WikiOld

User Tools

Site Tools

Trace:
eduardo:checkpoint:installation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
eduardo:checkpoint:installation [2012/03/21 05:27] eduardoeduardo:checkpoint:installation [2024/02/23 08:20] (current) – external edit 127.0.0.1
Line 1: Line 1:
 +====== Checkpoint Installation ======
 +  * Download the Secure Gateway NGX RXX Suite for SecurePlatform and Linux 3.0 
  
 +===== Based OS Installation =====
 +  * Boot from the media to install the based OS.
 +  * Install Secure Platform Pro
 +  * The initial default login are
 +    * username: admin
 +    * password: admin
 +  * Login to the OS using default login information
 +  * Run sysconfig to configure as a minimum 
 +    * 1) Host Name
 +    * 5) Network Connections e.g. IP
 +    * 6) Routing
 +<code>
 +[SecureGateway]# sysconfig
 +
 +Choose a configuration item ('e' to exit):
 +------------------------------------------------------------------
 +1) Host name                    7) DHCP Server Configuration
 +2) Domain name                  8) DHCP Relay Configuration
 +3) Domain name servers          9) Export Setup
 +4) Time and Date               10) Products Installation
 +5) Network Connections         11) Products Configuration
 +6) Routing
 +------------------------------------------------------------------
 +(Note: configuration changes are automatically saved)
 +Your choice: 
 +</code>
 +
 +  * Login to the Web GUI https://server-ip to configure the system to use NTP
 +{{checkpoint-install1.png|}}
 +
 +===== SmartCenter Installation =====
 +  * SmartCenter provide a Smart Dashboard used to manage multiple VPN/Firewall with the same policy
 +  * After Based OS Installation
 +  * Run sysconfig and choose 10) Product Installation
 +<code>
 +[SecureGateway]# sysconfig
 +
 +Choose a configuration item ('e' to exit):
 +------------------------------------------------------------------
 +1) Host name                    7) DHCP Server Configuration
 +2) Domain name                  8) DHCP Relay Configuration
 +3) Domain name servers          9) Export Setup
 +4) Time and Date               10) Products Installation
 +5) Network Connections         11) Products Configuration
 +6) Routing
 +------------------------------------------------------------------
 +(Note: configuration changes are automatically saved)
 +Your choice: 
 +</code>
 +
 +  * Install Smart Dashboard by choosing to install **SmartCenter**
 +<code>
 +1 [ ] VPN-1 Power
 +2 [ ] UserAuthority
 +3 [x] SmartCenter
 +4 [ ] Eventia Suite
 +5 [ ] Endpoint security
 +6 [ ] Performance Pack
 +7 [ ] SmartPortal
 +</code>
 +
 +===== VPN-1 Installation =====
 +  * VPN-1 is the bastion host that receive the policy from Smart Center Server and act as a Firewall/VPN
 +  * After Based OS Installation
 +  * Run sysconfig and choose 10) Products Installation
 +<code>
 +[SecureGateway]# sysconfig
 +
 +Choose a configuration item ('e' to exit):
 +------------------------------------------------------------------
 +1) Host name                    7) DHCP Server Configuration
 +2) Domain name                  8) DHCP Relay Configuration
 +3) Domain name servers          9) Export Setup
 +4) Time and Date               10) Products Installation
 +5) Network Connections         11) Products Configuration
 +6) Routing
 +------------------------------------------------------------------
 +(Note: configuration changes are automatically saved)
 +Your choice: 
 +</code>
 +
 +  * Install Smart Dashboard by choosing to install **SmartCenter**
 +  * After installation, reboot
 +<code>
 +1 [x] VPN-1 Power
 +2 [ ] UserAuthority
 +3 [ ] SmartCenter
 +4 [ ] Eventia Suite
 +5 [ ] Endpoint security
 +6 [ ] Performance Pack
 +7 [ ] SmartPortal
 +</code>
 +
 +  * Run sysconfig and choose 11) Products Configuration
 +<code>
 +[SecureGateway]# sysconfig
 +
 +Choose a configuration item ('e' to exit):
 +------------------------------------------------------------------
 +1) Host name                    7) DHCP Server Configuration
 +2) Domain name                  8) DHCP Relay Configuration
 +3) Domain name servers          9) Export Setup
 +4) Time and Date               10) Products Installation
 +5) Network Connections         11) Products Configuration
 +6) Routing
 +------------------------------------------------------------------
 +(Note: configuration changes are automatically saved)
 +Your choice: 
 +</code>
 +
 +  * Configure (5) Secure Internal Communication (SIC)
 +  * Configure an Activation Key for SIC with the Smart Center Server
 +<code>
 +This program will let you re-configure
 +your Check Point products configuration.
 +
 +
 +Configuration Options:
 +----------------------
 +(1)  Licenses
 +(2)  SNMP Extension
 +(3)  PKCS#11 Token
 +(4)  Random Pool
 +(5)  Secure Internal Communication
 +(6)  Disable cluster membership for this gateway
 +(7)  Automatic start of Check Point Products
 +
 +(8) Exit
 +
 +Enter your choice (1-8) :
 +</code>
 +
 +===== Configure Cluster and add firewall =====
 +  * Start Smart Dashboard and connect to the Smart Center Server
 +  * Create **New Checkpoint > VPN1-Power/UTM Cluster**
 +  * Configure cluster Names and IP
 +{{checkpoint-install2.png|}}
 +
 +  * Add New Cluster Member
 +  * Configure Name/IP
 +  * Configure Activation Key which must matched what was configured on the Bastion host
 +  * Clicks Initialize
 +{{checkpoint-install3.png|}}
 +
 +  * Edit cluster
 +  * Edit Topology
 +{{checkpoint-install4.png|}}
 +
 +  * Add interfaces and VRRP address
 +  * One interfaces must be designated as Sync
 +{{checkpoint-install5.png|}}
 +
 +  * May need to remove Anti Spoofing Rule on Internal Interface
 +{{checkpoint-install6.png|}}