Contents/Index/Search Download Complete PDF Send Feedback Print This Page

Previous

Next

Installing and Uninstalling

You can deploy Security Gateway Virtual Edition on your ESX hosts from an OVF template or from an ISO.

If you choose to install from an OVF template, the operating system for the VM is installed and configured for typical deployment. This option is faster.

If you choose to create a new Virtual Machine, you install the Security Gateway from the Check Point ISO. You install the operating system and then run the First Time Configuration Wizard.

Related Topics

Installing Security Gateway Virtual Edition Virtual Machine

Installing Security Gateway Virtual Edition from ISO

First Time Configuration Wizard

Completing the Installation

Uninstallation

Installing Security Gateway Virtual Edition Virtual Machine

To install a new Security Gateway Virtual Edition VM from an OVF template:

  1. Import the OVF template and start the Deploy OVF Template wizard.
  2. Configure the Security Gateway Virtual Edition VM in the ESX inventory.
  3. Map the Security Gateway Virtual Edition VM interfaces to your network.
  4. Run the First Time Configuration Wizard.

Getting the Template

To get the Security Gateway Virtual Edition OVF Template:

  1. Download Check_Point_Security_Gateway_R77_VE.tgz to your vSphere Client computer.
  2. Extract the template OVF file to a temporary folder.

Deploying the Security Gateway Virtual Edition VM

To deploy the VM and save it in the inventory:

  1. In the VMware vSphere client, select an ESX host.
  2. Select File > Deploy OVF Template. The Deploy OVF Template wizard opens.
  3. In the Source window, select Deploy from file.
  4. Enter or select the .ovf file and then click Next.
  5. In the OVF Template Details window, click Next.

    The next windows that you see depend on the template properties.

    • Name and Location window - select an inventory location for the VM.
    • Disk Format window - select Thick provisioned format.
    • Host/Cluster window - select a host. This window only opens if there are multiple hosts or clusters.

    Host-Cluster_Window

  6. If the Datastore window opens, select a datastore. This window opens only if there is more than one datastore related to the host or cluster.

    DatastoreWindow

Configuring the Virtual Machine Settings

Before you configure the Security Gateway Virtual Edition, make sure the VM has the minimum requirements.

To configure the VM:

  1. Right-click the VM.
  2. Select Edit Settings.

    The Virtual Machine Properties window opens.

    VM01

  3. Configure memory:
    • Minimum to run Security Gateway Virtual Edition in 32-bit - 1024 MB. Add more to increase connection capacity.
    • Minimum to run Security Gateway Virtual Edition in 64-bit - 6 GB.
  4. Configure Network Adapters.

Configuring Network Adapters - Mapping Interfaces

To complete import of the OVF template, map the interfaces. Security Gateway Virtual Edition is already configured with four network adapters. You can add and delete vNICs.

In the Network Mapping window, configure the default network adapters and destination networks. These are the network adapters that are configured for Security Gateway Virtual Edition by the template.

To complete OVF import:

  1. For each source network, select a destination network from the list.

    (The destination network names are examples and will be different for your deployment.)

    Network Mapping Window

  2. Click Next.
  3. Click Finish.

    It can take some time to add the Security Gateway Virtual Edition VM to the inventory.

  4. Continue with the First Time Configuration Wizard.

Configuring Storage

When you deploy a Security Gateway Virtual Edition R77 on Gaia from OVF, it gets this configuration:

  • Swap: 2 GB
  • Root: 7 GB
  • Logs: 3 GB
  • Backup and upgrade: 8 GB

To add more storage, increase the disk size.

Installing Security Gateway Virtual Edition from ISO

Before you begin, download the ISO file with the R77 image for the Gaia operating system to your vSphere Client computer.

To create a new R77 VM:

  1. In the VMware vSphere client, click File > New > Virtual Machine.

    The Create New Virtual Machine wizard opens.

  2. Select Custom Configuration.
  3. Enter a name, inventory location, host, destination storage, and version for the VM.
  4. In Guest Operating System, select Linux.
  5. In Version, select Other Linux (32-bit) or Other Linux (64-bit).

    The mode you select here must match the mode that you select during Gaia installation.

