Check Point IP690 - Flash Based Sys Installation Manual
  1. Manuals
  2. Brands
  3. Check Point Manuals
  4. Firewall
  5. IP690 - Flash Based Sys
  6. Installation manual
Check Point IP690 - Flash Based Sys Installation Manual

Check Point IP690 - Flash Based Sys Installation Manual

Security platform
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Check Point
IP690 Security Platform

Installation Guide

Part No. N450000890 Rev 001
Published March 2009

Advertisement

Table of Contents
loading

Related Manuals for Check Point IP690 - Flash Based Sys

Summary of Contents for Check Point IP690 - Flash Based Sys

  • Page 1: Installation Guide

    Check Point IP690 Security Platform Installation Guide Part No. N450000890 Rev 001 Published March 2009...

  • Page 2: Check Point Contact Information

    © 2003-2009 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point.

  • Page 3: Table Of Contents

    Contents Check Point Contact Information........2 About this Guide .
  • Page 4 Performing the Initial Configuration ........33 Using a Console Connection.
  • Page 5 and Accelerated Data Path (ADP) Services Modules ..... 77 Replacing the Compact Flash Memory Card ......78 Installing and Using a PC Card .
  • Page 6 Check Point IP690 Security Platform Installation Guide...
  • Page 7 Figures Figure 1 Component Locations Front View ......17 Figure 2 Four-Port 10/100/1000 Ethernet PMC Details ....17 Figure 3 Check Point IP690 Security Platform System Status LEDs .
  • Page 8 Check Point IP690 Security Platform Installation Guide...
  • Page 9 Tables Table 1 Command-Line Conventions ........12 Table 2 Text Conventions .
  • Page 10 Check Point IP690 Security Platform Installation Guide...

  • Page 11: About This Guide

    About this Guide This manual provides information for the installation and use of the Check Point IP690 security platforms. Installation and maintenance should be performed by experienced technicians or Check Point-approved service providers only. This preface provides the following information: In this Guide Conventions this Guide Uses In this Guide...

  • Page 12: Conventions This Guide Uses

    Appendix B, “Compliance Information” provides compliance and regulatory information. Conventions this Guide Uses The following sections describe the conventions this guide uses, including notices, text conventions, and command-line conventions. Notices Warning Warnings advise the user that either bodily injury might occur because of a physical hazard, or that damage to a structure, such as a room or equipment closet, might occur because of equipment damage.
  • Page 13 Conventions this Guide Uses Table 1 Command-Line Conventions (continued) Convention Description angle brackets < > Indicates arguments for which you must supply a value: retry-limit <1–100> Supply a value. For example: retry-limit 60 Square brackets [ ] Indicates optional arguments. delete [slot slot_num] For example: delete slot 3...

  • Page 14: Text Conventions

    Text Conventions Table 2 describes the text conventions this guide uses. Table 2 Text Conventions Convention Description monospace font Indicates command syntax, or represents computer or screen output, for example: Log error 12453 bold monospace font Indicates text you enter or type, for example: # configure nat Key names Keys that you press simultaneously are linked by a plus sign (+):...

  • Page 15: Overview

    Overview This chapter provides an overview of the Check Point IP690 security platform and the requirements for its use. The following topics are covered: About the Check Point IP690 Security Platform Managing the Check Point IP690 Security Platform Check Point IP690 Security Platform Overview Logging Options Site Requirements, Warnings, and Cautions Software Requirements...

  • Page 16: Managing The Check Point Ip690 Security Platform

    Overview Front-panel reset button Note Any slot can be used for an Ethernet NIC. The PCMCIA PC card carrier that is an option for slot 3 is removable; slot 3 can accept a Check Point-approved NIC. You can purchase optional 2.5-inch hard-disk drives to use for logging. You can also purchase an optional PC card for logging.

  • Page 17: Check Point Ip690 Security Platform Overview

    Check Point IP690 Security Platform Overview Check Point IP690 Security Platform Overview Figure 1 shows the component locations for the IP690. Figure 1 Component Locations Front View System status LEDs PC-card slot (slot 3) PMC NIC slots (slots 1 and 2) IP690 SLOT 1 SLOT 2...

  • Page 18: Pmc Expansion Slots

    Overview PMC Expansion Slots The IP690 security platform provides two additional PMC expansion slots for network interface card (NIC) and Accelerated Data Path (ADP) services modules options. For information about NICs, see Chapter 5, “Connecting PMC Network Interface Cards.” For information about ADP modules, see Chapter 6, “Installing, Using, and Replacing ADP Services Modules.”...

  • Page 19: Auxiliary Port

    Check Point IP690 Security Platform Overview An RJ-45 to DB-9 adapter One RJ-45 termination has a retractable shroud that releases or secures the RJ-45 tab. Use this end of the cable when connecting to the console port of the IP690. You can easily remove the console cable by pulling back on the shroud.

