlung
und das Recyceln Ihrer alten Elektrogeräte zum Zeitpunkt ihrer Entsorgung trägt zum
Schutz der Umwelt bei und gewährleistet, dass die Geräte auf eine Art und Weise
recycelt werden, die keine Gefährdung für die Gesundheit des Menschen und der
Umwelt darstellt. Weitere Informationen darüber, wo Sie alte Elektrogeräte zum
Recyceln abgeben können, erhalten Sie bei den örtlichen Behörden, den
Wertstoffhöfen oder dort, wo Sie das Gerät erworben haben.
Check Point 3000 Appliances Getting Started Guide | 19
CHAPTER 1
Introduction
In This Section:
Welcome ............................................................................................................... 19
3000 Appliances Overview ................................................................................... 20
Shipping Carton Contents ................................................................................... 20
Terminology ......................................................................................................... 21
Welcome
Congratulations on your new 3000 appliance. We hope that you will be satisfied with
this Security Gateway and our support services. Check Point products provide your
business with the most up to date and secure solutions available today.
Check Point also delivers worldwide technical services including educational,
professional and support services through a network of Authorized Training Centers,
Certified Support Partners and Check Point technical support personnel to ensure that
you get the most out of your security investment.
For additional information on the Internet Security Product Suite and other security
solutions, refer to the Check Point web site (http://www.checkpoint.com), or call
Check Point at 1(800) 429-4391. For additional technical information about Check Point
products, consult the Check Point Support Center
http://supportcenter.checkpoint.com.
Welcome to the Check Point family. We look forward to meeting all of your current and
future network, application and management security needs.
Introduction
20 | Check Point 3000 Appliances Getting Started Guide
3000 Appliances Overview
Check Point 3000 Appliances are designed for superior performance combining Intel’s
latest multi-core technologies, optimized encrypted traffic inspection, and fast
networking technologies—providing the highest level of security for your data, network
and employees. Optimized for Next Generation Threat Prevention security suite and
the increased threat landscape of HTTPS (SSL) encrypted traffic—Check Point
appliances provides the highest level of security for any business at every network
location. By consolidating multiple security technologies into a single security
gateway, these appliances are designed to deliver advanced and integrated security
solutions to meet all of your business security needs.
Shipping Carton Contents
This section describes the contents of the shipping carton.
Item Description
Appliance 3200
Cables and Adapters x 1 power adapter
x 1 standard RJ-45 network cable
x 1 RJ-45 to DB9 serial console cable
x 1 miniUSB to USB serial console cable
x 1 RJ-45 loopback adapter
Documentation x Getting Started Guide
x Quick Start Guide
x Image Management Guide
x User license agreement
Introduction
Check Point 3000 Appliances Getting Started Guide | 21
Terminology
The following terms are used in this guide:
x Gateway: The security engine that enforces the organization’s security policy and
acts as a security enforcement point.
x Security Policy: The policy created by the system administrator that regulates the
flow of incoming and outgoing communication.
x Security Management Server: The server used by the system administrator to
manage the security policy. The organization’s databases and security policies are
stored on the Security Management Server and downloaded to the gateway.
x SmartConsole: GUI applications that are used to manage various aspects of
security policy enforcement. For example, SmartView Tracker is a SmartConsole
application that manages logs.
x SmartDashboard: A SmartConsole GUI application that is used by the system
administrator to create and manage the security policy.
x Locally Managed Deployment: When all Check Point components responsible for
both the management and enforcement of the security policy (the Security
Management Server and the gateway) are installed on the same machine.
x Centrally Managed Deployment: When the gateway and the Security Management
Server are installed on separate machines.
Introduction
22 | Check Point 3000 Appliances Getting Started Guide
Check Point 3000 Appliances Getting Started Guide | 23
CHAPTER 2
Mounting the 3000 Appliances in a
Rack
In This Section:
Appliance Physical Specifications ...................................................................... 23
Appliance Air Vents .............................................................................................. 24
There is an optional rack mounting kit that lets you mount the appliance in a standard
rack.
