Check Point 1500 Series Administration Manual
  1. Manuals
  2. Brands
  3. Check Point Manuals
  4. Network Hardware
  5. 1500 Series
  6. Administration manual

Check Point 1500 Series Administration Manual

Hide thumbs Also See for 1500 Series:
Table of Contents

Advertisement

Quick Links

21 April 2021
1500 APPLIANCE SERIES
R80.20.15
Centrally Managed
Administration Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 1500 Series and is the answer not in the manual?

Questions and answers

Related Manuals for Check Point 1500 Series

Summary of Contents for Check Point 1500 Series

  • Page 1 21 April 2021 1500 APPLIANCE SERIES R80.20.15 Centrally Managed Administration Guide...
  • Page 2 Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
  • Page 3 Open the latest version of this Download the latest version of this document in PDF format Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments Revision History Date Description "Configuring MAC Filtering"...

  • Page 4: Table Of Contents

    Defining a Gateway Object Defining a Gateway Cluster Object Workflow Creating a Cluster for New Gateways Converting an Existing Check Point Appliance to a Cluster Viewing Cluster Status in the WebUI Creating the Security Policy Working with Security Zone Objects...
  • Page 5 Table of Contents VPN Properties Finish Updating the Corporate Office Gateway Creating a SmartLSM Appliance Cluster General Properties Cluster Properties Cluster Names More Information Communication Properties VPN Properties Finish Defining SmartLSM Gateways Using LSM CLI Managing Device Settings Configuring Firmware Configuring RADIUS Configuring Hotspot Configuring a Configuration Script...
  • Page 6 Table of Contents Viewing System Information Controlling and Monitoring Software Blades Setting the Management Mode Configuring Cloud Services Managing Licenses Viewing the Site Map Managing Active Devices Viewing Monitoring Data Network Troubleshooting Viewing Reports Using System Tools Managing the Device Configuring Internet Connectivity Configuring the Internet Connectivity The 'Configuration' tab...
  • Page 7 Table of Contents Configuring a Hotspot Configuring the Routing Table Configuring MAC Filtering Configuring the DNS Server Configuring the Proxy Server Backup, Restore, Upgrade, and Other System Operations Using the Software Upgrade Wizard Welcome Upload Software Upgrade Settings Upgrading Backing up the System Configuring Local and Remote System Administrators Configuring Administrator Access Managing Device Details...
  • Page 8 Table of Contents Managing Network Objects Updatable Objects Managing Network Object Groups Logs and Monitoring Viewing Security Logs Viewing System Logs Configuring External Log Servers Secured Syslog Managing Active Devices Wireless Active Devices Viewing VPN Tunnels Viewing Active Connections Access Points Viewing Monitoring Data Viewing Reports Using System Tools...

  • Page 9: Check Point 1500 Appliance Series Overview

    SD card and Dual SIM card for the 1570 / 1590 appliances. For more information, see the 1500 appliance series product page. This guide describes all aspects that apply to the Check Point 1530 / 1550 and 1570 / 1590 Appliances. Note - Some topics only apply to specific appliances or models.

  • Page 10: Setting Up The Check Point Appliance

    Appliance To set up the Check Point 1530 / 1550, 1570 / 1590 and 1570R Appliance: 1. Remove the Check Point Appliance from the shipping carton and place it on a tabletop. 2. Identity the network interface marked as LAN1.

  • Page 11: Deployment Types

    Deployment Types There are two types of centrally managed deployments: Small-scale deployment - Configure between 1 and 25 Check Point Appliance gateways using SmartConsole. You can then manage device settings from SmartProvisioning. Large-scale deployment - Configure over 25 Check Point Appliance gateways using a SmartLSM profile and SmartProvisioning, or using a configuration file that is stored on a USB drive.

  • Page 12: Predefining A Centrally Managed Deployment

    Predefining a Centrally Managed Deployment To manage the Check Point Appliance in a centrally managed deployment, you must install a Security Management Server and SmartConsole that operate with the Check Point Appliance. The Check Point Appliance operates with Security Management Server versions R80.30 with the R80.30 Jumbo Hotfix Accumulator, and higher.

  • Page 13: Small-Scale Deployment Installation

    Small-scale Deployment Installation Small-scale Deployment Installation This chapter contains procedures for defining a gateway on a gateway cluster in SmartConsole. Do the procedures that match your requirements, then install the policy. Defining a Gateway Object Options to define a gateway object: Management First Define the gateway object in SmartConsole before you configure and set up the actual appliance on site.
  • Page 14 In the Platform Type field, select the correct appliance type for the Check Point appliance. e. Configure the IP address for the Check Point appliance in one of these ways: Static IP address Select and enter the IP address.
  • Page 15 Small-scale Deployment Installation 5. On the Trusted Communication page, configure how the Security Management Server and the Check Point appliance authenticate each other and click Next General Properties Static IP address If on the previous page you selected a. In the...
  • Page 16 Small-scale Deployment Installation 7. On the Blade Configuration page, configure the required options and click Next Note - This page appears only if on the previous Blade Activation Activate and page you selected configure software blades now Hide internal networks behind the Gateway's external IP - The checkbox is selected by default.

  • Page 17: Defining A Gateway Cluster Object

    Small-scale Deployment Installation Defining a Gateway Cluster Object A Check Point appliance Security Gateway cluster is a group of two members. Each represents a separate Check Point appliance which has High Availability software installed. ClusterXL is the Check Point clustering solution. Third party OPSEC Certified clustering products are not supported.

  • Page 18: Creating A Cluster For New Gateways

    Small-scale Deployment Installation Creating a Cluster for New Gateways Note - See your Check Point appliance Getting Started Guide for full instructions to set up and connect the Check Point appliance. The configuration procedure consists of two parts: 1. Initial configuration of two new Check Point appliance gateways 2.
  • Page 19 Small-scale Deployment Installation 7. Follow the steps to configure the first Check Point appliance with the First Time Configuration Wizard. Important: interface: When you create the cluster object in SmartConsole in Wizard Mode , it assumes that the interface is part of the cluster.
  • Page 20 Small-scale Deployment Installation 14. Follow the steps to configure the second Check Point appliance with the First Time Configuration Wizard. Important: interface: When you create the cluster object in SmartConsole in Wizard Mode , it assumes that the interface is part of the cluster.
  • Page 21 Check Point appliance is part of the cluster: This window appears for each network interface that was configured on the Check Point appliance. 1500 Appliance Series R80.20.15 Centrally Managed Administration Guide | 21...
  • Page 22 To enable High Availability on the interface, select the Enable High Availability on <name> interface checkbox. <name> shows the network interface defined in the Check Point appliance. IP Address Net Mask When High Availability is selected, enter a virtual for the cluster.

