Page 1: Installation Guide
Check Point IP1280 Security Platform Installation Guide Part No. N450000891 Rev 001 Published March 2009...
Page 2: Check Point Contact Information
For additional technical information about Check Point products, and for the latest version of this document, see the Check Point Support Center at http://support.checkpoint.com/. Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments to: cp_techpub_feedback@checkpoint.com...
Page 3: Table Of Contents
Check Point Contact Information........
Page 4 Using Check Point Network Voyager ........
Page 5 Accelerated Data Path (ADP) Services Modules ..... 85 Replacing the Check Point Encryption Accelerator Card ..... 86 Configuring Software to Use Hardware Acceleration .
Page 6 Check Point IP1280 Security Platform Installation Guide...
Page 7 Figure 2 Built-In Ethernet Ports Details ....... . . 17 Figure 3 Check Point IP1280 Appliance System Status LEDs ....20 Figure 4 Hard-Disk Drive Front Pane .
Page 8 Check Point IP1280 Security Platform Installation Guide...
Page 9 Table 5 Power Supply Status LEDs ........25 Table 6 Check Point IP1280 Disk-Based Security Platform Software Requirements Table 7 Check Point IP1280 Flash-Based Security Platform Software Requirements Table 8 NIC PCI Frequency .
Page 10 Check Point IP1280 Security Platform Installation Guide...
Page 11: About This Guide
About this Guide This manual provides information for the installation and use of the Check Point IP1280 security platforms. Installation and maintenance should be performed by experienced technicians or Check Point-approved service providers only. This preface provides the following information:...
Page 12: Conventions This Guide Uses
Keys that you press simultaneously are linked by a plus sign (+): Press Ctrl + Alt + Del. Menu commands Menu commands are separated by a greater than sign (>): Choose File > Open. Check Point IP1280 Security Platform Installation Guide...
Page 13 • Emphasizes a point or denotes new terms at the place where Italics they are defined in the text. • Indicates an external book title reference. • Indicates a variable in a command: delete interface if_name Check Point IP1280 Security Platform Installation Guide...
Page 14 Check Point IP1280 Security Platform Installation Guide...
Page 15: Overview
Point Accelerated Data Path (ADP) services modules for IP appliances and Check Point IPSO for IP appliances system upgrades. The IP1280 appliance is available as either a or flash-based platform. In base configurations, the IP1280 disk-based appliance ships with one hard-disk drive, and the flash-based appliance ships with high-capacity compact flash memory.
Page 16: Managing The Check Point Ip1280 Security Platform
Nearly everything that you can accomplish with Check Point Network Voyager—manage, monitor, and configure the IP1280 security platform —you can also do with the CLI. For information about how to access the CLI, see the CLI Reference Guide for Check Point IPSO v3.6 or later.
Page 17: Check Point Ip1280 Security Platform Overview
PMC slot 3 Ethernet (PMC slot 4) Note IP1280 base systems do not include dual 6U PMC carriers, and you must order those separately from your Check Point representative. For Check Point contact information, see “Check Point Contact Information” on page 2.
Page 18: Expansion Slots
Expansion Slots The IP1280 appliance uses two 6U dual PMC carriers (or one PMC carrier and one ADP module) in slot 1 and slot 2 along with single-NIC slots 3 and 4 to provide up to a total of six expansion subslots for NICs.
Page 19: Auxiliary Port
One RJ-45 termination has a retractable shroud that releases or secures the RJ-45 tab. Use this end of the cable when connecting to the console port of the IP1280. You can easily remove the console cable by pulling back on the shroud.
Page 20: Figure 3 Check Point Ip1280 Appliance System Status Leds
Overview Figure 3 Check Point IP1280 Appliance System Status LEDs Warning (yellow) System OK (green) Fault (red) SLOT 1 SUB SLOT 1 SUB SLOT 2 FIO CARRIER POWER HOT SWAP LINK LINK LINK LINK READY REQUEST SUB SLOT 1 SUB SLOT 2...
Page 21: Hard-Disk Drives
The Check Point IP1280 contains a hardware RAID-1 feature that provides fault tolerance by allowing the IP1280 appliance to continue working in the event of a disk failure. When you use RAID-1 with your disk-based IP1280 with two hard-disk drives, the two drives appear as one volume, which is named sd0.
Page 22: Hard-Disk Drive Hot Swap Feature
4, before you remove or replace a hard-disk drive without shutting the appliance down. If you replace or remove drives with the IP1280 shut off, the RAID firmware will lose track of RAID volume data. For information about how to remove and replace a hard-disk drive, “Installing or Replacing Hard-Disk Drives”...
Page 23: Table 4 Hard-Disk Drive Leds
