Check Point 2200, T-110 Getting Started Manual

Download

6 November 2012

Getting Started Guide

Check Point 2200

Appliance

Model: T-110

Classification: [Protected] | P/N: 704880

distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in

subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19.

TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our

trademarks. Refer to the Third Party copyright notices

(http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and thirdparty licenses.

Important Information

Latest Software

We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks.

Latest Documentation

The latest version of this document is at:

http://supportcontent.checkpoint.com/documentation_download?ID=12380

For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com).

For more about this appliance, see the 2200 Appliance home page (http://supportcontent.checkpoint.com/solutions?id=sk68680).

Revision History

Date

Description

06 November 2012

Deleted Hard Disk Drives from 2200 Appliance Hardware (on page 25). You cannot replace the hard disk drive on this appliance.

18 July 2012

Added First Time Wizard for Gaia

29 November 2011

Updated power supply unit in Shipping Carton Contents (on page 12) and Powering On (on page 14)

31 October 2011

Updated Flow Control settings in Connecting to the CLI (on page 24) and Restoring Using the Console Boot Menu (on page 28)

15 August 2011

First release of this document

Feedback

Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments

(mailto:cp_techpub_feedback@checkpoint.com?subject=Feedback on Check Point 2200

Appliance Getting Started Guide).

Safety, Environmental, and Electronic Emissions Notices

4 | Check Point 2200 Appliance Getting Started Guide

Safety, Environmental, and Electronic Emissions Notices

Read the following warnings before setting up or using the appliance.

Warning - Do not block air vents. A minimum 1/2-inch clearance is required.

Warning - This appliance does not contain any user-serviceable parts. Do not remove any covers or attempt to gain access to the inside of the product. Opening the device or modifying it in any way has the risk of personal injury and will void your warranty. The following instructions are for trained service personnel only.

To prevent damage to any system board, it is important to handle it with care. The following measures are generally sufficient to protect your equipment from static electricity discharge:

 When handling the board, to use a grounded wrist strap designed for static discharge

elimination.

 Touch a grounded metal object before removing the board from the antistatic bag.  Handle the board by its edges only. Do not touch its components, peripheral chips, memory

modules or gold contacts.

 When handling processor chips or memory modules, avoid touching their pins or gold edge

fingers.

 Restore the communications appliance system board and peripherals back into the

antistatic bag when they are not in use or not installed in the chassis. Some circuitry on the system board can continue operating even though the power is switched off.

 Under no circumstances should the lithium battery cell used to power the real-time clock be

allowed to short. The battery cell may heat up under these conditions and present a burn hazard.

Warning - DANGER OF EXPLOSION IF BATTERY IS INCORRECTLY REPLACED. REPLACE ONLY WITH SAME OR EQUIVALENT TYPE RECOMMENDED BY THE MANUFACTURER. DISCARD USED BATTERIES ACCORDING TO THE MANUFACTURER’S INSTRUCTIONS.

 Disconnect the system board power supply from its power source before you connect or

disconnect cables or install or remove any system board components. Failure to do this can result in personnel injury or equipment damage.

Safety, Environmental, and Electronic Emissions Notices

Check Point 2200 Appliance Getting Started Guide | 5

 Avoid short-circuiting the lithium battery; this can cause it to superheat and cause burns if

touched.

 Do not operate the processor without a thermal solution. Damage to the processor can

occur in seconds.

 Class 1 Laser Product Warning

Rack Mount Instructions

The following or similar rack-mount instructions are included with the installation instructions:

1. Elevated Operating Ambient - If installed in a closed or multi-unit rack assembly, the operating ambient temperature of the rack environment may be greater than room ambient. Therefore, consideration should be given to installing the equipment in an environment compatible with the maximum ambient temperature specified by the manufacturer.

2. Reduced Air Flow - Installation of the equipment in a rack should be such that the amount of air flow required for safe operation of the equipment is not compromised.

3. Mechanical Loading - Mounting of the equipment in the rack should be such that a hazardous condition is not achieved due to uneven mechanical loading.

4. Circuit Overloading - Consideration should be given to the connection of the equipment to the supply circuit and the effect that overloading of the circuits might have on over current protection and supply wiring. Appropriate consideration of equipment nameplate ratings should be used when addressing this concern.