  • Page 23: Converting An Existing Check Point Appliance To A Cluster

    Note - The procedures require some downtime. Terms used: GW - The existing Check Point Appliance gateway object that has already established trust and has an installed policy. Cluster - The new Check Point Appliance cluster object that you create.

  • Page 24: Viewing Cluster Status In The Webui

    6. Install policy on the cluster object. Viewing Cluster Status in the WebUI After you complete policy installation on the Check Point appliance gateway and the gateway works as a Device High Availability cluster member, you can view cluster status in the WebUI application ( >...

  • Page 25: Creating The Security Policy

    You can use security zone objects to create a generic Security Policy and reduce the amount of rules necessary in the Rule Base. This Security Policy can be applied to numerous Check Point gateways. Resolution of the Security Zone is done by the actual association on the Check Point appliance gateway object in SmartConsole.

  • Page 26: Installing A Security Policy

    For a list of possible statuses, see Installation Status" on the next page At the end of the Install Policy process, the policy status for a Check Point appliance that is not yet set up is Waiting for first connection "...

  • Page 27: Viewing The Policy Installation Status

    Install Policy window opens. 2. Select the installation targets - the Check Point appliance Security Gateways on which to install the policy and the policy components (such as Network Security or QoS). By default, all gateways that are managed by the Security Management Server are available for selection.
  • Page 28 Policy installation succeeded. Succeeded Policy installation succeeded but there are verification warnings. Waiting for A Check Point appliance object is configured, but the gateway is not connected to the Security Management first Server (initial trust is not established). connection If a policy is prepared, it is pulled when the gateway is connected.

  • Page 29: Setting Server Ip Address Behind A 3Rd Party Nat Device

    Small-scale Deployment Installation Setting Server IP Address Behind a 3rd Party NAT Device Management First When you use the deployment scenario, the policy is prepared to be fetched by appliances when they are configured. During each appliance's first time configuration, the routeable IP address of the Security Management Server is manually configured to create a first connection.

  • Page 30: Large-Scale Deployment Installation

    Defining a SmartLSM Gateway Profile for a Large-scale Deployment SmartLSM lets you manage a large number of the Check Point appliance gateways from one Security Management Server. When you use a SmartLSM profile, you reduce the administrative overhead as you define the gateway properties and policy per profile.

  • Page 31: Defining A Smartlsm Appliance Cluster Profile

    Large-scale Deployment Installation To define a single SmartLSM profile Check Point appliance: 1. Connect with SmartConsole to the Management Server. 2. From the Objects menu, click More object types > LSM Profile > New Small Office Appliance Gateway SmartLSM Security Profile window opens.

  • Page 32: Deploying With Smartprovisioning

    . Continue the configuration in the SmartProvisioning GUI. Deploying with SmartProvisioning You can use SmartProvisioning to manage Check Point appliance gateways with the SmartLSM profiles defined in SmartConsole. Configure these appliances using the First Time Configuration Wizard or a USB drive configuration file before you manage them with SmartProvisioning.

  • Page 33: Installing A Security Policy

    Installation Status" below At the end of the Install Policy process, the policy status for a Check Point appliance that is not yet set up is "waiting for first connection." This implies that trusted communication is not yet established between the Security Management Server and the Check Point appliance.
  • Page 34 Policy installation succeeded. Succeeded Policy installation succeeded but there are verification warnings. Waiting for A Check Point appliance object is configured, but the gateway is not connected to the Security Management first Server (initial trust is not established). connection If a policy is prepared, it is pulled when the gateway is connected.
  • Page 35 Large-scale Deployment Installation Icon Policy Status Description Policy installation failed. Failed Policy Installation Status You can access the window in these ways: From the menu bar - Click Policy > Policy Installation Status From the toolbar - Click the Policy Installation Status icon. Failed Pending Policy Installation Status...

  • Page 36: Smartprovisioning

    3. Click Next More Information 1. In SmartLSM gateway , select the firmware version of the installed Check Point appliance. 2. In Security Profile , select the relevant SmartLSM gateway profile that the SmartLSM gateway is mapped to. 3. In , select the operating system of the gateway.

  • Page 37: Communication Properties

    Communication (SIC) Trust between the SmartLSM Security Gateway and the Security Management Server. This is the same key that you should enter in the one-time password field of the Security Management Server Authentication page of the Check Point appliance First Time Configuration Wizard. To generate a key automatically: 1.

  • Page 38: Vpn Properties

    SmartProvisioning VPN Properties 1. Select how to create a VPN certificate: For a CA certificate from the Internal Check Point CA, select I wish to create a VPN Certificate from the Internal CA For a CA certificate from a third party (for example, if your organization already has certificates from an external CA for other devices), clear this checkbox and request the certificate from the appropriate CA server.

  • Page 39: Creating A Smartlsm Appliance Cluster

    3. Click Next Cluster Properties 1. In Version , select the firmware version for the Check Point appliance. 2. In Security Profile , select the SmartLSM Cluster Profile that was created in SmartConsole (in the example, ClusterProfile1 ). 3. In...

  • Page 40: More Information

    1. Select how to create a VPN certificate: I wish to create a VPN For a CA certificate from the Internal Check Point CA, select Certificate from the Internal CA For a CA certificate from a third party (for example, if your organization already has certificates from an external CA for other devices), clear this checkbox and request the certificate from the appropriate CA server.

  • Page 41: Defining Smartlsm Gateways Using Lsm Cli

    Creating a SmartLSM Appliance Cluster Defining SmartLSM Gateways Using LSM CLI This is a sample SmartLSM CLI script that you can use to create a new gateway object and associate it with a SmartLSM profile. Optionally, you can also set a SIC password and initiate a SIC connection. LSMcli <...