Check Point IP1280 Security Platform Overview Table 4 Hard-Disk Drive LEDs LED State Meaning Activity No current disk activity. Blinking green Current disk activity. Status Solid red Hard-disk drive is turned on but is malfunctioning. Solid green Hard-disk drive is turned on and is functioning.
Page 24: Power Supplies And Fan Unit
Overview Power Supplies and Fan Unit The power supplies and fan unit are located at the rear of the IP1280 appliance, as shown in Figure 5 Figure Figure 5 Power Supply and Fan Unit Locations (AC version) Power supplies Status LEDs...
Page 25: Table 5 Power Supply Status Leds
DC Power Supplies Note Do not use a combination of one AC power supply and one DC supply. Your IP1280 does not work with such a configuration. For IP1280 appliances that use DC power supplies, the following specifications apply for Check...
Page 26: Fan Unit
00625 Fan Unit The IP1280 appliance fan unit is a single unit made up of eight individual fans to provide the air flow required to maintain a proper operating temperature. The fan unit can provide proper airflow for a short time even if an individual fan fails.
Page 27: Software Requirements
Software Requirements Warning On IP1280 intended for shipment outside of the United States, the cord set might be optional. If a cord set is not provided, use a power cord rated at 10A, 250V, maximum 15 feet long, made of HAR cordage and IEC fittings approved by the country of end use.
Page 28: Product Disposal
Check Point VPN-1 versions compatible with the version of Check IP1280 Point IPSO you are using For information about updates to the software requirements or additional applications that have become available since this guide was published, see the Check Point Support Center at at http:/ /support.checkpoint.com/. Product Disposal This symbol on the product or on its packaging indicates that this product must not be disposed of with your other household waste.
Page 29: Installing The Check Point Ip1280 Appliance
Installing the Check Point IP1280 Appliance This chapter describes how to install the Check Point IP1280 appliance. The following topics are discussed: Rack Mounting the Appliance Before You Begin Caution To help guard against electrostatic discharge damage, make sure you are properly grounded by using a grounding wrist strap and following the instructions provided with the wrist strap before you handle the components or open the appliance.
Page 30: Before You Begin
Before You Begin To rack-mount the appliance, you need: Phillips-head screwdriver Disposable grounding wrist strap Suitable, grounded work surface on which to place the chassis tray assembly Check Point IP1280 Security Platform Installation Guide...
Page 31 (or other appropriate earth ground location that meets the specifications of your installation site) with the kep washer between the screw and cable lug. Torque the screw to 384 inch ounces Check Point IP1280 Security Platform Installation Guide...
Page 32 1. Remove the appliance from the packaging. 2. Optionally, remove the fan unit from the back of the appliance. a. Locate the fan unit and the four retaining screws that secure it on the back of the IP1280. FAULT OVER...
Page 33 Before You Begin 3. Optionally, remove the power supplies from the rear of the appliance. a. Locate the power supply on the back of the IP1280 and the two screws that secure it. FAULT OVER 700W AC TEMP PWR OK...
Page 34 SL OT RE QU ES T RE SE 00637a c. Place the chassis tray assembly on a properly grounded surface. 5. Adjust the front mounting brackets on the side of the appliance if necessary. Check Point IP1280 Security Platform Installation Guide...
Page 35 8. Slide the chassis tray assembly back into the appliance until it clicks into place, and resecure the four chassis tray assembly retaining screws. 9. Reinstall the fan unit into the rear of the appliance. 10. Reinstall the power supplies. Check Point IP1280 Security Platform Installation Guide...
Page 36 Installing the Check Point IP1280 Appliance Check Point IP1280 Security Platform Installation Guide...
Page 37: Performing The Initial Configuration
Performing the Initial Configuration The first time you turn on power to a Check Point IP1280 appliance, the initial configuration process begins. This process enables you to configure the network settings and provides access to the admin account. You can perform the initial configuration in two ways: Configure a DHCP server to provide the initial configuration information the first time the appliance is started.
Page 38: Using A Console Connection
Performing the Initial Configuration Using a Console Connection If you do not use DHCP to perform the initial configuration of your Check Point IP1280 appliance, you must use a serial console connection (cable included). After you perform the initial configuration, you no longer need the console connection.
Page 39: Connecting Power And Turning The Power On
