LOM Card Configuration

Configuring an IP Address

The LOM Card needs at least one of these:

  • IPv4 address

  • IPv6 address

Note - Initial IPv4 setup is part of the First Time Wizard. See First-Time Setup.

  1. Do one of these:

    • From the left navigation panel, click the Home view.

      In the LOM Information panel, in the Network Settings section, click Edit.

    • From the left navigation panel, click LOM (or LOM view) > Network Configuration > IP Settings.

    The IP Settings menu opens.

  2. If desired, configure an IPv4 address.

    • To configure a static IPv4 address:

      1. Select Enable IPv4.

      2. Enter values for:

        • IPv4 Address

        • IPv4 Subnet

        • IPv4 Gateway

    • To configure a dynamic IPv4 address, select Enable IPv4 DHCP.

  3. If desired, configure an IPv6 address:

    • To configure a static IPv6 address:

      1. Select Enable IPv6.

      2. Select an IPv6 Index.

      3. Enter an IPv6 Address.

      4. Enter a Subnet Prefix Length.

    • To configure a dynamic IPv6 address, select Enable IPv6 DHCP.

    Note - If you previously configured a static IP Address and then enable DHCP, the fields for the static IP addresses stay populated and the background changes from white to gray. This means that the values are saved but inactive.

  4. Click Save.

  5. A popup message tells you to reconnect in a new browser session.

  6. In a new browser session, reconnect to the device.

    Important - You can only access the device at an IPv4 or an IPv6 address that you saved.

Configuring DNS Settings and Changing the Host Name

Configure one or two DNS servers to resolve the NTP Server hostnames for automatic date and time See Configuring date and time automatically.

The Host Name is the name for the LOM Card in the Home view. This name may be different from the name used for the appliance in the network interface. The Host Name is not related to web hosting. You can only change the Host Name when DNS is enabled.

  1. From the left navigation panel, click the LOM (or LOM view) > Network Configuration > DNS Settings.

  2. Click DNS Enabled.

  3. Below Host Name Setting, select one:

    • Automatic: Configures a Host Name for the LOM Card automatically.

    • Manual: Enter a Host Name for the LOM Card.

  4. Below Domain Name Setting, select one:

    • Automatic: Configures a domain name for the LOM Card automatically.

    • Manual: Enter a domain name for the LOM Card.

  5. Below Domain Name Server Setting, select one:

    • Automatic: Configures a DNS server automatically. Below IP Priority, select one:

      • IPv4

      • IPv6

    • Manual: Enter up to three DNS servers. The LOM Card accesses the DNS servers in the order they are listed. For example: If the LOM Card fails to access DNS Server 1, it then accesses DNS Server 2.

  6. Click Save.

  7. A popup message tells you to reconnect in a new browser session.

Configuring Link Speed and Duplex Settings

You can configure the link speed and duplex settings for the LOM Card network connection to match your environment.

Note - When you access the LOM Card port from a directly connected computer, traffic speed is faster than when you connect to the LOM Card port through other network devices.

  1. From the left navigation panel, click LOM (or LOM view) > Network Configuration > Link Settings.

  2. Choose one:

    • To have the link speed and duplex mode determined automatically, select Auto Negotiation.

      • The link speed defaults to the highest available speed, up to 1,000 Mbps.

      • The Duplex Mode defaults to Full Duplex if Full Duplex is available.

    • To turn off Auto Negotiation and to set the link speed and duplex mode manually, clear Auto Negotiation and configure these:

      • Link Speed: From the drop-down menu, select 100 Mbps or 10 Mbps.

      • Duplex Mode: Select Full duplex or Half duplex.

  3. Click Save.

  4. To see your changes, refresh the page in your web browser.

Configuring an SSL Certificate

You can generate a new SSL Certificate for the LOM Card or upload an existing SSL Certificate.

