Configuring the Appliances

Initial Configuration

These are the initial configuration methods you can use:

  • Interactive (this is the recommended method) - Select one of these:

    • Scan the QR code located on the Service tag and follow the instructions.
      Alternatively, browse to https://welcome.checkpoint.com if there is no QR code on the Service tag and follow the instructions.

    • If your appliance came with the Welcome to Check Point QR Page, scan the QR code and follow the instructions that appear.

  • Legacy - Connect the appliance according to the instructions in the 6000/7000 Appliances Quick Start Guide. In the section Set Up Your Appliance, follow Option #2. Then, configure the appliance with the First Time Configuration Wizard.

    • See the Gaia Administration Guide for your version.

    • In the section Installing a Security Gateway > Configuring Gaia for the First Time, follow the instructions for the First Time Configuration Wizard.

Starting the Appliance

Connect the appliance to a power source and turn on the appliance. When the appliance is ready, you can do the First Time Configuration Wizard to configure it.

To start the appliance:

Connect the power cable(s) to the power supply unit(s) in the rear panel.

The appliance turns on.

In appliances with two power supply units installed:

Note - When a power supply unit is not connected to the outlet or is taken out of the appliance, an alarm sounds continuously. It will continue to beep until power is restored (cord or power supply unit is replaced) or the alarm is turned off.

To turn off the alarm, press the red Alarm off button on the rear panel of the appliance. In 6200 and 6400 appliances, press the Locator/Alarm off button on the front panel.

Available Software Images

The 6000 and 7000 appliances come with different software images. See the 6000 and 7000 Appliances home page.

Reverting to a software image takes a few minutes. To follow progress and see when the appliance is ready, connect to the appliance using a serial console.

Synchronizing RAID on 6800, 6900, and 7000 Appliances

6800, 6900, and 7000 appliances support two storage devices.

For appliances with two storage devices, the appliance uses RAID1 mirroring across both storage devices. This lets the appliance continue to work if there is a storage device failure.

The mirror rebuild is automatic. Both storage devices must be the same type.

First Boot Up on a 6800, 6900, or 7000 Appliance with Two Storage Devices

At first boot up, wait a few hours to let the storage devices fully synchronize. If you reboot the appliance before the storage devices are synchronized, the synchronization starts again from scratch at the next boot.

To monitor the RAID status of the storage devices from the CLI:

  1. Log in to the appliance.

  2. Run:
    raid_diagnostic

    The output shows data about the RAID and storage devices, with the percent of synchronization completed.

    DiskID 0 is the top storage device. DiskID 1 is the bottom storage device.

After first boot and replacing a second storage device, the RAID State (in the VolumeID line) shows DEGRADED (this indicates that the drives are not synchronized). The DiskID:0 state shows ONLINE and the DiskID:1 state shows INITIALIZING.

After the RAID is synchronized, the RAID state (in the VolumeID line) shows OPTIMAL (this indicates that the drives are synchronized). The DiskID:0 and DiskID:1 state show ONLINE.

Example 1: RAID status for fully synchronized storage devices (disk size and vendor may vary):

Server123> raid_diagnostic
Raid status:
VolumeID:0 RaidLevel: RAID-1 NumberOfDisks:2 RaidSize:465GB State:OPTIMAL Flags:ENABLED
DiskID:0 DiskNumber:0 Vendor:ATA  ProductID:HGST HTE25050A7 Revision:GS2O Size:465GB State:ONLINE Flags:NONE
DiskID:1 DiskNumber:1 Vendor:ATA  ProductID:HGST HTE25050A7 Revision:GS2O Size:465GB State:ONLINE Flags:NONE

Example 2: RAID status for one fully synchronized storage device and another device that was removed (disk size may vary):

Server123> raid_diagnostic
Raid status:
VolumeID:0 RaidLevel: RAID-1 NumberOfDisks:2 RaidSize:465GB State:DEGRADED Flags:VOLUME_INACTIVE
DiskID:0 DiskNumber:0 Vendor:NONE ProductID:NONE Revision:NONE Size:0GB State:MISSING Flags:NONE
DiskID:1 DiskNumber:1 Vendor:ATA  ProductID:HGST HTE25050A7 Revision:GS2O Size:465GB State:ONLINE Flags:NONE

To monitor the RAID status from the WebUI:

  1. Log in to the Gaia Portal.

  2. From the left navigation tree, click Maintenance> RAID Monitoring.

    The window shows volume and disk information.