2. Plug the other end of the power cord into a three wire grounded power strip or wall outlet. 3. Toggle the 1/O power switch to the 1 position to provide power to the IP1280 appliance. The fan unit on the power supply turns on when you press the power switch. Verify that the power supply fans are running after you press the switch.
Page 40: Performing The Initial Configuration
Fault LED illuminates. Performing the Initial Configuration If you do not use DHCP to perform the initial configuration of your Check Point IP1280 appliance, you must use a serial console connection (cable included). After you perform the initial configuration, you no longer need the console connection.
Page 41 For more information about how to respond to the prompts during the initial configuration process, see the release notes for the Check Point software release you are running. 4. When you are prompted to select an interface, Check Point recommends that you select one of the Ethernet management interface ports.
Page 42: Connecting Network Interfaces
Performing the Initial Configuration Connecting Network Interfaces Connect at least one network interface to the network to use as the Check Point Network Voyager system-management interface. This interface is configured during the initial configuration process, which is described in Chapter 3, “Performing the Initial Configuration.”...
Page 43: Viewing Check Point Ipso Documentation By Using Check Point Network Voyager
Figure Network Voyager Reference Guide—This guide is the comprehensive reference source for Check Point Network Voyager. To access this source, look at the list in the navigation tree on the left side of the window (as shown in Figure 10).You can also access this guide and other...
Page 44: Using The Command-Line Interface
You can now execute CLI commands from the CLI shell and the Check Point IPSO shell. The Check Point IPSO shell is what you see when you initially log on to the appliance.
Page 45 Point IP security appliances that reside on a corporate enterprise, managed service provider (MSP), or hosted applications service provider network (ASP). For information about how to obtain Check Point Horizon Manager or to learn more about the Check Point Horizon Manager, see the Check Point Web site at www.checkpoint.com.
Page 46 Performing the Initial Configuration Check Point IP1280 Security Platform Installation Guide...
Page 47: Installing And Replacing Network Interface Cards And Adp Services Modules
Accelerated Data Path (ADP) services modules that you ordered already installed. NICs or ADP modules installed in IP1280 slots 1 and 2 are housed in a 6U PMC carrier. NICs housed in 6U PMC carriers are hot swappable, but NICs in slots 3 and 4 and ADP modules are not, and you must power down your appliance to install or replace them.
Page 48: Removing, Installing, And Replacing Nics And Adp Modules
Removing, Installing, and Replacing NICs and ADP Modules IP1280 appliances have two slots on the front of the appliance that hold two 6U PMC carriers or ADP modules. You must first remove the 6U PMC carrier or ADP module from its slot before you can remove or install a NIC or ADP module.
Page 49 Replacement or new NIC or ADP module Note If you are servicing the slot 1 carrier or ADP module, Check Point recommends that you disconnect interface cables from the ports after you remove the carrier, as it is more difficult to remove cables from a carrier or ADP module installed in that location.
Page 50 PMC carrier or ADP module. The power LED on the front of the PMC carrier turns off when the power is removed. 5. Press or push the levers toward the outer edges of the IP1280. Ejector and locking levers...
Page 51 00311 Note If you are installing a NIC in an unoccupied slot on the PMC carrier, remove the blank bezel that covers the slot and retain it for future use. Proceed to step Check Point IP1280 Security Platform Installation Guide...
Page 52 10. Locate and remove the two NIC retaining screws from the back of the NIC. 00312 11. Remove the NIC by lifting the back of the NIC away from the chassis tray assembly and pulling it gently away from the front panel. 00313a Check Point IP1280 Security Platform Installation Guide...
Page 53 PMC carrier. Proceed to step Note To reduce electromagnetic interference (EMI), a blank bezel needs to be installed in the place of any NIC you have removed. Check Point IP1280 Security Platform Installation Guide...
Page 54 14. From the underside of the PMC carrier, screw in the bezel retaining screws. 00311 15. Insert the PMC carrier or ADP module back into its original slot on the front of the IP1280 appliance until it clicks into place.
Page 55 Some figures for this procedure show a slot 3 NIC replacement, but the same procedure applies for both slots 3 and 4. 1. Use Check Point Network Voyager or the CLI to perform an orderly shutdown of the IP1280. For information about how to access Check Point Network Voyager and the related reference materials, see “Using Check Point Network Voyager”...