For more information about installing this kit, see the appliance home page
http://supportcontent.checkpoint.com/solutions?id=sk110052.
Appliance Physical Specifications
These are the physical specifications of the Check Point appliance.
Appliance Width Depth Height
3200 8.28 in (21.03 cm) 8.27 in (21 cm) 1.65 in (4.19 cm)
Mounting the 3000 Appliances in a Rack
24 | Check Point 3000 Appliances Getting Started Guide
Appliance Air Vents
Make sure that the appliance air vents have sufficient airflow when the appliance is
mounted in a rack.
Important - If the appliance vents are blocked, the appliance can become too
hot and it can be damaged.
The appliance and rack rails have been tested in extreme conditions and do not block
air flow to the appliance. These appliances are specifically designed to install with
these rails.
Check Point 3000 Appliances Getting Started Guide | 25
CHAPTER 3
Configuring 3000 Appliances
In This Section:
Starting the Appliance ......................................................................................... 25
Initial Configuration ............................................................................................. 26
Creating the Network Object .............................................................................. 26
Advanced Configuration ...................................................................................... 26
Starting the Appliance
Connect the appliance to a power source and turn on the appliance. When the
appliance is ready, you can do the First Time Configuration Wizard to configure it.
To start the appliance:
1. Connect the power cable to the power supply unit in the rear panel.
2. From the rear of the appliance, press the Power button.
The appliance turns on.
Available Software Images
The 3000 Appliances come with different software images. Select the software image
you want to use.
Reverting to a software image takes a few minutes. To follow progress and see when
the appliance is ready, connect to the appliance using a serial console.
For more about software images, see the appliance home page
http://supportcontent.checkpoint.com/solutions?id=sk110052.
Configuring 3000 Appliances
26 | Check Point 3000 Appliances Getting Started Guide
Initial Configuration
Configure the appliance with the First Time Configuration Wizard. See the
Installation
and Upgrade Guide
for Gaia Platforms
related to the software version.
Note: The Installation and Upgrade Guides are released only for major versions. For
example, for the Gaia platform R77.30 version, see the R77 Versions
Installation and
Upgrade Guide
for Gaia Platforms
.
Go to the Installing Security Gateways on Appliances section, and see the instructions
to use the First Time Configuration Wizard.
Creating the Network Object
Configure the 3000 Appliances object as a Security Gateway object in the Security
Management Server database.
1
. Open SmartDashboard.
2. Configure a new gateway object for the appliance.
3. Enter the IP address for the appliance.
4. For a centrally managed deployment, create Secure Internal Communication (SIC)
between the Security Gateway and the Security Management Server. Enter the
activation key you used in the First Time Configuration Wizard.
5. Configure the topology.
6. Install the security policy.
Advanced Configuration
You can configure advanced options on Gaia from the WebUI or the CLI.
Configuring 3000 Appliances
Check Point 3000 Appliances Getting Started Guide | 27
Connecting to the 3000 Appliances CLI
To connect to the command line interface of the 3000 Appliances, use one of these:
x An SSH connection to the management interface (if SSHD is configured).
x A serial console cable and terminal emulation software, such as PuTTY (from
Windows) or Minicom (from Unix/Linux).
3000 Appliances support these serial console connectivity options:
x Mini USB - Using the included mini USB to USB console cable
x RJ45 - Using the included DB9 DTE to RJ45 serial console cable
Connection parameters are: 9600bps, 8 bits, no parity, 1 stop bit (8N1), Flow
Control - None.
If you use both the mini USB and RJ45 console ports, the mini USB port has
priority. To use the RJ45 port, disconnect the mini USB console cable.
When you have completed using the RJ45 port, reconnect the miniUSB console
cable.
Note - To use the miniUSB console port, a driver must be installed on the
console client machine (desktop/laptop). For installation instructions and
download link, see the appliance home page
http://supportcontent.checkpoint.com/solutions?id=sk110052.
