Check Point 730 Getting Started Manual
  1. Manuals
  2. Brands
  3. Check Point Manuals
  4. Gateway
  5. 730
  6. Getting started manual

Check Point 730 Getting Started Manual

Hide thumbs Also See for 730:
Table of Contents

Advertisement

Quick Links

Check Point 730/750
Appliance
Locally Managed
Getting Started Guide
Models: L-71, L-71W, L-71WD Classification: [Protected] P/N 707785

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 730 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Check Point 730

Summary of Contents for Check Point 730

  • Page 1 Check Point 730/750 Appliance Locally Managed Getting Started Guide Models: L-71, L-71W, L-71WD Classification: [Protected] P/N 707785...
  • Page 2 Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
  • Page 3 To learn more, visit the Check Point Support Center https://supportcenter.checkpoint.com. Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments mailto:cp_techpub_feedback@checkpoint.com?subject=Feedba ck on Check Point 730/750 Appliance Locally Managed Getting Started Guide.

  • Page 5: Table Of Contents

    ..............57 ....................58 Cloud Services .................58 Configuring Check Point 730/750 Appliance Workflow ..................59 Setting up the Check Point 730/750 Appliance ....60 Connecting the Cables ............60 First Time Deployment Options Using the First Time Configuration Wizard ......62 Starting the First Time Configuration Wizard...
  • Page 6 Welcome ....................63 Authentication Details ..............66 Appliance Date and Time Settings ..........67 Appliance Name ................69 Internet Connection ................ 70 Local Network ................... 74 Wireless Network ................76 Administrator Access ..............77 Appliance Registration ..............79 Software Blade Activation ............
  • Page 7 Blocking Access for Users or Groups ......104 Configuring Threat Prevention Cyber Threats ................ 105 Enabling/Disabling Threat Prevention Control ..... 106 IPS Security Levels ............... 108 Changing the Anti-Virus, Anti-Bot and Threat Emulation Policy ..................108 Scheduling Blade Updates ..........110 Configuring the Anti-Spam Blade ........
  • Page 8 Configuring a Guest Network ..........127 Monitoring and Reports Viewing Monitoring Reports ..........129 Viewing Security Reports ............130 Viewing System Logs ............131 Getting Support Support ..................133 Where to From Here ............134...