Page 56 RE AD RE QU SL OT ES T RE SE 00637a Slot 3 Slot 4 4. Remove the six screw that secure the metal shield above the two PMC carriers and remove the shield. Check Point IP1280 Security Platform Installation Guide...
Page 57 S L O S L O R E S Remove PMC carriers 00654a.1 6. Remove the two front bezel screws and remove the slot 3 or slot 4 filler panel or installed NIC. Check Point IP1280 Security Platform Installation Guide...
Page 58 C O N S O L A U X A U X S L O S L O I P 1 2 8 0 S L O S L O R E S 00657a.2 Check Point IP1280 Security Platform Installation Guide...
Page 59 Make sure that you turn on both power supplies. If you are replacing a NIC with a new NIC of the same type, the Check Point IPSO operating system automatically recognizes the NIC and applies the original configuration to the new NIC.
Page 60: Configuring And Activating Interfaces
Check Point Network Voyager, see “Using Check Point Network Voyager” page 42. You can also use the Check Point IPSO tcpdump command to examine the traffic on a specific port. Check Point IP1280 Security Platform Installation Guide...
Page 61: About Ip1280 Appliance Network Interface Cards
About IP1280 Appliance Network Interface Cards This chapter describes the network interface cards available for the Check Point IP1280 appliance and how to connect those NICs to your network. The following NICs are described: Four-Port 10/100 Ethernet NICs Two-Port Fiber-Optic Gigabit Ethernet NICs...
Page 62: Four-Port 10/100 Ethernet Nics
Mbps) Ethernet NICs installed in a 6U PMC carrier or in slot 3 (slot 4 is reserved for a four-port copper Gigabit Ethernet NIC). When you purchase a 10/100 Ethernet NIC with your IP1280, the NIC is installed before the appliance is delivered to you. For information about how to add or replace a NIC, see Chapter 4, “Installing and Replacing Network Interface Cards and ADP...
Page 63: Ethernet Nic Connectors And Cables
Figure 12 Output Connector for the Ethernet Cable Assignment TX + TX - 00270 RX + RX - Figure 13 shows the pin assignments for the RJ-45 cross-over cable. Figure 13 Ethernet Crossover-Cable Pin Connections 00017.1 IP1280 Security Platform Installation Guide...
Page 64: Two-Port Fiber-Optic Gigabit Ethernet Nics
PMC expansion slot. The IP1280 can accommodate up to four Gigabit Ethernet NICs. When you purchase a Gigabit Ethernet NIC with your IP1280, the NIC is installed before the appliance is delivered to you. For information about how to add or replace a NIC, see Chapter 4, “Installing and Replacing Network Interface Cards and ADP Services Modules.”...
Page 65: Fiber-Optic Gigabit Ethernet Nic Connectors And Cables
Performance Considerations If you are using two two-port fiber-optic Gigabit Ethernet NICs in an IP1280, place one NIC in each of the two 6U PMC carrier units to get maximum system throughput. Each 6U PMC carrier unit has a separate PCI bus connection to the main system motherboard.
Page 66: Two-Port And Four-Port Copper Gigabit Ethernet Nic
Gigabit Ethernet NIC and it is replaceable). The IP1280 can accommodate up to six Gigabit Ethernet NICs. When you purchase a copper Gigabit Ethernet NIC with your IP1280, the NIC is installed before the appliance is delivered to you. For information about how to add or replace a NIC, see Chapter 4, “Installing and Replacing Network Interface Cards and ADP Services Modules.”...
Page 67: Performance Considerations
Performance Considerations If you are using two two-port or four-port copper Gigabit Ethernet NICs in an IP1280, place one NIC in each of the two 6U PMC carrier units to get maximum system throughput. Each 6U PMC carrier unit has a separate PCI bus connection to the main system motherboard.
Page 68: Figure 18 Ethernet Cable Connector Output Pin Assignments
As data is transmitted or received, the activity LEDs on the appliance illuminate. To connect the IP1280 to other network components, you can order appropriate adapter cables separately from a cable vendor of your choice.
Page 69: About Ip1280 Appliance Adp Services Modules
About IP1280 Appliance ADP Services Modules This chapter describes the Accelerated Data Path (ADP) services modules available for the Check Point IP1280 appliance and how to connect those modules to your network. It includes the following sections: Installing and Replacing ADP Modules...
Page 70: Installing And Replacing Adp Modules
Check Point supports only ADP modules and ADP transceivers sold by Check Point. For further information, contact your Check Point representative. Note For IP1280 appliances, you need to install Check Point IPSO 6.x or later to use ADP modules. Installing and Replacing ADP Modules...
Page 71 Installing and Replacing ADP Modules To install an ADP module in IP1280 appliances For information about how to install or replace Check Point ADP module in your appliance, see Chapter 4, “Installing and Replacing Network Interface Cards and ADP Services Modules.”...