  • Page 20: Figure 3 Check Point Ip690 Security Platform System Status Leds

    Overview Figure 3 Check Point IP690 Security Platform System Status LEDs Warning (yellow) System OK (green) Fault (red) SLOT 2 SLOT 3 SLOT 4 RESET CONSOLE 00578 Table 4 shows the system status LEDs and describes their meaning. Table 4 System Status LEDs Status Indicator Definition Symbol...

  • Page 21: Logging Options

    Logging Options Logging Options The IP690 supports two options for storing local system log files, as described in the following topics: Using Hard-Disk Drives for Logging Using PC Card for Logging Note You can use only one device for logging (whether hard-disk drive or PC card) so only one should be plugged into the system at any one time.

  • Page 22: Power Supplies And Fan Unit

    Overview this document, see the Check Point Support Center at http://support.checkpoint.com/.” page 2. Note The slot that the PCMCIA card carrier uses also supports other PMC cards approved by Check Point. Power Supplies and Fan Unit The redundant power supplies and fan unit are located at the rear of the IP690 appliance, as shown in Figure Figure 5 Power Supplies and Fan Unit Locations...

  • Page 23: Fan Unit

    Logging Options Table 5 Power Supply Status LEDs LED status Meaning Fault Power supply has a voltage problem and power was turned off. One power supply in a redundant system is not turned on. Over Temp Yellow Power supply has an internal temperature problem.

  • Page 24: Site Requirements, Warnings, And Cautions

    Overview Site Requirements, Warnings, and Cautions Before you install a Check Point IP690 security platform, ensure that your computer room or wiring closet conforms to the environmental specifications listed in Appendix A, “Technical Specifications.” Warning Excessive electromagnetic interference (EMI) can occur if you use controls, make performance adjustments, or follow procedures that are not described in this document.

  • Page 25: Product Disposal

    Product Disposal Product Disposal This symbol on the product or on its packaging indicates that this product must not be disposed of with your other household waste. Instead, it is your responsibility to dispose of your waste equipment by handing it over to a designated collection point for the recycling of waste electrical and electronic equipment.
  • Page 26 Overview Check Point IP690 Security Platform Installation Guide...

  • Page 27: Installing The Check Point Ip690 Appliance

    Installing the Check Point IP690 Appliance This chapter describes how to install the IP690 appliance. The following topic is discussed: Before You Begin Rack-Mounting the Appliance Before You Begin To rack-mount the appliance, you need: Phillips-head screwdriver Grounding wrist strap Suitable, grounded work surface on which to place the chassis tray assembly Caution To help guard against electrostatic discharge damage, make sure you are properly...

  • Page 28: Figure 8 Rack-Mounting Screw Locations

    Installing the Check Point IP690 Appliance Figure 8 Rack-Mounting Screw Locations IP690 SLOT 1 SLOT 2 SLOT 3 SLOT 4 RESET CONSOLE 00581 Rack-mounting screw locations Two rack-mounting positions allow you to mount the appliance either flush with the rack, or two inches forward of the equipment rack.
  • Page 29 Rack-Mounting the Appliance c. Slowly pull the fan unit out of the chassis toward the rear. 00587 3. Optionally, remove the power supplies from the rear of the appliance to reduce weight, as follows. a. Locate the power supplies on the back of the IP690. FAULT FAULT OVER TEMP...
  • Page 30 Installing the Check Point IP690 Appliance 4. Optionally, remove the chassis tray assembly from the appliance. a. Loosen the two chassis tray assembly retaining screws from the front panel of the appliance. IP690 SLOT 1 SLOT 2 SLOT 3 SLOT 4 RESET CONSOLE 00581...
  • Page 31 Rack-Mounting the Appliance 5. Adjust the mounting brackets on the side of the appliance if necessary. 6. Mount the appliance into a standard 19-inch rack by using the mounting screws located on the mounting brackets. You can use the rear brackets for additional chassis support. 7.
  • Page 32 Installing the Check Point IP690 Appliance Check Point IP690 Security Platform Installation Guide...

  • Page 33: Performing The Initial Configuration

    Performing the Initial Configuration The first time you turn on power to a Check Point IP690 appliance, the initial configuration process begins. This process enables you to configure the network settings and provides access to the admin account. You can perform the initial configuration in two ways: Configure a DHCP server to provide the initial configuration information the first time the appliance is started.

  • Page 34: Using A Console Connection

    Performing the Initial Configuration Using a Console Connection If you do not use DHCP to perform the initial configuration of your Check Point IP690 security platform, you must use a serial console connection (cable included). After you perform the initial configuration, you no longer need the console connection. You can use any standard VT100-compatible terminal with an RS-232 data terminal equipment (DTE) interface or terminal-emulation program configured with the following settings for the console:...