  • Page 42: Managing Device Settings

    For more information about provisioning profiles and creating them, see the SmartProvisioning Administration Guide for your Management Server version. These device settings are unique to the Check Point appliance. They can be defined directly on the device or through the profile. Their tabs are: Firmware...
  • Page 43 Managing Device Settings You can install the firmware with one of these options: Immediately - Installs the firmware in two steps: Downloads the firmware immediately during the next synchronization with a Security Gateway that references this profile. Installs the firmware when the download completes. According to time ranges - You can define download and installation time ranges for the firmware image.
  • Page 44 Managing Device Settings 7. If necessary, click Exceptions to select a new SmartLSM profile for Security Gateways with a specified SmartLSM profile. Add/Edit Edit Exceptions - Click to open the window to define/change an exception for a SmartLSM profile replacement. SmartLSM profiles is not shown unless they are from a version higher than R71.

  • Page 45: Configuring Radius

    You can configure the RADIUS server (Remote Authentication Dial In User Service) that provides authentication, authorization, and accounting for the Check Point appliance gateways. When you configure RADIUS in the Provisioning Profile, you can configure it for all gateways that reference this profile.

  • Page 46: Configuring Hotspot

    Managing Device Settings Configuring Hotspot To configure hotspot settings in a Provisioning Profile: 1. Open the Security Gateway Profile Hotspot window, and select the tab. 2. Select Manage Hotspot settings centrally from this application 3. Click Advanced . The Profile Settings window appears.

  • Page 47: Configuring A Provisioning Profile

    Managing Device Settings Configuring a Provisioning Profile For each set of configurations managed with a Provisioning Profile, you can decide which settings have local central preference: (not provisioned) or (from SmartProvisioning individual management or from Provisioning Profile). To configure the settings of a Provisioning Profile: 1.
  • Page 48 Managing Device Settings Profile Profile Gateway Window Display and options Managed Override Centrally Override Select override method: allowed Manage settings locally on the device - Local management. Override provisioning configurations with local settings. Use profile settings - Enforce profile settings on this gateway. Use the following settings - Manage these settings on the this gateway individually with the values given here.

  • Page 49: First Time Deployment Options

    First Time Deployment Options First Time Deployment Options There are different options for first time deployment of your Small and Medium Business (SMB) gateways: Getting Started Guide First Time Configuration Wizard - For more information, see the for your appliance model. "Zero Touch Cloud Service"...

  • Page 50: Zero Touch Cloud Service

    Zero Touch Cloud Service The Zero Touch Cloud Service lets you easily manage the initial deployment of your gateways in the Check Point Zero Touch Portal Note - You cannot use Zero Touch if you connect to the internet through a proxy server.

  • Page 51: Deploying From A Usb Drive Or Sd Card

    Deploying from a USB Drive or SD Card You can deploy the Check Point Appliance configuration files from a USB drive or SD card (1570 / 1590 appliances only) and quickly configure many appliances without using the First Time Configuration Wizard.

  • Page 52: Deploying The Configuration File - Initial Configuration

    You can insert the USB drive in the front or rear USB port. Make sure the USB drive is formatted in FAT32. You can deploy the configuration file to the Check Point Appliance when the appliance is off or when it is powered on.

  • Page 53: Deploying The Configuration File - Existing Configuration

    USB drive. The USB drive can be inserted in the front or the rear USB port. You can deploy the configuration file to the Check Point Appliance either when the appliance is off or when it is powered on.

  • Page 54: Troubleshooting Configuration Files

    1. The USB drive with the configuration file is inserted into a USB port on the Check Point Appliance. 2. The USB LED on the front panel blinks red. There is a problem with the configuration file script.

  • Page 55: Sample Configuration Log With Error

    Autoconfiguration CLI script failed, clish return code = 1 Using the set property Command The set property CLI command controls how the Check Point Appliance runs configuration scripts from a USB drive. These commands do not change how the First Time Configuration Wizard in the Web UI configures the...

  • Page 56: Appliance Configuration

    This chapter contains instructions for special Check Point Appliance features. Introduction to the WebUI Application: The Check Point Appliance uses a web application to configure the appliance. Check PointAppliance Getting Started Guide After you use the First Time Configuration Wizard (see the when you connect to the appliance with a browser (with the appliance's IP or, if the appliance is used as a DNS proxy or DHCP server, to "...

  • Page 57: The Home Tab

    Check Point Appliance. The Check Point Appliance requires only minimal user input of basic configuration elements, such as IP addresses, routing information, and blade configuration. The initial configuration of the Check Point 1530 / 1550 Appliance can be done through a First Time Configuration Wizard.

  • Page 58: Controlling And Monitoring Software Blades

    Controlling and Monitoring Software Blades Controlling and Monitoring Software Blades Home Security Dashboard > page shows you the active blades and lets you quickly navigate to the blade configuration page. It also gives you: Access to the basic settings of the blades with the Settings button (cogwheel icon) and lets you activate the blades.
  • Page 59 Controlling and Monitoring Software Blades To view statistics: 1. Click the bar graph icon. The blade statistics window opens. 2. If the blade is turned on: View the graph and details. To go to other blade statistics, click the arrows in the header. 3.

  • Page 60: Setting The Management Mode

    Setting the Management Mode Setting the Management Mode Home Security Management > page shows information for the management mode of the appliance. You can also test Internet Connectivity from this page. To set the management type: Select one of the options: Locally Apply - To manage the appliance using the local web application (WebUI).
  • Page 61 Setting the Management Mode To connect to the Security Management Server now, select Connect to the Security Management Server now , enter the Security Management Server IP or name and click Connect . When you successfully connect to the Security Management Server, the security policy is automatically fetched and installed.
  • Page 62 – When the service is disabled, there is an option to reconnect with a new activation token. To generate a new activation token, go to the Infinity Portal. Check Point Smart-1 Cloud Administration Guide For more information on Smart-1 Cloud, see the...

  • Page 63: Configuring Cloud Services

    At the bottom of the login page - The name defined by the Cloud Services Provider for your Security Gateway and the MAC address of the Check Point Appliance. At the top of the WebUI application (near the search box) - The name of your Check Point Appliance. These are the sections on this page: Cloud Services - This section shows Cloud Services details.
  • Page 64 Received an email from your Cloud Services Provider that contains an activation key for your Check Point 1530 / 1550 Appliance and also an activation link The Service Center IP address, the Check Point 1530 / 1550 Appliance gateway ID, and the registration key Workflow to connect to Cloud Services: 1.
  • Page 65 3. Click Apply The Check Point Appliance tries to connect to the Cloud Services Provider. The Cloud Services section shows a progress indicator and shows the connection steps. Note - If you see a message that the identity of your Cloud Services Provider cannot be verified but you are...

