Installation Guide
Page 4
...Connecting Power and Turning the Power On 34 Performing the Initial Configuration 36 Connecting Network Interfaces 37 Using Check Point Network Voyager 38 Viewing Check Point IPSO Documentation by Using Check Point Network Voyager 38 Using the Command-Line Interface 39 Using Check Point Horizon Manager 40 4 Installing and Replacing Network Interface Cards 41 Deactivating Configured Interfaces 41 Installing NICs 42 Before You Begin 42 Configuring and Activating Interfaces 46 Monitoring Network Interface Cards 46 5 Connecting PMC Network Interface Cards 47 Four-Port 10/100 Ethernet...
...Connecting Power and Turning the Power On 34 Performing the Initial Configuration 36 Connecting Network Interfaces 37 Using Check Point Network Voyager 38 Viewing Check Point IPSO Documentation by Using Check Point Network Voyager 38 Using the Command-Line Interface 39 Using Check Point Horizon Manager 40 4 Installing and Replacing Network Interface Cards 41 Deactivating Configured Interfaces 41 Installing NICs 42 Before You Begin 42 Configuring and Activating Interfaces 46 Monitoring Network Interface Cards 46 5 Connecting PMC Network Interface Cards 47 Four-Port 10/100 Ethernet...
Installation Guide
Page 16
...contact the Check Point Support Center at http://support.checkpoint.com/. 16 Check Point IP690 Security Platform Installation Guide The integrated router functionality eliminates the need for logging. With Horizon Manager, you can manage, monitor, and configure the IP690 security platform from the command line. With Network Voyager, you can securely install and upgrade the proprietary Check Point IPSO operating system, plus hardware and applications. For information about how to access Network Voyager and the related reference materials, see the CLI Reference Guide for the...
...contact the Check Point Support Center at http://support.checkpoint.com/. 16 Check Point IP690 Security Platform Installation Guide The integrated router functionality eliminates the need for logging. With Horizon Manager, you can manage, monitor, and configure the IP690 security platform from the command line. With Network Voyager, you can securely install and upgrade the proprietary Check Point IPSO operating system, plus hardware and applications. For information about how to access Network Voyager and the related reference materials, see the CLI Reference Guide for the...
Installation Guide
Page 18
... from Check Point or Check Point-approved resellers. Table 3 provides pin assignment information for network interface card (NIC) and Accelerated Data Path (ADP) services modules options. Console Port The default configuration of two parts: A 6' rollover cable with RJ-45 terminations 18 Check Point IP690 Security Platform Installation Guide The Check Point support services group can only provide support for Console Connector and Console Cable Console Port (DTE) RJ-45 to RJ-45 Rollover Cable RJ-45 to access the device locally, you must use Check Point-approved...
... from Check Point or Check Point-approved resellers. Table 3 provides pin assignment information for network interface card (NIC) and Accelerated Data Path (ADP) services modules options. Console Port The default configuration of two parts: A 6' rollover cable with RJ-45 terminations 18 Check Point IP690 Security Platform Installation Guide The Check Point support services group can only provide support for Console Connector and Console Cable Console Port (DTE) RJ-45 to RJ-45 Rollover Cable RJ-45 to access the device locally, you must use Check Point-approved...
Installation Guide
Page 22
... OVER TEMP OVER PWER OK 00580 Power supply switches For information about how to install or remove and replace a failed power supply, see the Check Point Support Center at the rear of the power supply as shown in Table 5. 22 Check Point IP690 Security Platform Installation Guide Power Supplies and Fan Unit The redundant power supplies and fan unit are located at http://support.checkpoint.com/." Note The slot that the PCMCIA card carrier uses also supports other PMC cards approved by Check Point.
... OVER TEMP OVER PWER OK 00580 Power supply switches For information about how to install or remove and replace a failed power supply, see the Check Point Support Center at the rear of the power supply as shown in Table 5. 22 Check Point IP690 Security Platform Installation Guide Power Supplies and Fan Unit The redundant power supplies and fan unit are located at http://support.checkpoint.com/." Note The slot that the PCMCIA card carrier uses also supports other PMC cards approved by Check Point.