Page 72 About IP1280 Appliance ADP Services Modules Note You might notice that the orange Activity LED, as shown in the following figure, might blink at longer intervals than typical for traffic when an ADP module port is connected to a switch.
Page 73: Figure 20 Adp Module Front Panel Details And Led Information
Orange (blinking) Link 1000 Mbps: Green (solid) Ejector and locking levers Three-port fiber10 Gigabit Ethernet ADP module Link 10 Gbps: Green (solid) Activity Orange (blinking) ADP 10G CARD HOT SWAP 00658 Ejector and locking levers IP1280 Security Platform Installation Guide...
Page 74: Using Adp Transceivers In Adp Modules
Release the transceiver by rotating the latch lever. Pull out the transceiver. Note that if you install any ADP transceivers that are not supported by Check Point, they are not recognized by Check Point IPSO; the system rejects the transceivers and includes them in a list...
Page 75: Identifying Adp Module And Transceiver Types With Latch Lever Color Codes
10 Gigabit Ethernet long range Blue Check Point ADP Module LED Reference Information All Check Point IP1280 ADP modules provide two LEDs for each port to indicate Link and Activity status. For information about the LEDs, see Figure 20 on page 73.
Page 76: Configuring Check Point Ipso For Ip1280 Adp Interfaces
About IP1280 Appliance ADP Services Modules Configuring Check Point IPSO for IP1280 ADP Interfaces This section includes information about configuring Check Point IPSO to use the interfaces on a Check Point ADP module. To help you understand the implications of installing an ADP module, it provides an example of the steps you might perform to install an ADP module in an IP1280 appliance running the Virtual Router Redundancy Protocol (VRRP).
Page 77: Configuring Network Topology With An Ip1280 Appliance
Configuring Network Topology with an IP1280 Appliance There are several constraints that are relevant to your network topology after you install an ADP module in an IP1280 appliance that are also relevant to the interaction of ADP interfaces and NIC interfaces.
Page 78 About IP1280 Appliance ADP Services Modules Interfaces are installed in slots 1, 2, and 3. For this example, legacy monitored-circuit VRRP is enabled and configured with these settings: Interface eth-s1/s1p1c0 is assigned the IP address 10.1.1.1 (not shown) and uses 10.1.1.99 as the VRRP backup address.
Page 79: Deleting Vrrp Configurations
Configuring Check Point IPSO for IP1280 ADP Interfaces The following figure shows the VRRP configuration: The rest of this section describes how to reconfigure the interfaces and VRRP to accommodate the ADP interfaces. Deleting VRRP Configurations After you physically remove PMC NIC card carriers that you are replacing with ADP modules, you need to delete the configuration information for those interfaces.
Page 80: Reconfiguring Interfaces
To reconfigure interfaces for ADP modules 1. Log into the appliance using Check Point Network Voyager. 2. Navigate to the Interface Configuration page. The removed interfaces are still listed on this page, and you see a blue indicator next to each of them in the Up column.
Page 81 Configuring Check Point IPSO for IP1280 ADP Interfaces IP1280 Security Platform Installation Guide...
Page 82 This is why you deleted the VRRP configuration before you installed the ADP module. 4. Click a physical interface name. Check Point Network Voyager displays the Physical Configuration page for that interface. 5. In the Physical Status area, click the Delete check box. 6. Click Apply.
Page 83: Reconfiguring Vrrp
Configuring Check Point IPSO for IP1280 ADP Interfaces The following figure shows the example system after the configuration information for all of the removed interfaces has been deleted: 9. If appropriate, configure the ADP interfaces to use the IP addresses previously assigned to the removed interfaces.
Page 84 About IP1280 Appliance ADP Services Modules eth-s2p1c0 and eth-s2p2c0. The following figure shows the example system after you recreate the VRRP configuration using the new interfaces: IP1280 Security Platform Installation Guide...
Page 85: Installing And Replacing Components Other Than Network Interface Cards (Nics) And Accelerated Data Path (Adp) Services Modules
Replacing Network Interface Cards and ADP Services Modules.” You should have a working knowledge of networking equipment before you attempt to service an IP1280. Limit service of the appliance to the procedures described in this chapter. Caution To protect the IP1280 and the memory modules from electrostatic discharge damage, make sure you are properly grounded before you touch these components.
Page 86: Replacing The Check Point Encryption Accelerator Card