  • Page 66: Managing Licenses

    Check Point User Center with its credentials to pull the license information and activate the appliance. In most cases, you must first register the appliance in your Check Point User Center account or create one if you don't already have one. A User Center account is necessary to receive support and updates.
  • Page 67 Managing Licenses If you are offline while configuring the appliance: 1. Browse to Check Point User Center 2. Enter the appliance's credentials, MAC address, and registration key from the Home > License page. 3. After you complete the registration wizard, you are prompted to download the activation file.

  • Page 68: Viewing The Site Map

    Viewing the Site Map Viewing the Site Map Home Site Map > page shows a site map of the WebUI. It shows all of the tabs and the pages they contain. Click the link to any page directly from the Site Map page. 1500 Appliance Series R80.20.15 Centrally Managed Administration Guide | 68...

  • Page 69: Managing Active Devices

    Managing Active Devices Managing Active Devices Active Devices page shows a list of the devices identified in internal networks. The information includes: Name IP addresses MAC Address Device Details - Type of device. Network Access - Indicates whether the device is blocked from network activity. Interface - Interface name.
  • Page 70 Managing Active Devices To revoke the Hotspot access: 1. Click the record for the relevant device. 2. Click Revoke Hotspot Access The access for that device is revoked. You must log in again through the Hotspot to reconnect the device to the gateway. Note - This page is available from the Home Logs &...

  • Page 71: Viewing Monitoring Data

    Viewing Monitoring Data Viewing Monitoring Data Monitoring page shows network, security, and troubleshooting information. When you enter this page, the latest data appears. Refresh You can click to update information. Demo To see a sample monitoring report, click To close the sample reports, click Back VPN Tunnels Active Devices...

  • Page 72: Troubleshooting

    Viewing Monitoring Data If you hover over a time interval, a popup box shows: The date and time The traffic sent or received The total traffic for that time interval Total traffic statistics - Next to the area graph you can see total traffic statistics for the last day or hour.

  • Page 73: Viewing Reports

    Viewing Reports Viewing Reports Reports page shows network analysis, security analysis, and infected devices reports by a selected time frame (monthly, weekly, daily, and hourly). These elements influence the times shown in reports: Rounding off of time System reboot Rounding Off of Time The times shown in generated reports are rounded down: For hourly reports - At one minute intervals.
  • Page 74 Viewing Reports To generate a report: Monthly Weekly Daily Hourly Click the applicable time frame link at the top of the page ( The line below the links shows the selected report and its time frame. To refresh the data shown, click Generate The report includes these sections: Executive Summary...

  • Page 75: Using System Tools

    Using System Tools Using System Tools Tools On the page you can: Monitor system resources. Show the routing table. Verify the appliance connectivity to Cloud Services. Display DSL Statistics (DSL models only) Generate a CPInfo file. Ping or trace an IP address. Perform a DNS lookup.
  • Page 76 Using System Tools To ping or trace an IP address: 1. Enter an IP or host name in the Device Name or IP Address field. 2. Click Ping Trace Route . The output appears in the Command Output window. 3. Click Close Tools to return to the...

  • Page 77: Managing The Device

    Managing the Device Managing the Device This section describes how to set up and manage your Check Point Appliance. Configuring Internet Connectivity Device > Internet page shows how the Check Point Appliance connects to the internet. On this page you can: Configure a single internet connection or multiple connections in High Availability or Load Balancing configurations.
  • Page 78 Managing the Device Unassigned LAN ports use case - If your company is in a region where internet connections supplied by ISPs are unreliable and experience multiple disconnections, you can connect your appliances to multiple internet connections from different ISPs. IPv4 connection types Select the connection type: DHCP...

  • Page 79: Creating A New Bond (Wan)

    Managing the Device Creating a New Bond (WAN) 1. In the Internet Connection page Configure internet , to create a new internet connection, click New Internet Connection Configuration window opens in the tab. 2. Under Internet Configuration , enter the Connection name 3.

  • Page 80: Configuring A Usb Connection

    Managing the Device Configuring a USB Connection Note - This option exists for all appliances except for those with an internal cellular modem (LTE). 1. Click Configure Internet Edit (if not configured at all), (for another internet connection), or The New or Edit Internet Connection window opens. 2.
  • Page 81 Managing the Device The image package contains these files: Firmware file – Contains the module's firmware. Carrier Configuration file (the Product Release Information or PRI) – Contains custom settings for a specific carrier and is linked internally to a specific firmware file. The module runs an active image which contains a single uncompressed copy of a firmware file and a single configuration file.

  • Page 82: The 'Connection Monitoring' Tab

    Managing the Device If you are in an Annex L system, in Advanced Settings , you must enable the Annex L and disable the Annex J/M . If you are in an Annex M system, in Advanced Settings , you must enable Annex J/M and disable the Annex L .

  • Page 83: The 'Advanced' Tab

    Managing the Device The 'Advanced' tab For PPPoE IP Address Assignment Local tunnel IP address (PPPoE IPv4 only) - In , select if the IP address is IP address obtained automatically or manually configured. If manually configured, enter the Service Provider Settings Service - In , enter a service name (optional) and select the...
  • Page 84 Managing the Device QoS Settings (bandwidth control) - supported in IPv4 connections only To enable QoS bandwidth control for download and upload for this specified connection, select the Enable QoS (download) Enable QoS (upload) applicable and/or checkboxes. Enter the maximum Kbps rates for the selected options as provided by your ISP for the Internet upload and download bandwidth.

  • Page 85: Monitoring

    Managing the Device Monitoring On the Internet Connectivity page, the configured connections show in a table: Interface name Type - WAN or LAN Status - Connected or disconnected. If connected, shows percent failures and latency (how much time it takes for a data packet to get from one designated point to another). IP address Duration –...
  • Page 86 Managing the Device For Cellular connections (internal LTE modem) only : Click the Monitor cellular modem link to see this information in the Cellular Modem Monitoring window: Cellular radio Cellular modem Operator SIM cards - Which SIM is active, primary or disabled. 1500 Appliance Series R80.20.15 Centrally Managed Administration Guide | 86...

