Check Point 12000 Appliances Getting Started Guide 31 October 2011 Models: P-210, P-220, and P-230
© 2011 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions.
Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Latest Documentation The latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?ID=12687 For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com).
Welcome Safety, Environmental, and Electronic Emissions Notices Read the following warnings before setting up or using the appliance. Warning - Do not block air vents. A minimum 1/2-inch clearance is required. Warning - This appliance does not contain any user-serviceable parts. Do not remove any covers or attempt to gain access to the inside of the product. Opening the device or modifying it in any way has the risk of personal injury and will void your warranty.
Welcome 4. Circuit Overloading - Consideration should be given to the connection of the equipment to the supply circuit and the effect that overloading of the circuits might have on over current protection and supply wiring. Appropriate consideration of equipment nameplate ratings should be used when addressing this concern. 5. Reliable Earthing - Reliable earthing of rack-mounted equipment should be maintained.
Welcome Canadian Department Compliance Statement: This Class A digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada. This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
Contents Important Information .............................................................................................3 Safety, Environmental, and Electronic Emissions Notices..................................4 Introduction .............................................................................................................9 Welcome ............................................................................................................. 9 Check Point 12000 Appliances Overview .............
Replacing Hard Disk Drives on Check Point 12400 and 12600 ..........................32 Removing a Hard Disk Drive ..........................................................................33 Installing a Hard Disk Drive ............................................................................33 Restoring Factory Defaults ..................................................................................34 Restoring Using the WebUI ...........................................................................
Chapter 1 Introduction In This Chapter Welcome Check Point 12000 Appliances Overview Shipping Carton Contents Terminology 9 9 10 10 Welcome Thank you for choosing Check Point 12000 Appliances. We hope that you will be satisfied with this system and our support services. Check Point products provide your business with the most up to date and secure solutions available today.
Shipping Carton Contents Note - Screenshots in this guide may apply only to the highest model to which this guide applies. Shipping Carton Contents This section describes the contents of the shipping carton.
Chapter 2 Rack Mounting This chapter describes how to mount the appliance in a rack. Important - Two people are required to install the appliance in a rack in order to prevent any possible damage. In This Chapter Rack Mounting Hardware and Tools Rack Mounting Check Point 12200 Rack Mounting Check Point 12400 and 12600 11 12 15 Rack Mounting Hardware and Tools You must install rack mounting hardware on the appliance before you can mount it in a rack. This table describes the rack mounting hardware.
Rack Mounting Check Point 12200 Rack Mounting Check Point 12200 Attaching the Ear Mount Brackets to the Appliance Attach the two ear mount brackets to the front of the appliance. Note - The ear mount screws have 5 mm heads. To attach the ear mount brackets to the appliance: 1. Attach the appliance ear bracket to one side of the appliance using three ear mount screws. 2. Do step 1 again for the other side of the appliance.
Rack Mounting Check Point 12200 To attach the rail plates: 1. Attach a rail plate to an appliance rail using two appliance rail screws. 2. Do step 1 again for the other rail plate and appliance rail. This figure shows the assembled rail plate and appliance rail. Attaching the Appliance Rails to the Appliance Attach the appliance rails to the sides of the appliance. Position the rail plates to connect the appliance rails to the rear of the rack. Note - The appliance rail screws have 8 mm heads.
Rack Mounting Check Point 12200 Installing the Appliance in the Rack Install the appliance in the rack. It may be necessary to adjust the appliance rails to secure the appliance to the rack. Important - Two people are required to install the appliance in a rack in order to prevent personal injury or damage to the appliance. To install the appliance in the rack: 1. Attach the ear mount brackets to the front of the rack. 2. Attach the rail plates to the rear of the rack. 3.
Rack Mounting Check Point 12400 and 12600 Rack Mounting Check Point 12400 and 12600 Attaching the Ear Mount Brackets to the Appliance Attach the two ear mount brackets to the front of the appliance. To attach the ear mount brackets to the appliance: 1. Attach the appliance ear bracket to one side of the appliance using three ear mount screws. 2. Do step 1 again for the other side of the appliance.
Rack Mounting Check Point 12400 and 12600 To attach the rail plates: 1. Attach a rail plate to an appliance rail using four appliance rail screws. 2. Do step 1 again for the other rail plate and appliance rail. This figure shows the assembled rail plate and appliance rail. Attaching the Appliance Rails to the Appliance Attach the appliance rails to the sides of the appliance. The rail plates are positioned to connect the appliance rails to the rear of the rack. To attach the appliance rails: 1.