Installing and Replacing Components Other than Network Interface Cards (NICs) and Accelerated Data Path Replacing the Check Point Encryption Accelerator Card The IP1280 comes with the Check Point encryption accelerator card preinstalled as part of its base bundle to further enhance VPN performance. The accelerator card provides high-speed cryptographic processing that enhances VPN performance.
Page 87 Replacing the Check Point Encryption Accelerator Card Note Make sure that you turn off both power supplies. 3. Loosen the four front panel retaining screws. IP1280 HDD A SLOT 1 HARD DRIVE SUB SLOT 1 SUB SLOT 2 FIO CARRIER...
Page 88: Configuring Software To Use Hardware Acceleration
Check Point encryption accelerator card. For the Check Point IP1280 appliances, SecureXL is on by default. After you install the Check Point encryption accelerator card and reboot the appliance, SecureXL automatically uses the Check Point encryption accelerator card for encryption acceleration.
Page 89: Hard-Disk Drive Hot Swap Feature
IP1280. For more information about RAID-1, including configuration details, see Implementing Disk Mirroring or RAID on a Network Security Appliance, which is available at the Check Point Support Center at http://support.checkpoint.com/.
Page 90: Before You Begin
Phillips-head screwdriver Removing and Replacing a Hard-Disk Drive If you have RAID-1 configured on your Check Point IP1280 appliance, you can remove a failed hard-disk drive without shutting down the appliance. You must replace the hard-disk drive with a drive that has a capacity equal to or larger than the drive you are replacing.
Page 91 3. Loosen the retaining screws on both sides of the hard-disk drive. Caution To avoid damage to the ejector and locking lever, loosen the retaining screw behind each ejector and locking lever before you remove the hard-disk drive. IP1280 Security Platform Installation Guide...
Page 92 SW AP RE AD AC T RE QU ES T PO WE FI O CA RR HO T IE R SW AP RE AD S L O RE QU ES T R E S 00627a.1 IP1280 Security Platform Installation Guide...
Page 93 9. Press the recessed hot swap button again to restore power to the hard-disk drive. The IP1280 recognizes the new hard-disk drive. 10. Use Check Point Network Voyager or the CLI to implement RAID-1. To remove a hard-disk drive without using the hot swap feature 1.
Page 94 LI NK RE AD AC T RE QU ES T PO WE FI O CA RR HO T IE R SW AP RE AD S L O RE QU ES T R E S 00627a.1 IP1280 Security Platform Installation Guide...
Page 95: Installing A Pc Card
After you install a single-slot PCMCIA carrier card, which you can purchase from Check Point, the IP1280 supports a PC card with 1-GB flash memory that Check Point offers with or without system software included. You can use the carrier card in slot 3, which is located on the front...
Page 96: Figure 22 Slot 3 Pc Card Location
1. Use Check Point Network Voyager or the CLI to perform an orderly shutdown of the IP1280. For information about how to access Check Point Network Voyager and the related reference materials, see “Using Check Point Network Voyager”...
Page 97 Tray release lever RE AD RE QU SL OT ES T RE SE 00637a Slot 3 4. Remove the six screw that secure the metal shield above the two PMC carriers and remove the shield. IP1280 Security Platform Installation Guide...
Page 98 I P 1 2 8 0 S L O S L O R E S Remove PMC carriers 00654a.1 6. Remove the two front bezel screws and remove the slot 3 filler panel or installed NIC. IP1280 Security Platform Installation Guide...
Page 99 H D D C O N S O L A U X A U X S L O S L O I P 1 2 8 0 S L O S L O R E S 00657a.2 IP1280 Security Platform Installation Guide...
Page 100 1. Insert the PC card into the PC card slot until it snaps in place. 2. Press gently on the card until it is firmly seated in the slot. The eject button to the left of the slot should be flush with the card. IP1280 Security Platform Installation Guide...
Page 101: Storing System Logs On The Flash-Memory Pc Card
If you configure the flash-memory PC card as an optional disk, you must disable the card before you remove it. You can disable the card by using Check Point Network Voyager or the CLI. To use Check Point Network Voyager to disable a flash-memory PC card 1.
Page 102: Transferring Files With The Flash-Memory Pc Card
/dev/wd1 /cdrom The /cdrom directory is a default directory in Check Point IPSO for mounting media. 4. Use the cp command to transfer Check Point IPSO images or configuration files to and from the flash-memory PC card. For example, to copy the current Check Point IPSO image from the compact flash to the flash-memory PC card, use the following command: cp /image/current/ipso.tgz /cdrom/...
Page 103: Replacing The Compact Flash Memory Card
To replace the compact flash memory card 1. Use Check Point Network Voyager or the CLI halt command to perform an orderly shutdown of the IP1280 appliance. For information about how to access Check Point Network Voyager and the related reference materials, see “Using Check Point Network Voyager”...
