Overview

The Zero Touch Web Portal allows administrators to manage the initial configurations of hundreds or thousands of Small Office and Gaia Gateways with settings from the Zero Touch Cloud Service. These gateway settings include Time Zones, administrator passwords, and network information.

Gaia Gateway administrators can save time with Gaia image installations on multiple remote gateways with Blink (Gaia Fast Deployment).

Zero Touch connects to the Check Point User Center for inventory information about the users' Account IDs and their purchased gateways.

The Zero Touch Web Portal allows administrators to accomplish these tasks:

Identify gateways to deploy.
The Zero Touch Web Portal's Inventory window shows Account IDs and their gateways. The window has several ways to sort the gateways on the list to help find and identify individual devices.
Create gateway templates.
Gateway templates supply required settings for gateway deployments. If a suitable template isn't available for the Account ID from previous deployments, a new template is necessary. Check the Under Construction on the template forms to prevent downloads from the Zero Touch Cloud Service until the settings choices are final.
Claim gateways.
The Claim operation loads template configuration settings into gateways on the Zero Touch Web Portal. Claimed gateways are eligible for deployment.
Enable gateways to fetch settings.
When gateways are ready for deployment with the final settings choices, the Unmark as Under Construction option allows and initiates the downloads to the gateways.
View deployment status and completion messages.
Deployment status messages show that the deployment is in progress and then complete. Detailed progress information is available for Gaia Gateways with the Deployment Progress option.

Using the Web Portal

Starting Zero Touch:

Connect to the Zero Touch Web Portal.
Enter your Check Point User Center username (usually an email address) and password.
Choose an Account ID from the drop-down list at the top of the screen.
The gateways to configure are contained within your Account IDs on Zero Touch. The gateways must be new or they must have factory default resets to use Zero Touch for their initial configurations.

Note - You must be an Administrator (not a Viewer) for the Account ID that owns the gateways you want to configure.

Navigating the Web Portal:

You must work within one Account ID for all the operations on the Account's gateways.
Most Options on the Web Portal (such as Edit) are enabled when you click to select one or more gateways or a template.
Use the blue tabs on the left panel to move between windows.

Administrator tasks to configure gateways:

Identify gateways to deploy.

The Inventory window shows the User Center Account IDs and their gateways. Each column heading on the inventory list sorts the gateways to help identify specific devices. Every MAC address is unique.

ZT_partial_inv_notclaimed_gaia

Create gateway templates.

Two template forms are available: Small Office Gateway and Gaia Gateway. The Templates window shows the current Account ID's templates. Each deployment (for one gateway or multiple gateways) must have a completed gateway template.

ZT_partial_templates_show_both

A check mark on the template's Under Construction box delays gateway downloads until other configuration and deployment choices are final. The Under Construction check boxes on the gateway templates are unchecked by default.

Note - On Gaia Gateways, two passwords are set on the template: The Gateway Administrator password and the Zero Touch Identification Key. The Secure Internal Communication (SIC) activation key is entered.

On Small Office Gateways, the Gateway Administrator password is set and the Security Management Portal (SMP) registration key is entered.

Claim gateways.

When the gateway template is complete, selections on the Inventory window enable the Claim option. A click on the Claim option opens a Claim Gateway popup window.

ZT_partial_inv_select_one_gaia_to_claim

The popup window has choices for the gateway name and the template.

Enable gateways to fetch settings.

After all the decisions and initial settings on the gateways are complete, a click on the gateway enables the Actions option on the Claimed Gateways window. A click on Actions > Unmark as Under Construction allows the downloads to begin.

ZT_partial_claimed_gateways_gaia_selected_to_enable_fetch

View deployment status and completion messages.

The Deployment Status for gateways on the Claimed Gateways window shows stages during new deployments. When a deployment completes, the status changes to Finished.

The Claimed Gateways window also has a Deployment Progress option for individually selected Gaia Gateways.