  • Page 9: Health And Safety Information

    To reduce potential safety issues with the DC power source, only use one of these: • The AC adapter supplied with the appliance. • A replacement AC adapter supplied by Check Point. • An AC adapter purchased as an accessory from Check Point.
  • Page 10 To prevent damage to any system, it is important to handle all parts with care. These measures are generally sufficient to protect your equipment from static electricity discharge: • Restore the communications appliance system board and peripherals back into the antistatic bag when they are not in use or not installed in the chassis.
  • Page 11 IMPORTANT SAFETY INSTRUCTIONS: When using your telephone equipment, basic safety precautions should always be followed to reduce the risk of fire, electric shock and injury to persons, including the following: • Do not use this product near water for example, near a bathtub, washbowl, kitchen sink or laundry tub, in a wet basement or near a swimming pool.
  • Page 12 5 Ha'Solelim Street, Tel Aviv 67897, Israel Declares under our sole responsibility, that the products: Model Number: L-71, *L-71W, **L-71WD Product Options: 730 Wired, 730 WiFi, 730 WiFi + DSL, 750 Wired, 750 WiFi, 750 WiFi + DSL Date First Applied: January 2016...
  • Page 13 Conform to the following Product Specifications: RF/Wi-Fi (* marked model) Telecom (** marked model) Certification Type EN 55032:2015 + AC:2016, Class B EMC, EN 55032:2012 + AC:2013, Class B *RF/WiFi, **Telecom EN 55024:2010 / A1:2015 EN 55024:2010 EN61000-3-2:2014 EN61000-3-3:2013 EN61000-4-2:2009 EN61000-4-3:2006+A1:2008+A2:2010 EN61000-4-4:2012 EN61000-4-5:2014...
  • Page 14 Certification Type AS/NZS CISPR 32:2015, Class B EMC, AS/NZS CISPR 32:2013, Class B *RF, **Telecom * AS/NZS 4268:2017 * ARPANSA Radiation Protection Standard No.3:2002AS/NZS 2772.2:2011 (SAR) **AS/CA S041.1-2015 & AS/CA S041.2-2015 **AS/CA S043.1:2015 / AS/CA S043.2:2015...
  • Page 15 Certification Type 47 CRF FCC Part 15, Subpart B, Class B EMC, ANSI C63.4:2009 *RF, **Telecom ANSI C63.4:2014 ICES-003:2012 Issue 5 Class B ICES-003:2016 Issue 6, Class B *47 CFR FCC Part15, Subpart C (section 15.247) ANSI C63.10:2013 *FCC Part 15, Subpart E (Section 15.407) *KDB 905462 D02 UNII DFS Compliance Procedures New Rules v02...
  • Page 16 Federal Communications Commission (FCC) Statement: FCC SDOC According to FCC Part 15 We, Check Point Software Technologies Ltd. Address: Shlomo Kaplan St 5, / HaSolelim St 5 Tel Aviv-Yafo # 67897, Phone: +972-3-753-4555. This device complies with Part 15 of the FCC Rules. Operation...
  • Page 17 Device reports and testing labs details: Responsible party Company Name: Check Point Software Technologies Inc. Company Address: 959 Skyway Road Suite 300, San Carlos, CA 94070 Phone: 1-800-429-4391 Name: Ronen Sasson This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules.
  • Page 18 accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one of the following measures: •...
  • Page 19 For Country Code Selection Usage (WLAN Devices) Note: The country code selection is for non-US models only and is not available to all US models. Per FCC regulation, all WiFi products marketed in the US must be fixed to US operation channels only.
  • Page 20 If trouble is experienced with this Gateway, for repair or warranty information, please contact: Check Point 6330 Commerce Drive Suite 120, Irving, Texas 75063 Office Phone Numbers 972-444-6612...
  • Page 21 If the equipment is causing harm to the telephone network, the telephone company may request that you disconnect the equipment until the problem is resolved. Connection to party line service is subject to state tariffs. Contact the state public utility commission, public service commission or corporation commission for information.
  • Page 22 non inclus dans cette liste, ayant un gain supérieur au gain maximum indiqué pour cette type, sont strictement interdits pour une utilisation avec cet appareil. List of antenna information Gain Components Frequency Antenna Brand Main (MHz) type WLAN 2412~2462 Dipole WIESON 1.93 WLAN...
  • Page 23 20 cm de distance entre la source de rayonnement et votre corps. This device complies with Industry Canada license-exempt RSS standard(s). Operation is subject to the following two conditions: 1. This device may not cause interference, and 2. This device must accept any interference, including interference that may cause undesired operation of the device.
  • Page 24 La fonction de sélection de l'indicatif du pays est désactivée pour les produits commercialisés aux États-Unis et au Canada. FOR WLAN 5 GHz DEVICE: Caution : 1. The device for operation in the band 5150-5250 MHz is only for indoor use to reduce the potential for harmful interference to co-channel mobile satellite systems;...
  • Page 25 2. Le gain maximal d’antenne permis pour les dispositifs utilisant les bandes 5250-5350 MHz et 5470-5725 MHz doit se conformer à la limite de p.i.r.e.; 3. Le gain maximal d’antenne permis (pour les dispositifs utilisant la bande 5725-5825 MHz) doit se conformer à la limite de p.i.r.e.
  • Page 26 Ringer Equivalence Numbers of all the devices does not exceed five. Japan Class B Compliance Statement: European Union (EU) Electromagnetic Compatibility Directive This product is herewith confirmed to comply with the requirements set out in the Council Directive on the Approximation of the Laws of the Member States relating to Electromagnetic Compatibility Directive (2014/30/EU).
  • Page 27 Product Disposal This symbol on the product or on its packaging indicates that this product must not be disposed of with your other household waste. Instead, it is your responsibility to dispose of your waste equipment by handing it over to a designated collection point for the recycling of waste electrical and electronic equipment.

  • Page 28: Informations Relatives À La Santé Et À La Sécurité (Class B)

