Check Point 12000 VSX R67.
© 2011 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions.
Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Latest Documentation The latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?ID=12528 For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com).
Welcome Safety, Environmental, and Electronic Emissions Notices Read the following warnings before setting up or using the appliance. Warning - Do not block air vents. A minimum 1/2-inch clearance is required. Warning - This appliance does not contain any user-serviceable parts. Do not remove any covers or attempt to gain access to the inside of the product. Opening the device or modifying it in any way has the risk of personal injury and will void your warranty.
Welcome 4. Circuit Overloading - Consideration should be given to the connection of the equipment to the supply circuit and the effect that overloading of the circuits might have on over current protection and supply wiring. Appropriate consideration of equipment nameplate ratings should be used when addressing this concern. 5. Reliable Earthing - Reliable earthing of rack-mounted equipment should be maintained.
Welcome Canadian Department Compliance Statement: This Class A digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada. This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
Contents Important Information .............................................................................................3 Safety, Environmental, and Electronic Emissions Notices ..................................4 Introduction .............................................................................................................9 Welcome ............................................................................................................. 9 Check Point 12000 VSX Overview ...................
Registration and Support .....................................................................................35 Registration ........................................................................................................35 Support...............................................................................................................35 Where To From Here?........................................................................................35 Compliance Information .........................
Chapter 1 Introduction In This Chapter Welcome Check Point 12000 VSX Overview VSX Overview Important Solutions Shipping Carton Contents 9 9 9 10 10 Welcome Thank you for choosing Check Point 12000 VSX. We hope that you will be satisfied with this system and our support services. Check Point products provide your business with the most up to date and secure solutions available today.
Important Solutions A VSX gateway contains a complete set of virtual devices that function as physical network components, such as Security Gateways, routers, switches, interfaces, and even network cables. Centrally managed, and incorporating key network resources internally, VSX allows businesses to deploy comprehensive firewall and VPN functionality, while reducing hardware investment and improving efficiency.
Chapter 2 Rack Mounting This chapter describes how to mount the appliance in a rack. Important - Two people are required to install the appliance in a rack in order to prevent any possible damage. In This Chapter Rack Mounting Hardware and Tools Rack Mounting Check Point 12200 VSX Rack Mounting Check Point 12400 and 12600 VSX 11 12 15 Rack Mounting Hardware and Tools You must install rack mounting hardware on the appliance before you can mount it in a rack. This table describes the rack mounting hardware.
Rack Mounting Check Point 12200 VSX Rack Mounting Check Point 12200 VSX Attaching the Ear Mount Brackets to the Appliance Attach the two ear mount brackets to the front of the appliance. Note - The ear mount screws have 5 mm heads. To attach the ear mount brackets to the appliance: 1. Attach the appliance ear bracket to one side of the appliance using three ear mount screws. 2. Do step 1 again for the other side of the appliance.
Rack Mounting Check Point 12200 VSX To attach the rail plates: 1. Attach a rail plate to an appliance rail using two appliance rail screws. 2. Do step 1 again for the other rail plate and appliance rail. This figure shows the assembled rail plate and appliance rail. Attaching the Appliance Rails to the Appliance Attach the appliance rails to the sides of the appliance. Position the rail plates to connect the appliance rails to the rear of the rack. Note - The appliance rail screws have 8 mm heads.
Rack Mounting Check Point 12200 VSX Installing the Appliance in the Rack Install the appliance in the rack. It may be necessary to adjust the appliance rails to secure the appliance to the rack. Important - Two people are required to install the appliance in a rack in order to prevent personal injury or damage to the appliance. To install the appliance in the rack: 1. Attach the ear mount brackets to the front of the rack. 2. Attach the rail plates to the rear of the rack. 3.
Rack Mounting Check Point 12400 and 12600 VSX Rack Mounting Check Point 12400 and 12600 VSX Attaching the Ear Mount Brackets to the Appliance Attach the two ear mount brackets to the front of the appliance. To attach the ear mount brackets to the appliance: 1. Attach the appliance ear bracket to one side of the appliance using three ear mount screws. 2. Do step 1 again for the other side of the appliance.
