Infinity Check point 1100 Instruction Manual

6 November 2017

Administration Guide

CHECK POINT

1100/1200R/1400

APPLIANCES

CENTRALLY MANAGED

Models: L-50, L-50D, L-50W, L-50WD, L-61i, L-71,

L-71W, L-72, L-72W, L-72P

R77.20.70

Classification: [Protected]

distributed under licensing restricting their use, copying, distribution, and decompilation. No part

of this product or related documentation may be reproduced in any form or by any means without

prior written authorization of Check Point. While every precaution has been taken in the

preparation of this book, Check Point assumes no responsibility for errors or omissions. This

publication and features described herein are subject to change without notice.

RESTRICTED RIGHTS LEGEND:

Use, duplication, or disclosure by the government is subject to restrictions as set forth in

subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS

252.227-7013 and FAR 52.227-19.

TRADEMARKS:

Refer to the Copyright page http://www.checkpoint.com/copyright.html for a list of our

trademarks.

Refer to the Third Party copyright notices http://www.checkpoint.com/3rd_party_copyright.html

for a list of relevant copyrights and third-party licenses.

Important Information

Latest Software

We recommend that you install the most recent software release to stay up-to-date

with the latest functional improvements, stability fixes, security enhancements and

protection against new and evolving attacks.

Check Point R77.20.70

For more about this release, see the R77.20.70 home page

http://supportcontent.checkpoint.com/solutions?id=sk120473.

Latest Version of this Document

Download the latest version of this document

http://downloads.checkpoint.com/dc/download.htm?ID=57880.

To learn more, visit the Check Point Support Center

http://supportcenter.checkpoint.com.

Feedback

Check Point is engaged in a continuous effort to improve its documentation.

Please help us by sending your comments

mailto:cp_techpub_feedba[email protected]?subject=Feedback on Check Point

1100/1200R/1400 Appliances Centrally Managed R77.20.70 Administration Guide.

Revision History

Date

Description

06 November 2017 First release of this document

Contents

Important Information...................................................................................................3

Check Point 1100, 1200R, and 1400 Appliance Overview...............................................7

Installation ....................................................................................................................8

Setting Up the Check Point Appliance.......................................................................8

Connecting the Cables ..............................................................................................8

About the PoE............................................................................................................8

Deployment Types.....................................................................................................9

Predefining a Centrally Managed Deployment..........................................................9

Small-scale Deployment Installation......................................................................10

Small-scale Deployment Workflow ...............................................................................10

Defining a Gateway Object .............................................................................................10

Defining a Gateway Cluster Object.................................................................................13

Creating the Security Policy ..........................................................................................17

Setting Server IP Behind a 3rd Party NAT Device ..........................................................21

Large-scale Deployment Installation...................................................................... 22

Supported Security Management Versions....................................................................22

Large-scale Deployment Workflow ...............................................................................22

Defining a SmartLSM Gateway Profile for a Large-scale Deployment...........................23

Defining a SmartLSM Appliance Cluster Profile ............................................................23

Deploying with SmartProvisioning.................................................................................24

Installing a Security Policy ............................................................................................25

Viewing the Policy Installation Status............................................................................25

SmartProvisioning ......................................................................................................28

Creating a Gateway ................................................................................................. 28

General Properties ........................................................................................................28

More Information...........................................................................................................28

Communication Properties............................................................................................29

VPN Properties..............................................................................................................29

Finish.............................................................................................................................30

Creating a SmartLSM Appliance Cluster ................................................................ 30

General Properties ........................................................................................................30

Cluster Properties.........................................................................................................30

Cluster Names...............................................................................................................31

More Information...........................................................................................................31

Communication Properties............................................................................................31

VPN Properties..............................................................................................................31

Finish.............................................................................................................................31

Defining SmartLSM Gateways Using LSM CLI......................................................... 32

Managing Device Settings .......................................................................................32

Configuring Firmware ...................................................................................................32

Configuring RADIUS ......................................................................................................34

Configuring Hotspot.......................................................................................................35

Configuring a Configuration Script ................................................................................36