5. Reliable Earthing - Reliable earthing of rack-mounted equipment should be maintained. Particular attention should be given to supply connections other than direct connections to the branch circuit (e.g. use of power strips).

For California:

Perchlorate Material - special handling may apply. See

http://www.dtsc.ca.gov/hazardouswaste/perchlorate The foregoing notice is provided in accordance with California Code of Regulations Title 22,

Division 4.5, Chapter 33. Best Management Practices for Perchlorate Materials. This product, part, or both may include a lithium manganese dioxide battery which contains a perchlorate substance.

Proposition 65 Chemical Chemicals identified by the State of California, pursuant to the requirements of the California

Safe Drinking Water and Toxic Enforcement Act of 1986, California Health & Safety Code s.

25249.5, et seq. ("Proposition 65"), that is "known to the State to cause cancer or reproductive

toxicity" (see http://www.calepa.ca.gov) WARNING: Handling the cord on this product will expose you to lead, a chemical known to the State of

California to cause cancer, and birth defects or other reproductive harm. Wash hands after handling.

Safety, Environmental, and Electronic Emissions Notices

6 | Check Point 2200 Appliance Getting Started Guide

Federal Communications Commission (FCC) Statement: For a Class A digital device or peripheral

Note: This equipment has been tested and found to comply with the limits for a Class A digital

device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense.

For a Class B digital device or peripheral

NOTE: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

 Reorient or relocate the receiving antenna.  Increase the separation between the equipment and receiver.  Connect the equipment into an outlet on a circuit different from that to which the receiver is

connected.

 Consult the dealer or an experienced radio/TV technician for help.

Information to user:

The user's manual or instruction manual for an intentional or unintentional radiator shall caution the user that changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. In cases where the manual is provided only in a form other than paper, such as on a computer disk or over the Internet, the information required by this section may be included in the manual in that alternative form, provided the user can reasonably be expected to have the capability to access information in that form.

Canadian Department Compliance Statement:

This Class A digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada.

This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.

Safety, Environmental, and Electronic Emissions Notices

Check Point 2200 Appliance Getting Started Guide | 7

Japan Compliance Statement: Class A

Class B

European Union (EU) Electromagnetic Compatibility Directive

This product is herewith confirmed to comply with the requirements set out in the Council Directive on the Approximation of the Laws of the Member States relating to Electromagnetic Compatibility Directive (2004/108/EC). For the evaluation regarding the Electromagnetic Compatibility (2004/108/EC)

This product is in conformity with Low Voltage Directive 2006/95/EC, and complies with the requirements in the Council Directive 2006/95/EC relating to electrical equipment designed for use within certain voltage limits and the Amendment Directive 93/68/EEC.

Safety, Environmental, and Electronic Emissions Notices

8 | Check Point 2200 Appliance Getting Started Guide

Product Disposal

This symbol on the product or on its packaging indicates that this product must not be disposed of with your other household waste. Instead, it is your responsibility to dispose of your waste equipment by handing it over to a designated collection point for the recycling of waste electrical and electronic equipment. The separate collection and recycling of your waste equipment at the time of disposal will help to conserve natural resources and ensure that it is recycled in a manner that protects human health and the environment. For more information about where you can drop off your waste equipment for recycling, please contact your local city office or your household waste disposal service.

Contents

Important Information ............................................................................................. 3

Safety, Environmental, and Electronic Emissions Notices .................................. 4

Introduction ........................................................................................................... 11

Welcome ............................................................................................................11

2200 Appliance Overview ...................................................................................11

Shipping Carton Contents...................................................................................12

Terminology........................................................................................................13

Configuring 2200 Appliance ................................ ................................................. 14

Powering On.......................................................................................................14

Available Software Images .................................................................................14

Initial Configuration .............................................................................................15

Using the First Time Configuration Wizard on Gaia ............................................15

Starting the Gaia First Time Configuration Wizard .........................................15

Welcome ........................................................................................................16

Authentication Details ....................................................................................16

Date and Time Setup .....................................................................................16

Device Name .................................................................................................16

Network Connection.......................................................................................17

Products ........................................................................................................17

Security Management Administrator ..............................................................18

Security Management GUI Clients .................................................................18

Dynamically Assigned IP ...............................................................................19

Secure Internal Communication (SIC) ............................................................19

Summary .......................................................................................................19