Configuring 3000 Appliances
28 | Check Point 3000 Appliances Getting Started Guide
Check Point 3000 Appliances Getting Started Guide | 29
CHAPTER 4
3000 Appliances Hardware
In This Section:
Front Panel .......................................................................................................... 30
Rear Panel............................................................................................................ 32
Dual Redundant BIOS .......................................................................................... 33
Replacing and Upgrading Components .............................................................. 34
3000 Appliances Hardware
30 | Check Point 3000 Appliances Getting Started Guide
Front Panel
Item Component Description
1 On board Ethernet
ports
Six 10/100/1000Base-T RJ-45 ports.
2 Identification
service tag
A slide out card that identifies the appliance and shows its
serial number and MAC address.
3 USB ports Two USB ports.
4 RJ45 console port For a serial connection to the appliance. See Connecting to
the 3000 Appliances CLI (on page
27).
5 MiniUSB console
port
For a serial connection to the appliance. See Connecting to
the 3000 Appliances CLI (on page
27).
6
System LEDs
System power x Off - System power off
x On (Green) - System power
on
Hard disk drive
(HDD) activity
x Off - No HDD activity
x On (Amber) - Read/write
activity
3000 Appliances Hardware
Check Point 3000 Appliances Getting Started Guide | 31
Item Component Description
Alert x Off - No faults detected
x Blinking red - System fault
detected
Location x Off - Location beacon is
turned off
x Blinking blue - Location
beacon is turned on through
the Gaia WebUI software
7 Reset Insert a pin for 5 to 8 seconds to perform a hardware reset.
8 Factory Insert a pin to restore the appliance to its factory defaults.
3000 Appliances Hardware
32 | Check Point 3000 Appliances Getting Started Guide
Rear Panel
Item Component Description
1 Cooling fan unit
2 Power outlet Connects to the power supply unit's cable. Use the
power supply cable restraints to avoid accidental power
cord removal.
3 Main power switch
3000 Appliances Hardware
Check Point 3000 Appliances Getting Started Guide | 33
Dual Redundant BIOS
To ensure resilience in the event of a BIOS failure, 3000 Appliances are equipped with
dual redundant BIOS images.
If an appliance encounters a BIOS failure, it will boot up from a recovery, read-only
BIOS image that enables full functionality of the appliance.
These notifications are shown in the event of a BIOS failure:
x The appliance's Alert LED on the front panel will blink red.
x The Gaia WebUI Hardware Health window shows that the BIOS sensor is Invalid
and its status is Off.
x An SNMP trap message (if the biosFailure trap was configured in the WebUI or
through clish).
To recover from a BIOS failure, see sk108517
(
http://supportcontent.checkpoint.com/solutions?id=sk108517) or contact Check Point
support. The appliance is fully functional until the BIOS recovery is completed.
3000 Appliances Hardware
34 | Check Point 3000 Appliances Getting Started Guide
Replacing and Upgrading Components
The 3000 Appliances has parts that you can easily replace to minimize downtime.
There are also components that you can install to upgrade the appliance. These are
the parts and components that can be used with the appliance:
x Shelf rack mounting - Optional for the 3200 appliance
x System memory
For more information about installing these components, see the appliance home
page
http://supportcontent.checkpoint.com/solutions?id=sk110052.
Unless directed to do so by Check Point technical support, you are prohibited by
warranty and support agreements from replacing any parts.
Check Point 3000 Appliances Getting Started Guide | 35
CHAPTER 5
Restoring Factory Defaults
In This Section:
Restoring With the WebUI ................................................................................... 35
Restoring Using the Console Boot Menu ........................................................... 36
Restoring Using the CLI ...................................................................................... 37
If necessary, restore the appliance to its factory default settings or select a new
image.
Important - If you restore factory defaults or select a new image, all
information on the appliance is deleted.
Restoring With the WebUI
Use the Gaia WebUI to restore the appliance to the factory default settings. You can
select one of the software images on the appliance.
