Use Case - Deploying Multiple Spark Firewall Appliances

Use the Zero TouchClosed Allows users to manage the initial configurations of "Small Office" and "Gaia Gateways" easily and remotely. Settings from the Zero Touch Server replace the First Time Configuration Wizard. The Zero Touch Cloud Service runs a Web Portal and supports REST API. All actions are available through API calls. Web Portal to fetch settings for four previously claimed and deployed Spark Firewall Appliances.

Prerequisites

  • For all management platforms (Centrally Managed, (Undefined variable: Vars_CloudGuard.tp_smart1_cloud_old), or Spark Management) you must create a Small Office Gateway object and configure a One Time Activation Key before you claim your Gateway in the Zero Touch Portal.

  • In Spark Management (Optional): Automatic gateway creation can be permitted in each Plan.

For the procedures below, connect to the command line on the Spark Firewall appliance and run the commands in Gaia Clish.

set sic_init password <One-Time Activation Key>

connect security-management mgmt-addr <IPv4 Address of Management Server> use-one-time-password true local-override-mgmt-addr true send-logs-to local-override-mgmt-addr

sleep 20

fetch policy mgmt-ipv4-address <IPv4 Address of Management Server>

sleep 10

connect maas auth-token <Token from Infinity Portal>

sleep 10

set maas mode enable

sleep 10

set sic_init password <One-Time Activation Key>

connect security-management mgmt-addr 100.64.0.52 use-one-time-password true local-override-mgmt-addr true send-logs-to local-override-mgmt-addr

sleep 20

fetch policy mgmt-ipv4-address 100.64.0.52

sleep 10

set cloud-services activation-key <Activation Key> confirm-untrusted-certificate true mode on

Procedure

These Security Gateways still have the status Claimed.

  1. Connect to the Check Point Zero Touch Portal.

  2. Enter your User Center account username (usually an email address) and password.

  3. Find your Account ID for the four Spark Firewall Appliances in the top line of the window.

  4. Navigate to the Inventory page to find the MAC addresses of Spark Firewall Appliance to identify them.

    Note - If this page shows Security Gateways of two types - Gaia Gateway and Small Office Gateway, then use the Type action to select Security Gateways only of type Small Office Gateway.

    Example:

  5. Navigate to the Claimed Gateways page to unclaim the Security Gateways:

    1. Select all applicable Security Gateways - select the applicable checkboxes in the leftmost column.

    2. Click (Actions) > Mark as Under Construction.

      This prevents automatic downloads from their previous template when these Security Gateways return to factory defaults.

    3. The wrench icon appears in the leftmost column for these four Security Gateways.

    Example:

  6. Restore these four Spark Firewall Appliances to factory defaults (in WebUI or Gaia Clish).

    See the:

    • Spark Firewall Appliances Locally Managed Administration Guide for your version > Section "Restoring Factory Defaults".

    • Spark Firewall Appliances CLI Reference Guide for your version (the command "revert to factory-defaults").

  7. Navigate to the Templates page to create a Small Office Gateway template:

    1. Click New > Small Office Gateway.

      Example:

    2. Complete all the fields in the template form.

    3. Select Under construction to prevent the deployment of this template until you make the final changes.

    Example:

  8. Navigate to the Inventory page to unclaim and then claim the Security Gateways:

    1. Select all applicable Security Gateways - select the applicable checkboxes in the leftmost column.

    2. Click Unclaim.

      Note - You can unclaim and then claim Security Gateways to change to a different template.

      Example:

    3. The Confirm window opens.

      Click Yes.

      Example:

    4. Click Claim.

      This makes the new Small Office Gateway template available for the four Security Gateways.

      Example:

    5. The Claim Gateway window opens.

      1. In the Template field, choose your new template from the drop-down list.

      2. In the Comments field, enter an applicable text.

      3. Click Apply.

      Example:

  9. Navigate to the Claimed Gateways page:

    1. If it is necessary to configure or change settings, then left-click each applicable Security Gateway and click Edit.

      For example, if each of the four Security Gateways must have a different time zone.

      Example:

    2. Select all applicable Security Gateways - select the application checkboxes in the leftmost column.

    3. Click (Actions) > Unmark as Under Construction to start the deployment.

      Example:

    4. The Deployment Status column shows stages, such as Installing and Rebooting, for each Security Gateway.

    5. The Deployment Status column shows Finished when the configuration is complete for each Security Gateway.