To monitor the RAID status from SmartConsole on versions R80.10 and higher:

  1. In SmartConsole, open the Gateways & Servers view.

  2. Right-click the Security Gateway that represents the appliance and select Monitor.

  3. Click System Information.

  4. Click RAID Volumes.

    The window shows volume and disk information.

To monitor the RAID status of the storage devices using SNMP:

Set up SNMP traps to send information about the RAID.
Use OID: 1.3.6.1.4.1.2620.1.6.7.7

For more about how to configure the SNMP settings on the appliance, see the Gaia Administration Guide for the applicable version.

To hot swap a storage device:

  1. Make sure that there is at least one fully synchronized storage device in the system (state=ONLINE).

  2. When the system is up, remove the failed storage device.

    1. If necessary, use the key in the accessories bag to unlock the storage device.

    2. Move the release latch to the left.

      The extraction handle pops out.

    3. Hold the extraction handle and carefully pull the storage device casing to remove the storage device from the appliance.

      Important- Be careful when you pull the ejector handle to remove the storage device from the appliance. If you pull too hard on the ejector handle, it can break off from the storage device casing.

  3. Wait 15 seconds.

    The appliance recognizes that you removed a storage device. See example 2 above.

  4. Install a new storage device.

    1. Insert the replacement storage device into the slot.

    2. Push the extraction handle until it closes and the device clicks into position.

    Software RAID is activated and the appliance synchronizes the storage devices. The first synchronization can continue for over an hour. If you reboot or turn off the appliance before the storage devices are synchronized, the synchronization starts again from scratch at the next boot.

  5. Monitor the RAID status.

Creating the Network Object

Configure the 6000/7000 Appliance object as a Security Gateway object in the Security Management Server database.

  1. Connect with SmartConsole (R80.10 or higher) to the Management Server.

  2. Configure a new Security Gateway object for the appliance.

  3. Enter the IP address for the appliance.

  4. For a centrally managed deployment, establish Secure Internal Communication (SIC) between the Security Gateway and the Security Management Server. Enter the activation key you used in the First Time Configuration Wizard.

  5. Configure the topology.

  6. Configure and install the Security Policy.

Advanced Configuration

You can configure advanced options on Gaia from the Portal or the CLI.

Connecting to the 6000/7000 Appliances CLI

To connect to the command line interface of a 6000/7000 appliance, use one of these:

  • An SSH connection to the management interface (if SSHD is configured).

  • A serial console cable and terminal emulation software, such as PuTTY (from Windows) or Minicom (from Unix/Linux).

    6000/7000 Appliances support these serial console connectivity options:

    • Mini USB - Using the included mini USB to USB console cable in 6500/6800 appliances.

    • USB Type-C - Using the included USB Type-C console cable in 6200, 6400, 6600, 6700, 6900, and 7000 appliances.

    • RJ45 - Using the included RJ-45 to DB9 serial console cable.

    Connection parameters are: 9600bps, 8 bits, no parity, 1 stop bit (8N1), Flow Control - None.

    If you use both the mini USB/USB Type-C (depending on the appliance) and RJ45 console ports, the mini USB port/USB Type-C has priority. To use the RJ45 port, disconnect the mini USB/USB Type-C console cable.

    When you have completed using the RJ45 port, reconnect the miniUSB/USB Type-C console cable.

Note - To use the miniUSB/USB Type-C console port, a driver must be installed on the console client machine (desktop/laptop). For installation instructions and download link, see the appliance home page.