  • Page 87: Configuring Wireless Network

    Configuring Wireless Network Configuring Wireless Network Device Wireless > page shows the wireless network settings (if applicable). You can configure your main wireless network and also additional guest or standard wireless networks (VAPs - Virtual Access Points). Guest wireless network - Uses hotspot by default and is unprotected by default (no password required).
  • Page 88 1530 / 1550 appliances only : The wireless client search options depend on the frequency that the appliance is set to. The Check Point Appliance can be configured to only one frequency at a time and is set to 2.4 GHz by default. If you change the radio settings to 802.11 ac or 802.11 ac/n, the...
  • Page 89 Configuring Wireless Network Wireless Security Protected network (recommended) - This is the recommended wireless security setting. Security type - Select the security technology used in your wireless network. WPA/WPA2 is the most compatible option. WPA2 is the most secure. Encryption type - Select the encryption method.
  • Page 90 Configuring Wireless Network Access Policy tab Access Policy Firewall Policy These options create automatic rules that are shown in the > page. Allow access from this network to local networks (Wireless network is trusted) Log traffic from this network to local networks Advanced tab Click the checkbox to exclude from DNS proxy.
  • Page 91 Configuring Wireless Network Custom Options Lets you add custom options that are not listed above. For each custom option, you must configure the name, tag, type, and data fields. Apply When you finish editing the network, click 1500 Appliance Series R80.20.15 Centrally Managed Administration Guide | 91...

  • Page 92: Configuring The Local Network

    Configuring the Local Network Configuring the Local Network Device Local Network > page lets you set and enable the local network connections, switches, bridge or wireless network (on wireless devices only). A bridge connects two or more local area networks (LANs). A switch is similar to a bridge but can perform data transmission between multiple port pairs at the same time.

  • Page 93: Reserved Ip Address For Specific Mac

    Configuring the Local Network Notes: Physical interfaces cannot be deleted. Editing an interface that is part of a switch or a bridge lets you remove it from the switch or bridge. When a LAN or DMZ interface is part of an Internet connection, it is still visible on this page, but can be only be configured through the Device >...

  • Page 94: Monitor Mode

    Configuring the Local Network Unassigned - The switch is not part of any network and cannot be used Separate network - When you select a separate network, configure the settings for the switch Monitor Mode "Monitor Mode" below - See 3.
  • Page 95 Configuring the Local Network 5. To use your own network definitions, select Manually define internal networks The network definition features and table show. 6. Click 7. Enter the network IP address 8. Enter the subnet . An internal network can be a 255.255.255.255 subnet, for one host. For example, to monitor the traffic after the router, enter the IP address of the Default Gateway and the 255.255.255.255 subnet.

  • Page 96: Physical Interfaces

    Configuring the Local Network Physical Interfaces To edit a physical interface: Access Policy Configure the fields in the tabs. Note that for the DMZ there is an additional tab The 'Configuration' tab Assigned to - Select the required option: Unassigned - The physical interface is not part of any network and cannot be used.

  • Page 97: Bridge

    Configuring the Local Network The 'Advanced' tab The options that are shown vary based on interface type and status. Configure the options that are applicable: Description - Enter an optional description. The description is shown in the local network table next to the name.

  • Page 98: Vlans

    Configuring the Local Network The 'Configuration' tab Bridge Configuration , select the networks you want to be part of the bridge. Enable Spanning Tree Protocol - When Spanning Tree Protocol (STP - IEEE 802.1d) is enabled, each bridge communicates with its neighboring bridges or switches to discover how they are interconnected.

  • Page 99: Vpn Tunnel (Vti)

    Configuring the Local Network VLAN ID - Enter a number that is the virtual identifier. Assigned to - Select the physical interface where the new virtual network is created. IP address Subnet mask Use Hotspot - Select this checkbox to redirect users to the Hotspot portal before allowing access from this interface.

  • Page 100: Virtual Access Point (Vap)

    Configuring the Local Network Configure the fields in the tabs: The 'Configuration' tab VPN Tunnel ID - A number identifying the VTI. Peer - The name of the remote VPN site. The VPN tunnel interface can be numbered or unnumbered. Select the applicable option: Numbered VTI - You configure a local and remote IP address for a numbered VTI: Local IPv4 address...
  • Page 101 Configuring the Local Network WINS Select one of these options: Use the WINS servers configured for the internet connection Use the following WINS servers First Second - Enter the IP addresses of the WINS servers. Lease section Lease time - Configure the timeout in hours for a single device to retain a dynamically acquired IP address.

  • Page 102: Bond

    Configuring the Local Network Custom Options Lets you add custom options that are not listed above. For each custom option, you must configure the name, tag, type, and data fields. BOND Bonding, also known as Link Aggregation, is a process that joins two or more interfaces together. It improves performance and redundancy by increasing the network throughput and bandwidth.
  • Page 103 Configuring the Local Network 7. If you selected 802.3ad as your operation mode, select the Hash policy from the dropdown menu ( Layer2 Layer3+4 8. Click Apply "Configuring Internet Connectivity" on page 77 To create a WAN BOND, see 1500 Appliance Series R80.20.15 Centrally Managed Administration Guide | 103...

  • Page 104: Configuring A Hotspot

    2. Select interface and click Edit Edit <interface> window opens. 3. Select Use Hotspot 4. Click Apply Any user that browses from configured interfaces is redirected to the Check Point Hotspot portal. 1500 Appliance Series R80.20.15 Centrally Managed Administration Guide | 104...
  • Page 105 , enter the group's name in the text box. 4. Click Apply Any user/user group that browses from configured interfaces is redirected to the Check Point Hotspot portal and must enter authentication credentials. To configure the session timeout: 1. In...
  • Page 106 Configuring a Hotspot To prevent simultaneous login to the Hotspot portal: 1. Go to Device Advanced Settings. > 2. Select Hotspot 3. Click Edit Hotspot window opens. 4. Click the checkbox for Prevent simultaneous login 5. Click Apply The same user cannot log in to the Hotspot portal from more than one computer at a time. Active Devices Home Logs &...

  • Page 107: Configuring The Routing Table

    Configuring the Routing Table Configuring the Routing Table Device Routing > page shows routing tables with the routes added on your appliance. On this page: You can add or edit routes and configure manual routing rules. You cannot edit system defined routes.
  • Page 108 Configuring the Routing Table Specified IP address IP Address Mask - Enter the 5. Click any destination and select an option in the new window that opens: Specified IP address IP Address Mask - Enter the 6. Click 7. Click any service and select a service name or enter a service name in the search field.
  • Page 109 Configuring the Routing Table To edit a default route: 1. In Device Internet > , click the Internet connection. 2. Click Edit Edit Internet Connection Configuration window opens in the tab. 3. Set the Default gateway (next hop) to a different IP address. 4.