ZT_partial_claimed_gateways_gaia_deployment_progress

Small Office Gateway Template Form

On the Templates window, click New > Small Office Gateway to find this form:

ZT_small_template_1

Template Settings	Description
Name	A string for the name of the template.
Comments	General comments. (Optional.)
Improve product experience by sending data to Check Point	Default.
Under Construction	Check the Under Construction boxes on gateway templates to prevent downloads until the final configuration and deployment decisions are complete.
Wireless Country	The gateway's location.
Time Zone	The gateway's Time Zone.
Use Check Point NTP servers	Default.

Administrator Access	Description
Select the sources from which to allow administrator access: LAN Trusted Wireless VPN Internet	All four sources are the defaults.
Access from the above sources is allowed from: Any IP address Specified IP addresses only: (New IP addresses)	Specified IP addresses only is the default.
Administrator password	Enter Administrator password.
Confirm password	Confirm Administrator password.

ZT_small_template_2

Reach My Device Settings	Description
Allow connections to the gateway when it is unreachable from the internet.	Check this box to connect to a gateway when it is behind NAT. (See Terms.)
To enable this service, allow Administrator Access from the internet and specify the allowed IP addresses.	These settings are in the Administrator Access section.

SMP Activation Settings	Description
IP address or DNS name	IP address or DNS name of this gateway.
Service domain	Service domain name for the SMP server.
Registration key	Available on the gateway page in the SMP server.
Automatically create the gateway in the SMP.	To use this feature in the SMP, select this box and enter the SMP Plan name.
Ignore SMP certificate verification	Select this box if the SMP has a certificate from a Certificate Authority that is not known to the gateway.

Note - To manage a gateway from the SMP, this information is necessary for cloud activations.

CLISH Script Area (Commands that execute after all the other settings.)

Gaia Gateway Template Form

On the Templates window, click New > Gaia Gateway to find this form:

ZT_gaia_template_1

Template Settings	Description
Name	A string for the name of the template.
Comments	General comments. (Optional.)
Under Construction	Check the Under Construction boxes on gateway templates to prevent downloads until the final configuration and deployment decisions are complete.
Cluster Member	Check the box if the gateway is a member of a cluster.
Automatically download Blade Contracts and other important data (Highly recommended)	Default.
Improve product experience by sending data to Check Point	Default.

Version Settings	Description
Install version	Drop-down list for Blink images to select.
Force re-image	Check the box to force a re-image of the machine even if the selected image version is already installed.

Zero Touch Identification Key	Description
Identification key	String set at command line interface: `set cloud-config identification-key <key_string>`
Confirm identification key	Confirm the command line interface Identification Key string.
Generate	Create an Identification Key here. It will display in both fields above.

ZT_gaia_template_2

Administrator Access	Description
Administrator password	Enter the password.
Confirm password	Confirm the password.

Date and Time Settings	Description
Time zone	Drop-down list for the time zone of the gateway.
Primary NTP server ntp.checkpoint.com Version: 4	Default.
Secondary NTP server ntp2.checkpoint.com Version: 4	Default.

Date and Time Settings

Description

Time zone

Drop-down list for the time zone of the gateway.

Primary NTP server

ntp.checkpoint.com
Version: 4

Default.

Secondary NTP server

ntp2.checkpoint.com
Version: 4

Default.

Secure Internal Communication	Description
Activation key	Enter key.
Confirm activation key	Confirm key.

ZT_gaia_template_3

Management Interface	Description
IPv4 Address Subnet mask Default gateway	If you enter the IPv4 address, you must enter the subnet mask and default gateway.
Configure IPv6 IPv6 Address Mask length Default gateway	If you check the IPv6 box, you must enter the IPv6 address, mask length, and the default gateway.

Management Interface

Description

IPv4 Address

Subnet mask
Default gateway

If you enter the IPv4 address, you must enter the subnet mask and default gateway.

Configure IPv6

IPv6 Address
Mask length
Default gateway

If you check the IPv6 box, you must enter the IPv6 address, mask length, and the default gateway.

Network Configuration	Description
Primary DNS server	Enter primary DNS server.
Secondary DNS server	Enter secondary DNS server.
Tertiary DNS server	Enter tertiary DNS server.

Proxy Server	Description
Proxy server	Enter the IP address if you have a proxy server.
Proxy port	Enter the number after the ":" for your proxy IP address.

CLISH Script Area (Commands that execute after all the other settings.)

