Quantum CHECK POINT SPARK 1500 Series Instruction Manual
Models: V-80, V-80W, V-81, V-81W, V-81WL, V-81WD, V-81R, V-81WLR, V-82, V-83 [Classification: Protected]
12 April2022
QUANTUM SPARK 1500,
1600 AND 1800
APPLIANCE SERIES
R80.20.40
Locally Managed
Administration Guide
Check Point Copyright Notice
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 2
Check Point Copyright Notice
© 2022 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under
licensing restricting their use, copying, distribution, and decompilation. No part of this product or related
documentation may be reproduced in any form or by any means without prior written authorization of Check
Point. While every precaution has been taken in the preparation of this book, Check Point assumes no
responsibility for errors or omissions. This publication and features described herein are subject to change
without notice.
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)
(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR
52.227-19.
TRADEMARKS:
Refer to the Copyright page for a list of our trademarks.
Refer to the Third Party copyright notices for a list of relevant copyrights and third-party licenses.
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 3
Important Information
Latest Software
We recommend that you install the most recent software release to stay up-to-date with the
latest functional improvements, stability fixes, security enhancements and protection against
new and evolving attacks.
Certifications
For third party independent certification of Check Point products, see the Check Point
Certifications page.
Check Point R80.20.40
For more about this release, see the R80.20.40 home page.
Latest Version of this Document in English
Open the latest version of this document in a Web browser.
Download the latest version of this document in PDF format.
Feedback
Check Point is engaged in a continuous effort to improve its documentation.
Please help us by sending your comments.
Revision History
Date Description
12 April2022 First release of this document
Table of Contents
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 4
Table of Contents
Quantum Spark 1500, 1600 and 1800 Appliance Series Overview
11
1500 Appliances
11
1600 and 1800 Appliances
11
Getting Started
13
Setting up the Quantum Spark Appliance
15
First Time Deployment Options
16
Zero Touch Cloud Service
17
Deploying from a USB Drive or SD Card
18
Sample Configuration File
18
Preparing the Configuration Files
18
Deploying the Configuration File - Initial Configuration
19
Deploying the Configuration File - Existing Configuration
20
Viewing Configuration Logs
20
Troubleshooting Configuration Files
21
Configuration File Error
21
Suggested Workflow - Configuration File Error
21
Sample Configuration Log with Error
22
Using the set property Command
22
Configuration and Upgrade Scenarios
23
Configuring Cloud Services
23
Configuring a Guest Network
24
Configuring VPN
25
Configuring Remote Access VPN
25
Introduction
25
Prerequisites
25
Remote Access Configuration
25
L2TP VPN Client configuration
26
Configuring Site to Site VPN with a Preshared Secret
27
Introduction
27
Prerequisites
27
Configuration
27
Monitoring
27
Configuring Site to Site VPN with a Certificate
27
Table of Contents
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 5
Introduction
27
Prerequisites
27
Configuration
28
Trust Procedures
28
Monitoring
29
Managing Clusters
30
Configuring a Cluster
30
Upgrading a Cluster
31
Configuring QoS
33
Appliance Configuration
34
The Home Tab
35
Viewing System Information
35
Controlling and Monitoring Software Blades
36
Setting the Management Mode
38
Configuring Cloud Services
40
Managing Licenses
43
Viewing the Site Map
45
Notifications
45
Managing Active Devices
46
Viewing Monitoring Data
48
Network
48
Troubleshooting
49
Viewing Reports
50
Using System Tools
52
Managing the Device
54
Configuring Internet Connectivity
54
The 'Configuration' tab
55
Prefix Delegation (IPv6 only)
58
Neighbor Discover Protocol (ND Proxy) - IPv6 only
59
DS-Lite (Dual Stack Lite, IPoE)
60
IPIP
60
Creating a New Bond (WAN)
62
Configuring a USB Cellular Connection
63
Configuring an LTE Internet Connection (WiFi-LTE models only)
63
The 'Connection Monitoring' tab
65
Table of Contents
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 6
The 'Advanced' tab
66
Monitoring
68
Configuring Wireless Network
70
Wireless Scheduler
70
Wi-Fi Quality Analyzer
74
Configuring the Local Network
76
Reserved IP Address for Specific MAC
77
Switch
77
WAN as LAN
78
Monitor Mode
79
Physical Interfaces
80
Bridge
81
VLANs
84
Alias IP
84
VPN Tunnel (VTI)
85
Virtual Access Point (VAP)
86
BOND
87
Configuring a Hotspot
89
Configuring the Routing Table
92
Configuring MAC Filtering
95
802.1x Authentication Protocol
96
Configuring the DNS Server