Using the First Time Configuration Wizard on SecurePlatform ...........................20

Starting the First Time Configuration Wizard ..................................................20

Welcome ........................................................................................................21

Appliance Date and Time Setup ....................................................................21

Network Connections .....................................................................................21

Routing Table ................................................................................................21

Host, Domain Settings, and DNS Servers ......................................................21

Management Type .........................................................................................22

Summary .......................................................................................................23

Creating the Network Object ...............................................................................24

Advanced Configuration .....................................................................................24

Connecting to the CLI ....................................................................................24

2200 Appliance Hardware ..................................................................................... 25

2200 Appliance Front Panel ............................................................................... 25

Rear Panel Components .................................................................................... 26

Main Power Switch ........................................................................................ 26

Optional Rack Mounting ..................................................................................... 26

Restoring Factory Defaults .................................................................................. 27

Restoring Using the WebUI ................................................................................ 27

Restoring Using the WebUI (Gaia) ..................................................................... 27

Restoring Using the Console Boot Menu ............................................................ 28

Registration and Support ................................................................ ..................... 29

Registration ................................................................ ........................................ 29

Support .............................................................................................................. 29

Where To From Here?........................................................................................ 29

Compliance Information ....................................................................................... 31

Declaration of Conformity ................................................................................... 31

Check Point 2200 Appliance Getting Started Guide | 11

Chapter 1

Introduction

In This Chapter

Welcome 11 2200 Appliance Overview 11 Shipping Carton Contents 12 Terminology 13

Welcome

Thank you for choosing Check Point’s 2200 Appliance. We hope that you will be satisfied with this system and our support services. Check Point products are the most up to date and secure solutions available today.

Check Point also delivers worldwide educational, professional and support services through a network of Authorized Training Centers, Certified Support Partners and Check Point technical support personnel. We make sure that you get the most out of your security investment.

For more about the Internet Security Product Suite and other security solutions, see the Check Point Web site (http://www.checkpoint.com), or call Check Point at 1(800) 429-4391. For more technical information about Check Point products, consult the Check Point Support Center (http://supportcenter.checkpoint.com).

Welcome to the Check Point family. We look forward to meeting all of your current and future network, application and management security needs.

2200 Appliance Overview

The 2200 Appliance enables organizations to maximize security in high-performance environments such as large campuses or data centers. Combining integrated firewall, IPsec VPN, and intrusion prevention with advanced acceleration technologies, 2200 Appliance delivers a high-performance security platform that can block application layer threats. Even as new threats appear, 2200 Appliance maintains or increases performance while protecting the network against attacks.

This appliance supports the SecurePlatform and Gaia Operating Systems. Gaia is a single, unified network security Operating System that combines the best of Check Point's

Introduction

12 | Check Point 2200 Appliance Getting Started Guide

SecurePlatform and IPSO, the operating system from the Nokia security products. Gaia supports the full portfolio of Check Point Software Blades, Security Gateway and Security Management products.

Key Features:

 Proven, enterprise-class firewall, VPN, and intrusion prevention  Accelerated security performance, that includes SecureXL and CoreXL technologies  Integrated load balancing and dynamic routing for data center reliability levels  Centrally managed from Security Management Server/2200 Appliance or as a standalone

device

 Automatic security protection updates from Check Point

This document provides:

 A brief overview of essential 2200 Appliance concepts and features  A step by step guide to getting 2200 Appliance up and running

Shipping Carton Contents

This section describes the contents of the shipping carton.

Item

Description

Appliance

2200 Appliance

Power supply

Power adapter (FSP040-DGAA1)

Cables

 Power cable  1 Standard RJ-45 network cable  1 Serial console cable

Documentation

 Quick Start Guide  Getting Started Guide  Image Management Guide  User license agreement

Introduction

Check Point 2200 Appliance Getting Started Guide | 13

Terminology

The following terms are used in this guide:  Gateway: The security engine that enforces the organization’s security policy and acts as a

security enforcement point.

 Security Policy: The policy created by the system administrator that regulates the flow of

incoming and outgoing communication.

 Security Management Server: The server used by the system administrator to manage

the security policy. The organization’s databases and security policies are stored on the

Security Management Server and downloaded to the gateway.

 SmartConsole: GUI applications that are used to manage various aspects of security

policy enforcement. For example, SmartView Tracker is a SmartConsole application that manages logs.