  1. From the left navigation panel, click LOM (or LOM view) > Network Configuration > SSL Certificate.

  2. Select Generate.

  3. A popup window opens called Generate Certificate.

  4. Enter the applicable values:

    Note - These special characters are not allowed in the certificate fields:

    ( ) [ ] { } < > ~ ` ! ? # $ % & * - + = _ , / | \ ' " : ;

    Field

    Description

    Common Name (CN)

    Maximum length: 64 alphanumeric characters.

    Organization (O)

    Maximum length: 64 alphanumeric characters.

    Organization Unit (OU)

    Maximum length: 64 alphanumeric characters.

    City or Locality (L)

    Maximum length: 128 alphanumeric characters.

    State or Province (ST)

    Maximum length: 128 alphanumeric characters.

    Country (C)

    • Must be two characters.

    • Special characters are not allowed.

    Best Practice - Use Alpha-2 country codes described in the ISO 3166 international standard.

    Email Address

    Email address of the organization

    Valid for

    • Value in days.

    • Minimum: 1.

    • Maximum: 3,650.

    Key Length

    Preset for 2,048 bits.

    Note - To view length and special character restrictions for each field, select the question mark icon in the upper right of the popup window.

  5. Click Save.

  6. After a few seconds, a popup message appears:

    SSL certificate has been saved successfully

  7. Click OK.

  1. From the left navigation panel, click LOM (or LOM view) > Network Configuration > SSL Certificate.

  2. Under New Certificate, to the right of the field, click the folder icon.

  3. Find the SSL certificate file on your computer. The certificate file must be in .pem format.

  4. Below New Private Key, to the right of the field, click the folder icon.

  5. Find the private key file on your computer and select it. The private key file must be in .pem format.

  6. Optional: If there is a passphrase defined for the private key, enter it in the field below Passphrase.

  7. Click Save.

Configuring LOM Card Services

You can configure the port and the user access for these LOM Card services:

  • Web - access to the LOM Card web user interface

  • KVM (Keyboard Video Mouse, also called Virtual Media) - access to the host appliance's Command Line Interface (CLI)

  • CD-media - access to a virtual CD drive on the host appliance

  • HD-media - access to a virtual hard disk drive on the host appliance

Note - Maximum Sessions shows the maximum number of users allowed to use a service at the same time. Each service has a preset and unchangeable maximum number of users.

  1. From the left navigation panel, click LOM (or LOM view) > Network Configuration > Services.

  2. A table shows LOM Card service status. The left column shows a list of LOM Card services. In the same row as a service, on the right side, select the hamburger menu.

    hamburger menu:

  3. The Service Sessions menu opens and shows a list of current user sessions for the service.

  4. To stop a user session, click the red icon on the far right of the row that contains the User Name.

  1. From the left navigation panel, click LOM (or LOM view) > Network Configuration > Services.

    A table shows LOM Card service status. The left column shows a list of LOM Card services.

  2. In the same row as a service, on the right side, select the pencil icon.

    The Service Configuration menu opens.

  3. Do one of these:

    • Select Active to enable the service.

    • Clear Active to disable the service.

    Important - When you clear Active and click Save, you disable the service immediately, including for your own user account.

  4. Click Save.

    The changes that you configured are saved.

  1. From the left navigation panel, click LOM (or LOM view) > Network Configuration > Services.

  2. A table shows LOM Card service status. The left column shows a list of LOM Card services. In the same row as a service, on the right side, select the pencil icon.

    The Service Configuration menu opens.

  3. In Secure port, enter a new port number.

  4. In Timeout, enter a timeout time for the service.

    • Web and KVM timeout range: 300 to 1800 seconds.

    • Web timeout does not happen if there is an active KVM Console session.

    • Timeout values: multiples of 60 seconds.

  5. Click Save.

    The changes that you configured are saved.

  1. From the left navigation panel, click LOM (or LOM view) > Audit Log.

  2. Filter the log for a range of dates.

    1. Click the left clock icon and select a start date.

    2. Click the right clock icon and select an end date.

    Note - To filter for one day, select the same day as the start date and the end date.

    An audit log appears.