Configuring Profile Settings ..........................................................................................36

First Time Deployment Options...................................................................................38

Zero Touch Cloud Service ....................................................................................... 38

Deploying from a USB Drive or SD Card..................................................................39

Sample Configuration File .............................................................................................40

Preparing the Configuration Files .................................................................................40

Deploying the Configuration File - Initial Configuration.................................................40

Deploying the Configuration File - Existing Configuration .............................................41

Viewing Configuration Logs ...........................................................................................42

Troubleshooting Configuration Files .............................................................................42

Using the set property Command ..................................................................................43

Appliance Configuration..............................................................................................44

Introduction to the WebUI Application ....................................................................44

The Home Tab .........................................................................................................45

Viewing System Information ..........................................................................................45

Controlling and Monitoring Software Blades.................................................................45

Setting the Management Mode ......................................................................................46

Managing Licenses ........................................................................................................47

Viewing the Site Map .....................................................................................................48

Managing Active Computers ..........................................................................................48

Viewing Monitoring Data................................................................................................49

Viewing Reports.............................................................................................................51

Using System Tools .......................................................................................................53

Managing the Device ...............................................................................................55

Configuring Internet Connectivity ..................................................................................55

Configuring the Wireless Network ................................................................................58

Configuring the Local Network......................................................................................62

Configuring a Hotspot....................................................................................................70

Configuring the Routing Table.......................................................................................72

Configuring MAC Filtering .............................................................................................74

Configuring the DNS Server ..........................................................................................76

Configuring the Proxy Server ........................................................................................77

Backup, Restore, Upgrade, and Other System Operations.............................................77

Configuring Local and Remote System Administrators .................................................81

Configuring Administrator Access.................................................................................85

Managing Device Details................................................................................................87

Managing Date and Time ...............................................................................................87

Configuring DDNS and Access Services.........................................................................88

Using System Tools .......................................................................................................89

Managing Installed Certificates.....................................................................................90

Configuring High Availability .........................................................................................91

Configuring Advanced Settings......................................................................................91

Managing Users and Objects...................................................................................93

Configuring Local Users and User Groups.....................................................................93

Configuring Local and Remote System Administrators .................................................94

Managing Authentication Servers..................................................................................98

Managing System Services ..........................................................................................100

Managing Service Groups ............................................................................................101

Managing Network Objects..........................................................................................102

Managing URL Lists.....................................................................................................104

Logs and Monitoring ............................................................................................. 106

Viewing Security Logs..................................................................................................106

Viewing System Logs...................................................................................................107

Configuring External Log Servers ...............................................................................108

Managing Active Computers ........................................................................................108

Viewing Infected Hosts ................................................................................................108

Viewing VPN Tunnels...................................................................................................110

Viewing Active Connections .........................................................................................110

Viewing Monitoring Data..............................................................................................111

Viewing Reports...........................................................................................................111

Using System Tools .....................................................................................................111

SNMP...........................................................................................................................111

Advanced Configuration ............................................................................................ 113

Dynamic Routing ................................................................................................... 113

Upgrade Using a USB Drive................................................................................... 114

Upgrade Using an SD Card.................................................................................... 116

Boot Loader........................................................................................................... 117

Upgrade Using Boot Loader .................................................................................. 118

Restoring Factory Defaults ................................................................................... 119

Index.......................................................................................................................... 121

Check Point 1100/1200R/1400 Appliances Centrally Managed Administration Guide R77.20.70 | 7

CHAPT E R 1

Check Point 1100, 1200R, and 1400

Appliance Overview

Check Point 1100, 1200R, and 1400 appliances support the Check Point Software Blade

architecture and provide independent, modular and centrally managed security building blocks.

You can quickly enable and configure the Software Blades to meet your specific security needs.

These appliances run an embedded version of the Gaia operating system. It includes core

configuration elements such as clish interface, SNMPv2/3 and routing stack implementations. In

addition to the Gaia features, Embedded Gaia contains support for built-in network switches,

wireless networks, 4G/LTE Internet connectivity, multiple Internet connections (more than 2) in

High Availability or Load Sharing mode, Policy Based Routing, and DDNS support. Quick

deployment with USB is supported for all appliances, and with an SD card for the 1200R and 1400

appliances..