Installation Guide
Page 33
... configuration in two ways: Configure a DHCP server to the admin account. It includes the following sections: Using a Console Connection Connecting Power and Turning the Power On Performing the Initial Configuration Connecting Network Interfaces Using Check Point Network Voyager Using the Command-Line Interface Using Check Point Horizon Manager For information about how to Configure Your Appliance. Check Point IP690 Security Platform Installation Guide 33 Note Check Point recommends that you physically install all NICs, ADP modules...
... configuration in two ways: Configure a DHCP server to the admin account. It includes the following sections: Using a Console Connection Connecting Power and Turning the Power On Performing the Initial Configuration Connecting Network Interfaces Using Check Point Network Voyager Using the Command-Line Interface Using Check Point Horizon Manager For information about how to Configure Your Appliance. Check Point IP690 Security Platform Installation Guide 33 Note Check Point recommends that you physically install all NICs, ADP modules...
Installation Guide
Page 37
... network ports. b. c. Connecting Network Interfaces Connect at this point, although you are using the user name admin and the password password. For details, see "Ethernet NIC Connectors and Cables" on page 49. To connect Gigabit Fiber Ethernet devices, use as the Check Point Network Voyager system-management interface. Check Point IP690 Security Platform Installation Guide 37 Enter the following: rm /config/active or mv /config/active /config/active.old d. Respond to use a fiber-optic cable with an incorrect host name and IP address (this could happen if a DHCP...
... network ports. b. c. Connecting Network Interfaces Connect at this point, although you are using the user name admin and the password password. For details, see "Ethernet NIC Connectors and Cables" on page 49. To connect Gigabit Fiber Ethernet devices, use as the Check Point Network Voyager system-management interface. Check Point IP690 Security Platform Installation Guide 37 Enter the following: rm /config/active or mv /config/active /config/active.old d. Respond to use a fiber-optic cable with an incorrect host name and IP address (this could happen if a DHCP...
Installation Guide
Page 38
... to use Check Point Network Voyager. Note If the username login screen does not open Check Point Network Voyager 1. To access online help when you configured for Check Point Network Voyager. Confirm the information you are firmly connected. To access this guide and other Check Point IPSO documentation at the Check Point Support Center at http:// support.checkpoint.com/. Network Voyager online help-You can access online help for the window you entered during the initial configuration and check that all cables are...
... to use Check Point Network Voyager. Note If the username login screen does not open Check Point Network Voyager 1. To access online help when you configured for Check Point Network Voyager. Confirm the information you are firmly connected. To access this guide and other Check Point IPSO documentation at the Check Point Support Center at http:// support.checkpoint.com/. Network Voyager online help-You can access online help for the window you entered during the initial configuration and check that all cables are...
Installation Guide
Page 40
... regular file. Check Point Enter IPSO command clish -c line "cli-command" Execute a single CLI command. The argument must place double-quotation marks around the CLI command. While Check Point Network Voyager provides the device administrator access to learn more information about the Check Point Horizon Manager, see the CLI Reference Guide for the version of Check Point IP security platforms. Using Check Point Horizon Manager, an administrator can manage multiple devices simultaneously, perform parallel software upgrades, device verifications, device configuration, file backups...
... regular file. Check Point Enter IPSO command clish -c line "cli-command" Execute a single CLI command. The argument must place double-quotation marks around the CLI command. While Check Point Network Voyager provides the device administrator access to learn more information about the Check Point Horizon Manager, see the CLI Reference Guide for the version of Check Point IP security platforms. Using Check Point Horizon Manager, an administrator can manage multiple devices simultaneously, perform parallel software upgrades, device verifications, device configuration, file backups...