    L'adaptateur secteur fourni avec l'appareil • Un adaptateur secteur de remplacement, fourni par Check Point • Un adaptateur secteur acheté en tant qu'accessoire auprès de Check Point Pour éviter d'endommager tout système, il est important de manipuler les éléments avec soin. Ces mesures sont...
  • Page 29 généralement suffisantes pour protéger votre équipement contre les décharges d'électricité statique : • Remettez dans leur sachet antistatique la carte système et les périphériques de l'appareil de communications lorsqu'ils ne sont pas utilisés ou installés dans le châssis. Certains circuits sur la carte système peuvent rester fonctionnels lorsque si l'appareil est éteint.
  • Page 30 • Ne pas faire fonctionner le processeur sans refroidissement. Le processeur peut être endommagé en quelques secondes. INSTRUCTIONS DE SÉCURITÉ IMPORTANTES : Lorsque vous utilisez votre équipement téléphonique, des précautions de sécurité élémentaires doivent toujours être respectées afin de réduire le risque incendie, d'électrocution ou de blessures, comme celles qui suivent : •...
  • Page 31 à la naissance et autres dommages relatifs à la reproduction. Se laver les mains après toute manipulation. Déclaration de conformité Nom du constructeur : Check Point Software Technologies Ltd. Adresse du constructeur : 5 Ha'Solelim Street, Tel Aviv 67897, Israël...
  • Page 32 Déclare sous son entière responsabilité que les produits : Numéro de modèle : L-71, *L-71W, **L-71WD Options de produit : 730, 730 Wi-Fi, 730 Wi-Fi + DSL, 750, 750 Wi-Fi, 750 Wi-Fi + DSL Date de demande initiale : Janvier 2016 Sont conformes aux normes produit suivantes : RF/Wi-Fi (modèle signalé...
  • Page 33 Certification Type EN 55032:2015 + AC:2016, Classe B EMC, EN 55032:2012 + AC:2013, Classe B *RF/WiFi, **Telecom EN 55024:2010 / A1:2015 EN 55024:2010 EN61000-3-2:2014 EN61000-3-3:2013 EN61000-4-2:2009 EN61000-4-3:2006+A1:2008+A2:2010 EN61000-4-4:2012 EN61000-4-5:2014 EN61000-4-6:2014 EN61000-4-11:2004 *EN 300 328 V2.1.1 (2016-11) *EN 301 893 V2.1.1 (2017-05) *EN 301 489-1 V2.1.1 (2017-02) *EN 301 489-17 V3.1.1 (2017-02) *EN 62311:2008 (SAR)
  • Page 34 Certification Type AS/NZS CISPR 32:2015, Classe B EMC, AS/NZS CISPR 32:2013, Classe B *RF, **Telecom * AS/NZS 4268:2017 * ARPANSA Radiation Protection Standard No.3:2002AS/NZS 2772.2:2011 (SAR) **AS/CA S041.1-2015 & AS/CA S041.2-2015 **AS/CA S043.1:2015 / AS/CA S043.2:2015...
  • Page 35 Certification Type EMC, 47 CRF FCC Partie 15, Sous-partie B, Classe B *RF, **Telecom ANSI C63.4:2009 ANSI C63.4:2014 ICES-003:2012 Issue 5 Classe B ICES-003:2016 Issue 6, Classe B *47 CFR FCC Partie15, Sous-partie C (section 15.247) ANSI C63.10:2013 *FCC Partie 15, Sous-partie E (Section 15.407) *KDB 905462 D02 UNII DFS Procédure de conformité...
  • Page 36 Date et lieu d'émission : Janvier 2016, Tel Aviv, Israël Déclaration à la Federal Communications Commission (FCC) : Selon section 15 des réglementations de la FCC Nous, Check Point Software Technologies Ltd. Adresse: Shlomo Kaplan St 5, / HaSolelim St 5 Tel Aviv-Yafo # 67897, Phone: +972-3-753-4555.
  • Page 37 Rapports de périphérique et détails des laboratoires de test: Partie responsable Nom de la compagnie: Check Point Software Technologies Inc. Adresse de la compagnie: 959 Skyway Road Suite 300, San Carlos, CA 94070 Téléphone: 1-800-429-4391 Nom: Ronen Sasson Cet équipement a été testé et déclaré conforme aux limites pour appareils numériques de classe B, selon la section 15 des...
  • Page 38 génère, et peut diffuser des fréquences radio et, dans le cas d’une installation et d’une utilisation non conforme aux instructions, il peut provoquer des interférences nuisibles aux communications radio. Cependant, il n’existe aucune garantie qu’aucune interférence ne se produira dans le cadre d'une installation particulière.
  • Page 39 Concernant la sélection du code pays (appareils WLAN) Remarque: la sélection du code pays est uniquement pour les modèles hors Etats-Unis, et reste indisponible pour tout modèle vendus aux États-Unis. Selon la règlementation FCC tous les produits WIFI commercialisés aux Etats-Unis sont fixés uniquement sur des canaux américains.
  • Page 40 En cas de problème avec cette passerelle, et pour toute information concernant une réparation ou la garantie, veuillez contacter : Check Point 6330 Commerce Drive Suite 120, Irving, Texas 75063 Numéro de téléphone de nos bureaux 972-444-6612 En cas d'endommagement du réseau téléphonique causé par...
  • Page 41 demande de débrancher l'équipement jusqu'à ce que le problème soit résolu. La connexion au service de ligne est assujettie aux tarifs en vigueur dans votre État. Veuillez contacter la Commission des services collectifs de proximité, la Commission des services publics et la Commission des sociétés de votre État pour plus d'information.
  • Page 42 List of antenna information Gain Components Frequency Antenna Brand Main (MHz) type WLAN 2412~2462 Dipole WIESON 1.93 WLAN 5180~5240 Dipole WIESON 1.95 WLAN 5260~5320 Dipole WIESON 1.89 WLAN 5500~5580 Dipole WIESON 1.99 WLAN 5660~5720 Dipole WIESON 1.99 WLAN 5745~5825 Dipole WIESON 1.94 Déclaration d'exposition aux radiations:...
  • Page 43 Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. Cet appareil et son antenne ne doivent pas être situés ou fonctionner en conjonction avec une autre antenne ou un autre émetteur, exception faites des radios intégrées qui ont été testées.
  • Page 44 radars pourraient causer du brouillage et/ou des dommages aux dispositifs LAN-EL. Restrictions concernant le raccordement de matériel Avis: Le présent matériel est conforme aux spécifications techniques d’ISED applicables au matériel terminal. Cette conformité est confirmée par le numéro d'enregistrement. Le sigle IC, placé...
  • Page 45 Directive de l'Union européenne relative à la compatibilité électromagnétique Ce produit est certifié conforme aux exigences de la directive du Conseil concernant le rapprochement des législations des États membres relatives à la directive sur la compatibilité électromagnétique (2014/30/EU). Ce produit est conforme à la directive basse tension 2014/35/EU et satisfait aux exigences de la directive 2014/35/EU du Conseil relative aux équipements électriques conçus pour être utilisés dans une certaine plage de tensions,...
  • Page 46 Mise au rebut du produit Ce symbole apposé sur le produit ou son emballage signifie que le produit ne doit pas être mis au rebut avec les autres déchets ménagers. Il est de votre responsabilité de le porter à un centre de collecte désigné pour le recyclage des équipements électriques et électroniques.