 SmartDashboard: A SmartConsole GUI application that is used by the system

administrator to create and manage the security policy.

 Locally Managed Deployment: When all Check Point components responsible for both

the management and enforcement of the security policy (the Security Management Server and the gateway) are installed on the same machine.

 Centrally Managed Deployment: When the gateway and the Security Management

Server are installed on separate machines.

Configuring 2200 Appliance

14 | Check Point 2200 Appliance Getting Started Guide

Chapter 2

Configuring 2200 Appliance

In This Chapter

Powering On 14 Available Software Images 14 Initial Configuration 15 Using the First Time Configuration Wizard on Gaia 15 Using the First Time Configuration Wizard on SecurePlatform 20 Creating the Network Object 24 Advanced Configuration 24

The workflow for configuring 2200 Appliance is:

1. Mount the 2200 Appliance in the rack.

2. Connect the cables and power on.

3. Perform the initial configuration.

4. Add the 2200 Appliance object in SmartDashboard and install a policy.

Powering On

To power on 2200 Appliance:

1. Connect the power adapter cables to the appliance and the power source.

2. From the back panel, power on the appliance. Wait for the appliance to initialize and boot.

Available Software Images

The 2200 Appliance comes with two software images. Choose the software image you want to use.

Reverting to a different software image takes a few minutes. To follow progress and see when the appliance is ready, connect to the appliance using a serial console.

Configuring 2200 Appliance

Check Point 2200 Appliance Getting Started Guide | 15

For more about software images, see the 2200 Appliance home page (http://supportcontent.checkpoint.com/solutions?id=sk68680).

Note - Gaia is available for R75.40 and higher.

Initial Configuration

Do the initial configuration of the appliance with the First Time Configuration Wizard. There are different First Time Configuration Wizard options for the Gaia and the

SecurePlatform operating system. Go to the applicable section:

 Using the First Time Configuration Wizard on Gaia (on page 15)  Using the First Time Configuration Wizard on SecurePlatform (on page 20)

Using the First Time Configuration Wizard on Gaia

Use the First Time Configuration Wizard to do the initial configuration of the Gaia appliance.

Note - The pages that you see in the wizard depend on the software image and the options you select. You will not see all the pages that are in this section.

Starting the Gaia First Time Configuration Wizard

To start the First Time Configuration Wizard:

1. Connect a standard network cable to the appliance management interface and to your management network.

The management interface is marked MGMT. This interface is preconfigured with the IP address 192.168.1.1.

2. Connect to the management interface from a computer on the same network subnet. For example: IP address 192.168.1.x and net mask 255.255.255.0. This can be

changed in the WebUI, after you complete the First Time Configuration Wizard.

3. To access the management interface, open a connection from a browser to the default management IP address: https://192.168.1.1

4. The login page opens. Log in to the system using the default username and password: admin and admin

5. Click Login.

Note - The features configured in the First Time Configuration Wizard are accessible after completing the wizard using the WebUI menu. The WebUI menu can be accessed by navigating to https://<appliance_ip_address>.

Configuring 2200 Appliance

16 | Check Point 2200 Appliance Getting Started Guide

6. The First Time Configuration Wizard runs.

Welcome

The Welcome page introduces the product.

Authentication Details

The default password gives you access to the appliance. For security purposes, change it to a more secure password.

Date and Time Setup

Set the system time and date for the appliance:

 Manually  From a time server, using Network Time Protocol (NTP)

Device Name

Set the host name, domain name, and DNS servers for IPv4 addresses. The host name must

start with a letter and cannot be named com1, com2....com9.

You can use the Gaia WebUI to configure IPv6 DNS servers.

Configuring 2200 Appliance

Check Point 2200 Appliance Getting Started Guide | 17

Network Connection

Connection Information - Configure the IPv4 interface information for the management interface. You can change the Management IP address. Connectivity is maintained with an automatically created secondary interface. After you complete the First Time Configuration Wizard, you can remove this interface in the Interface Management > Network Interfaces page.

DHCP Server - You can configure the Gaia appliance to be a Dynamic Host Configuration Protocol (DHCP) server.

To define a DHCP server on the Gaia appliance MGMT interface:

1. In DHCP Server, select Enabled.

2. Define the IP Pool. This is the range of IPv4 addresses that the server assigns to hosts.

Products

Select the Gaia products that are installed on the appliance.