98
Configuring the Proxy Server
99
Backup, Restore, Upgrade, and Other System Operations
100
Using the Software Upgrade Wizard
102
Welcome
102
Upload Software
103
Upgrade Settings
103
Upgrading
103
Backing up the System
103
Configuring Local and Remote System Administrators
105
Configuring Administrator Access
111
Managing Device Details
113
Managing Date and Time
114
Configuring DDNS and Access Service
115
Table of Contents
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 7
DDNS
115
Reach My Device
115
Remote Access to the WebUI
116
Remote Access to the CLI
116
Using System Tools
116
Managing Installed Certificates
116
Managing Internal Certificates
119
Configuring High Availability
121
Advanced Settings
125
Managing the Access Policy
158
Configuring the Firewall Access Policy and Blade
158
Firewall Policy
159
Application & URL Filtering
160
Updates
161
User Awareness
162
Tracking
163
More Information
163
Working with the Firewall Access Policy
164
Firewall Policy
164
Configuring Access Rules
167
Updatable Objects
169
Customizing Messages
169
Defining Firewall Servers
171
Defining NAT Control
174
Advanced - Creating and Editing NAT Rules
179
Inspecting VoIP Traffic
181
Introduction
182
Configuration
184
Working with User Awareness
185
Configuring the QoS Blade
188
Working with QoS Policy
190
SSL Inspection Policy
193
SSL Inspection
193
Deploying SSL Inspection
193
SSL Inspection Bypass Policy
194
Table of Contents
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 8
HTTPS Categorization
195
SSL Inspection Exceptions
196
SSL Inspection Advanced
197
Managing Threat Prevention
198
Configuring Threat Prevention Blade Control
198
Configuring Threat Prevention Policy Exceptions
201
Threat Prevention Exceptions
201
allowlists
201
Threat Prevention - Infinity SOC
202
Viewing Infected Devices
204
Viewing the IPS Protections List
207
Advanced Threat Prevention Engine Settings
208
IPS
208
Anti-Virus
208
Anti-Bot
210
Threat Emulation
211
User Messages
212
Configuring the Anti-Spam Blade Control
214
Configuring Anti-Spam Exceptions
216
Managing VPN
217
Configuring the Remote Access Blade
217
Configuring Remote Access Users
220
Two-Factor Authentication
222
Remote Access - Connected Remote Users
225
Configuring Remote Access Authentication Servers
226
Configuring Advanced Remote Access Options
229
Office Mode
229
DNS Servers for Remote Access users
230
DNS Domain Name
230
SSL VPN bookmarks
231
Configuring the Site to Site VPN Blade
232
Configuring VPN Sites
233
Configuring Advanced Site to Site Community Settings
239
Viewing VPN Tunnels
240
Configuring Advanced Site to Site Settings
241
Table of Contents
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 9
Configuring a Local Encryption Domain
241
Configuring the Appliance Interfaces
242
Tunnel Health Monitoring
243
Managing Trusted CAs
244
Managing Installed Certificates
246
Managing Internal Certificates
248
Managing Users and Objects
250
Working with User Awareness
250
Configuring Local Users and User Groups
253
Configuring Local and Remote System Administrators
255
Managing Authentication Servers
261
Managing Applications & URLs
265
Managing System Services
267
Managing Service Groups
270
Managing Network Objects
272
Managing Network Object Groups
275
Logs and Monitoring
276
Viewing Security Logs
276
Viewing System Logs
278
Configuring External Log Servers
279
External Check Point Log Server
279
Syslog Server Configuration
280
Secured Syslog
281
Notifications
282
Managing Active Devices
282
Wireless Active Devices
282
Paired Mobile Devices
282
Viewing Infected Devices
282
Viewing VPN Tunnels
283
Viewing Active Connections
284
Access Points
285
Viewing Monitoring Data
285
Viewing Reports
285
Using System Tools
285
SNMP
286
Table of Contents
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 10
SNMP Traps Receivers
287
SNMP Traps
287
SNMPTraps for VPNTunnels
287
SNMP Traps for Hardware Sensors
287
Advanced Configuration
289
Upgrade Using a USB Drive
289
Upgrade Using an SD Card
290
Boot Loader
291
Upgrade Using Boot Loader
292
Restoring Factory Defaults
293
RESTful API
295
Enabling and disabling the REST API
295
Request Structure
295
Response Structure
296
Versioning
296
REST API Commands
297
(1) Login
297
(2) Logout
298
(3) Generate-Report
298
(4) Run-Clish-Command
299
Quantum Spark 1500, 1600 and 1800 Appliance Series Overview
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 11
Quantum Spark 1500, 1600 and
1800 Appliance Series Overview
1500 Appliances
Quantum Spark1500 appliance series includes the 1530, 1550, 1570, 1590, and 1570R appliances. These
appliances support the Check Point Software Blade architecture and provide independent modular security
building blocks. You can quickly enable and configure the Software Blades to meet your specific security
needs.