  • Page 110: Configuring Mac Filtering

    Configuring MAC Filtering Configuring MAC Filtering MAC Filtering lets you manage a whitelist of MAC addresses that can access the LAN. All others are blocked. The list is global for all interfaces defined on physical LAN ports. Note - MAC filtering based on WiFi is supported on LAN ports only. To enable MAC filtering: 1.
  • Page 111 Configuring MAC Filtering To configure logging for MAC filtering: 1. Go to Device Advanced Settings > 2. Set the value of the MAC Filtering settings - Log blocked MAC addresses attribute to Enabled - To enable logging Disabled - To disable logging. Note - This attribute is available only in Locally Managed mode.

  • Page 112: Configuring The Dns Server

    ISP). If Internet Connection High Availability is enabled, the DNS servers switch automatically upon failover. 2. By default, the Check Point Appliance functions as your DNS proxy and provides DNS resolving services to internal hosts behind it (network objects). This option is global and applies to all internal networks.

  • Page 113: Configuring The Proxy Server

    Configuring the Proxy Server Device Proxy In the > page, you can configure a proxy server to use to connect to the Check Point update and license servers. To configure a proxy server: 1. Select Use a proxy server 2. Enter a Host name or IP address 3.

  • Page 114: Backup, Restore, Upgrade, And Other System Operations

    Restore factory default settings. Revert to the factory default image and settings. Automatically or manually upgrade the appliance firmware to the latest Check Point version. Revert to earlier firmware image. Backup appliance settings to a file stored on your desktop computer.
  • Page 115 Backup, Restore, Upgrade, and Other System Operations 3. Select the upgrade option to use when new firmware is detected: Upgrade immediately Upgrade according to this frequency. 4. If you selected Upgrade according to this frequency Occurs , select one of the options: Daily - Select the Time of day.

  • Page 116: Using The Software Upgrade Wizard

    Cancel Click to quit the wizard. Welcome Check Point Download Center Click the link to download an upgrade package as directed. If you already downloaded the file, you can skip this step. 1500 Appliance Series R80.20.15 Centrally Managed Administration Guide | 116...

  • Page 117: Upload Software

    Backup, Restore, Upgrade, and Other System Operations Upload Software Click Browse to select the upgrade package file. Upload Click . This may take a few minutes. When the upload is complete, the wizard automatically validates the image. A progress indicator at the bottom of the page tells you the percentage completed. When there is successful image validation, an "Upload Finished"...
  • Page 118 Backup, Restore, Upgrade, and Other System Operations To configure a periodic backup to the FTP server: 1. In Device System Operations Backup and Restore System Settings Settings > > , click Periodic Backup Settings window opens. 2. Click Enable scheduled backups 3.

  • Page 119: Configuring Local And Remote System Administrators

    Configuring Local and Remote System Administrators Device Administrators > page lists the Check Point Appliance administrators and lets you: Create new local administrators. Configure the session timeout. Limit login failure attempts. Administrators can also be defined in a remote RADIUS server and you can configure the appliance to allow them access.
  • Page 120 Configuring Local and Remote System Administrators To edit the details of locally defined administrators: 1. Select the administrator from the table and click Edit 2. Make the relevant changes. 3. Click Apply To delete a locally defined administrator: 1. Select an administrator from the list. 2.
  • Page 121 Configuring a RADIUS Server for non-local Check Point Appliance users: Non-local users can be defined on a RADIUS server and not in the Check Point Appliance. When a non- local user logs in to the appliance, the RADIUS server authenticates the user and assigns the applicable permissions.
  • Page 122 Configuring Local and Remote System Administrators 3. Add this line in the dictiona.dcm file: "@checkpoint.dct" 4. Add this Check Point Vendor-Specific Attribute to users in your RADIUS server user configuration file: CP-Gaia-User-Role = <role> <role> Where allowed values are: Administrator Role...
  • Page 123 $add attribute 230 CP-Gaia-SuperUser-Access val_ type=Integer val_size=4 2. Add this line in the /etc/openradius/dictionaries file immediately after dict.ascend : $include subdicts/dict.checkpoint 3. Add this Check Point Vendor-Specific Attribute to users in your RADIUS server user configuration file: CP-Gaia-User-Role = <role> <role> Where is the name of the administrator role that is defined in the WebUI.
  • Page 124 Configuring Local and Remote System Administrators To log in as a Super User: A user with super user permissions can use the Check Point Appliance shell to do system-level operations, including working with the file system. 1. Connect to the Check Point Appliance platform over SSH or serial console.

  • Page 125: Configuring Administrator Access

    > page lets you configure the IP addresses and interface sources that administrators can use to access the Check Point Appliance. You can also configure the Web and SSH ports. First set the interface sources from which allowed IP addresses can access the appliance.
  • Page 126 8. Click Apply An administrator can access the Check Point Appliance using the configured IP addresses through the allowed interface sources. To delete administrator access from a specific IP address: 1. Select the IP Address you want to delete from the IP Address table.

  • Page 127: Managing Device Details

    Managing Device Details Managing Device Details Device Device Details On the > page, you can: Enter an Appliance Name to identify the appliance. Note - The appliance name can only contain alphanumeric characters and the hyphen character. Do not use the hyphen as the first or last character. Important - If the gateway's Internet connection is assigned to an IP address dynamically and the identifier option in SmartConsole is set to Gateway name, the Appliance Name must be identical to the appliance name defined for the...

  • Page 128: Managing Date And Time

    Managing Date and Time Device Date and Time > page shows the current system time and lets you define the Check Point Appliance date and time, optionally using NTP. To configure date and time manually: 1. Select the Set Date and Time Manually option.

  • Page 129: Configuring Ddns And Access Service

    WebUI or CLI when necessary. This is done by tunneling the administrative UI or CLI connections through a Check Point Cloud Service. Such configuration is very useful in instances where the appliance is behind a NAT device or firewall, and cannot be reached directly. In addition, the feature makes it easier to access an appliance with a dynamically assigned IP address.

  • Page 130: Remote Access To The Webui

    The Reach My Device window opens. 2. For Host Name , use the default host name or enter a name for this Check Point Appliance to enable remote access. 3. If the host name was already defined, select Register with an existing homename...

  • Page 131: Using System Tools

    Using System Tools Using System Tools "Using System Tools" on page 75 1500 Appliance Series R80.20.15 Centrally Managed Administration Guide | 131...