Advanced

Use these options to configure an appliance that is a cluster member or in a High Availability deployment.

 Unit is part of a cluster - the options are:

 ClusterXL - For more about ClusterXL configurations, see the applicable version of the

ClusterXL Administration Guide.

Configuring 2200 Appliance

18 | Check Point 2200 Appliance Getting Started Guide

 VRRP - For more about VRRP clusters, see the applicable version of the Gaia

Administration Guide.

 Define Security Management as - In a Management High Availability deployment, define

this Security Management server as Primary or Secondary. For more about Management High Availability, see the applicable version of the Security Management Administration Guide.

Search for these guides in the Support Center (http://supportcontent.checkpoint.com/solutions?id=sk76540).

Security Management Administrator

Note - You only see this page when the Gaia appliance is a Security Management server.

Define the name and password of an administrator that can connect to the Security Management server using SmartConsole clients.

Security Management GUI Clients

Note - You see this page when the appliance is a Security Management.

Configuring 2200 Appliance

Check Point 2200 Appliance Getting Started Guide | 19

Define the clients that are allowed to connect to the appliance using a web browser or SSH client. These clients can manage the appliance using a web or SSH connection. For security reasons, we recommend that you do not use the Any IP address option.

Dynamically Assigned IP

Note - You see this page when the appliance is a Security Gateway.

A Dynamically Assigned IP (DAIP) gateway is a gateway where the external interface IP address is assigned dynamically by the ISP.

Select this option if this Security Gateway uses dynamically assigned IP addresses.

Secure Internal Communication (SIC)

Define the Secure Internal Communication (SIC) Activation Key. The same key is used by the gateway object in SmartDashboard.

Summary

Click Finish to complete the First Time Configuration Wizard and configure the appliance. You can log in to the WebUI after some minutes.

Note - We recommend that you back up the system configuration. You can use the Gaia add backup command.

Configuring 2200 Appliance

20 | Check Point 2200 Appliance Getting Started Guide

Using the First Time Configuration Wizard on SecurePlatform

Do the initial configuration of the SecurePlatform appliance with the First Time Configuration Wizard.

Note - The pages that you see in the wizard depend on the software image and the options you select. You will not see all the pages that are in this section.

Starting the First Time Configuration Wizard

To start the First Time Configuration Wizard:

1. Connect a standard network cable to the appliance's management interface and to your management network.

The management interface is marked MGMT. This interface is preconfigured with the IP address 192.168.1.1.

2. Connect to the management interface, from a computer on the same network subnet as the management interface.

For example: IP address 192.168.1.x and netmask 255.255.255.0. This can be changed in the WebUI.

3. To access the management interface, open a connection from a browser to the default management IP address: https://192.168.1.1:4434.

Note - Pop-ups must always be allowed on https://<appliance_ip_address>.

The login page opens.

4. Log in to the system using the default login name/password: admin/admin and click Login.

Note - The features configured in the wizard are accessible after completing the wizard via the WebUI menu. The WebUI menu can be accessed by navigating to https://<appliance_ip_address>:4434.

5. Change the administrator password, as prompted. The default password gives you access to the appliance. For security purposes, you must change it to a more secure password.

In the Password recovery login token section, download a Login Token to use if you forget the password. We recommend that you save the password recovery login token file in a safe storage.

6. The First Time Configuration Wizard runs.

Configuring 2200 Appliance

Check Point 2200 Appliance Getting Started Guide | 21

Welcome

The Welcome page summarizes the steps of the First Time Configuration Wizard.

Appliance Date and Time Setup

Configure date and time in the Date and Time Setup page. Click Apply.

Network Connections

Configure the network connections in the Network Connections page.

You can change the Management IP address. Connectivity is maintained with an automatically created secondary interface. You can remove this interface after you complete the First Time Configuration Wizard in the Network > Network Connections page.

Routing Table

Configure the routing settings on the Routing Table page.

Host, Domain Settings, and DNS Servers

Set the Host, Domain and DNS Servers in the Host, Domain Settings, and DNS Servers page.

The host name must start with a letter and cannot be named com1, com2....com9.

In the DNS section, set the DNS servers for the appliance.