The Check Point 1200R appliance is a ruggedized appliance that delivers Next Generation Threat

Prevention for critical infrastructure and industrial control systems. This solid-state appliance is

specifically designed to secure SCADA (supervisory control and data acquisition) protocols and OT

(operational technology) equipment that operates under harsh environmental conditions. It

complies with industrial specifications IEEE 1613, IEC 61850-3, IEC 60068-2 for heat, vibration and

immunity to electromagnetic interference (EMI).

This guide describes all aspects that apply to central management mode. For more information on

local management, see the

1100/1200R/1400 Locally Managed Administration Guide

Note - Some topics only apply to specified appliances or models.

Appliance

Model

Appliance Homepage

1100 Wired, WiFi sk105379

http://supportcontent.checkpoint.com/solutions?id=sk

105379

1200R Wired

1430/1450 Wired, WiFi sk110985

http://supportcontent.checkpoint.com/solutions?id=sk

110985

1470/1490 Wired, WiFi, PoE Wired

For front and back panel details for each appliance, see the relevant

Getting Started Guide

Review these materials before doing the procedures in this guide:

•

R77.20.70 Release Notes

•Known Limitations

•Resolved Issues

•

Getting Started Guide

See the R77.20.70 home page http://supportcontent.checkpoint.com/solutions?id=sk120473.

Check Point 1100/1200R/1400 Appliances Centrally Managed Administration Guide R77.20.70 | 8

CHAPT E R 2

Installation

In This Section:

Setting Up the Check Point Appliance...........................................................................8

Connecting the Cables ...................................................................................................8

About the PoE .................................................................................................................8

Deployment Types ..........................................................................................................9

Predefining a Centrally Managed Deployment .............................................................9

Small-scale Deployment Installation ..........................................................................10

Large-scale Deployment Installation..........................................................................22

Setting Up the Check Point Appliance

Remove the Check Point Appliance from the shipping carton and place it on a tabletop.

Identity the network interface marked as LAN1. This interface is preconfigured with the IP

address 192.168.1.1.

Connecting the Cables

Connect the power supply unit to the appliance and to a power outlet.

The appliance is turned on when the power supply unit is connected to an outlet.

For PoE model -PoE ports (13-16) deliver power to the end point when a standard 802.3af or

802.3at powered device is connected. Total power budget is 62W.

The Power LED on the front panel lights up. This indicates that the appliance is turned on.

The Alert LED (called the Notice LED in the 1100 appliance) on the front panel starts to blink.

This indicates that the appliance is booting up.

When the Alert LED turns off, the appliance is ready for login.

Connect the standard network cable to the LAN1 port on the appliance and to the network

adapter on your PC.

Connect another standard network cable to the WAN port on the appliance and to the external

modem, external router, or network point.

About the PoE

The PoE wired model is in 1470/1490 appliances only.

The PoE switch is a type of PSE (Power Sourcing Equipment), and delivers power to the PD

(Powered Devices) end point. By default, the PoE port automatically provides power when a

compliant PD is connected. There are no specified management requirements.

The PoE standard model is fully supported. It is fully compliant with 802.3af (PoE) and 802.3at

(PoE+). All 4 ports support 802.3af. Due to power budget limitations, only 2 ports at a time support

802.3at.

Installation

Check Point 1100/1200R/1400 Appliances Centrally Managed Administration Guide R77.20.70 | 9

The total power dedicated for all PoE ports is 62W:

•802.3af maximum power delivery per port is 15.4W

•802.3at maximum power delivery per port is 31W

Deployment Types

There are two types of centrally managed deployments:

•Small-scale deployment - Where you configure between 1 and 25 Check Point Appliance

gateways using SmartDashboard. Then you can manage device settings from

SmartProvisioning.

•Large-scale deployment - Where you configure over 25 Check Point Appliance gateways using

a SmartLSM profile and SmartProvisioning or a configuration file that is stored on a USB drive.