To restore a Gaia appliance with the WebUI:
1. Open an Internet browser to the management IP address:
https://
<appliance_ip_address>
2. Log in to the WebUI of the appliance with the administrator username and
password.
3. In the WebUI, click Maintenance > Factory Defaults.
The Factory Defaults window opens.
4. Select the image version to restore.
5. Click Apply.
Restoring Factory Defaults
36 | Check Point 3000 Appliances Getting Started Guide
Restoring Using the Console Boot Menu
To restore the appliance using the console boot menu:
1. Connect the supplied serial cable's RJ45 or miniUSB connector to the console port
on the front of the appliance.
2. From the computer, open a terminal emulation program such as Microsoft
HyperTerminal or PuTTY.
3
. Configure the terminal emulation program:
x In the HyperTerminal Connect To window, select a port from the Connect using
list.
x In PuTTY select the Serial connection type.
4
. Define the serial port settings: 9600 BPS, 8 bits, no parity, 1 stop bit.
5. From the Flow control list, select None.
6. Connect to the appliance.
7. Turn on the appliance.
The appliance initializes and status messages are shown in the terminal emulation
program.
8. When this message is shown, you have approximately four seconds to hit any key
to activate the Boot menu.
9. From the Boot menu, select the relevant Reset to factory defaults image.
10. Press Enter.
Restoring Factory Defaults
Check Point 3000 Appliances Getting Started Guide | 37
Restoring Using the CLI
To restore the appliance through the CLI:
1. Log in to the appliance.
2
. Run this command from clish:
set fcd revert <image_name>
For example: set fcd revert Gaia_R77.30
A reverting to factory defaults message is shown.
Restoring Factory Defaults
38 | Check Point 3000 Appliances Getting Started Guide
Check Point 3000 Appliances Getting Started Guide | 39
CHAPTER 6
Registration and Support
In This Section:
Registration .......................................................................................................... 39
Support ................................................................................................................. 39
Where To From Here? ......................................................................................... 39
Registration
The appliance requires a product-specific Check Point license. Get a license and
register at the Check Point Appliance Registration site
(
http://register.checkpoint.com/cpapp).
Connect to the WebUI of the appliance (from Advanced mode, select Maintenance >
Licenses) to find the MAC address that is required to obtain a license.
Alternatively, you can read the MAC address off the service tag on the appliance. Refer
to Front Panel (on page
30).
Support
For additional technical information about Check Point products, consult the Check
Point Support Center
http://supportcenter.checkpoint.com.
Where To From Here?
You have the basics to get started. The next step is to get more advanced knowledge of
your Check Point software.
Check Point documentation is available on the Check Point Support Center
http://supportcenter.checkpoint.com.
Be sure to also use the online help when you are working with the Check Point
SmartConsole clients.
Registration and Support
40 | Check Point 3000 Appliances Getting Started Guide
Check Point 3000 Appliances Getting Started Guide | 41
APPENDIX A
Compliance Information
This appendix contains declaration of conformity, compliance, and related regulatory
information.
Declaration of Conformity
Manufacturer’s Name: Check Point Software Technologies Ltd.