Installation Guide
Page 53
..., the activity LEDs on the remote equipment illuminate to four Gigabit Ethernet NICs. Fiber-Optic Gigabit Ethernet NIC Features The short-range and long-range fiber-optic Gigabit Ethernet NICs support: High bandwidth Full-duplex mode operation up to other network components, you . Check Point IP690 Security Platform Installation Guide 53 Figure 17 Gigabit Ethernet Crossover Cable Pin Connections Note After you set the port speed and full-duplex mode with Network Voyager. For information about how to a host, use an...
..., the activity LEDs on the remote equipment illuminate to four Gigabit Ethernet NICs. Fiber-Optic Gigabit Ethernet NIC Features The short-range and long-range fiber-optic Gigabit Ethernet NICs support: High bandwidth Full-duplex mode operation up to other network components, you . Check Point IP690 Security Platform Installation Guide 53 Figure 17 Gigabit Ethernet Crossover Cable Pin Connections Note After you set the port speed and full-duplex mode with Network Voyager. For information about how to a host, use an...
Installation Guide
Page 54
...-Port Long-Range Gigabit Ethernet NIC Link LEDs (solid green) Activity LEDs (blinking amber) 1000B-LX LINK ACT 00555 Ports After the power is transmitted, the activity LEDs on the remote equipment illuminate to other network components, use in IP690 appliance. You can use a half-duplex LC-to-LC 54 Check Point IP690 Security Platform Installation Guide You can use a single-mode, fiber-optic cable with an LC connector for each NIC interface. As data is turned on and the cables are connected, the Ethernet link LEDs...
...-Port Long-Range Gigabit Ethernet NIC Link LEDs (solid green) Activity LEDs (blinking amber) 1000B-LX LINK ACT 00555 Ports After the power is transmitted, the activity LEDs on the remote equipment illuminate to other network components, use in IP690 appliance. You can use a half-duplex LC-to-LC 54 Check Point IP690 Security Platform Installation Guide You can use a single-mode, fiber-optic cable with an LC connector for each NIC interface. As data is turned on and the cables are connected, the Ethernet link LEDs...
Installation Guide
Page 57
..., network interface cards (NICs) refer to provide Gigabit Ethernet copper, Gigabit Ethernet short-range fiber, and Gigabit Ethernet long-range fiber interface options. It includes the following sections: Installing and Replacing ADP Modules Check Point ADP Module LED Reference Information Configuring Check Point IPSO with IP690 ADP Interfaces Effect on Interfaces Check Point ADP Module Interface Names for the IP690 running IPSO 6.0 or later. Check Point IP690 Security Platform Installation Guide 57 ADP is supported only for IP690 Appliances...
..., network interface cards (NICs) refer to provide Gigabit Ethernet copper, Gigabit Ethernet short-range fiber, and Gigabit Ethernet long-range fiber interface options. It includes the following sections: Installing and Replacing ADP Modules Check Point ADP Module LED Reference Information Configuring Check Point IPSO with IP690 ADP Interfaces Effect on Interfaces Check Point ADP Module Interface Names for the IP690 running IPSO 6.0 or later. Check Point IP690 Security Platform Installation Guide 57 ADP is supported only for IP690 Appliances...
Installation Guide
Page 58
... complete the installation and configuration process. You cannot preserve the configuration for the version of IPSO you are using Check Point Network Voyager or the CLI A suitable, grounded work surface The ADP module kit Note You do not need the following: A Phillips-head screwdriver Physical access to the appliance Access to the appliance by Check Point. Use these documents as needed as you replace your...
... complete the installation and configuration process. You cannot preserve the configuration for the version of IPSO you are using Check Point Network Voyager or the CLI A suitable, grounded work surface The ADP module kit Note You do not need the following: A Phillips-head screwdriver Physical access to the appliance Access to the appliance by Check Point. Use these documents as needed as you replace your...
Installation Guide
Page 68
... NIC interfaces. 6 Installing, Using, and Replacing ADP Services Modules Check Point ADP Module Interface Names for IP690 Appliances ADP module interface naming conventions differ from those for VPN packets that are sent through a NIC interface, throughput is negatively affected because the packets must transit the IP690 appliance backplane to the host as other PMC NIC interface names, you configure your network so that your appliance does not forward traffic between ADP interfaces and PMC NIC interfaces even...