Configuring Date and Time Settings

You can configure date and time for the LOM Card manually, or configure the LOM Card to get date and time automatically from an NTP Server.

  1. From the left navigation panel, click LOM (or LOM view) > Date and Time.

  2. Clear Automatic NTP Date & Time.

  3. To the right of the first field, click the clock icon.

    A calendar appears.

  4. Select the date from the calendar.

  5. Below the calendar, click the clock icon.

  6. Use the up and down arrow buttons to set the hour, minute, and second.

  7. In the Select Time Zone drop-down menu, select the time zone.

  8. Click Save.

  9. A popup message tells you to reconnect in a new browser session.

  10. Click OK.

    The browser session closes.

  11. In a new browser session, log in to the LOM Card.

    The LOM Card shows the correct time.

  1. Select Automatic NTP Date & Time.

  2. Below Primary NTP Server, enter the IP address or domain name of an NTP server.

    Note - To access the NTP server through a domain name, the LOM Card needs DNS configured. See Configuring DNS Settings and Changing the Host Name.

  3. Optional: Below Secondary NTP server, enter the IP address or domain name of a second NTP server. If the LOM Card fails to connect to the Primary NTP Server, it connects to the Secondary NTP Server.

  4. A popup message tells you to reconnect in a new browser session.

  5. Click OK.

  6. The browser session closes.

  7. In a new browser session, log in to the LOM Card.

    After one minute, the LOM Card synchronizes with the NTP sever and shows the correct time.

Configuring the LOM Card To Send Log Messages to a Syslog Server

In HTML5-Based LOM Card firmware versions 6.15 and higher, you can configure the LOM Card to send specific log messages to a Syslog server about these actions:

  • user login attempts to the LOM Card WebUI (for more information, see Users and Access)

  • power cycles of the host device from the LOM Card (for more information, see Power Management)

Important - Traffic between the LOM Card and the Syslog server is encrypted only if you use a TCP port and upload a certificate for the Syslog server. If you use a UDP port on the Syslog server, traffic is not encrypted, so make sure the network is physically protected.

  1. From the left navigation panel, click LOM > Network Configuration > Remote Syslog.

  2. Select Enable Remote Syslog.

  3. Select the applicable port type for the Syslog server:

    • UDP

    • TCP

  4. Below Remote Log Server, enter an IP address (IPv4 or IPv6) or Hostname (FQDN)for the Syslog server.

    Important - If you enter a Hostname for the Syslog server, make sure that the DNS servers configured in LOM > Network Configuration > DNS Settings can resolve this Hostname.

  5. Below Remote Server Port, enter the applicable port for the Syslog Server.

  6. If you selected a TCP port type, below CA Certificate File click the folder button and upload the certificate file of the Syslog Server in PEM format.

  7. Click Save.

  1. From the left navigation panel, click LOM > Network Configuration > Remote Syslog.

  2. Make sure Enable Remote Syslog is not selected.

  3. Click Save.

Format of LOM Card Syslog Messages

The LOM Card sends these log messages to the configured Syslog Server:

Category

Type

Log Message

Login

Login succesful

User <Username> successfully logged in from <Client IP

Address>

Login failed

User <Username> failed to log in from <Client IP Address>

Remote Power Control

Reset Appliance

User <Username> executed "Reset Host" from <Client IP Address>

Power On Appliance

User <Username> executed "Power On" from <Client IP Address>

Power Off Appliance - orderly shutdown

User <Username> executed "Soft Power Off" from <Client IP Address>

Power Cycle Appliance

User <Username> executed "Power cycle" from <Client IP Address>

Power Off Appliance - immediate shutdown

User <Username> executed "Power off" from <Client IP Address>

Platform Power State

Power On

Platform was powered on

Power Off

Platform was powered off

Known Limitations

  • The LOM Card can send log messages to one Syslog server.

  • The LOM Card does not generate log messages for power cycles that users do in Gaia Portal, Gaia Clish, or CLI Expert mode.

  • The LOM Card cannot send log messages to a Check Point Management Server / Log Server.