Check Point 4000 Appliances Getting Started Guide 15 April 2012 Models: T-120, T-160 and T-180
© 2012 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions.
Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Latest Documentation The latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?ID=12292 For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com).
Safety, Environmental, and Electronic Emissions Notices Safety, Environmental, and Electronic Emissions Notices Read the following warnings before setting up or using the appliance. Warning - Do not block air vents. A minimum 1/2-inch clearance is required. Warning - This appliance does not contain any user-serviceable parts. Do not remove any covers or attempt to gain access to the inside of the product.
Safety, Environmental, and Electronic Emissions Notices Avoid short-circuiting the lithium battery; this can cause it to superheat and cause burns if touched. Do not operate the processor without a thermal solution. Damage to the processor can occur in seconds. Class 1 Laser Product Warning Rack Mount Instructions The following or similar rack-mount instructions are included with the installation instructions: 1.
Safety, Environmental, and Electronic Emissions Notices Federal Communications Commission (FCC) Statement: For a Class A digital device or peripheral Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
Safety, Environmental, and Electronic Emissions Notices Japan Compliance Statement: Class A Class B European Union (EU) Electromagnetic Compatibility Directive This product is herewith confirmed to comply with the requirements set out in the Council Directive on the Approximation of the Laws of the Member States relating to Electromagnetic Compatibility Directive (2004/108/EC).
Safety, Environmental, and Electronic Emissions Notices Product Disposal This symbol on the product or on its packaging indicates that this product must not be disposed of with your other household waste. Instead, it is your responsibility to dispose of your waste equipment by handing it over to a designated collection point for the recycling of waste electrical and electronic equipment.
Contents Important Information .............................................................................................3 Safety, Environmental, and Electronic Emissions Notices ..................................4 Introduction ...........................................................................................................11 Welcome ............................................................................................................11 Check Point 4000 Appliances Overview ...............
Main Power Switch ........................................................................................ 35 Redundant Power Supply Units (Check Point 4800) ...................................... 35 Replacing and Upgrading Components .............................................................. 36 Power Supply (Check Point 4800) ................................................................. 36 Expansion Line Card .....................................................................................
Chapter 1 Introduction In This Chapter Welcome Check Point 4000 Appliances Overview Shipping Carton Contents Terminology 11 11 12 13 Welcome Thank you for choosing Check Point’s Check Point 4000 Appliances. We hope that you will be satisfied with this system and our support services. Check Point products are the most up to date and secure solutions available today.
Introduction Proven, enterprise-class firewall, VPN, and intrusion prevention Accelerated security performance, including SecureXL and CoreXL technologies Integrated load balancing and dynamic routing for data center reliability levels Centrally managed from Security Management Server/Check Point 4000 Appliances or as a stand alone device Automatic security protection updates from Check Point This document provides: A brief overview of essential Check Point 4000 Appliances concepts a
Introduction Item Description Rack Mounting Accessories Hardware mounting kit Cables Power cable 1 Standard RJ-45 network cable 1 Serial console cable Quick Start Guide Getting Started Guide Image Management Guide User license agreement Documentation Terminology The following terms are used in this guide: Gateway: The security engine that enforces the organization’s security policy and acts as a security enforcement point.
Chapter 2 Rack Mounting This chapter describes how to mount the appliance in a rack. Important - Two people are required to install the appliance in a rack in order to prevent any possible damage.
Rack Mounting Rack Mounting Tools Philips screwdriver. A magnetic head is recommended to hold screws in place and retrieve dropped screws. A powered screwdriver is also useful. Note - Screws to attach the ear mount brackets and rail plates to the rack are not included. Attaching the Ear Mount Brackets to the Appliance Attach the two ear mount brackets to the front of the appliance. Note - The ear mount screws have 5 mm heads. To attach the ear mount brackets to the appliance: 1.
Rack Mounting Attaching the Rail Plates Attach the rail plates to the appliance rails to connect the appliance to the rear vertical rails of the rack. Item Description 1 Appliance rail 2 Rail plate Note - The appliance rail screws have 8 mm heads. To attach the rail plates: 1. Attach a rail plate to an appliance rail using two appliance rail screws.
Rack Mounting 2. Do step 1 again for the other rail plate and appliance rail. Attaching the Appliance Rails to the Appliance Attach the appliance rails to the sides of the appliance. Align the rail plates to connect the appliance rails to the rear of the rack. Note - The appliance rail screws have 8 mm heads.
Rack Mounting To attach the appliance rails: 1. Set the appliance rail on the side of the appliance. The ridges on the appliance rails point to the appliance. 2. Attach the appliance rails to the appliance using three appliance rail screws. 3. Do steps 1 and 2 again for the other side of the appliance.