Quantum Spark 1530, 1550, 1570, 1590, and 1570R appliances deliver integrated unified threat
management to protect your organization from today's emerging threats. Based on proven Check Point
security technologies such as Stateful Inspection, Application Intelligence, and SMART (Security
Management Architecture), the appliances provides simplified deployment while delivering uncompromising
levels of security.
These appliances run an embedded version of the Gaia operating system. The appliances include core
configuration elements such as clish interface, SNMPv2/3 and routing stack implementations. In addition to
the Gaia features, Embedded Gaia contains support for built-in network switches, wireless networks, 4G
LTE Internet connectivity, multiple Internet connections (more than 2) in High Availability or Load Sharing
mode, Policy Based Routing, and DDNS support. Quick deployment with USB is supported for all
appliances, and with SD card and Dual SIM card for the 1570 / 1590 appliances. For more information, see
the 1500 appliance series product page.
This guide describes all aspects that apply to the Quantum Spark 1530 / 1550, 1570R, and 1570 / 1590
Appliances.
1600 and 1800 Appliances
The Quantum Spark 1600 / 1800 Security Appliances, part of the new 1600 / 1800 Appliance family, deliver
enterprise-grade security, run the R80 code base in an all-in-one security solution to protect Medium
Business employees, network and data from cyber-theft.
The 1600 / 1800 Security Gateways offer integrated, multi-layered security in a 1U form factor, a high
performance platform which is easy and simple to configure and manage. The Security Gateway offers
firewall, VPN, Anti-Virus, Application Visibility and Control, URL Filtering, Email Security, and SandBlast
Zero-Day Protection.
Quantum Spark 1600 / 1800 Security Appliances can be managed either locally in a Web interface, or
centrally by means of a cloud-based Quantum Spark Security Management Portal (Quantum Spark Portal).
Note - Some topics only apply to specific appliances or models.
Appliance Model Appliance
Homepage
1530 / 1550 V-80 Wired, V-80W WiFi sk157412
1570 / 1590 V-81 Wired, V-81W WiFi, V-81WL WiFi-LTE, V-81WD WiFi-
DSL
sk157412
Quantum Spark 1500, 1600 and 1800 Appliance Series Overview
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 12
Appliance Model Appliance
Homepage
1570R V-81R, V-81WLR sk166654
1600 V-82 (wired only) sk168880
1800 V-83 (wired only) sk168880
For front, side, and back panel details for each appliance, see the relevant
Getting Started Guide
.
Review these materials before doing the procedures in this guide:
nR80.20.40 SMB Release Notes
nKnown Limitations
nResolved Issues
nGetting Started Guide
nSmall Business Security video channel
See the SMB R80.20.40 home page.
Getting Started
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 13
Getting Started
This Administration Guide describes:
nInstalling the appliance and connecting the cables.
nConfiguring Security Policies.
nConfiguring local users and administrators.
nConfiguring VPN.
nConfiguring a cluster.
nConfiguring advanced settings.
nLogging and monitoring
Workflow:
1. Install the Quantum Spark appliance and connect all cables.
See the:
n
Getting Started Guide for 1530 / 1550 Appliances
.
n
Getting Started Guide for 1570 / 1590 Appliances
.
n
Getting Started Guide for 1570R Appliances
.
n
Getting Started Guide for 1600 / 1800 Appliances
.
n
"Setting up the Quantum Spark Appliance" on page15
.
2. Follow the applicable First Time Deployment option.
See
"First Time Deployment Options" on page16
.
3. Install the required licenses.
See
"Managing Licenses" on page43
4. Configure the required users and objects.
See
"Managing Users and Objects" on page250
.
5. Configure required appliance settings.
See
"Managing the Device" on page54
.
6. Configure and install the required Security Policies.
See:
n
"Managing the Access Policy" on page158
n
"Managing Threat Prevention" on page198
7. Make sure the appliance works as required.
See
"Logs and Monitoring" on page276
.
8. Configure other required settings, such as:
Setting up the Quantum Spark Appliance
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 15
Setting up the Quantum Spark
Appliance
To set up the Quantum Spark 1530 / 1550, 1570 / 1590, 1570R, 1600, and 1800 Appliance:
1. Remove the Quantum Spark Appliance from the shipping carton and place it on a tabletop.
2. Identity the network interface marked as LAN1.
This interface is preconfigured with the IP address 192.168.1.1 and Subnet Mask 255.255.255.0.