  • Page 35: Figure 9 Power Switch Location

    Connecting Power and Turning the Power On Figure 9 Power Switch Location Power supplies FAULT FAULT OVER TEMP OVER TEMP OVER OVER PWER OK PWER OK 00580 Power cord receptacle Power switch Caution To avoid potential service interruptions from momentary facility power interruptions and potential power spikes that might damage your equipment, Check Point strongly recommends that you use an uninterruptible power supply (UPS) with surge protection with your IP690.

  • Page 36: Performing The Initial Configuration

    Performing the Initial Configuration Performing the Initial Configuration If you do not use DHCP to perform the initial configuration of your Check Point IP690 security platform, you must use a serial console connection (cable included). After you perform the initial configuration, you no longer need the console connection. To perform the initial configuration 1.

  • Page 37: Connecting Network Interfaces

    Connecting Network Interfaces If the DHCP client starts, it might configure the appliance with an incorrect host name and IP address (this could happen if a DHCP server on your network is configured to respond to any request). To reset the incorrect host name and IP address: a.

  • Page 38: Using Check Point Network Voyager

    Performing the Initial Configuration Using Check Point Network Voyager Use Check Point Network Voyager to configure and monitor your appliance. To open Check Point Network Voyager 1. Open a Web browser on the host you plan to use to configure or monitor your appliance. 2.

  • Page 39: Using The Command-Line Interface

    Using the Command-Line Interface Figure 10 Check Point Network Voyager Reference Access Points Link to complete user documentation Link to online help (context sensitive help) Using the Command-Line Interface You can also use the Check Point IPSO command-line interface (CLI) to manage and configure Check Point IP security appliances from the command line.

  • Page 40: Using Check Point Horizon Manager

    Performing the Initial Configuration Execute from To Implement Purpose Check Point Enter the following command Enter any CLI commands in an IPSO command to invoke the CLI shell: interactive mode with help text line and other helpful CLI features. clish The prompt changes, and you can then enter CLI commands.

  • Page 41: Installing And Replacing Network Interface Cards

    Installing and Replacing Network Interface Cards Your Check Point IP690 security platform comes with any network interface cards (NICs) or Accelerated Data Path (ADP) services modules you ordered already installed. All NICs and ADP modules installed in the appliance are housed in PMC expansion slots. You should have a working knowledge of networking equipment before you attempt to service a appliance.

  • Page 42: Installing Nics

    Installing and Replacing Network Interface Cards Deactivate all of the physical interfaces on the NIC. If you do not deactivate the interfaces before removing the NIC, you may have to reinstall the NIC to deactivate its logical and physical interfaces in Network Voyager. For information about how to access Network Voyager, see “Using Check Point Network Voyager”...
  • Page 43 Installing NICs 3. Loosen the two front panel retaining screws. IP690 SLOT 1 SLOT 2 SLOT 3 SLOT 4 RESET CONSOLE 00581 Chassis tray assembly retaining screws 4. Slowly slide the chassis tray assembly forward, taking care to prevent damaging components, press the release tab on the right side of the assembly, and completely remove the chassis tray assembly to expose the motherboard components.
  • Page 44 Installing and Replacing Network Interface Cards 6. From underneath the chassis tray assembly, remove the bezel or NIC retaining screws. 00590 If you are installing a NIC in an unoccupied slot, remove the blank bezel that occupies the space in the appliance front panel and retain it for future use. If you are removing an installed NIC, remove it by pulling up on the back of the NIC adjacent to the two interface connectors.
  • Page 45 Installing NICs b. Gently push down on the two connectors on the back of the NIC until they are fully seated. 8. From the top of the chassis tray assembly, screw the NIC retaining screws into the standoffs on the back of the NIC. 00591 9.

  • Page 46: Configuring And Activating Interfaces

    Installing and Replacing Network Interface Cards 11. Tighten the retaining screws that hold the chassis tray assembly. IP690 SLOT 1 SLOT 2 SLOT 3 SLOT 4 RESET CONSOLE 00581 Chassis tray assembly retaining screws 12. Turn the power on. Configuring and Activating Interfaces The IP690 appliance automatically detects any new NIC when the appliance is restarted.

  • Page 47: Connecting Pmc Network Interface Cards

    Connecting PMC Network Interface Cards This chapter describes the network interface cards available for the Check Point IP690 security platform and how to connect those NICs to your network. The following NICs are described: Four-Port 10/100 Ethernet NIC Two-Port and Four-Port Copper Gigabit Ethernet NIC Two-Port Fiber-Optic Gigabit Ethernet NICs For instructions about how to add or replace NICs, see Chapter 4, “Installing and Replacing...