Rack Mounting Installing the Appliance in the Rack Install the appliance in the rack. It may be necessary to adjust the appliance rails to secure the appliance to the rack. Important - Two people are required to install the appliance in a rack in order to prevent any possible damage. To install the appliance in the rack: 1. Attach the ear mount brackets to the front of the rack. 2. Attach the rail plates to the rear of the rack. 3. Confirm that the appliance is stable and secure in the rack.
Chapter 3 Configuring Check Point 4000 Appliances The workflow for configuring Check Point 4000 Appliances is: 1. Connect the cables and power on the appliance. 2. Use the First Time Configuration Wizard to configure the appliance. 3. Add the Check Point 4000 Appliances object in SmartDashboard and install a policy. In This Chapter Powering On Using the First Time Configuration Wizard Creating the Network Object Advanced Configuration 21 22 26 27 Powering On To power on Check Point 4000 Appliances: 1.
Configuring Check Point 4000 Appliances 3. Wait for the appliance to initialize and boot. The status of the appliance appears on the LCD screen: The appliance is ready for use when the model number is displayed. Using the First Time Configuration Wizard Set up the Check Point 4000 Appliances with the First Time Configuration Wizard. During the wizard: Click Quit to exit. Click Next to move to the next page of the wizard.
Configuring Check Point 4000 Appliances 3. To access the management interface, open a connection from a browser to the default management IP address: https://192.168.1.1:4434. Note - Pop-ups must always be allowed on https://. The login page opens. 4. Log in to the system using the default login name/password: admin/admin and click Login. Note - The features configured in the wizard are accessible after completing the wizard via the WebUI menu.
Configuring Check Point 4000 Appliances Network Connections Configure the network connections in the Network Connections page. You can change the Management IP address. Connectivity is maintained with an automatically created secondary interface. You can remove this interface after you complete the First Time Configuration Wizard in the Network > Network Connections page. Routing Table Configure the routing settings on the Routing Table page.
Configuring Check Point 4000 Appliances Locally Managed Deployment This section describes how to configure the appliance for locally managed deployment. Check Point Cluster Configure the cluster type. If you select This appliance is part of a Check Point 4000 Appliances Cluster, the options are: Primary cluster member Secondary cluster member For information about clusters, see the ClusterXL Administration Guide (http://supportcenter.checkpoint.com) for your Check Point version.
Configuring Check Point 4000 Appliances Web/SSH and GUI Clients Configuration Define the clients that are allowed to connect to the appliance using a web browser or SSH client. These clients can manage the appliance using a web or SSH connection. You can define a Host according to Hostname or IP address. Enter a comma-separated list of IP addresses from which you manage the appliance. Enter Any to manage the appliance from anywhere. Note - Do not use the Any value for security reasons.
Configuring Check Point 4000 Appliances Advanced Configuration Advanced configuration on Gaia Advanced configuration on Gaia can be done using the WebUI or the CLI. Advanced configuration on SecurePlatform Advanced configuration on SecurePlatform can be done using the sysconfig menu from the CLI. Note - The sysconfig menu is only available after running the First Time Configuration Wizard in the WebUI.
Chapter 4 Check Point 4000 Appliances Hardware In This Chapter Front Panel Components Rear Panel Components Replacing and Upgrading Components 29 35 36 Front Panel Components This section describes the features and components located on the appliance front panel.
Check Point 4000 Appliances Hardware Item Description 3 Management configuration port - Ethernet connection to a remote management workstation 4 USB ports 5 Console port - A serial connection to the appliance using a terminal emulation program such as HyperTerminal or PuTTY 6 Power indicator LED 7 LCD display screen 8 Keypad Check Point 4600 Front Panel Item Description 1 Expansion line card slot 2 Built in Ethernet ports (ETH1 - ETH7) 3 Management configuration port - Ethernet connec
Check Point 4000 Appliances Hardware Item Description 8 Keypad Check Point 4800 Front Panel Item Description 1 Expansion line card slot 2 LOM Port 3 Built in Ethernet ports (ETH1 - ETH7) 4 Management configuration port - Ethernet connection to a remote management workstation 5 USB ports 6 Console port - A serial connection to the appliance using a terminal emulation program such as HyperTerminal or PuTTY 7 Power indicator LED 8 LCD display screen 9 Keypad Lights Out Management The
Check Point 4000 Appliances Hardware Using the LCD Panel The appliance has an LCD panel that you can use to do basic management operations. You can enable DHCP. You can configure the management IP address, netmask, and default gateway of the appliance. You can reboot the appliance. Menu Options Menu Sub-menu Purpose DHCP Enable or disable DHCP for the management interface. Set Mgmt IP Set the management interface IP address. Set Netmask Set the management interface network mask.
Check Point 4000 Appliances Hardware When Entering an IP Address To Press Enter the grub menu or Move to the next digit Move back to the previous digit Approve the change when the cursor is located on the last digit Cancel the IP change when the cursor is located on the first digit Change current digit or Configuring Management DHCP You can use the LCD panel to enable or disable DHCP on the management interface. To configure management DHCP using the LCD panel: 1. Press Enter .