  • Page 47: Introduction

    ..................................................Cloud Services ........................Thank you for choosing Check Point's Internet Security Product Suite. Check Point products provide your business with the most up to date and secure solutions available today. Check Point also delivers worldwide technical services including educational, professional, and support services...

  • Page 48: Before You Get Started

    Before You Get Started Review these documents before doing the procedures in this guide: • Release Notes • Known Limitations...

  • Page 49: Shipping Carton Contents

    • RJ11 to RJ11 telephone cable for Annex A DSL modem or RJ11 to TAE telephone cable for Annex B DSL modem (DSL models only) Check Point 730/750 Appliance Quick Start • Guides Guide • Check Point 730/750 Appliance Getting...

  • Page 50: Appliance Diagrams And Specifications

    Appliance Diagrams and Specifications These are the Check Point 730/750 Appliance models: • Wired • Wireless (WiFi) • Wireless (WiFi) + DSL This section describes the differences in the front and back panels.

  • Page 51: Front Panel

    Front Panel Item Description • Off - Normal operation. Alert LED • Blinking green during boot. • Red when the appliance has a resource problem such as memory shortage. • Red blink fast - High temperature or system failure. • Off –...
  • Page 52 Item Description Green when SD card is inserted. SD LED Green when a USB device is connected. USB LED • Blinking green when there is WiFi activity. WiFi LED • Green when there is no WiFi activity. (WiFi and WiFi + DSL models only) •...
  • Page 53 Note - The appliance supports using the SD-card slot (located on the side panel) for log storage. Optional sizes: • 8 GB • 32 GB...

  • Page 54: Back Panel

    Back Panel Item Description ANT1, ANT2 and Ports for attaching wireless network ANT3 antennas. (WiFi and WiFi + DSL models only) Port for attaching telephone cable. (DSL models only) Factory Default Lets you restore the appliance to its factory defaults. The button is recessed into the button appliance chassis to prevent accidental restoring of factory default settings.
  • Page 55 Item Description PWR+12VDC Connects to the power supply unit's cable. Note - The power unit cable must be securely screwed in to the appliance. Reboot button Lets you forcibly reboot the appliance. The button is recessed into the appliance chassis to prevent accidental reboot. The appliance reboots after you press the button.

  • Page 56: Check Point Software Blades Overview

    Check Point Software Blades Overview The available Check Point Software Blades can be divided into these major groups: • Access Policy • Threat Prevention •...

  • Page 57: Access Policy

    Access Policy The Access Policy has these features: Firewall - Makes sure that only allowed traffic enters the • company's network. Other traffic is blocked before it enters. • Application Control and URL Filtering - Makes sure that only authorized applications are used on the network and only allowed websites can be accessed.

  • Page 58: Vpn

    • multiple sites in your network. Cloud Services Cloud Services lets you connect your Check Point 730/750 Appliance to a Cloud Services Provider that uses a Web-based application to manage, configure, and monitor the appliance. See Setting up Cloud Services (on page 123).