  • Page 48: Four-Port 10/100 Ethernet Nic

    Connecting PMC Network Interface Cards Four-Port 10/100 Ethernet NIC The IP690 supports Check Point-approved, four-port UTP5 dual-mode (10-Mbps and 100- Mbps) Ethernet NICs installed in a PMC expansion slot. When you purchase a 10/100 Ethernet NIC with your IP690, the NIC is installed before the appliance is delivered to you. For information about how to add or replace a NIC, see Chapter 4, “Installing and Replacing Network Interface Cards.”...

  • Page 49: Ethernet Nic Connectors And Cables

    Four-Port 10/100 Ethernet NIC Ethernet NIC Connectors and Cables The Ethernet connectors on the four-port 10/100 Ethernet NICs are RJ-45 connectors. Use a straight-through cable to connect the NIC to a 10-Mbps or 100-Mbps hub or switch or a crossover cable to connect directly to a host. Use ANSI TIA/EIA-568-A/B compliant (Cat 5 or Cat 5e) unshielded twisted pair cable.

  • Page 50: Two-Port And Four-Port Copper Gigabit Ethernet Nic

    Connecting PMC Network Interface Cards Figure 13 Ethernet Crossover-Cable Pin Connections 00017.1 Two-Port and Four-Port Copper Gigabit Ethernet NIC The Check Point IP690 security platform supports Check Point-approved, four-port and two-port copper Gigabit Ethernet NICs installed on a PMC expansion slot. The IP690 can accommodate up to four Gigabit Ethernet NICs.

  • Page 51: Copper Gigabit Ethernet Nic Connectors And Cables

    Two-Port and Four-Port Copper Gigabit Ethernet NIC Figure 14 Four-Port Copper Gigabit Ethernet NIC Front Panel Details RJ-45 receptacles 00641 Link LED (solid green) Activity LED (blinking green) Figure 15 Two-Port Copper Gigabit Ethernet NIC Front Panel Details Link LEDs (green or yellow) Activity LEDs (yellow) Ports Note...

  • Page 52: Figure 16 Gigabit Ethernet Cable Connector Output Pin Assignments

    Connecting PMC Network Interface Cards Caution Cables that connect to the Gigabit Ethernet NIC must be ANSI TIA/EIA-568-A/B compliant (Cat 5 or Cat 5e) to prevent potential data loss. To connect to a 1-Gbps hub, switch, or router, use a straight-through RJ-45 cable (Cat 5 or Cat 5e type cable, or as required by your network configuration).

  • Page 53: Two-Port Fiber-Optic Gigabit Ethernet Nics

    Two-Port Fiber-Optic Gigabit Ethernet NICs To connect directly to a host, use an RJ-45 crossover cable wired as Figure 17 shows. Figure 17 Gigabit Ethernet Crossover Cable Pin Connections Note After you turn on the appliance, the Ethernet link LEDs on both the appliance and on the remote equipment illuminate to indicate the connection.

  • Page 54: Fiber-Optic Gigabit Ethernet Nic Connectors And Cables

    Connecting PMC Network Interface Cards For information about how to access Network Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 38. Figure 18 shows the front panel details for the two-port short-range (1000 BASE-SX) fiber-optic Gigabit Ethernet NIC you can use in IP690 appliance.
  • Page 55 Two-Port Fiber-Optic Gigabit Ethernet NICs cable to loop back the transmit port of an interface to the receiver port. LC and SC define the fiber-optic connector types; LC connectors are smaller than SC connectors. Depending on the product you order, one or more LC-to-SC cables are included with fiber-optic Gigabit Ethernet NICs.
  • Page 56 Connecting PMC Network Interface Cards Check Point IP690 Security Platform Installation Guide...

  • Page 57: Installing, Using, And Replacing Adp Services Modules

    Installing, Using, and Replacing ADP Services Modules This chapter describes the Accelerated Data Path (ADP) services modules available for the Check Point IP690 appliance and how to connect those modules to your network. It includes the following sections: Installing and Replacing ADP Modules Check Point ADP Module LED Reference Information Configuring Check Point IPSO with IP690 ADP Interfaces Effect on Interfaces...