Check Point 4000 Appliances Hardware Configuring Management IP Addresses You can use the LCD panel to configure these management interface IP addresses for the appliance: Management IP address Subnet netmask Default gateway To configure the management IP address using the LCD panel: 1. Press Enter . The panel shows Select > Network. 2. Press Enter . The panel shows Network > DHCP. 3. Press Down . The panel shows Network > Set Mgmt IP. 4. Press Enter .
Check Point 4000 Appliances Hardware Model Description CPAP-2-10F 2 Port 10GBase-F SFP+ (without transceivers) CPAP-4-1C 4 Port 10/100/1000Base-T RJ-45 CPAP-4-1F 4 Port 1000Base-F SFP (without transceivers) CPAP-8-1C 8 Port 10/100/1000Base-T RJ-45 Hard Disk Drives Check Point 4000 Appliances contain one hard disk drive that is not hot-swappable. You must power off the appliance before removing or installing a hard disk drive.
Check Point 4000 Appliances Hardware Replacing and Upgrading Components The Check Point 4000 Appliances has parts that you can easily replace to minimize downtime. There are also upgrade components that you can install on the appliance.
Check Point 4000 Appliances Hardware Item Description 1 Power supply unit 2 Extraction handle 3 Release lever 4 Power cord socket 5 Power switch Removing the Power Supply This section describes how to remove a power supply or placeholder unit from a Check Point 4800 appliance. To remove a power supply unit: 1. If the alarm sounds, press the red alarm button to the right of the power supply. The alarm stops. 2. Remove the power cord from the power supply unit. 3.
Check Point 4000 Appliances Hardware Installing the Power Supply This section describes how to install a power supply or placeholder unit into a Check Point 4800 appliance. To install a replacement power supply: 1. Insert the power supply or placeholder unit into the power supply slot. 2. Push the power supply or placeholder unit until the release lever clicks. 3. Insert the power cord into the power supply socket. Make sure that the green LED is illuminated.
Check Point 4000 Appliances Hardware 7. Tighten the retaining screws on the expansion line card. Removing Expansion Line Cards To remove an expansion line card: 1. 2. 3. 4. 5. 6. Turn off the appliance. Remove the power cords from the power supply units. Loosen the retaining screws on the expansion line card. Holding the screws, pull the expansion line card out of the expansion slot. Put the metal cover on the expansion slot. Tighten the screws on the metal cover.
Chapter 5 Restoring Factory Defaults If necessary, restore the appliance to its factory default settings. Important - If you restore factory defaults, all information on the appliance is deleted. In This Chapter Restoring Using the WebUI Restoring Using the Console Boot Menu Restoring Using the LCD Panel 41 41 42 Restoring Using the WebUI To restore the appliance to its default factory configuration using the WebUI: 1. In a Web browser, navigate to https://:4434 2.
Restoring Factory Defaults 3. Configure the terminal emulation program: 4. 5. 6. 7. 8. In the HyperTerminal Connect To window, select a port from the Connect using list. In PuTTY select the Serial connection type. Define the serial port settings: 9600 BPS, 8 bits, no parity, 1 stop bit. From the Flow control list, select None. Connect to the appliance. Turn on the appliance. The appliance initializes and status messages are shown in the terminal emulation program. 9.
Restoring Factory Defaults 2. When the countdown begins, press any of the arrow keys. The Boot menu appears. 3. Using the arrow buttons, scroll to the relevant default factory image. 4. Press . 5. Confirm the reset by pressing . Pressing any other button causes the Action Canceled message to display: At this point, pressing any key returns you to the boot menu. 6. Once you have confirmed the reset, wait for the appliance to restore the factory image.
Chapter 6 Registration and Support In This Chapter Registration Support Where To From Here? 45 45 45 Registration The appliance requires a product-specific Check Point license. Get a license and register at the Check Point Appliance Registration site (http://register.checkpoint.com/cpapp). Support For additional technical information about Check Point products, consult the Check Point Support Center (http://supportcenter.checkpoint.com). Where To From Here? You have the basics to get started.
Appendix A Compliance Information This appendix contains declaration of conformity, compliance, and related regulatory information. In This Appendix Declaration of Conformity 47 Declaration of Conformity Manufacturer’s Name: Check Point Software Technologies Ltd.
Compliance Information Safety CISPR22 Information Technology Equipment - Radio Disturbance Characteristics EN55022, Class A Information Technology Equipment - Radio Disturbance Characteristics EN 61000-3-2 Information Technology Equipment - Harmonics Characteristics EN61000-3-3 Information Technology Equipment - Flicker Characteristics EN 55024 Information Technology Equipment - Immunity Characteristics EN61000-4-2 Information Technology Equipment - Electrostatic Discharge Immunity EN61000-4-3
Compliance Information FCC Notice (US) This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