  • Page 59: Configuring Check Point 730/750 Appliance

    Workflow This is the recommended workflow for configuring Check Point 730/750 Appliance: 1. Setting up the Check Point 730/750 Appliance (on page 60). 2. Connecting the cables (on page 60). 3. Configuring the appliance with the First Time Configuration Wizard.

  • Page 60: Setting Up The Check Point 730/750 Appliance

    Setting up the Check Point 730/750 Appliance 1. Remove the Check Point 730/750 Appliance from the shipping carton and place it on a tabletop. 2. Identity the network interface marked as LAN1. This interface is preconfigured with the IP address 192.168.1.1.

  • Page 61: First Time Deployment Options

    4. If you do not use an external modem: Connect the telephone cable to the DSL port on the appliance back panel and plug it into the DSL line socket. The DSL Link LED as well as the Internet Link LED remains off until you configure the appliance, including setting up the DSL as an internet connection.

  • Page 62: Using The First Time Configuration Wizard

    Starting the First Time Configuration Wizard To configure the Check Point 730/750 Appliance for the first time after you complete the hardware setup, use the First Time Configuration Wizard.

  • Page 63: Welcome

    To open the WebUI, enter one of these addresses in the browser: • http://my.firewall • http://192.168.1.1:4434 If a security warning message shows, confirm it and continue. The First Time Configuration Wizard runs. Welcome The Welcome page introduces the product and shows the name of your appliance.
  • Page 64 To change the language of the WebUI application: Select the language link at the top of the page. Note - Only English is allowed as the input language.
  • Page 65 Zero Touch Zero Touch enables a gateway to automatically fetch settings from the cloud when it is connected to the internet for the first time. If the gateway connects to the internet via DHCP, the gateway will fetch the Zero Touch settings without any additional action. If no DHCP service is available, you must run the First Time Configuration Wizard, configure the Internet Connection settings, and then fetch the settings from the Zero Touch...

  • Page 66: Authentication Details

    Authentication Details In the Authentication Details page, enter the required details to log in to the Check Point 730/750 Appliance WebUI application or if the wizard terminates abnormally: • Administrator Name - We recommend that you change the default "admin" login name of the administrator. The name is case sensitive.

  • Page 67: Appliance Date And Time Settings

    Appliance Date and Time Settings In the Appliance Date and Time Settings page, configure the appliance's date, time, and time zone settings manually or use the Network Time Protocol option. When you set the time manually, the host computer's settings are used for the default date and time values.
  • Page 68 When you use the NTP option, there are two default servers you can use. These are ntp.checkpoint.com and ntp2.checkpoint.com.

  • Page 69: Appliance Name

    Appliance Name In the Appliance Name page, enter a name to identify the Check Point 730/750 Appliance, and enter a domain name (optional). When the gateway performs DNS resolving for a specified object’s name, the domain name is appended to the object name.

  • Page 70: Internet Connection

    Internet Connection In the Internet Connection page, configure your Internet connectivity details or select Configure Internet connection later. To configure Internet connection now: 1. Select Configure Internet connection now. 2. From the Connection Protocol drop down list, select the protocol used to connect to the Internet. Note - During the First Time Configuration Wizard, you cannot create multiple connections.
  • Page 71 L2TP - Layer 2 Tunneling Protocol (L2TP) is a tunneling • protocol used to support virtual private networks (VPNs). It does not provide any encryption or confidentiality by itself. It relies on an encryption protocol that it passes within the tunnel to provide privacy.
  • Page 72 7. Complete the rest of the First Time Configuration Wizard. 8. Click Finish. We recommend that you configure the DNS as Check Point 730/750 Appliance needs to perform DNS resolving for different functions. For example, to connect to Check Point...
  • Page 73 To test your ISP connection status: Click Connect. The appliance connects to your ISP. Success or failure shows at the bottom of the page.

  • Page 74: Local Network

    Local Network In the Local Network page, select to enable or disable switch on LAN ports and configure your network settings. By default, they are enabled. You can change the IP address and stay connected as the appliance's original IP is kept as an alias IP until the first time you boot the appliance.
  • Page 75 The appliance's IP address is automatically excluded from the range. For example, if the appliance IP is 1.1.1.1, the range also starts from 1.1.1.1, but will exclude its own IP address. Important - If you choose to disable the switch on LAN ports (clear the checkbox), make sure your network cable is placed in the LAN1 port.

  • Page 76: Wireless Network

    Wireless Network This applies to Wireless Network models only. In the Wireless Network page, configure wireless connectivity details. When you configure a wireless network, you must define a network name (SSID). The SSID (service set identifier) is a unique string that identifies a WLAN network to clients that try to open a wireless connection with it.