  • Page 58: Installing And Replacing Adp Modules

    Installing, Using, and Replacing ADP Services Modules Note Check Point supports only ADP modules and transceivers sold by Check Point. For further information, contact your Check Point representative. Installing and Replacing ADP Modules Note Before you begin this procedure, you should review all ADP module information in the Getting Started Guide and Release Notes for the version of IPSO you are using and refer to both of these documents as needed as you complete the installation and configuration process.
  • Page 59 Installing and Replacing ADP Modules PMC NICs due to interface naming convention differences. Therefore, you need to delete all existing configurations associated with slot 2. Note You do not need to delete the slot 1 configuration for the first 4 ports, as the naming conventions for the first 4 ports for Slot 1 remain the same when you use an ADP module rather than a NIC.
  • Page 60 Installing, Using, and Replacing ADP Services Modules 8. From underneath the chassis tray assembly, remove the four bezel retaining screws. Remove the four bezel screws, and filler panels, installed PMC NICs, or ADP modules 00440a If the slots you are using for the ADP module are unoccupied, remove the filler panels that occupy the spaces in the appliance front panel and retain them for future use.
  • Page 61 Installing and Replacing ADP Modules Note It is important that you reinstall the two baffle screws for proper motherboard operation. Remove the two baffle screws and baffle, and reinstall the two screws 00648 Check Point IP690 Security Platform Installation Guide...
  • Page 62 Installing, Using, and Replacing ADP Services Modules 10. If a FIPS screen is installed, note the position of the screen, as it must be reinstalled the same way. Remove the two screws that secure the screen, and remove the screen. Remove the two FIPS screen screws and the screen 00649...
  • Page 63 Installing and Replacing ADP Modules the back of the module down, you should detect little or no resistance; if you do, check to ensure that the EMI gaskets have not rolled back. Push down only at these two points and ensure that both connectors are completely seated Memory card location Take care that the EMI...
  • Page 64 Installing, Using, and Replacing ADP Services Modules 14. From beneath the chassis tray assembly, screw in the bezel retaining screws. ADP module heat sink Reinstall the two retaining screws Memory card must be removed at this stage Reinstall the four bezel screws 00441a 15.
  • Page 65 Installing and Replacing ADP Modules The following figure shows the IP690 ADP module front panel details. ADP module with ports for transceivers ADP module with fixed RJ-45 ports 00605a 00660 Link and Activity LEDs To install or remove transceivers in a Check Point ADP module For ADP modules that require transceivers, refer to the following figure, which shows how to install or remove the transceivers.

  • Page 66: Check Point Adp Module Led Reference Information

    Installing, Using, and Replacing ADP Services Modules Push the transceiver into an available port in the ADP module. Rotate the transceiver latch lever down to secure the transceiver in the ADP module. Note Depending on the design of your transceiver, you might need to rotate the latch lever upward to release the device.

  • Page 67: Configuring Check Point Ipso With Ip690 Adp Interfaces

    Configuring Check Point IPSO with IP690 ADP Interfaces Configuring Check Point IPSO with IP690 ADP Interfaces This section includes information about configuring IPSO to use the interfaces on a Check Point ADP module. To help you understand the implications of installing an ADP module, it provides an example of the steps you might perform to install an ADP module in an IP690 appliance running the Virtual Router Redundancy Protocol (VRRP).

  • Page 68: Check Point Adp Module Interface Names For Ip690 Appliances

    Installing, Using, and Replacing ADP Services Modules Check Point ADP Module Interface Names for IP690 Appliances ADP module interface naming conventions differ from those for PMC NICs. IP690 appliances support one ADP module which occupies both slots 1 and 2. However, the ADP module appears to the host as though it logically occupies only slot 1 of the appliance.

  • Page 69: Configuration Example With Vrrp

    Configuring Check Point IPSO with IP690 ADP Interfaces Configuration Example with VRRP This example describes the steps required to install an ADP module in an IP690 appliance with VRRP configured. The following figure shows the Interface Configuration page of the appliance before an ADP module is installed.

  • Page 70: Deleting Vrrp Configurations

    Installing, Using, and Replacing ADP Services Modules The following figure shows the VRRP configuration: The rest of this section describes how to reconfigure the interfaces and VRRP to accommodate the ADP interfaces. Deleting VRRP Configurations After you physically remove PMC NICs that you are replacing with ADP modules, you need to delete the configuration information for those interfaces.

  • Page 71: Reconfiguring Interfaces

    Configuring Check Point IPSO with IP690 ADP Interfaces Note It is best to perform the procedures in this section on the VRRP backup system first. When the installation is complete, the upgraded system can become the new master while you upgrade the original master.
  • Page 72 Installing, Using, and Replacing ADP Services Modules The interfaces you removed from slot 2 are still listed on this page, and you see a blue indicator next to each of them in the Up column. 3. Delete the interface names and configuration information for the interfaces you removed from slot 2 by following the remaining steps in this procedure.
  • Page 73 Configuring Check Point IPSO with IP690 ADP Interfaces Note To delete an interface used by VRRP or IP clustering, you must first disable the feature that uses the interface. This is why you deleted the VRRP configuration before you installed the ADP module. 4.