Manufacturer’s Address: 5 Ha'Solelim Street,
Tel Aviv 67897, Israel
Declare that under our sole responsibility the products
Model Number: PB-10
Product Options: All
Date First Applied: April 2016
Conforms to the following Product Specifications:
EMC FCC, 47 CFR, Part 15,
Class B
IC, ICES-003, Class B
Information Technology Equipment - Radio
Disturbance Characteristics
VCCI , V-2/2015.04 ,
V-3/2015.04, Class B
Information Technology Equipment - Radio
Disturbance Characteristics
AS/NZS CISPR 22, Class B Information Technology Equipment - Radio
Disturbance Characteristics
EN 55022: 2010 / AC: 2011,
Class B
Information Technology Equipment - Radio
Disturbance Characteristics
EN 61000-3-2: 2014 Information Technology Equipment - Harmonics
Characteristics
Compliance Information
42 | Check Point 3000 Appliances Getting Started Guide
EN 61000-3-3: 2013 Information Technology Equipment - Harmonics
Characteristics
IEC 61000-4-2: 2008 Information Technology Equipment - Flicker
Characteristics
IEC 61000-4-3: 2006 Information Technology Equipment - Radiated
RF Immunity
IEC 61000-4-4 Information Technology Equipment - Fast
Transient Immunity
IEC 61000-4-5 Information Technology Equipment - Surge
Immunity
IEC 61000-4-6 Information Technology Equipment - Conducted
RF Immunity
IEC 61000-4-8 Information Technology Equipment - Power
frequency magnetic field immunity test
IEC 61000-4-11 Information Technology Equipment - Voltage
Dips and Short Interruptions Immunity
IEC 61000-4-12 Information Technology Equipment - Ring wave
immunity test
Safety TUV, EN
60950-1:2006/A2:2013
Information technology equipment.
Safety General requirements, CE LVD
CB, IEC 60950-1(ed.2);
am1; am2
Information technology equipment
Safety General requirements
UL/cUL, UL 60950-1, 2nd
Edition
CAN/CSA C22.2 No.
60950-1-07, 2nd Edition
Information technology equipment
Safety General requirements
Date and Place of issue: April, 2016, Tel Aviv, Israel
Compliance Information
Check Point 3000 Appliances Getting Started Guide | 43
European Union (EU) Electromagnetic Compatibility Directive
This product is herewith confirmed to comply with the requirements set out in the
Council Directive on the Approximation of the Laws of the Member States relating to
Electromagnetic Compatibility Directive (2004/108/EC).
This product is in conformity with Low Voltage Directive 2006/95/EC, and complies with
the requirements in the Council Directive 2006/95/EC relating to electrical equipment
designed for use within certain voltage limits and the Amendment Directive
93/68/EEC.
Federal Communications Commission (FCC) Statement:
This equipment has been tested and found to comply with the limits for a Class B
digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to
provide reasonable protection against harmful interference in a residential
installation.
This equipment generates uses and can radiate radio frequency energy and, if not
installed and used in accordance with the instructions, may cause harmful
interference to radio communications. However, there is no guarantee that
interference will not occur in a particular installation. If this equipment does cause
harmful interference to radio or television reception, which can be determined by
turning the equipment off and on, the user is encouraged to try to correct the
interference by one of the following measures:
x Reorient or relocate the receiving antenna (*If applicable)
x Increase the separation between the equipment and receiver.
x Connect the equipment into an outlet on a circuit different from that to which the
receiver is connected.
x Consult the dealer or an experienced radio/TV technician for help.
To assure continued compliance, any changes or modifications not expressly approved
by the party responsible for compliance could void the user's authority to operate this
equipment. (Example - use only shielded interface cables when connecting to
computer or peripheral devices).
F
CC Radiation Exposure Statement
This equipment complies with FCC RF radiation exposure limits set forth for an
uncontrolled environment. This equipment should be installed and operated with a
minimum distance of 20 centimeters between the radiator and your body. This device
Compliance Information
44 | Check Point 3000 Appliances Getting Started Guide
complies with Part 15 of the FCC Rules. Operation is subject to the following two
conditions:
1
. This device may not cause harmful interference,
and
2
. This device must accept any interference received, including interference that may
cause undesired operation.
This transmitter must not be co-located or operating in conjunction with any other
antenna or transmitter.
C
anadian Department Compliance Statement
This Class B digital apparatus complies with Canadian ICES-003. Cet appareil
numérique de la classe B est conforme à la norme NMB-003 du Canada.
J
apan Class B Compliance Statement:
This is a Class B product based on the standard of the Voluntary Control Council for
Interference from Information Technology Equipment (VCCI).
If this is used near a radio or television receiver in a domestic environment, it may
cause radio interference. Install and use the equipment according to the instruction
manual.
Loading...