Use Case - Redeploying One Gaia Gateway

A customer with five Gaia Gateways needs to redeploy one of them. The Gaia Gateway has factory default settings in a new location.

Use the Zero Touch Web Portal to fetch settings for one Gaia Gateway.

To redeploy one Gaia Gateway:

Open the Zero Touch Web Portal.
Enter your User Center account username (usually an email address) and password.
Choose the Account ID for the purchase of the gateway from the drop-down list on the top line of the window.
Navigate to the Inventory window to find the gateway's MAC address to identify it.
Navigate to the Templates window to create a Gaia Gateway template.
Click New > Gaia Gateway.
Complete all the fields in the template form and click Under Construction to prevent the gateway's downloads until later.

Note - Make sure to create or generate a Zero Touch Identification Key and set it on the gateway's command line:

set cloud-config identification-key <key_string>
In the Inventory window, select the gateway.
Click Claim.
Choose your new template from the template drop-down list and choose a name for the gateway on the Claim popup window.
Click Apply.
In the Claimed Gateways window, select the gateway.
If the gateway needs additional settings changes, click Edit to change the gateway.
Click Actions > Unmark as Under Construction in the Claimed Gateways window to start the deployment.
Click the Deployment Progress option in the Claimed Gateways window to see a list of steps in the installation and configuration for this selected gateway.

Note - When Blink images and CLISH scripts are not used, the Deployment Progress list shows the First Time Wizard, Reboot, and the CLISH script (even if the script is empty).

The Deployment Status for the gateway on the Claimed Gateways window shows Finished when the configuration is complete.

Use Case - Deploying Multiple Gaia Gateways

A customer with four new Gaia Gateways at multiple locations wants to deploy them.

Use the Zero Touch Web Portal to configure multiple Gaia Gateways.

To deploy four new Gaia Gateways:

Open the Zero Touch Web Portal.
Enter your User Center account username (usually an email address) and password.
Find your Account ID for the purchase of the new gateways on the top line of the window.
Navigate to the Inventory window to find the Gaia Gateways.
If Small Office Gateways are also on the Inventory list, use the Type option to select Gaia Gateways only.
Navigate to the Templates window to create a Gaia Gateway template.
Click New > Gaia Gateway.
Complete the template form and click Under Construction to prevent the gateways' downloads until later.

Note - Make sure to create or generate a Zero Touch Identification Key for the four gateways and set it with this command on each gateway's command line:

set cloud-config identification-key <key_string>
In the Inventory window, click the MAC column's box to select the gateways. Click Claim.
Choose your new template from the template drop-down list on the Claim popup window.
Click Apply.
If the four gateways are in different time zones or if they have other differences that need changes before deployment, select each gateway individually to Edit the gateways on the Claimed Gateways window.
On the Claimed Gateways window, click the MAC column's box to select all four Gaia Gateways again.
Click Actions > Unmark as Under Construction on the right side of the window to start the downloads.

The Deployment Status column shows stages, such as Installing and Rebooting, for each gateway.
Click the Deployment Progress option to see Gaia Gateway progress, one selected gateway at a time.

Note - When Blink images and CLISH scripts are not used, the Deployment Progress list shows the First Time Wizard, Reboot, and the CLISH script (even if the script is empty).

The Deployment Status for the four gateways on the Claimed Gateways window shows Finished when the configurations are complete.

Use Case - Redeploying Multiple Small Office Gateways

Use the Zero Touch Web Portal to fetch settings for four previously claimed and deployed Small Office Gateways. The gateways still have the status of being claimed.

To redeploy four Small Office Gateways:

Open the Zero Touch Web Portal.
Enter your User Center account username (usually an email address) and password.
Find your Account ID for the four Small Office Gateways on the top line of the window.
Navigate to the Inventory window to find the Small Office Gateways and their MAC addresses.

Note - If Gaia Gateways are also on the Inventory window list, use the Type option to select Small Office Gateways only.
Navigate to the Claimed Gateways window to see the four Small Office Gateways.

Note - The gateways show the Deployment Status as Finished from the previous deployment.
Select the Small Office Gateways.
Choose Actions > Mark as Under Construction on the right side of the window.
This prevents automatic downloads from their previous template when the gateways return to factory default settings.