  6. In the CPUs window, select the number of virtual CPUs for the virtual machine.
  7. In the Memory window, set the memory size of the VM:
    • Minimum to run Security Gateway Virtual Edition in 32-bit - 1024 MB. Add more to increase connection capacity.
    • Minimum to run Security Gateway Virtual Edition in 64-bit - 6 GB.
  8. In the Network window, select the number of NICs to connect to the VM.
  9. Map the interfaces to the networks available to the ESX host.
    • Use E1000 adapter for the NICs.
    • Leave Connect at Power On selected.
  10. In the SCSI Controller window, select LSI Logic Parallel.
  11. In the Disk window, select Create a new virtual disk.
  12. In the Create a Disk window:
    • Disk Size - 21 GB is required minimum
    • Disk Provisioning - select Thick Provision Lazy Zeroed
    • Location - select Store with virtual machine
  13. In the Advanced Options window, do not change the default settings (Disk Provisioning = Flat Disk, Virtual Device Node = SCSI 0:0).
  14. In the Ready to Complete window, select Edit the virtual machine settings before completion.
  15. Click Continue.

    The Virtual Machine Properties window opens.

To configure the new VM with required settings:

  1. Open the Resources Tab and select Memory.
  2. Increase Memory Reservation to at least 1 GB.

    More reserved resources increases the performance of the Security Gateway VM.

  3. Click Finish.
  4. Power on the Virtual Machine.
  5. Attach the ISO file with the downloaded R77 image to the VM CD/DVD drive.
    1. With the Virtual Machine selected, click Connect/disconnect the CD/DVD devices of the virtual machine.
    2. Click Connect to ISO image on local disk.
    3. Browse to the location of the ISO file and click Open.
  6. Right-click the VM and select Guest > Send Ctrl+Alt+Del.
  7. With the Virtual Machine selected, open the Console tab.
  8. Log in to the virtual machine console.

    The operating system installation begins automatically. See the R77 Installation and Upgrade Guide.

  9. Continue with the First Time Configuration Wizard.

First Time Configuration Wizard

The First Time Configuration Wizard is part of the management console, on a WebUI. Open the management console from a VM or a remote host (virtual or physical) .

  • If the management console is a VM, it must be connected to the Check Point management port group.
  • If the management console is a remote host, you will configure the network of the Security Gateway Virtual Edition to reach the host.

First, turn on the Security Gateway Virtual Edition VM.

To open the First Time Configuration Wizard from a different VM:

  1. Open the VM console.
  2. Open a browser to the default address of the Security Gateway Virtual Edition (https://192.168.1.1).

    The First Time Configuration Wizard starts.

To open the First Time Configuration Wizard from a remote host:

  1. Open the console of the Security Gateway Virtual Edition VM.
  2. Log in with the admin credentials (default is admin/admin).
  3. In clish, run:
    set interface eth0 ipv4-address x.x.x.x subnet-mask x.x.x.x
  4. If the remote host is not on the same subnet as the Security Gateway Virtual Edition, define a default gateway:
    set static-route default nexthop gateway address x.x.x.x on
  5. On the remote host, open a browser to the IP address of the Security Gateway Virtual Edition (https://<IP address>).

    The First Time Configuration Wizard starts.

To configure the Security Gateway Virtual Edition with the First Time Configuration Wizard:

  1. In the first step of the First Time Configuration Wizard, configure a new password.
  2. Configure the host name, domain name, and DNS server.
  3. Configure the date and time.
  4. Review the network details of the management interface and correct, if necessary.
  5. Select Check Point products to install.
  6. Select deployment:
    • Standalone: Select Security Gateway and Security Management Server. In the next steps, configure the user name and password of the administrator, and the GUI clients.
    • Distributed: Select Security Gateway and not Security Management Server. In the next steps, configure the Security Gateway Virtual Edition IP address for static or dynamic, and configure the SIC activation key.
  7. Configure the username of an administrator.
  8. Click Finish.

    A message shows to restart the Security Gateway.

  9. Click OK to restart the Security Gateway Virtual Edition now.

Completing the Installation

You must have a SmartDashboard installed on a Windows computer, and defined as a GUI client.

To install the R77 SmartDashboard:

  1. Browse to: https://<Security Gateway Virtual Edition IP address>
  2. At Manage Software Blades using SmartConsole, click Download Now.

After the SmartDashboard is installed, use the GUI client to install the 15-day trial license, or to add a permanent license. Open SmartDashboard and install a policy on the Security Gateway Virtual Edition.

Uninstallation

To uninstall Security Gateway Virtual Edition:

  1. In the vSphere client, turn off the Security Gateway Virtual Edition VM.
  2. Delete the Security Gateway Virtual Edition from your inventory.
  3. Delete Security Gateways, cluster objects, and other network objects in SmartDashboard that were used with Security Gateway Virtual Edition.
 
Top of Page ©2013 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print