For both deployment types, you must configure objects and other elements in SmartDashboard

and in SmartProvisioning.

Predefining a Centrally Managed Deployment

To manage the Check Point Appliance in a centrally managed deployment, you must install a

Security Management Server and SmartConsole clients that operate with the Check Point

Appliance.

The Check Point Appliance operates with Security Management Server versions R77.30 and

higher.

For installation instructions, see the version's Release Notes.

After you install the SmartConsole clients you can define the Check Point Appliance object in

SmartDashboard (in small-scale deployments) or create a SmartLSM profile (in large-scale

deployments) and prepare the security policy.

Check Point 1100/1200R/1400 Appliances Centrally Managed Administration Guide R77.20.70 | 10

CHAPT E R 3

Small-scale Deployment Installation

In This Section:

Small-scale Deployment Workflow .............................................................................10

Defining a Gateway Object............................................................................................10

Defining a Gateway Cluster Object ..............................................................................13

Creating the Security Policy.........................................................................................17

Setting Server IP Behind a 3rd Party NAT Device.......................................................21

This chapter contains procedures for defining a gateway or a gateway cluster. Do the procedures

that match your requirements, then install the policy.

Small-scale Deployment Workflow

This is the suggested workflow for small-scale deployments:

Create the necessary gateway or cluster objects for your appliances in SmartDashboard.

Install the Security Policy in SmartDashboard.

Configure the relevant appliances with the First Time Configuration Wizard. Alternatively, you

can use a USB drive to quickly configure many appliances without the First Time Configuration

Wizard. For more details, see Deploying from a USB Drive.

Manage the appliance settings in SmartProvisioning for the gateway or cluster objects.

Defining a Gateway Object

You can use the SmartDashboard creation wizard to define a Check Point Appliance before or after

you configure the appliance on site.

Options to define a gateway object:

•Management First - Define the gateway object in SmartDashboard before you configure and

set up the actual appliance on site. This is commonly used for remotely deployed appliances or

appliances that connect to the Security Management Server with a dynamic IP (assigned by a

DHCP server or an ISP), as the IP is not known at the time of the configuration of the object in

SmartDashboard. You can prepare a policy that the appliance pulls when it is configured.

•Gateway First – Configure and set up the Check Point Appliance first. It then tries to

communicate with the Security Management Server (if this is configured) at 1 hour intervals. If

there is connectivity with the gateway during object creation in SmartDashboard, the wizard

can retrieve data from the gateway (such as topology), and then help in configuration.

To define a single gateway object:

From the Network Objects tree, right click Check Point and select Security Gateway.

The Check Point Security Gateway Creation window opens.

Select Wizard Mode.

The wizard opens to General Properties.

This manual suits for next models

Table of contents

Popular Network Hardware manuals by other brands

socomec

socomec SNMP Card II quick start guide

NVR SYSTEMS

NVR SYSTEMS 4-CH user manual

Draytek

Draytek VigorSwitch G1240 quick start guide

Westermo

Westermo TD-34 LV installation manual

LaCie

LaCie Network Space MAX Quick install guide

ZoneVu

ZoneVu ZSI-450-IP Installation guide & user manual

QNAP

QNAP Turbo NAS Application notes

OpenEye

OpenEye MV Series quick start guide

Huawei

Huawei SmartAX MT880a quick start guide

Proxim

Proxim Tsunami QuickBridge 2454-R installation guide

Bay Networks

Bay Networks CLAM quick start guide

Innodisk

Innodisk SATADOM-SH 3SE Series manual

Cisco

Cisco CGR 1000 Series Getting connected guide

Matrix Switch Corporation

Matrix Switch Corporation MSC-HD161DEL product manual

National Instruments

National Instruments NI 653x user manual

B&B Electronics

B&B Electronics ZXT9-IO-222R2 product manual

Yudor

Yudor YDS-16 user manual

D-Link

D-Link ShareCenter DNS-320L datasheet

Infinity CHECK POINT 1100 Instruction Manual

Popular Network Hardware manuals by other brands