Rack Mounting Check Point 12400 and 12600 VSX To attach the rail plates: 1. Attach a rail plate to an appliance rail using four appliance rail screws. 2. Do step 1 again for the other rail plate and appliance rail. This figure shows the assembled rail plate and appliance rail. Attaching the Appliance Rails to the Appliance Attach the appliance rails to the sides of the appliance. The rail plates are positioned to connect the appliance rails to the rear of the rack. To attach the appliance rails: 1.
Rack Mounting Check Point 12400 and 12600 VSX Installing the Appliance in the Rack Install the appliance in the rack. It may be necessary to adjust the appliance rails to secure the appliance to the rack. Important - Two people are required to install the appliance in a rack in order to prevent personal injury or damage to the appliance. To install the appliance in the rack: 1. Attach the ear mount brackets to the front of the rack. 2. Attach the rail plates to the rear of the rack. 3.
Chapter 3 Configuring Check Point 12000 VSX The workflow for configuring Check Point 12000 VSX is: 1. 2. 3. 4. Mount the Check Point 12000 VSX in the rack. Connect the cables and power on. Use the First Time Wizard to configure the appliance. Configure VSX in SmartDashboard and install a policy. Note - Check Point 12000 VSX must be managed by a Security Management Server or Multi-Domain Security Management as described in the VSX NGX R67 Administration Guide (http://supportcontent.checkpoint.
Initial Configuration 3. Wait for the appliance to initialize and boot. The status of the appliance appears on the LCD screen: The appliance is ready to use when the model number is displayed. Initial Configuration Logging in for the First Time Check Point 12000 VSX includes a First Time Wizard to help you configure the initial settings for the appliance. To log in and start the First Time Wizard: 1. Connect to the appliance’s Serial console using the RJ45/D subminiature cable. 2.
Initial Configuration The Welcome window opens. 8. Type n. The Network Configuration window opens. 9. Use the menus and windows to set the Host Name, Domain Name, and Domain Name Servers. 10. Enter n. The Network Connections window opens. Configuring the Management Interface Use the Network Configuration window to configure the parameters of the Management interface. To configure the Management interface settings: 1. In the Network Configuration window, enter 4. The Network Connections window opens.
Initial Configuration The Change IP settings window opens. 5. Enter an IP address, network mask, and broadcast address for the Management interface. 6. Enter e twice to return to the Network Configuration window. 7. Enter 5. The Routing window opens. 8. Enter 1. The Set Default Gateway window opens. 9. Enter the parameters for the default gateway of the network. 10. Enter e twice to return to the Network Configuration menu. 11. Enter n. The Time and Date Configuration window opens.
Confirming the Build Numbers Confirming the Build Numbers Confirm that the system has the most recent build numbers. Run these CLI commands to display the build number for these products. Product SecurePlatform VSX Dynamic Routing VSX Command ver VSX Appliance Build gated_ver 650000001 fw ver -k This is Check Point SecurePlatform Pro VSX NGX R67.10 Build 008. This is Check Point VPN-1 VSX NGX R67.10 build 006. kernel: NGX R67.10 - Build 006.
Chapter 4 Check Point 12000 VSX Hardware This chapter provides instructions for installing and removing hardware components on Check Point 12000 VSX. In This Chapter Front Panel Components Rear Panel Components Using the LCD Panel 23 27 28 Front Panel Components The section describes the hardware on the front panel of the appliance.
Front Panel Components Expansion Line Card Options Expansion line cards can have two, four, or eight ports.
Front Panel Components Item Component Description 10 Synchronization port For synchronizing with cluster members or a high availability peer 11 Expansion line card Expansion slot 12 Expansion line card Expansion slot Expansion Line Card Options Expansion line cards can have two, four, or eight ports.
Front Panel Components Item Component Description 6 Management port For an Ethernet connection to a remote management computer 7 LOM port LOM (Light Out Management) port for the optional LOM card 8 Expansion line card 8 Port 10/100/1000Base-T RJ-45. Model: CPAP-ACC-8-1C 9 USB ports 10 Synchronization port 11 Expansion line card 4 Port 10/100/1000Base-T RJ-45.
Rear Panel Components Rear Panel Components This section describes the hardware on the rear panel of the appliance. Check Point 12200 VSX Rear Panel Item Component Description 1 Power supply unit If a power supply fails or is not connected to the outlet, an alarm sounds continuously. 2 Power supply placeholder unit For appliances that are provisioned with one power supply unit, the placeholder unit is used in the other power supply slot.