  • Page 74: Reconfiguring Vrrp

    Installing, Using, and Replacing ADP Services Modules The following figure shows the example system after the configuration information for all of the removed interfaces has been deleted: 9. If appropriate, configure the ADP interfaces to use the IP addresses previously assigned to the removed interfaces.
  • Page 75 Configuring Check Point IPSO with IP690 ADP Interfaces In this example, you need to recreate the VRRP configuration using the new interfaces eth-s1p5c0 and eth-s1p6c0. The following figure shows the example system after you recreate the VRRP configuration using the new interfaces: Check Point IP690 Security Platform Installation Guide...
  • Page 76 Installing, Using, and Replacing ADP Services Modules Check Point IP690 Security Platform Installation Guide...

  • Page 77: And Accelerated Data Path (Adp) Services Modules

    Installing and Replacing Components Other than Network Interface Cards (NICs) and Accelerated Data Path (ADP) Services Modules This chapter provides information about how to install or replace orderable parts other than network interface cards (NICs) and Accelerated Data Path (ADP) services modules in your Check Point IP690 appliance.

  • Page 78: Replacing The Compact Flash Memory Card

    Installing and Replacing Components Other than Network Interface Cards (NICs) and Accelerated Data Path Replacing the Compact Flash Memory Card The compact flash memory card stores the Check Point IPSO operating system and the boot manager program. Use the internal compact flash to boot the system and install the IPSO operating system on the compact flash memory card.
  • Page 79 Replacing the Compact Flash Memory Card To replace your compact flash 1. Use Check Point Network Voyager or the command-line interface (CLI) to perform an orderly shutdown of the IP690 appliance. For information about how to access Network Voyager and the related reference materials, “Using Check Point Network Voyager”...
  • Page 80 Installing and Replacing Components Other than Network Interface Cards (NICs) and Accelerated Data Path 6. Locate and remove the existing compact flash memory card from the slot by gently sliding it out of the slot. 00599 7. Gently insert the new compact flash memory card into the slot. 8.

  • Page 81: Installing And Using A Pc Card

    Installing and Using a PC Card Installing and Using a PC Card Figure 21 shows the external PC card location. Note To use a PC card with the IP690, you need to install an optional PCMCIA card carrier in slot 3.

  • Page 82: Installing A Hard-Disk Drive

    Installing and Replacing Components Other than Network Interface Cards (NICs) and Accelerated Data Path To remove a PC card used for logging in an IP690 1. Perform one of the following: access In Network Voyager, Optional Disks and unselect the PC card as an optional disk. Using the CLI, enter the command: set optional-disk device-id <1 | 2>...
  • Page 83 Installing a Hard-Disk Drive Caution To help guard against electrostatic discharge damage, make sure you are properly grounded by using a grounding wrist strap and following the instructions provided with the wrist strap before you handle the components or open the appliance. If you do not have a grounding wrist strap, make sure you are properly grounded before you touch any electronic component.

  • Page 84: Figure 22 Location Of Hard-Disk Drive On Chassis Tray Assembly

    Installing and Replacing Components Other than Network Interface Cards (NICs) and Accelerated Data Path 4. Slowly slide the chassis tray assembly forward, taking care to prevent damaging components, press the release tab on the right side of the assembly, and completely remove the chassis tray assembly to expose the motherboard components.
  • Page 85 Installing a Hard-Disk Drive 6. Remove the four screws from the base of the hard-disk drive and remove the hard-disk drive. 00593 7. Slide the new hard-disk drive onto the mounting locations. 00582 8. Replace the four screws. 00593 Check Point IP690 Security Platform Installation Guide...

  • Page 86: Replacing A Check Point Encryption Accelerator Card

    Installing and Replacing Components Other than Network Interface Cards (NICs) and Accelerated Data Path 9. Slowly slide the chassis tray assembly back into the appliance, taking care to prevent damaging components. 00583 10. Resecure the two chassis tray assembly retaining screws. Replacing a Check Point Encryption Accelerator Card The IP1560 comes with the Check Point encryption accelerator card preinstalled as part of its base bundle to further enhance VPN performance.
  • Page 87 Replacing a Check Point Encryption Accelerator Card Caution To help guard against electrostatic discharge damage, make sure you are properly grounded by using a grounding wrist strap and following the instructions provided with the wrist strap before you handle the components or open the appliance. Note You do not need to manually disconnect power for this procedure.
  • Page 88 Installing and Replacing Components Other than Network Interface Cards (NICs) and Accelerated Data Path 4. Slowly slide the chassis tray assembly forward, taking care to prevent damaging components, press the release tab on the right side of the assembly, and completely remove the chassis tray assembly to expose the motherboard components.
  • Page 89 Replacing a Check Point Encryption Accelerator Card 6. Loosen the four retaining screws and remove the card by pulling up from the right side of the card above the interface connectors. 00517.1 Caution Do not use the PMC connectors located at the front of the motherboard for the encryption accelerator card.

