Getting Started with Zero Touch

Introduction

With Zero Touch Allows users to manage the initial configurations of "Small Office" and "Gaia Gateways" easily and remotely. Settings from the Zero Touch Server replace the First Time Configuration Wizard. The Zero Touch Cloud Service runs a Web Portal and supports REST API. All actions are available through API calls., you can configure a single or multiple gateways so users can easily get started with their Quantum Spark appliances or Quantum Security Gateways by just plugging in a single cable. All the configurations are automatically downloaded.

Zero Touch enables a gateway to automatically fetch settings from the cloud when it is connected to the internet for the first time.

Note - If the appliance gets a public IP Address from a DHCP server, the appliance fetches the Zero Touch settings without any additional action. If no DHCP server is available, you must run the First Time Configuration In Zero Touch, the initial settings for new gateways or for gateways at factory default settings. These initial settings include the gateway's Time Zone, Administrator password, and network settings. Wizard on the appliance, configure the Internet Connection settings, and then fetch the settings from the Zero Touch server.

For additional information, see sk116375 - Zero Touch Cloud Service for Check Point Appliances.

Prerequisites

• The Security Gateway appliances must be configured in the applicable User Center account that has access to the Zero Touch Portal.

• Depending on how your User Center account is configured, you may need to enable Two-Factor Authentication.

• The applicable Security Gateway appliances must be new, or you must reset them to factory defaults.

• The Security Gateway appliances must connect to the Internet directly (connection through a proxy server is not supported).

• You must be an Administrator (not a Viewer) in the User Center Account ID that owns the Security Gateway appliances you want to configure.

Known Limitations

ID	Description
ZETS-448	SandBlast Threat Emulation Appliances (TE100X, TE250X, TE250XN, TE1000X, TE2000X, TE2000XN) are not supported.
ZETS-783	Scalable Platforms (ElasticXL, Maestro, Scalable Chassis) are not supported.

Getting Started with the Zero Touch Portal

1. Start Zero Touch

   1. Connect to the Check Point Zero Touch Portal.

   2. Enter your Check Point User Center username (usually an email address) and password.

   3. Choose an Account ID from the drop-down list at the top of the screen.

2. Select a Template

   1. In the portal, go to Templates > New.

   2. Select one of these:

      • Small Office Gateway

      • Gaia Gateway

3. Configure the Template Settings

   1. Enter a name for the template that does not contain spaces and a description.

   2. Optional, but recommended: Select the checkbox to improve product experience by sending data to Check Point.

   3. Select either the Locally Managed or the Centrally Managed mode.

   4. Enter the Wireless country and time zone.

      You can also select to use the NTP server.

   5. For Admin access, select the applicable sources to allow.

      Enter any specified IP addresses, such as in a corporate environment.

   6. Enter the password to be used to log in to the Security Gateway.

4. Configure the cloud services

   1. Configure Reach My Device (RMD).

      This is a relay service so you can access the gateway even when it is behind another router or has a dynamic IP address.

   2. Optional: Configure the settings forSMP Activation.

5. Gaia Clish configuration

   1. Optional: Paste the relevant Gaia Clish commands or scripts (for example, WiFi configuration. This configures the WiFi, so it is already up and running when the user logs in to the Security Gateway appliance for the first time).

   2. Click Apply to save the template.

6. Claim a Security Gateway appliance

   1. In the Inventory tab, select one of the listed Security Gateway appliances to configure and click Claim.

      The Claim Gateway window opens.

   2. Assign a new name to the Security Gateway appliance that reflects the template used to apply the configuration when you connect for the first time.

   3. Click Apply.

      A message appears that the Security Gateway appliance was claimed successfully.

      The Security Gateway appliances status changes to Claimed.

      Note - You can claim other unclaimed Security Gateway appliances and apply a template.

   Watch the Video
7. View or configure Claimed Gateways

   In the Claimed Gateways tab you can:

   • Change the Security Gateway configuration.

   • View the information about this Security Gateway such as deployment status, RMD, last status update, IP address, Device IP address.

     The last status update remains blank until the Security Gateway connects for the first time or you perform a factory reset on the Security Gateway and need to use the Zero Touch service again.

8. Deploy the Claimed Security Gateway

   The deployment process for a Security Gateway starts when it fetches the configuration and is no longer marked as Under Construction in the Zero Touch portal.

   This session on the Security Gateway appliance is initiated with the Gaia First Time Configuration Wizard or the automatic script.

   The Security Gateway appliance communicates with the Zero Touch Provisioning Service when you connect the Security Gateway appliance to the Internet for the first time and it boots up for the first time.

   1. Connect the cable to the Security Gateway appliance.

      The deployment status changes to Gateway successfully downloaded settings.

   2. In you web browser, connect to the Gaia Portal of the Security Gateway appliance at https://<IP_Address>.

   3. The Gaia First Time Configuration Wizard opens.

   4. In the Welcome page of the Gaia First Time Configuration Wizard, click Fetch Settings from the cloud.

      Note - If you fetch settings from the Cloud, you do not need to change the password at your first log in.

   5. In the window that opens, click OK to confirm that you want to proceed.

   6. The Internet connection page opens.

      Configure your Internet connection and click Connect.

   7. The Fetching settings from the cloud window opens and shows the Connecting to the service provider status.

      This process may take several minutes.

   8. If you fail to connect, an error message appears.

      Possible errors include:

      • Internet configuration is not configured correctly.

      • Internet connection is through a proxy server.

      • Zero Touch is already running.

      • Zero Touch service already completed.

      • Zero Touch service is disabled.

      Where applicable, click Retry now to connect again.

   9. After the Security Gateway appliance connects to the Zero Touch Service, it automatically downloads and installs the required configuration.

      The progress status appears in the Fetching settings from the cloud window.

   10. Click Finish.