  • Page 132: Managing Internal Certificates

    Managing Internal Certificates Managing Internal Certificates Certificates Internal Certificate In the page you can view details of an internal VPN certificate. You can also view and reinitialize the certificate used by the internal CA that signed the certificate and can be used to sign external certificates.
  • Page 133 Managing Internal Certificates To sign a remote site's certificate request by the internal CA: 1. Click Sign a Request 2. Click Browse to upload the signing request file as created in the remote site. In third party appliances, make sure to look in its Administration Guide to see where signing requests are created.

  • Page 134: Configuring High Availability

    Configuring High Availability Configuring High Availability The Security Gateway is not part of a Security Cluster. To define it as a cluster member, define a Security Cluster object in your Security Management Server and install a security policy. Note - A cluster in bridge in Active/Standby mode is supported. 1500 Appliance Series R80.20.15 Centrally Managed Administration Guide | 134...

  • Page 135: Advanced Settings

    Advanced Settings Advanced Settings Device Advanced Settings Check Point Support > page is for advanced administrators or . You can configure values for multiple advanced settings for the various blades. Important - Changing these advanced settings without fully understanding them can be harmful to the stability, security, and performance of this appliance.
  • Page 136 Advanced Settings Table: Additional Information for Attributes (continued) Attribute Description Serial port Enable serial With the serial port parameters you can configure the console port on port the back panel of the appliance. Flow control You can disable it completely (clear the Enable serial port checkbox) if mode...

  • Page 137: Managing Users And Objects

    Managing Users and Objects Managing Users and Objects This section describes how to set up and manage users (User Awareness, users, administrators, and authentication servers) and network resources. Working with User Awareness In the Users & Objects > User Awareness page, you can enable User Awareness if your centrally managed Security Management Server is configured to work with this feature.

  • Page 138: Configuring Local Users And User Groups

    Configuring Local Users and User Groups Configuring Local Users and User Groups Users & Objects Users In the > page you can create local users and user groups. To use these objects in the Access Policy, make sure to activate User Awareness. User objects are used to define the different terms under which users can operate.
  • Page 139 Configuring Local Users and User Groups To automatically delete expired local users: 1. Go to Device Advanced Settings > 2. Select User Management 3. Click Edit User Management window opens. 4. Click the checkbox for Automatically delete expired local users 5.

  • Page 140: Configuring Local And Remote System Administrators

    Configuring Local and Remote System Administrators Device Administrators > page lists the Check Point Appliance administrators and lets you: Create new local administrators. Configure the session timeout. Limit login failure attempts. Administrators can also be defined in a remote RADIUS server and you can configure the appliance to allow them access.
  • Page 141 Configuring Local and Remote System Administrators To edit the details of locally defined administrators: 1. Select the administrator from the table and click Edit 2. Make the relevant changes. 3. Click Apply To delete a locally defined administrator: 1. Select an administrator from the list. 2.
  • Page 142 Configuring a RADIUS Server for non-local Check Point Appliance users: Non-local users can be defined on a RADIUS server and not in the Check Point Appliance. When a non- local user logs in to the appliance, the RADIUS server authenticates the user and assigns the applicable permissions.
  • Page 143 Configuring Local and Remote System Administrators 3. Add this line in the dictiona.dcm file: "@checkpoint.dct" 4. Add this Check Point Vendor-Specific Attribute to users in your RADIUS server user configuration file: CP-Gaia-User-Role = <role> <role> Where allowed values are: Administrator Role...
  • Page 144 $add attribute 230 CP-Gaia-SuperUser-Access val_ type=Integer val_size=4 2. Add this line in the /etc/openradius/dictionaries file immediately after dict.ascend : $include subdicts/dict.checkpoint 3. Add this Check Point Vendor-Specific Attribute to users in your RADIUS server user configuration file: CP-Gaia-User-Role = <role> <role> Where is the name of the administrator role that is defined in the WebUI.
  • Page 145 Configuring Local and Remote System Administrators To log in as a Super User: A user with super user permissions can use the Check Point Appliance shell to do system-level operations, including working with the file system. 1. Connect to the Check Point Appliance platform over SSH or serial console.

  • Page 146: Managing Authentication Servers

    You can define these types of authentication: RADIUS server - Define the details of a primary and secondary RADIUS server. The Check Point Appliance can connect to these servers and recognize users defined in them and authenticated by them.

  • Page 147: Managing Applications & Urls

    URLs. What is a category? Each URL is inspected by the Check Point Cloud using the URL Filtering and can be matched to one or more built in categories (for example, phishing sites, high bandwidth, gambling, or shopping, etc.).
  • Page 148 Managing Applications & URLs To create a custom URL: 1. Select > 2. Enter the URL. 3. Click Apply You can use the URL in a rule. To create a custom application: 1. Select Application > 2. Enter a name for the custom application. 3.

  • Page 149: Managing System Services

    Managing System Services Managing System Services Users & Objects Services > page lists the system services configured in the system. In this page you can add new services, edit services, and delete services. You use service objects to easily define the different network protocols. This is usually with IP protocol and ports (used by the TCP and UDP IP protocols).
  • Page 150 Managing System Services To delete a service: 1. Select the service from the list. Note that you can only delete a user defined service. 2. Click Delete 3. Click in the confirmation message. To filter for a specified service: 1. In the Type to filter box, enter the service name or part of it.

  • Page 151: Managing Service Groups

    Managing Service Groups Managing Service Groups Users & Objects Service Groups > page lists the service groups defined in the system. In this page you can add new service groups, and edit or delete existing service groups. There are built in service groups for common services. To create a new service group: 1.

  • Page 152: Managing Network Objects

    Managing Network Objects Managing Network Objects Users & Objects Network Objects > page lists the network objects defined in the system. In this page you can add, edit, and delete network objects. The most common use for network objects is to define a security policy and exceptions to it. These objects can be used as hosts for the internal DNS service and their IP addresses can be configured as fixed for the internal DHCP service.
  • Page 153 Managing Network Objects To create an IP Range network object: 1. Click The New Network Object window opens. 2. In Type IP Range , select 3. In the Start IP End IP fields, enter the IP addresses that represent the start of the IP range and end of the IP range.

  • Page 154: Updatable Objects

    These lists are dynamically updated. Updatable objects derive their contents from these published lists of the providers, which Check Point uploads to the Check Point cloud. The updatable objects are updated automatically on the Security Gateway each time the provider changes a list.