Page 104 SUB SLOT 2 FIO CARRIER STATUS POWER POWER HOT SWAP LINK LINK HOT SWAP ACTIVITY HOT SWAP READY REQUEST HDD B SLOT 2 SLOT 3 SLOT 4 PC CARD RESET CONSOLE AUX2 00616a.1 Chassis tray assembly screws IP1280 Security Platform Installation Guide...
Page 105 RE AD SL OT AC T RE QU ES T PO WE FI O CA RR HO T IE R SW AP RE AD Tray release lever SL OT RE QU ES T RE SE 00637a IP1280 Security Platform Installation Guide...
Page 106 7. Locate the compact flash memory card socket, and remove the stopper screw and spacer located between the module and the edge of the motherboard as shown in the following figure. Stopper screw Spacer 00653 IP1280 Security Platform Installation Guide...
Page 107: Replacing Or Upgrading Memory
Make sure that you turn on both power supplies. Replacing or Upgrading Memory The Check Point IP1280 appliance has eight dual inline memory-module (DIMM) sockets. This section describes how to upgrade or replace the memory by using a Check Point-approved memory upgrade kit.
Page 108: Before You Begin
Check Point products only support memory kits purchased from Check Point or Check Point- approved resellers. For more information, see the Check Point Web site at www.checkpoint.com. The DIMM sockets are located on the left rear of the IP1280 mother board, as you look at the appliance from the front.
Page 109 SUB SLOT 2 FIO CARRIER STATUS POWER LINK LINK POWER HOT SWAP ACTIVITY HOT SWAP HOT SWAP READY REQUEST HDD B SLOT 2 SLOT 3 SLOT 4 PC CARD RESET CONSOLE AUX2 00616a.1 Chassis tray assembly screws IP1280 Security Platform Installation Guide...
Page 110 RE AD SL OT AC T RE QU ES T PO WE FI O CA RR HO T IE R SW AP RE AD Tray release lever SL OT RE QU ES T RE SE 00637a IP1280 Security Platform Installation Guide...
Page 111 R E S 00636a.1 IP1280 appliances ship with four DIMMs installed in slots J7, J10, J46, and J48, and these slots should be used for any DIMM replacements with all four slots occupied. For memory upgrades, install additional DIMMS in slots J8, J9, J45, and J47.
Page 112 DIMM upward. 0634 You might need to pull opposite ends of the DIMM alternately to gradually free it from the contact pins. 6. Press the new DIMM into the socket until it clicks into place. IP1280 Security Platform Installation Guide...
Page 113: Installing Or Replacing A Fan Unit
Check Point Network Voyager or the CLI. Installing or Replacing a Fan Unit The fan unit is hot swappable. You can remove and install the fan unit on the back of the IP1280 without shutting the appliance down.
Page 114 To replace a fan unit 1. Locate the fan unit on the back of the IP1280 appliance and the four retaining screws that secure it. FAULT...
Page 115: Installing Or Replacing A Power Supply
T E M P W R 00631 4. If the IP1280 appliance is running, immediately install a replacement fan unit by sliding it into the back of the appliance. 5. Tighten the four retaining screws on the new fan unit.
Page 116: Before You Begin
Replacement power supply and appropriate documentation. To replace a power supply 1. Locate the power supply and the two screws that secure it on the back of the IP1280 appliance. 2. Turn off the power to the power supply to be removed.
Page 117: Monitoring The Power Supply
9. Turn on power to the power supply. Monitoring the Power Supply You can monitor the status of the Check Point IP1280 appliance power supply with Check Point Network Voyager. Similarly, you can also use the command-line interface (CLI). For information about the CLI, see the CLI Reference Guide.
Page 118: Replacing The Motherboard Battery
Installing and Replacing Components Other than Network Interface Cards (NICs) and Accelerated Data Path Replacing the Motherboard Battery This section describes how to change the CMOS battery on the motherboard of the Check Point IP1280 appliance. Warning Risk of explosion if battery is replaced by an incorrect type. Replace the battery only with the same or equivalent type that the manufacturer recommends.
Page 119 Tray release lever RE AD RE QU SL OT ES T RE SE 00637a Slot 3 5. Remove the six screw that secure the metal shield above the two PMC carriers and remove the shield. IP1280 Security Platform Installation Guide...
Page 120 H D D C O N S O L A U X A U X S L O I P 1 2 8 0 S L O S L O R E S Remove PMC carriers 00654a.1 IP1280 Security Platform Installation Guide...
Page 121 Step 1 through Step 6. If the appliance does not start up normally after that, contact your Check Point service provider. 12. Reset the appliance date and time information using Check Point Network Voyager or the command-line interface. You need to do this because the battery is required to maintain the date and time whenever you shut down the appliance.
Page 122 Installing and Replacing Components Other than Network Interface Cards (NICs) and Accelerated Data Path IP1280 Security Platform Installation Guide...