Connecting the Cables:
1. Connect the power cable to the appliance. The appliance is connected directly to the power source.
1530 / 1550 appliances only: Turn on the power switch located on the back panel.
2. When the appliance is turned on, the Power LED on the front panel lights up in red for a short period.
The LED then turns blue and starts to blink. This shows a boot is in progress and firmware is being
installed.
When the LED turns a solid blue, the appliance is ready for login.
Note – The LED is red if there is an alert or error.
nIf you use an external modem:
Connect the Ethernet cable to the WAN port on the appliance back panel and plug it into your
external modem or router's PC/LAN network port. The Internet LED on the appliance front
panel lights up when the Ethernet is connected.
nIf you do not use an external modem:
Connect the telephone cable to the DSL port on the appliance back panel and plug it into the
DSL line socket. The DSL LED as well as the Internet Link LED remains off until you configure
the appliance, including setting up the DSL as an internet connection.
3. Connect the standard network cable to the LAN1 port on the appliance and to the network adapter on
your PC.
Note - Wait 10 seconds between power cycles (off and on).
First Time Deployment Options
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 16
First Time Deployment Options
There are different options for first time deployment of your Small and Medium Business (SMB) gateways:
nFirst Time Configuration Wizard - For more information, see the
Getting Started Guide
for your
appliance model.
n
"Zero Touch Cloud Service" on page17
n
"Deploying from a USB Drive or SD Card" on page18
Note - SD card deployment is supported only in 1570 / 1590 appliances.
Zero Touch Cloud Service
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 17
Zero Touch Cloud Service
The Zero Touch Cloud Service lets you easily manage the initial deployment of your gateways in the
Check
Point Zero Touch Portal
.
Note - You cannot use Zero Touch if you connect to the internet through a proxy server.
Zero Touch enables a gateway to automatically fetch settings from the cloud when it is connected to the
internet for the first time.
Note - The appliance is fully configured after you complete the First Time Configuration Wizard (click Finish
on the final screen or click Quit on an earlier screen after you enter a username and password). To use the
Zero Touch Cloud Service after this point, you must first restore the factory defaults.
If the gateway connects to the internet using DHCP, the gateway fetches the Zero Touch settings without
any additional action. If no DHCP service is available, you must run the First Time Configuration Wizard,
configure the Internet Connection settings, and then fetch the settings from the Zero Touch server.
To connect to the Zero Touch server from the First Time Configuration Wizard:
1. In the Welcome page of the First Time Configuration Wizard, click Fetch Settings from the Cloud.
2. In the window that opens, click Yes to confirm that you want to proceed.
3. The Internet connection page of the First Time Configuration Wizard opens. Configure your Internet
connection and click Connect.
4. The settings are automatically downloaded and installed.
5. A new window opens and shows the installation status. It may take several minutes until the
installation is complete.
Note - If a collision is detected between an internal network (LAN) and an IP returned via DHCP (WAN), the
conflicting LAN address is changed automatically. If a colliding LAN IP address is changed, a message
appears in the system logs.
When you reconnect to the WebUI or click Refresh, the browser opens to show the status of the installation
process.
After the gateway downloads and successfully applies the settings, it does not connect to the Zero Touch
server again.
For more information on how to use Zero Touch, see sk116375 and the
R80.20 ZeroTouch Web Portal
Administration Guide
Deploying from a USB Drive or SD Card
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 18
Deploying from a USB Drive or SD Card
You can deploy the Quantum Spark Appliance configuration files from a USB drive or SD card (1570 / 1590,
1600 / 1800 appliances only) and quickly configure many appliances without using the First Time
Configuration Wizard. The configuration file lets you configure more settings and parameters than are
available in the First Time Configuration Wizard.
Note - SD card deployment is not supported for 1530 / 1550 appliances.
You can deploy configuration files in these conditions:
nAn appliance with default settings is not configured at all.
nAn appliance that already has an existing configuration.
The Quantum Spark Appliance starts, automatically mounts the USB drive, and searches the root directory
for a configuration file.
Note - The USB drive must be formatted in FAT32. SD cards are formatted with ext4.