  • Page 155: Managing Network Object Groups

    Managing Network Object Groups Managing Network Object Groups Users & Objects Network Object Groups > page lists the network object groups defined in the system. In this page you can add new network object groups, edit network object groups, and delete network object groups.

  • Page 156: Logs And Monitoring

    Logs and Monitoring Logs and Monitoring This section describes the security and system logs. It also describes various monitoring tools. Viewing Security Logs Logs & Monitoring > Logs > Security Logs page shows the last 100 log records. To load more records, continue scrolling down the page. The log table is automatically refreshed. To search for a security log: Enter search query Enter your query in the...
  • Page 157 Logs and Monitoring Storing Logs Logs can be stored locally on the appliance's non-persistent memory or on an external SD card Log Servers (persistent). Logs can also be sent to an externally managed log server (see page). When you insert an SD card, it mounts automatically and then local logs are saved to it. Before you eject an Options Eject SD card safely SD card, make sure to unmount it.

  • Page 158: Viewing System Logs

    Viewing System Logs Viewing System Logs Logs & Monitoring System Logs > page shows up to 500 systems logs (syslogs) generated from the appliance at all levels except for the debug level. These logs should be used mainly for troubleshooting purposes and can also give the administrator notifications for events which occurred on the appliance.

  • Page 159: Configuring External Log Servers

    Therefore, he selects TLS Over TCP as the protocol. UDP is not secure. Notes : Only one remote TLS server is supported. The server CA must be trusted by Check Point. The TLS server must be configured using its domain name. Only UDP allows you to configure the server by IP address.
  • Page 160 Configuring External Log Servers To send security logs to syslog servers: Protocol When you configure the log server, for select Note - The security logs show in the syslog format, not in the security logs format. To edit the external syslog server: 1.

  • Page 161: Managing Active Devices

    Managing Active Devices Managing Active Devices "Managing Active Devices" on page 69 1500 Appliance Series R80.20.15 Centrally Managed Administration Guide | 161...

  • Page 162: Wireless Active Devices

    Wireless Active Devices Wireless Active Devices Logs & Monitoring Wireless Active Devices > page shows the devices connected to your gateway's wireless network. Relevant information for each connected device's network usage includes: SSID – Name of the WiFi network Channel Frequency Signal Strength RSSI –...

  • Page 163: Viewing Vpn Tunnels

    Viewing VPN Tunnels Viewing VPN Tunnels VPN Tunnels In the page, you can see current VPN tunnels opened between this gateway and remote sites. Some sites are configured so tunnels are established only when necessary and some are configured with permanent tunnels. When the appliance is managed by Cloud Services, this table also shows the tunnels for the gateways in the community.

  • Page 164: Viewing Active Connections

    Viewing Active Connections Viewing Active Connections Logs & Monitoring Connections > page shows a list of all active connections. The list shows these fields: Protocol Source Address Source Port Destination Address Destination Port To filter the list: Type to filter In the box, enter the filter criteria.

  • Page 165: Access Points

    Access Points Access Points Logs & Monitoring Access Points > page shows the available access points around your gateway. The network information includes: Channel Frequency Security Signal strength Signal noise Use case: Use this information to decide which network to connect to, and change based on your needs. In addition, this page displays the current wireless radio frequency and channel in use and the wireless networks configured.

  • Page 166: Viewing Monitoring Data

    Viewing Monitoring Data Viewing Monitoring Data "Viewing Monitoring Data" on page 71 1500 Appliance Series R80.20.15 Centrally Managed Administration Guide | 166...

  • Page 167: Viewing Reports

    Viewing Reports Viewing Reports "Viewing Reports" on page 73 1500 Appliance Series R80.20.15 Centrally Managed Administration Guide | 167...

  • Page 168: Using System Tools

    Using System Tools Using System Tools "Using System Tools" on page 75 1500 Appliance Series R80.20.15 Centrally Managed Administration Guide | 168...

  • Page 169: Snmp

    SNMP SNMP SNMP is a protocol for sending data and is used for monitoring. SNMP traps are alert messages sent as a result of monitoring conditions. SNMP trap receivers are configured to receive the alerts. Logs & Monitoring SNMP In the >...

  • Page 170: Snmp Traps Receivers

    SNMP SNMP Traps Receivers SNMP trap receivers receive the alert messages. The trap receiver properties must be configured before a trap is sent. To add an SNMP trap receiver: 1. Click 2. In the Add SNMP Traps Receiver window, enter the IP address. 3.
  • Page 171 SNMP To edit an SNMP trap: 1. Select the trap from the list and click Edit 2. Select the Enable trap option to enable the trap or clear it to disable the trap. 3. If the trap contains a value , you can edit the threshold value when necessary.

  • Page 172: Advanced Configuration

    For more information, see "Upgrade Using Boot Loader" on page 175 Note - A USB storage device used for clean installation of a new image on the 1500 series must be formatted with the FAT32 file-system. Installing a new firmware image from a USB drive Check Point releases new firmware images every so often.

  • Page 173: Upgrade Using An Sd Card

    ( u-boot*.bin files or fwl*.gz files). 3. Insert the SD card into the SD card slot on the Check Point Appliance. If the operation does not succeed, this may be because the SD card slot does not recognize all devices.

  • Page 174: Boot Loader

    Please enter your selection: When you are in Boot Loader, all interfaces are down and you can only activate them for options that require connectivity. At this point Check Point's services are not active. Options 1-3 start the appliance. Normal mode is the default boot mode for the appliance.

  • Page 175: Upgrade Using Boot Loader

    3. You are asked if you want to load the image manually from a TFTP server, or if you want to use automatic mode with a bootp server. 4. If you select manual mode, you are asked to fill in the IP of the Check Point Appliance, the IP of the TFTP server, and the image name.

  • Page 176: Restoring Factory Defaults

    As part of a troubleshooting process, you can restore the Check Point Appliance to its factory default settings if necessary. You can restore a Check Point Appliance to the factory default image with the WebUI, Boot Loader, or a button on the back panel.
  • Page 177 Restoring Factory Defaults To restore the Check Point Appliance to its default factory configuration using U-boot (boot loader): 1. Connect to the appliance with a console connection (use the serial console connection on the back panel of the appliance). 2. Boot the appliance and press CTRL+C The Gaia Embedded Boot Menu appears.

Table of Contents

Save PDF