  • Page 77: Administrator Access

    Administrator Access In the Administrator Access page, configure if administrators can use Check Point 730/750 Appliance from a specified IP address or any IP address. To configure administrator access: 1. Select the sources from where administrators are allowed access: •...
  • Page 78 • Internet - Clear traffic from the Internet (not recommended). 2. Select the IP address from which the administrator can access Check Point 730/750 Appliance: • Any IP address • Specified IP addresses only •...

  • Page 79: Appliance Registration

    Appliance Registration The appliance can connect to the Check Point User Center to pull the license information and activate the appliance. You must register the appliance in your Check Point User Center account. If you don't already have an account, you must create one.
  • Page 80 License activation is not completed. • The registration information for your MAC address can't be found in the Check Point User Center. To activate your appliance later : In the WebUI, go to Home > License > Activate License. To configure a proxy server: 1.
  • Page 81 7. You will be notified that you successfully activated the appliance. The next page shows the license status for each blade.

  • Page 82: Software Blade Activation

    Software Blade Activation Select the software blades to activate on this Check Point 730/750 Appliance. QoS (bandwidth control) can only be activated from the WebUI after completing the First Time Configuration Wizard.

  • Page 83: Summary

    Summary The Summary page shows the details of the elements configured with the First Time Configuration Wizard. Click Finish to complete the First Time Configuration Wizard. The WebUI opens on the Home > System page. To back up the system configuration in the WebUI: Go to Device >...

  • Page 84: Zero Touch Cloud Service

    Zero Touch Cloud Service The Zero Touch Cloud Service lets you easily manage the initial deployment of your gateways in the Zero Touch portal https://zerotouch.checkpoint.com. Zero Touch enables a gateway to automatically fetch settings from the cloud when it is connected to the internet for the first time.
  • Page 85 To connect to the Zero Touch server from the First Time Configuration Wizard: 1. In the Welcome page of the First Time Configuration Wizard, click Fetch Settings from the cloud.
  • Page 86 2. In the window that opens, click Yes to confirm that you want to proceed.
  • Page 87 3. The Internet connection page of First Time Configuration Wizard opens. Configure your Internet connection and click Connect. The settings are automatically downloaded and installed. A new window opens and shows the installation status. It may take several minutes until the installation is complete. When you reconnect to the WebUI or click Refresh, you may see one of these: •...
  • Page 88 Zero Touch server again. For more information on how to use Zero Touch, see sk116375 http://supportcontent.checkpoint.com/solutions?id=sk116375 Check Point Zero Touch User Guide and the Retries mechanism: During cloud activation, there are sometimes temporary issues which prevent the gateway from activating Cloud Services.
  • Page 89 Wait times before retry: Failure Waiting Time 2 minutes 4 minutes 8 minutes 16 minutes Subsequent Retries every 16 minutes until Cloud Services are successfully activated...

  • Page 90: Usb Drive Or Sd Card

    USB Drive or SD Card You can deploy the Check Point 730/750 Appliance configuration files from a USB drive or SD card and quickly configure many appliances without using the First Time Configuration Wizard. The configuration file lets you configure more settings and parameters than are available in the First Time Configuration Wizard.

  • Page 91: Basic System Configuration

    CHAPTER 3 Basic System Configuration In This Section: Threat Prevention Updates ................... Firmware Upgrades ......................Internet Connectivity ....................... Licensing ..........................Backup and Restore ......................Do these configurations after you complete the First Time Configuration Wizard and log in to the appliance. Threat Prevention Updates Click the status bar at the bottom of the WebUI to see updates.

  • Page 92: Firmware Upgrades

    3. Select Recurrence: • Daily • Weekly • Monthly 4. Click Apply. Firmware Upgrades To see notifications of available upgrades: 1. Click the status bar. We recommend you configure automatic upgrades. 2. Move the cursor over the notification to show the version number.

  • Page 93: Internet Connectivity

    To make sure you have the latest version: 1. Go to Device > System Operations. 2. Click Check now. Internet Connectivity To see the Internet Connectivity status: Click the status bar. If you are not connected, go to Devices > Internet.

  • Page 94: Licensing

    Licensing You must first register the appliance in your Check Point User Center account. If you do not have a User Center account, you must create one to receive support and updates. To see license information: 1. Go to Home > License.

  • Page 95: Backup And Restore

    To pull a new license: Go to User Center > License > Reactivate. Backup and Restore Check Point Appliance Administration Guide See the relevant for backup and restore instructions.

