Configuring 3900 Appliances

Initial Configuration

These are the initial configuration methods you can use. Select one:

  • In 3920 and 3950 appliances, scan the QR code located on the bottom of the appliance and follow the instructions.

  • In 3970 / 3980 appliances, scan the QR code that appears on the Service tag and follow the instructions.

  • Scan the QR code on the "Welcome to Check Point" QR Page and follow the instructions that appear.

  • Browse to Welcome to Check Point's appliance setup, select your appliance model from the list, and follow the instructions.

  • Configure a single appliance or multiple appliances automatically with the Check Point Zero Touch service.

Starting the Appliance

Connect the appliance to a power source to turn on the appliance. When the appliance is ready, you can do the First Time Configuration Wizard to configure it. For more information, see the Gaia Administration Guide for your version - Configuring GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. for the First Time.

To start the 3920 appliance:

Connect the power adapter cable to the power supply inlet receptacle in the rear panel and press the power button.

The appliance turns on.

To start the 3950 / 3970 / 3980 appliance:

Connect the power cables to the power supply inlets in the rear panel and press the power switch.

The appliance turns on.

Available Software Images

The 3900 Appliances come with different software images. See the 3900 Appliances home page.

Reverting to a software image takes a few minutes. To follow progress and see when the appliance is ready, connect to the appliance using a serial console.

Creating the Network Object

Configure the 3900 Appliance object as a Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. object in the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. database.

  1. Connect with SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

  2. Configure a new Security Gateway object for the appliance.

  3. Enter the IP address for the appliance.

  4. Establish Secure Internal Communication (SICClosed Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server.) between the Security Gateway and the Security Management Server. Enter the activation key you used in the First Time Configuration Wizard.

  5. Configure the topology.

  6. Configure and install the Security PolicyClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection..

Advanced Configuration

You can configure advanced Gaia OS settings in Gaia PortalClosed Web interface for the Check Point Gaia operating system. or Gaia ClishClosed The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell)..

Connecting to the 3900 Appliances CLI

To connect to the command line interface of the 3900 Appliances, use one of these:

  • An SSH connection to the management interface.

  • A serial console cable and terminal emulation software, such as PuTTY (from Windows) or Minicom (from Unix/Linux).

    3900 Appliances support these serial console connectivity options:

    • USB Type-C - Use the included USB Type-C console cable.

    • In 3970 / 3980 appliances - you can use an RJ45 console cable.

    Connection parameters are: 9600bps, 8 bits, no parity, 1 stop bit (8N1), Flow Control - None.

    Note - To use the USB Type-C console port, a driver must be installed on the console client machine (desktop/laptop). For installation instructions and download link, see the appliance home page.

Configure the Appliance with Zero Touch

You can configure one appliance or multiple appliances automatically with Zero Touch by just plugging in a single cable.

Zero Touch is a service that enables a gateway to automatically fetch settings from the cloud when it is connected to the internet for the first time.

For information on Zero Touch setup and configuration, refer to the Zero Touch Administration Guide.

Important - During the initial setup process, if the appliance must receive an IP Address from a DHCP server, you must connect the cable to this Ethernet port:

  • 3920 - Port #1 (eth1)

  • 3950 - Port #3 (eth3)

  • 3970 / 3980 - Port #11 (eth11)