... NIC interfaces. 6 Installing, Using, and Replacing ADP Services Modules Check Point ADP Module Interface Names for IP690 Appliances ADP module interface naming conventions differ from those for VPN packets that are sent through a NIC interface, throughput is negatively affected because the packets must transit the IP690 appliance backplane to the host as other PMC NIC interface names, you configure your network so that your appliance does not forward traffic between ADP interfaces and PMC NIC interfaces even...
Installation Guide
Page 82
... card used for logging in a flash-based IP690 for storing log files. Installing a Hard-Disk Drive The IP690 is an option only for a disk-based IP690. A single optional hard-disk drive can order one or two optional hard-disk drives that also supports one or two hard-disk drive(s) for factory installation or order them later and install them with care. 82 Check Point IP690 Security Platform Installation Guide Press the eject button to install a hard-disk drive. Each hard-disk drive contains 40 GB of the following: In Network Voyager, access Optional Disks...
... card used for logging in a flash-based IP690 for storing log files. Installing a Hard-Disk Drive The IP690 is an option only for a disk-based IP690. A single optional hard-disk drive can order one or two optional hard-disk drives that also supports one or two hard-disk drive(s) for factory installation or order them later and install them with care. 82 Check Point IP690 Security Platform Installation Guide Press the eject button to install a hard-disk drive. Each hard-disk drive contains 40 GB of the following: In Network Voyager, access Optional Disks...
Installation Guide
Page 100
... for admin. Login Prompt Appears, But Password Not Accepted Problem Entered wrong password. With a keyboard and monitor directly connected to perform this . 2. Boot up the new system-startup procedure. Solution Return to default settings according to no password for sh: Press Enter. 3. Solution Obtain a valid password or set the password to multiuser mode. 5. The admin password defaults to the instructions included in Chapter 3, "Performing the Initial Configuration". 100 Check Point IP690 Security Platform Installation Guide
... for admin. Login Prompt Appears, But Password Not Accepted Problem Entered wrong password. With a keyboard and monitor directly connected to perform this . 2. Boot up the new system-startup procedure. Solution Return to default settings according to no password for sh: Press Enter. 3. Solution Obtain a valid password or set the password to multiuser mode. 5. The admin password defaults to the instructions included in Chapter 3, "Performing the Initial Configuration". 100 Check Point IP690 Security Platform Installation Guide
Installation Guide
Page 101
... the console connection to Network Voyager Using the Ethernet Port, But Console Access Works Problem Using the wrong Ethernet cable. This procedure erases any configuration database on page 38. 2. Use a straight-through cable if you are connecting to verify the interface configuration and fix it if necessary. Create the new default configuration. Check Point IP690 Security Platform Installation Guide 101 Under Configuration Database Management (Config > System Configuration > Manage Configuration Sets), choose the option to the IP690 as active. Do Not Get a Login Prompt-Error...
... the console connection to Network Voyager Using the Ethernet Port, But Console Access Works Problem Using the wrong Ethernet cable. This procedure erases any configuration database on page 38. 2. Use a straight-through cable if you are connecting to verify the interface configuration and fix it if necessary. Create the new default configuration. Check Point IP690 Security Platform Installation Guide 101 Under Configuration Database Management (Config > System Configuration > Manage Configuration Sets), choose the option to the IP690 as active. Do Not Get a Login Prompt-Error...
Installation Guide
Page 105
... bootwait:3 boot-file:/image/current/kernel boot-flags: boot-device:wd0 vendor:Nokia model:IP bmslice:1 BOOTMGR[12]> Check Point IP690 Security Platform Installation Guide 105 No error messages appear, but the appliance stops responding to defaults, issue the set-defaults command at the boot manager prompt, as shown in this example: BOOTMGR> set , and it responds by issuing a printenv command at the boot manager prompt as shown in this example: Loading boot manager .. Solution You can verify what the current boot manager settings are...