Sample Configuration File
This is a sample Quantum Spark 1530 / 1550 Appliance configuration file for USB deployment.
set time-zone GMT+01:00(Amsterdam/Berlin/Bern/Rome/Stockholm/Vienna)
set ntp server primary 10.1.1.10
set ntp server secondary
set user admin type admin password aaaa
set interface WAN ipv4-address 10.1.1.134 subnet-mask 255.255.255.192 default-gw 10.1.1.129
delete interface LAN1_Switch
set dhcp server interface LAN1 disable
set interface LAN1 ipv4-address 10.4.6.3 subnet-mask 255.255.255.0
add interface LAN1 vlan 2
set dhcp server interface LAN1:2 disable
set interface LAN1:2 ipv4-address 10.4.3.3 subnet-mask 255.255.255.0
set dhcp server interface LAN2 disable
set interface LAN2 ipv4-address 192.168.254.254 subnet-mask 255.255.255.248
set interface LAN2 state on
set admin-access interfaces WAN access allow
set hostname DEMOgw01
Preparing the Configuration Files
The Quantum Spark Appliance Massive Deployment configuration files are composed of Gaia Clish
commands.
These are the file names that you can use:
nautoconf.clish
nautoconf.<MAC Address>.clish
<MAC Address>
is the specified MAC address in this format:
XX-XX-XX-XX-XX
You can create multiple configuration files for Quantum Spark Appliance gateways. The gateways run both
files or only one of them. First the autoconf.clish configuration file is loaded. If there is a configuration
file with the same MAC address as the gateway, that file is loaded second.
Use the #symbol to add comments to the configuration file.
Deploying from a USB Drive or SD Card
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 19
Deploying the Configuration File - Initial Configuration
This section describes how to deploy a configuration file on a USB drive to Quantum Spark Appliance. You
must configure and format the file correctly before you deploy it. You can insert the USB drive in the front or
rear USB port. Make sure the USB drive is formatted in FAT32.
You can deploy the configuration file to the Quantum Spark Appliance when the appliance is off or when it is
powered on.
Important - Do not remove the USB drive or insert a second USB drive while the
configuration script runs. This may cause a configuration error.
To deploy the configuration file from a USB drive for the initial configuration:
1. Insert the USB drive into a Quantum Spark Appliance.
nQuantum Spark Appliance is OFF - Turn on the appliance. The Power LED is red when the
appliance is first turned on.It blinks blue while the boot is in progress and then turns solid blue
when the process is complete..
nQuantum Spark Appliance is ON - The appliance automatically detects the USB drive.
2. The Quantum Spark Appliance locates the USB configuration file and begins to run the script. The
USB LED blinks blue while the script runs.
3. The configuration script finishes and the Quantum Spark Appliance Power LED is a constant blue.
4. Remove the USB drive from the Quantum Spark Appliance.
Note - The USB LED is red when there is a problem running the configuration script. Turn off the Quantum
Spark Appliance and confirm that the configuration files are formatted correctly.
Deploying from a USB Drive or SD Card
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 20
Deploying the Configuration File - Existing Configuration
To edit or upgrade the existing configuration of a Quantum Spark Appliance, deploy a configuration file. Use
the set property command to set the appliance to use a configuration file on a USB drive. The USB drive
can be inserted in the front or the rear USB port.
You can deploy the configuration file to the Quantum Spark Appliance either when the appliance is off or
when it is powered on.
Important - Do not remove the USB drive or insert a second USB drive while the
Quantum Spark Appliance configuration script runs. This may cause a configuration
error.
To deploy the configuration file from a USB drive to a configured appliance:
1. From the CLI, enter the command:
set property USB_auto_configuration once
The appliance is set to use a configuration script from a USB drive.
2. Insert the USB drive in the appliance (the appliance automatically detects the USB drive).
The USB LED comes on and is a constant orange.
3. The appliance locates the USB configuration file and begins to run the script. The USB LED blinks
blue while the script runs.
4. The configuration script finishes.
The USB LED is a constant blue and the screen displays: System Started.
5. Remove the USB drive from the appliance.
Note - The USB LED is red when there is a problem running the configuration script. Turn off the appliance
and confirm that the configuration files are formatted correctly.
Viewing Configuration Logs
After the Quantum Spark Appliance is successfully configured from a USB drive, a log is created.
nThe log file is called: autonconf.<MAC Address>.<timestamp>.<log>
nThe log file is created in the USB root directory and in /tmp on the appliance.
This manual suits for next models
9
Table of contents
Other Quantum Network Hardware manuals
Quantum
Quantum FC420 User manual
Quantum
Quantum SMART-1 6000-L User manual
Quantum
Quantum Scalar 50 Quick start guide
Quantum
Quantum 1U User manual
Quantum
Quantum DXi4800 User manual
Quantum
Quantum QWCM User manual
Quantum
Quantum LightSpeed Appliance QLS250 User manual
Quantum
Quantum CHECK POINT 16000 User manual
Quantum
Quantum DX Series User manual
Quantum
Quantum FC310 User manual