Rack Mounting Check Point 12400 and 12600 Installing the Appliance in the Rack Install the appliance in the rack. It may be necessary to adjust the appliance rails to secure the appliance to the rack. Important - Two people are required to install the appliance in a rack in order to prevent personal injury or damage to the appliance. To install the appliance in the rack: 1. Attach the ear mount brackets to the front of the rack. 2. Attach the rail plates to the rear of the rack. 3.
Chapter 3 Configuring Check Point 12000 Appliances The workflow for configuring Check Point 12000 Appliances is: 1. Connect the cables and power on the appliance. 2. Use the First Time Configuration Wizard to configure the appliance. 3. Add the Check Point 12000 Appliances object in SmartDashboard and install a policy. In This Chapter Powering On Using the First Time Configuration Wizard Creating the Network Object Advanced Configuration 18 19 22 22 Powering On To power on Check Point 12000 Appliances: 1.
Using the First Time Configuration Wizard 3. Wait for the appliance to initialize and boot. The status of the appliance appears on the LCD screen: The appliance is ready to use when the model number is displayed. Using the First Time Configuration Wizard Perform the initial configuration of Check Point 12000 Appliances using the First Time Configuration Wizard. You can use the following commands at any time: Click Quit to exit. Click Next to move to the next page of the wizard.
Using the First Time Configuration Wizard Note - The features configured in the wizard are accessible after completing the wizard via the WebUI menu. The WebUI menu can be accessed by navigating to https://:4434. 5. Change the administrator password, as prompted. The default password gives you access to the appliance. For security purposes, you must change it to a more secure password.
Using the First Time Configuration Wizard Management Type Set how the appliance is managed in the Management Type page. Locally Managed Deployment: The appliance is a Security Gateway and a Security Management server. The Security Management server manages the Security Policy that is enforced by the Security Gateway. Centrally Managed Deployment: The appliance is a Security Gateway, without a Security Management server. The Security Gateway is managed by a remote Security Management server.
Creating the Network Object Note - Do not use the Any value for security reasons. After you complete the First Time Configuration Wizard, more options are available using the WebUI menu. SIC Setup Configure the SIC (Secure Internal Communication) settings for a Centrally Managed appliance. Enter a SIC Activation Key. The same key is used by the gateway object in SmartDashboard. Summary The Summary page opens. Click Finish to complete the First-Time Configuration Wizard.
Chapter 4 Check Point 12000 Appliances Hardware This chapter provides instructions for installing and removing hardware components on Check Point 12000 Appliances. In This Chapter Front Panel Components Rear Panel Components Using the LCD Panel 23 27 28 Front Panel Components The section describes the hardware on the front panel of the appliance.
Front Panel Components Item Component Description 9 Keypad Perform basic management operations ("Using the LCD Panel" on page 28) Expansion Line Card Options Expansion line cards can have two, four, or eight ports.
Front Panel Components Item Component Description 7 LOM port LOM (Light Out Management) port for the optional LOM card 8 Expansion line card 8 Port 10/100/1000Base-T RJ-45. Model: CPAP-ACC-8-1C 9 USB ports 10 Synchronization port 11 Expansion line card Expansion slot 12 Expansion line card Expansion slot For synchronizing with cluster members or a high availability peer Expansion Line Card Options Expansion line cards can have two, four, or eight ports.
Front Panel Components Item Component Description 3 LCD screen 4 Keypad Perform basic management operations ("Using the LCD Panel" on page 28) 5 Console port For a serial connection to the appliance using a terminal emulation program such as HyperTerminal 6 Management port For an Ethernet connection to a remote management computer 7 LOM port LOM (Light Out Management) port for the optional LOM card 8 Expansion line card 8 Port 10/100/1000Base-T RJ-45.
Rear Panel Components Rear Panel Components This section describes the hardware on the rear panel of the appliance. Check Point 12200 Rear Panel Item Component Description 1 Power supply unit If a power supply fails or is not connected to the outlet, an alarm sounds continuously. 2 Power supply placeholder unit For appliances that are provisioned with one power supply unit, the placeholder unit is used in the other power supply slot.
Using the LCD Panel Using the LCD Panel The appliance has an LCD panel that can be used to perform basic management operations. You can select DHCP or configure the IP address, subnet netmask, and default gateway of the management interface. The appliance can also be rebooted. Menu Options Menu Sub-menu Purpose DHCP Enable or disable DHCP for the management interface. Set Mgmt IP Set the management interface IP address. Set Netmask Set the management interface network mask.