  • Page 97: Configuring Access Policy

    Creating a Permanent Access Rule ................Blocking Access for Users or Groups ..............Configuring Firewall Policy Your Check Point 730/750 Appliance is assigned a Firewall policy. To manually change the policy: 1. Go to Access Policy > Firewall Blade Control. 2. Select an action: •...
  • Page 98 These are the security levels: Standard (Default) - Allows outgoing traffic on configured • services, and traffic between internal and trusted wireless networks. Blocks incoming unencrypted traffic. • Strict - Blocks all traffic in all directions. • Off - Allows all traffic. Manually defined rules are not applied.

  • Page 99: Setting Outgoing Services

    Setting Outgoing Services To set outgoing services in a Standard policy: Click all services. To allow specified services only: 1. Click Block all outgoing services except the following. 2. Select the services to allow. To allow all services 1. Click Allow all outgoing services. 2.
  • Page 100 Configure one or more of these options: Block security risk categories - Block applications and • URLs that may be security risks: • Spyware • Phishing • Botnet • Spam • Anonymizer • Hacking This option is selected by default. •...

  • Page 101: Configuring Access Policy

    Configuring Access Policy To configure your access policy using standard categories: 1. Go to Users & Objects > Applications & URLs. 2. Click applications Default Policy or Applications Blade Control page. 3. Select the applications and URLs to block. 4. Click Apply. Blocking Specific Applications or URLs To customize your access policy:...

  • Page 102: Creating A Permanent Access Rule

    3. Select Custom or New to enter a specified application or URL to block. 4. Click Apply. For more information on application and URL control, see the Check Point Appliance Administration Guide relevant or the online help from the top right corner of your WebUI.
  • Page 103 5. In the Add Rule window, click Any in the Application column. 6. From the Common or Custom filter, select a URL or application to apply to the rule. Click New at the bottom of this window, and then select URL or Application to enter a customized URL or application.

  • Page 104: Blocking Access For Users Or Groups

    Blocking Access for Users or Groups To block internet access for users or groups: 1. Complete steps 1 to 4 in Creating a Permanent Access Rule (on page 102). 2. Make sure Any is selected in the Application column and Block is selected in the Action column.

  • Page 105: Configuring Threat Prevention

    Examples include worms, blended threats (combinations of malicious code and vulnerabilities for infection and dissemination) and Trojans. To challenge today's malware landscape, Check Point's comprehensive Threat Prevention solution offers a multi-layered, pre- and post-infection defense approach and a consolidated platform that enables enterprise security to deal with modern malware.

  • Page 106: Enabling/Disabling Threat Prevention Control

    The Intrusion Prevention System (IPS) blocks potentially malicious attempts to exploit known vulnerabilities in files and network protocols. The Anti-Virus engine blocks viruses that pass through web and mail traffic (HTTP and SMTP) as well as through the File Transfer Protocol (FTP). The Anti-Bot engine detects bot-infected machines and blocks bot Command and Control communications.
  • Page 107 the next synchronization between the gateway and Cloud Services.

  • Page 108: Ips Security Levels

    Changing the Anti-Virus, Anti-Bot and Threat Emulation Policy Anti-Virus, Anti-Bot, and Threat Emulation share the same policy. Your Check Point 730/750 Appliance is configured to manage a standard policy. To manually change the policy: Go to Threat Prevention > Engine Settings.
  • Page 109 You can: • Configure when files will be inspected. By default, only incoming files are inspected. • Select policy overrides. • Select file types policy. • Block viruses from web and mail traffic (HTTP, SMTP, and POP3) and from the File Transfer Protocol (FTP). •...

  • Page 110: Scheduling Blade Updates

    3. Select the blades you want to update. 4. Select the recurrence. 5. Click Apply. For more information on Anti-Virus Blade control options, see Check Point Appliance Administration Guide the relevant or the online help from the top right-hand corner of your WebUI.

  • Page 111: Configuring The Anti-Spam Policy

    2. Select On or Off. 3. Click Apply. Configuring the Anti-Spam Policy Your Check Point 730/750 Appliance is configured to manage a typical Anti-Spam Policy. To change this policy, see Configuring Anti-Spam Exceptions (on page 112). The spam filter can identify spam emails by their source address (default), or by email content.

  • Page 112: Configuring Anti-Spam Exceptions

    Configuring Anti-Spam Exceptions You can configure which senders, domains, or IP addresses are not considered spam. Emails from these senders are not inspected. You can also identify specified senders, domains or IP addresses for the Anti-Spam engine to automatically block. To configure Anti-Spam exceptions: 1.

  • Page 113: Configuring Anti-Spam To Detect-Only Mode

    For more information on Anti-Spam Blade control options, see Check Point Appliance Administration Guide the relevant or the online help from the top right-hand corner of your WebUI. Configuring Anti-Spam to Detect-Only Mode To configure the Anti-Spam to work in detect only mode: 1.