Note - The four gateways now show wrench symbols.
Set the four Small Office Gateways to factory default settings at their command line interfaces.
Navigate to the Templates window.
Click New > Small Office Gateway.
Complete the template form and click Under Construction to prevent the gateways' downloads until later.
In the Inventory window, select the four Small Office Gateways again.
Click Unclaim.

Note - You can unclaim and then claim gateways to change to a different template.
A popup window asks if you are sure you want to unclaim the gateways. Click Yes.
Click Claim. This makes the new Small Office gateway template available for the four gateways.
Choose your new template from the template drop-down list on the Claim popup window.
Click Apply.
If the four gateways are in different time zones or if they have other differences that need changes before deployment, select each gateway individually to Edit the gateways in the Claimed Gateways window.
On the Claimed Gateways window, select the Small Office Gateways again.
Click Actions > Unmark as Under Construction in the Claimed Gateways window to start the downloads.

The Deployment Status fields for the gateways on the Claimed Gateways window show stages during the new deployment, such as Installing and Rebooting, for each gateway.

The Deployment Status fields show Finished for complete configurations.

Web Portal Features

Web Portal Top:

Account Name - Descriptive name (such as, Sales) from the Check Point User Center.
Account ID - Numerical ID from the Check Point User Center.
Account Role - Administrator or Viewer. Only Administrators can configure the gateways.
Username - An email address (usually) for a user with access to Account IDs.
Log Out - Close Zero Touch.

Templates Window:

Options
- Type to filter - Search for a Template ID or anything else shown in the window.
- New - Small Office Gateway or Gaia Gateway template.
- Edit - Edit a selected template.
- Clone - Copy selected templates from the source account to the destination account.
- Delete - Delete a selected template.
- Refresh - Refresh the Web Portal.
Columns
- Name - Name of the template.
- Type - Small Office Gateway or Gaia Gateway template.
- Template ID - An identifying number from Zero Touch.
- Last Modified - Date and time of template's creation or most recent edit.
- Comments - Optional.

Claimed Gateways Window:

Options
- Type to filter - Search for a MAC address or anything else shown in the window.
- Edit - The choices made in a gateway's template are available for change with edits to the selected gateway itself.
- Unclaim - Change a gateway from Claimed to Unclaimed. It is a way to reclaim a gateway with a new template.
- Refresh - Refresh the Web Portal.
- Deployment Progress - Gaia Gateways have details of image installations and rebooting in a popup window.
- Actions - Mark as Under Construction, Unmark as Under Construction, and Unlock.
Columns
- MAC - Unique Media Access Control Address.
- Name - Gateway name (chosen or default).
- SKU - Stock Keeping Unit: Identification code for the product.
- Template Name - The name given to the template when it is created.
- Type - Small Office Gateway or Gaia Gateway.
- Last Modified - Most recent gateway change.
- Deployment Status - Not reported, Installing, Rebooting, or Finished.
- Reach My Device - Links for Small Office Gateways with remote access options.
- Last Status Update - Most recent status change.
- IP Address - Visible IP address on the internet.
- Device IP Address - Local IP address (different from the visible IP if using NAT).
- Claimed By - User Center and Zero Touch username (usually an email address).
- Claimed On - Date and time of the gateway's Claim status.
- Comments - Optional.

Inventory Window:

Options
- Type to filter - Search for a MAC address or anything else shown in the window.
- Claim - Make a gateway eligible for an automatic initial deployment through Zero Touch.
- Edit - Change a selected Claimed Gateway's settings.
- Unclaim - Change a selected gateway's Status from Claimed to Unclaimed.
- Refresh - Refresh the Web Portal.
- Type - All, Small Office Gateway or Gaia Gateway.
- Status - All, Claimed or Unclaimed.
Columns
- MAC - Media Access Control Address as a unique identifier in Zero Touch.
- SKU - Stock Keeping Unit: Identification code for the product.
- Type - Small Office Gateway or Gaia Gateway.
- Status - Claimed or Unclaimed.
- Description - The gateway's product description from the User Center.