Replacing Power Supplies To Press Change current digit or Customer Replaceable Parts To ensure maximum availability and ease of maintenance, the Check Point 12000 Appliances contain the following customer replaceable parts: 12200 Power supply units 12400 1 Power supply unit 2 12600 2 1 Place holder unit Expansion line card 1 1 (2 optional slots) 2 (1 optional slot) Hard disk drives 1 (1 optional slot) 1 (1 optional) 2 Located at rear of appliance Located at front of appliance Located at fr
Replacing Expansion Line Cards Item Description 2 Power cord socket 3 Release lever 4 Extraction handle 5 Power supply unit Removing Power Supplies This section describes how to remove a power supply or placeholder unit from the appliance. To remove a power supply unit: 1. If the alarm sounds, press the red alarm button to the right of the power supply. The alarm stops. 2. Remove the power cord from the power supply unit. 3.
Replacing Expansion Line Cards Check Point 12200 Appliance The built-in Ethernet ports (ETH1 - ETH7) are not customer replaceable. Check Point 12400 and 12600 Appliances Removing Expansion Line Cards To remove an expansion line card: 1. 2. 3. 4. 5. Power off the appliance and remove the power cords from the power supply units. Loosen the retaining screws on the expansion line card. Holding the screws, pull the expansion line card out of the expansion slot. Place the metal cover over the expansion slot.
Replacing Hard Disk Drives on Check Point 12200 Replacing Hard Disk Drives on Check Point 12200 This section describes how to remove or install a hard disk drive in a Check Point 12200 appliance. Removing a Hard Disk Drive To remove a hard disk drive in a Check Point 12200: 1. Using the key supplied in the toolkit, unlock the drive. 2. Slide the release latch toward the left. The extraction handle pops out. 3. Using the extraction handle, remove the drive from the slot.
Replacing Hard Disk Drives on Check Point 12400 and 12600 Removing a Hard Disk Drive To remove a hard disk drive from a Check Point 12400 or 12600: 1. Using the key supplied in the toolkit, unlock the drive. 2. Slide the release latch toward the left. The extraction handle pops out. 3. Using the extraction handle, remove the drive from the slot. Installing a Hard Disk Drive To install a hard disk drive in a Check Point 12400 or 12600: 1. Slide the replacement hard disk drive into the slot. 2.
Chapter 5 Restoring Factory Defaults Part of troubleshooting can be to restore the appliance to its factory default settings. To restore your appliance, use one of these: WebUI Console boot menu LCD panel Important - Restoring factory defaults deletes all information on the appliance.
Restoring Using the LCD Panel 7. During the boot process, text similar to that shown below appears: 8. At this point, you have approximately four seconds to hit any key to activate the Boot menu. 9. The Boot menu opens. Scroll to the relevant Reset to factory defaults image and press Enter. Restoring Using the LCD Panel To restore the appliance to its default factory configuration using the LCD Panel keys: 1. Reboot or power on the appliance. 2. When the countdown begins, press any of the arrow keys.
Restoring Using the LCD Panel 6. Once you have confirmed the reset, wait for the appliance to restore the factory image. While the appliance is restored to the default image, this message is continuously displayed: Reverting image don't turn off. After the appliance is restored to its default factory configuration, the appliance reboots and the initializing message appears.
Chapter 6 Registration and Support In This Chapter Registration Support Where To From Here? 37 37 37 Registration The appliance requires a product-specific Check Point license. Get a license and register at the Check Point Appliance Registration site (http://register.checkpoint.com/cpapp). Support For additional technical information about Check Point products, consult the Check Point Support Center (http://supportcenter.checkpoint.com).
Appendix A Compliance Information This appendix contains declaration of conformity, compliance, and related regulatory information. In This Appendix Declaration of Conformity 38 Declaration of Conformity Manufacturer’s Name: Check Point Software Technologies Ltd.
Declaration of Conformity Safety EN61000-4-2 Information Technology Equipment - Electrostatic Discharge Immunity EN61000-4-3 Information Technology Equipment - Radiated RF Immunity EN61000-4-4 Information Technology Equipment - Fast Transient Immunity EN61000-4-5 Information Technology Equipment - Surge Immunity EN61000-4-6 Information Technology Equipment - Conducted RF Immunity EN61000-4-11 Information Technology Equipment - Voltage Dips and Short Interruptions Immunity CAN/CSA, C22.2 No.