Using the LCD Panel Using the LCD Panel The appliance has an LCD panel that you can use to do basic management operations. You can configure the management IP address, netmask, and default gateway of the appliance. You can reboot the appliance. Menu Options Menu Sub-menu Purpose Set Mgmt IP Set the management interface IP address. Set Netmask Set the management interface network mask. Set Default GW Set the management interface default gateway. Reboot Reboot the appliance.
Replacing Power Supplies Customer Replaceable Parts To ensure maximum availability and ease of maintenance, the Check Point 12000 VSX contains the following customer replaceable parts: Power supply units 12200 VSX 12400 VSX 12600 VSX 1 Power supply unit 2 2 1 Place holder unit Expansion line card 1 1 (2 optional slots) 2 (1 optional slot) Hard disk drives 1 (1 optional slot) 1 (1 optional) 2 Located at rear of appliance Located at front of appliance Located at front of appliance Unless d
Replacing Expansion Line Cards Removing Power Supplies This section describes how to remove a power supply or placeholder unit from the appliance. To remove a power supply unit: 1. If the alarm sounds, press the red alarm button to the right of the power supply. The alarm stops. 2. Remove the power cord from the power supply unit. 3. Engage and hold the release lever on the power supply or placeholder unit. 4. Pull the extraction handle to remove the power supply or placeholder unit.
Replacing Expansion Line Cards Check Point 12200 VSX The built-in Ethernet ports (ETH1 - ETH7) are not customer replaceable. Check Point 12400 and 12600 VSX Removing Expansion Line Cards To remove an expansion line card: 1. 2. 3. 4. 5. Power off the appliance and remove the power cords from the power supply units. Loosen the retaining screws on the expansion line card. Holding the screws, pull the expansion line card out of the expansion slot. Place the metal cover over the expansion slot.
Replacing Hard Disk Drives on Check Point 12200 VSX Replacing Hard Disk Drives on Check Point 12200 VSX This section describes how to remove or install a hard disk drive in a Check Point 12200 VSX appliance. Removing a Hard Disk Drive To remove a hard disk drive from a Check Point 12200 VSX: 1. Using the key supplied in the toolkit, unlock the drive. 2. Slide the release latch toward the left. The extraction handle pops out. 3. Using the extraction handle, remove the drive from the slot.
Replacing Hard Disk Drives on Check Point 12400 and 12600 VSX Replacing Hard Disk Drives on Check Point 12400 and 12600 VSX This section describes how to remove or install a hard disk drive in a Check Point 12400 and 12600 VSX appliance. Removing a Hard Disk Drive To remove a hard disk drive from a Check Point 12400 and 12600 VSX: 1. Using the key supplied in the toolkit, unlock the drive. 2. Slide the release latch toward the left. The extraction handle pops out. 3.
Chapter 5 VSX Appliance Recovery VSX comes preloaded on your Check Point 12000 VSX appliance. If, for any reason, you need to reinstall VSX on the appliance, follow this procedure. To reinstall VSX software on the appliance: 1. Connect to the appliance console using the designated cord received in your shipping carton (RJ45/Dsubminiature cable) and connect to the console using Terminal Emulation software, such as HyperTerminal or PuTTY. 2.
Chapter 6 Registration and Support In This Chapter Registration Support Where To From Here? 35 35 35 Registration Check Point 12000 VSX requires a specific Check Point license. Obtain a license and register at the Check Point Appliance Registration site (http://register.checkpoint.com/cpapp). Note - The MAC address of the management interface is required to obtain a license.
Appendix A Compliance Information This appendix contains declaration of conformity, compliance, and related regulatory information. In This Appendix Declaration of Conformity 36 Declaration of Conformity Manufacturer’s Name: Check Point Software Technologies Ltd.
Declaration of Conformity Safety EN61000-4-2 Information Technology Equipment - Electrostatic Discharge Immunity EN61000-4-3 Information Technology Equipment - Radiated RF Immunity EN61000-4-4 Information Technology Equipment - Fast Transient Immunity EN61000-4-5 Information Technology Equipment - Surge Immunity EN61000-4-6 Information Technology Equipment - Conducted RF Immunity EN61000-4-11 Information Technology Equipment - Voltage Dips and Short Interruptions Immunity CAN/CSA, C22.2 No.