... bootwait:3 boot-file:/image/current/kernel boot-flags: boot-device:wd0 vendor:Nokia model:IP bmslice:1 BOOTMGR[12]> Check Point IP690 Security Platform Installation Guide 105 No error messages appear, but the appliance stops responding to defaults, issue the set-defaults command at the boot manager prompt, as shown in this example: BOOTMGR> set , and it responds by issuing a printenv command at the boot manager prompt as shown in this example: Loading boot manager .. Solution You can verify what the current boot manager settings are...
Installation Guide
Page 106
... (IPSRD command-line interface daemon) command. Common Problems with OSPF Use tcpdump to access Network Voyager and the related reference materials, see the Voyager Reference Guide. hostname[admin]# iclid hostname | IP address> hostname | IP address> ? RIP, B - Aggregate, K - IGRP, R - Typing a question mark (?) at a prompt provides a list of the ICLID command is enabled the output appears in Network Voyager. static, I - When a trace is shown below. For information about the ICLID command, see "Using Check Point Network Voyager...
... (IPSRD command-line interface daemon) command. Common Problems with OSPF Use tcpdump to access Network Voyager and the related reference materials, see the Voyager Reference Guide. hostname[admin]# iclid hostname | IP address> hostname | IP address> ? RIP, B - Aggregate, K - IGRP, R - Typing a question mark (?) at a prompt provides a list of the ICLID command is enabled the output appears in Network Voyager. static, I - When a trace is shown below. For information about the ICLID command, see "Using Check Point Network Voyager...
Installation Guide
Page 115
... Manager 16 Check Point Network Voyager about 16 opening 38 Check Point VPN-1 24 CLI see command-line interface command-line interface (CLI) about 16 commands ICLID 106 compact flash memory card 15 replacing 78 compliance statements 113 component locations 17 configuring interfaces 46 connecting network interfaces 37 connections copper Gigabit Ethernet NIC 51 Ethernet NIC 49 fiber-optic Gigabit Ethernet NIC 54 modem 19 power 34 console cable 34 pin assignments 18 console port 15 cooling 16 copper Gigabit Ethernet NIC 50, 51 cryptographic processing 86 D data communications equipment device...
... Manager 16 Check Point Network Voyager about 16 opening 38 Check Point VPN-1 24 CLI see command-line interface command-line interface (CLI) about 16 commands ICLID 106 compact flash memory card 15 replacing 78 compliance statements 113 component locations 17 configuring interfaces 46 connecting network interfaces 37 connections copper Gigabit Ethernet NIC 51 Ethernet NIC 49 fiber-optic Gigabit Ethernet NIC 54 modem 19 power 34 console cable 34 pin assignments 18 console port 15 cooling 16 copper Gigabit Ethernet NIC 50, 51 cryptographic processing 86 D data communications equipment device...
Installation Guide
Page 116
..., 54 LEDs power supply 22 system status 19 log files, storing 82 logging 16 hard-disk drives 21 PC card 21 M managing the appliance 16 memory flash 21 modem support 19 monitoring 19 power supplies 94 mounting brackets 31 Index - 116 multi-mode, fiber-optic cable 54 N network interface cards copper Gigabit Ethernet 50 deactivating 41 Ethernet 48 fiber-optic Gigabit Ethernet 53 installing 41 list of available 47 network interfaces, connecting 37 null-modem cable 34 O operating system requirements 24 P PC card 16 flash memory 21 installing and using 81 removing 82...
..., 54 LEDs power supply 22 system status 19 log files, storing 82 logging 16 hard-disk drives 21 PC card 21 M managing the appliance 16 memory flash 21 modem support 19 monitoring 19 power supplies 94 mounting brackets 31 Index - 116 multi-mode, fiber-optic cable 54 N network interface cards copper Gigabit Ethernet 50 deactivating 41 Ethernet 48 fiber-optic Gigabit Ethernet 53 installing 41 list of available 47 network interfaces, connecting 37 null-modem cable 34 O operating system requirements 24 P PC card 16 flash memory 21 installing and using 81 removing 82...