  • Page 115: Setting Up Users And Administrators

    CHAPTER 6 Setting up Users and Administrators In This Section: Configuring Local System Administrators ............. Editing Information of Locally Defined Administrators ........Deleting a Locally Defined Administrator .............. Configuring Local Users ....................Granting Remote Access Permissions ..............Editing a Specific User or Group ................

  • Page 116: Configuring Local System Administrators

    Configuring Local System Administrators We recommend you configure your system so an administrator can log in from a specific network only. To configure local system Administrators: 1. Go to Device > Administrators. 2. Click New. The Add Administrator window opens. 3.

  • Page 117: Editing Information Of Locally Defined Administrators

    Editing Information of Locally Defined Administrators To edit information of locally defined administrators: 1. Go to Device > Administrators. 2. Select the administrator and click Edit. 3. Edit the information. 4. Click Apply. Note - Only administrators with full access privileges can edit administrators.
  • Page 118 To add a new local user: 1. Go to Users & Objects > User Awareness. 2. Click On. 3. Click Users. 4. Click New. 5. Enter User name, Password and Comments (optional). Note - You cannot use these characters in your password { } [ ] ` ~ | ’...
  • Page 119 The user is added to the table in the Users window.

  • Page 120: Granting Remote Access Permissions

    Granting Remote Access Permissions To add a new local users group and grant remote access permissions: 1. Go to Users & Objects > Users. 2. Click the arrow on the New button and select Users Group. 3. Enter a group name. 4.

  • Page 121: Editing A Specific User Or Group

    Editing a Specific User or Group To edit a specific user or group: 1. Go to Users & Objects > Users. 2. Select the user or group from the list. 3. Click Edit. 4. Edit the information. 5. Click Apply. Deleting a User or Group To delete a user or group: 1.

  • Page 123: Setting Up Cloud Services

    In This Section: Connecting to Cloud Services ..................Cloud Services lets you connect your Check Point 730/750 Appliance to a Cloud Services that uses a Web-based application to manage, configure, and monitor the appliance. This lets your appliance be remotely serviced by your managed services provider.

  • Page 124: Connecting To Cloud Services

    Connecting to Cloud Services To automatically connect to Cloud Services: 1. In the email that the Security Gateway owner gets from the Cloud Services Provider, click the activation link. After you log in, a window opens and shows the activation details sent in the email.
  • Page 125 This is a sample email: Dear John Doe, You are invited to activate your security services using the Security Appliance. Once connected, you will be fully protected by a comprehensive security solution that will secure your assets and minimize the risks of a data breach.
  • Page 126 When connectivity is established, the Cloud Services section at the top of the page shows: • The date of the synchronization • The On/Off lever shows that Cloud Services is turned on. A Cloud Services Server widget shows Connected on the status bar.

  • Page 127: Guest Network

    In This Section: Configuring a Guest Network ..................Your Check Point security appliance lets you provide guest Internet access without giving access to your local network. When you configure a guest network with a Hotspot, you can monitor users that connect through your guest network.
  • Page 128 Note - Do not select the boxes in the Access Policy tab if you do not want guests to access your local network. 6. Enter a password. 7. Click Apply.

  • Page 129: Monitoring And Reports

    CHAPTER 9 Monitoring and Reports In This Section: Viewing Monitoring Reports ..................Viewing Security Reports ..................... Viewing System Logs ..................... Viewing Monitoring Reports The Monitoring page shows statistics for security events and network analysis. When you enter this page, the latest data shows.

  • Page 130: Viewing Security Reports

    Viewing Security Reports The Reports page shows security reports for the time frame you specify. Security events include: • High Risk Applications - The number of potentially risky applications accessed. Infected Hosts - The number of infected hosts or servers •...

  • Page 131: Viewing System Logs

    2. Click View Details to get more information on the highlighted log. For more information on Reports, Logs, and Monitoring, see Check Point Appliance Administration Guide the relevant or the online help from the top right-hand corner of your WebUI.

  • Page 133: Getting Support

    In This Section: Support ..........................Where to From Here ...................... Support For technical assistance, contact Check Point 24 hours a day, seven days a week at: • +1 972-444-6600 (Americas) • +972 3-611-5100 (International) When you contact support, you must provide your MAC address.

  • Page 134: Where To From Here

    Where to From Here You have now learned the basics that are necessary to begin using your Check Point 730/750 Appliance. For more information about the Check Point 730/750 Appliance Check Point Appliance Administration and links to the relevant Guide , go to the Check Point Support Center https://supportcenter.checkpoint.com/supportcenter/portal?ev...

This manual is also suitable for:

750

Table of Contents