Page 123: Troubleshooting
For information about how to reinstall the Check Point IPSO operating system onto your appliance, see the Boot Manager Reference Guide. General Troubleshooting Information The information in this section relates to problems you might encounter during the IP1280 installation. Problems Interfacing to 1483 Devices (Classical IP) Problem Remote and local devices are not configured for the same VC and VP value.
Page 124 Two laptop computers (using terminal emulation programs) or terminals should be able to communicate back to back in the same way that the terminal communicates with the IP1280. If this is not possible by using your laptop computer or terminal, the problem is with the terminal or cable and not with the appliance.
Page 125 Continue to boot to multiuser mode. 5. Reconfigure the password as you normally would. Note Blank passwords are not accepted in Check Point Network Voyager. In such cases, enter the following command to reset the password from the command line using a blank password: dbpasswd admin newpassword ""...
Page 126 Use the full installation procedure to install a new system. The new system completely replaces the contents of the drive and might be needed to restore or reload an IP1280. This procedure erases any configuration database on the appliance. For information about how to complete the full installation procedure, see the current release notes.
Page 127 Problem Wrong link speed. Solution Verify that the port on the host and the port on the IP1280 are set for the same speed (10 Mbps or 100 Mbps). An unblinking data and activity LED on a port is a good indication of a speed mismatch.
Page 128 Solution Repeat memory installation procedures. Make sure DIMMs are fully seated in sockets. Be sure DIMMs click into place. Make sure DIMMs are installed as described in “Replacing or Upgrading Memory” on page 107. Check Point IP1280 Security Platform Installation Guide...
Page 129: A Technical Specifications
Each IP1280 requires the following space in a rack: 3.5 inches (8.89 centimeters) of vertical space 18 inches (46 centimeters) behind the front-panel of the rack 6 inches (15 centimeters) behind the IP1280 to allow the back exit fan to move air through the appliances Caution Do not block the ventilation holes on the IP1280.
Page 130 Technical Specifications Check Point IP1280 Security Platform Installation Guide...
Page 131: B Compliance Information
Pursuant to ISO/IEC 17050 this product complies with the requirements of the Low Voltage Directive 73/23/EEC and the EMC Directive 2004/108/EC. Christopher Saleem Compliance & Reliability Engineering Manager Security & Mobile Connectivity, Enterprise Solutions Mountain View, California January 2008 Check Point IP1280 Security Platform Installation Guide...
Page 132: Compliance Statements
Operation of this equipment in a residential area is likely to cause harmful Check Point IP1280 Security Platform Installation Guide...
Page 133 Caution Any changes or modifications not expressly approved by the grantee of this device could void the user’s authority to operate the equipment. 060425 Check Point IP1280 Security Platform Installation Guide...
Page 134 Compliance Information Check Point IP1280 Security Platform Installation Guide...
Page 135: Index
Ethernet devices, connecting 42 caution notices 12 Ethernet network interface cards Check Point Horizon Manager 16 cable pin assignments 63 Check Point IPSO command-line interface 16 connecting to 63, 67 Check Point IPSO requirements 27 connectors 63 Check Point Network Voyager 16...
Page 136 47 IP-routing 16 rack space 15 rack-mounting the appliance 32 RAID LC connector 42, 65 Check Point IPSO boot manager, configuring with 21 LEDs, system status 19 Using 21 red LED 20 replacing fan unit 113...
Page 137 129 text conventions 12 troubleshooting 123 two-port Ethernet network interface card 64, 65 upgrading memory 107 UTP5 dual-mode Ethernet 62 VPN performance 86 VT100-compatible terminal 38 warning notices 12 yellow LED 20 IP1280 Security Platform Installation Guide Index - 137...
Page 138 Index - 138 IP1280 Security Platform Installation Guide...

Check Point IP1280 Installation Manual

About this Guide

1 Overview

2 Installing the Check Point IP1280 Appliance

3 Performing the Initial Configuration

4 Installing and Replacing Network Interface Cards and ADP Services Modules

5 About IP1280 Appliance Network Interface Cards

6 About IP1280 Appliance ADP Services Modules

Installing and Replacing Components Other than Network Interface Cards (Nics) and Accelerated Data Path (ADP) Services Modules

8 Troubleshooting

A Technical Specifications

B Compliance Information

Index

Quick Links

Installation Guide

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Check Point IP1280

Summary of Contents for Check Point IP1280

Table of Contents