  • Page 90: Configuring Software To Use Hardware Acceleration

    Installing and Replacing Components Other than Network Interface Cards (NICs) and Accelerated Data Path 9. Place the screws through the standoff holes on the card and into the standoffs on the motherboard. Screw Encryption accelerator card Standoff hole Motherboard standoff 00175.1 10.

  • Page 91: Replacing A Fan Unit

    Replacing a Fan Unit To enable IKE acceleration 1. From the Network Voyager home page, click Security and Access Configuration, then click IKE Acceleration. For information about how to access Network Voyager and the related reference materials, “Using Check Point Network Voyager” on page 38.

  • Page 92: Replacing A Power Supply

    Installing and Replacing Components Other than Network Interface Cards (NICs) and Accelerated Data Path 3. Locate the fan unit on the back of the IP690 appliance and the two retaining screws that secure it. FAULT FAULT OVER TEMP OVER TEMP OVER OVER PWER OK...

  • Page 93: Figure 23 Power Supply Locations

    Replacing a Power Supply Figure 23 Power Supply Locations FAULT FAULT OVER TEMP OVER TEMP OVER OVER PWER OK PWER OK 00580 Power supplies Caution You should have working knowledge of networking equipment before you attempt to service an appliance. Limit service to the procedures described in this document. Caution Protect your appliance and other electronic equipment from electrostatic discharge damage by making sure you are properly grounded before you touch any component.

  • Page 94: Monitoring The Ip690 Appliance Power Supply

    Installing and Replacing Components Other than Network Interface Cards (NICs) and Accelerated Data Path 6. Grasp the handle and release lever as shown in the following figure, and use the handle to firmly pull the power supply out of the chassis. 00588 7.

  • Page 95: Replacing The Battery

    Replacing the Battery the CLI, see the CLI Reference Guide. For more information about Network Voyager, see the Check Point Network Voyager Reference Guide or use the Network Voyager inline help. To monitor the IP690 appliance power supplies by using Check Point Network Voyager 1.
  • Page 96 Installing and Replacing Components Other than Network Interface Cards (NICs) and Accelerated Data Path 4. Slowly slide the chassis tray assembly forward, taking care to prevent damaging components, press the release tab on the right side of the assembly, and completely remove the chassis tray assembly to expose the motherboard components.
  • Page 97 Replacing the Battery Caution You must place the new battery into the battery holder observing the correct polarity. The positive terminal of the battery must be facing up. 9. Slowly slide the chassis tray assembly back into the appliance, taking care to prevent damaging components.
  • Page 98 Installing and Replacing Components Other than Network Interface Cards (NICs) and Accelerated Data Path Check Point IP690 Security Platform Installation Guide...

  • Page 99: Troubleshooting

    Troubleshooting This chapter provides troubleshooting tips, problems, and solutions related to IP690 installations. General Troubleshooting Information The information in this section relates to non-routing problems. For information about how to troubleshoot routing problems, see “Troubleshooting Routing Problems” on page 106. Unable to Log in to the Console Port—No Error Message Two laptop computers (using terminal emulation programs) or terminals should be able to communicate back to back in the same way that the terminal communicates with the IP690.
  • Page 100 Troubleshooting Problem Database is corrupt. Solution Return to default settings according to the instructions included in the instructions for resetting the default password, or see the Check Point Support Center at http:// support.checkpoint.com/. Login Prompt Appears, But Password Not Accepted Problem Entered wrong password.
  • Page 101 General Troubleshooting Information To reset the default database settings 1. Log in to the IP690 as admin by using Network Voyager. For information about how to access Network Voyager and the related reference materials, “Using Check Point Network Voyager” on page 38. 2.
  • Page 102 Troubleshooting Do Not See Interfaces that Should be Present Problem Local IP690 ports do not appear. Solution Your NIC might be defective. See the Check Point Support Center at http:// support.checkpoint.com/. Note The problem could be with the slot on the PMC card carrier. Try installing the NIC in another slot.
  • Page 103 General Troubleshooting Information Problem No route to network. Solution Check the routing table to see if a route exists to the network where the interface is located. If no route exists, see “Troubleshooting Routing Problems” on page 106. Problem Attached device does not have proper default route or routing information. Solution If a local computer is unable to ping through an attached appliance, the computer might contain either an invalid default route or invalid routing information.
  • Page 104 Troubleshooting Problem Exceeding TTL on clients. Solution Verify that the client is set up for the proper TTL number. Many clients are set to receive local traffic only one hop away. Problems Interfacing to 1483 Devices (Classical IP) Problem Remote and local devices are not configured for the same VC and VP value. Solution Set remote and local devices to the same VC and VP values.
  • Page 105 If you issue the printenv command again, the boot-file and boot-device entries are present, as shown in this example: For example: BOOTMGR[11]>printenv NOKIAIPSOBOOTMGRVERSION=4.0.1-DEV00110.18.2005-115113 autoboot:YES testboot:NO bootwait:3 boot-file:/image/current/kernel boot-flags: boot-device:wd0 vendor:Nokia model:IP bmslice:1 BOOTMGR[12]> Check Point IP690 Security Platform Installation Guide...