Configuring 2200 Appliance

22 | Check Point 2200 Appliance Getting Started Guide

Management Type

Set how the appliance is managed in the Management Type page.  Locally Managed Deployment: The appliance is a Security Gateway and a Security

Management server. The Security Management server manages the Security Policy that is enforced by the Security Gateway.

 Centrally Managed Deployment: The appliance is a Security Gateway, without a Security

Management server. The Security Gateway is managed by a remote Security Management server.

Locally Managed Deployment

This section describes how to configure the appliance for locally managed deployment.

Check Point Cluster

Configure the cluster type. If you select This appliance is part of a 2200 Appliance Cluster, the options are:

 Primary cluster member  Secondary cluster member

For information about clusters, see the ClusterXL Administration Guide (http://supportcenter.checkpoint.com) for your Check Point version.

Web/SSH and GUI Clients Configuration

Define the clients that are allowed to connect to the appliance using a web browser or SSH client. These clients can manage the appliance using a web or SSH connection.

You can define a Host according to Hostname or IP address. Enter a comma-separated list of IP addresses from which you manage the appliance. Enter Any to manage the appliance from anywhere.

Note - Do not use the Any value for security reasons.

After you complete the First Time Configuration Wizard, more options are available using the WebUI menu.

Download SmartConsole Applications

Configuring a security policy for a Locally Managed 2200 Appliance (configured in the Management Type page) requires you to install the SmartConsole applications. In the Download SmartConsole Applications window, you can download SmartConsole and install

it on Windows machines.

Configuring 2200 Appliance

Check Point 2200 Appliance Getting Started Guide | 23

The release notes of your Check Point version in the Check Point Support Center (http://supportcenter.checkpoint.com), lists compatible Windows operating systems for SmartConsole.

Centrally Managed Deployment

This section describes how to configure the appliance for centrally managed deployment.

Gateway Type

Configure the gateway type for a Centrally Managed 2200 Appliance.

Web/SSH and GUI Clients Configuration

Define the clients that are allowed to connect to the appliance using a web browser or SSH client. These clients can manage the appliance using a web or SSH connection.

You can define a Host according to Hostname or IP address. Enter a comma-separated list of IP addresses from which you manage the appliance. Enter Any to manage the appliance from anywhere.

Note - Do not use the Any value for security reasons.

After you complete the First Time Configuration Wizard, more options are available using the WebUI menu.

SIC Setup

Configure the SIC (Secure Internal Communication) settings for a Centrally Managed appliance. Enter a SIC Activation Key. The same key is used by the gateway object in SmartDashboard.

Summary

The Summary page opens. Click Finish to complete the First Time Configuration Wizard. You can log in to the appliance

after some minutes.

Note - You should back up the system configuration. Open the WebUI interface and go to Appliance > Backup and Restore.

Configuring 2200 Appliance

24 | Check Point 2200 Appliance Getting Started Guide

Creating the Network Object

Configure the 2200 Appliance as a gateway object in the Security Management Server database.

To create the network object in SmartDashboard:

1. Launch SmartDashboard.

2. Configure a new gateway object for the appliance.

3. Enter the IP address for the appliance.

4. For a centrally managed installation, establish Secure Internal Communication (SIC) using the activation key entered in the First Time Configuration Wizard.

5. Configure the topology.

6. Install the security policy.

Advanced Configuration

Advanced configuration on Gaia

Advanced configuration on Gaia can be done using the WebUI or the CLI.

Advanced configuration on SecurePlatform

Advanced configuration on SecurePlatform can be done using the sysconfig menu from the CLI.

Note - The sysconfig menu is only available after running the First Time Configuration Wizard in the WebUI.

Connecting to the CLI

After you complete the First Time Configuration Wizard, you can connect to the CLI (command line interface) of a 2200 Appliance using:

 The provided serial console cable (DTE to DTE)  Terminal emulation software such as HyperTerminal and PuTTY (from Windows), or

Minicom (from Unix/Linux systems).

 Connection parameters for the appliance are: 9600 bps, no parity, 1 stop bit (8N1).  Set the Flow Control to None.

 An SSH connection to the management interface (if SSHD is configured).

Check Point 2200 Appliance Getting Started Guide | 25

Chapter 3

2200 Appliance Hardware

In This Chapter

2200 Appliance Front Panel 25 Rear Panel Components 26 Optional Rack Mounting 26

This chapter describes the hardware components on the 2200 Appliance.