  • Page 106: Troubleshooting Routing Problems

    Troubleshooting Troubleshooting Routing Problems Several useful tools are available to troubleshoot routing problems. The first tool is available from the Monitor page in Network Voyager, from which you display routing statistics and errors. You can access this information from the command-line interface using the ICLID (IPSRD command-line interface daemon) command.
  • Page 107 Troubleshooting Routing Problems Under routing options in Network Voyager, you can also enable several types of trace options for OSPF. These traces are logged in /var/tmp/ipsrd.log For information about how to access Network Voyager and the related reference materials, see “Using Check Point Network Voyager”...
  • Page 108 Troubleshooting Common Problems Exchanging Routes Always enter a metric value if you are exporting routes from OSPF to RIP. Problem Exchanging routes are not configured correctly. Solution Exchanging routes involves several configuration steps. Follow the tasks in the Voyager Reference Guide to ensure that you follow all steps. For information about how to access Network Voyager and the related reference materials, see “Using Check Point Network Voyager”...

  • Page 109: A Technical Specifications

    Technical Specifications Dimensions Height: 1.7 in. (43.4 cm) Width: 17.0 in. (43.2 cm, without mounting bracket) 19.0 in. (48.3 cm, with mounting bracket) Depth: 24.9 in. (63.2 cm) including front bezel 25.4 in. (64.5 cm) including front handles Weight 12.4 kg (27.3 lbs) Space Requirements The Check Point IP690 security platform is designed for front-screw mounting in a standard 19-inch rack.
  • Page 110 Technical Specifications Check Point IP690 Security Platform Installation Guide...

  • Page 111: B Compliance Information

    Compliance Information This appendix contains declaration of conformity, compliance, and related regulatory information. Declaration of Conformity According to ISO/IEC 17050: Manufacturer’s Name: Nokia, Inc. Manufacturer’s Address: 313 Fairchild Drive Mountain View, CA 94043-2215 declares that the product: Product Name: IP690...
  • Page 112 Compliance Information Christopher Saleem Compliance & Reliability Engineering Manager Security & Mobile Connectivity, Enterprise Solutions Mountain View, California May 2007 Check Point IP690 Security Platform Installation Guide...

  • Page 113: Compliance Statements

    Compliance Statements Compliance Statements This hardware complies with the standards listed in this section. Emissions Standards FCC Part 15 Subpart B Class A US/Canada EN55022 (CISPR 22 Class A) European Community (CE) Immunity Standards EN55024 European Community (CE) EN61000-4-2 European Community (CE) EN61000-4-3 European Community (CE) EN61000-4-4...
  • Page 114 Compliance Information interference in which case the user will be required to correct the interference at his own expense. Caution Any changes or modifications not expressly approved by the grantee of this device could void the user’s authority to operate the equipment. 050316 Check Point IP690 Security Platform Installation Guide...

  • Page 115: Index

    Index Ethernet NIC 49 fiber-optic Gigabit Ethernet NIC 54 AC power receptacle 22 modem 19 activating interfaces 46 power 34 appliance console cable 34 configuring 33 pin assignments 18 management 16 console port 15 overview 17 cooling 16 rack-mounting 28 copper Gigabit Ethernet NIC 50, 51 AUX port 17 cryptographic processing 86...
  • Page 116 replacing 91 multi-mode, fiber-optic cable 54 fiber-optic cable 37 fiber-optic Gigabit Ethernet NIC 54 flash memory 21 network interface cards front panel 17 copper Gigabit Ethernet 50 deactivating 41 Ethernet 48 green LED 23 fiber-optic Gigabit Ethernet 53 grounding cable 93 installing 41 list of available 47 network interfaces, connecting 37...
  • Page 117 serial port 15, 19 single-mode, fiber-optic cable 54 site requirements 24 software requirements 24 space requirements 109 specifications, technical 109 standoffs, motherboard 90 system logging with PC card 81 system status LEDs 19 technical specifications 109 troubleshooting 99 vertical space requirements 109 voltage fluctuation 113 voltage requirements 22 VPN performance 86...
  • Page 118 Index - 118 Check Point IP690 Security Platform Installation Guide...

Table of Contents