2200 Appliance Front Panel

This section describes the features and components located on the appliance front panel.

Item

Description

Built in Ethernet ports (ETH1 - ETH5)

Management configuration port - Ethernet connection to a remote management workstation

USB ports

Console port - A serial connection to the appliance using a terminal emulation program such as HyperTerminal or PuTTY

Power LED

2200 Appliance Hardware

26 | Check Point 2200 Appliance Getting Started Guide

Rear Panel Components

This section describes components located on the rear panel of the appliance.

Main Power Switch

The main power switch controls power to the entire unit.

Optional Rack Mounting

There is an optional rack mounting kit that lets you mount the appliance in a standard rack. For more information about installing this kit, see the appliance home page

(http://supportcontent.checkpoint.com/solutions?id=sk68680).

Check Point 2200 Appliance Getting Started Guide | 27

Chapter 4

Restoring Factory Defaults

In This Chapter

Restoring Using the WebUI 27 Restoring Using the WebUI (Gaia) 27 Restoring Using the Console Boot Menu 28

As part of the troubleshooting process, it may be necessary to restore the 2200 Appliance to its factory default settings. You can restore the factory default image using one of the following methods:

 Using the WebUI  Through the console boot menu

Important - Restoring factory defaults deletes all information on the appliance.

Restoring Using the WebUI

Use the WebUI of the applicable operating system to restore the appliance to the factory default settings. You can select one of the software images that are available on the appliance.

Restoring Using the WebUI (Gaia)

To restore the appliance to its default factory configuration using the WebUI:

1. In a Web browser, navigate to https://<appliance_ip_address>

2. Log in to the WebUI with your administrator username and password.

3. In the WebUI, click Maintenance > Factory Defaults. The Factory Defaults window opens.

4. Select the image version to revert to.

5. Click Apply.

Restoring Factory Defaults

28 | Check Point 2200 Appliance Getting Started Guide

Restoring Using the Console Boot Menu

To restore the appliance to its default factory configuration using the console boot menu:

1. Connect the supplied DB9 serial cable to the console port on the front of the appliance.

2. Connect to the appliance using a terminal emulation program such as Microsoft HyperTerminal or PuTTY.

3. Configure the terminal emulation program:

 In the HyperTerminal Connect To window, select a port from the Connect using list.  In PuTTY select the Serial connection type.

4. Define the serial port settings: 9600 BPS, 8 bits, no parity, 1 stop bit.

5. From the Flow control list, select None.

6. Connect to the appliance.

7. Turn on the appliance.

8. The appliance initializes and status messages are shown in the terminal emulation program.

9. When this message is shown, you have approximately four seconds to hit any key to activate the Boot menu.

10. From the Boot menu, select the relevant Reset to factory defaults image.

11. Press Enter.

Check Point 2200 Appliance Getting Started Guide | 29

Chapter 5

Registration and Support

In This Chapter

Registration 29 Support 29 Where To From Here? 29

Registration

The appliance requires a product-specific Check Point license. Get a license and register at the Check Point Appliance Registration site (http://register.checkpoint.com/cpapp).

Connect to the WebUI of the appliance to find the MAC address that is required to obtain a license.

 Gaia - From Advanced mode, select Maintenance > Licenses.  SecurePlatform - Select Information > Appliance Status.

Support

For additional technical information about Check Point products, consult the Check Point Support Center (http://supportcenter.checkpoint.com).

Where To From Here?

You have the basics to get started. The next step is to get more advanced knowledge of your Check Point software.

Check Point documentation is available on the Check Point Support Center (http://supportcenter.checkpoint.com).

Be sure to also use the Online Help when you are working with the Check Point SmartConsole clients.

Check Point 2200 Appliance Getting Started Guide | 31

Appendix A

Compliance Information

This appendix contains declaration of conformity, compliance, and related regulatory information.

In This Appendix

Declaration of Conformity 31

Declaration of Conformity

Manufacturer’s Name:

Check Point Software Technologies Ltd.

Manufacturer’s Address:

5 Ha'Solelim Street, Tel Aviv 67897, Israel

Declare that under our sole responsibility the products

Model Number:

T-110

Product Options:

All

Date First Applied:

July, 2011

Conforms to the following Product Specifications:

EMC

FCC, 47 CFR, Part 15, Class A