Print Download PDF Send Feedback

Previous

Next

Installing a Security Gateway

Note - This procedure applies to both Check Point Appliances and Open Servers.

Workflow:

  1. Install the Security Gateway.
  2. Configure the Security Gateway object in SmartConsole - in either Wizard Mode, or Classic Mode.
  3. Configure the applicable Access Control policy for the Security Gateway in SmartConsole.

Step 1 of 3: Install the Security Gateway

Step

Description

1

Install the Gaia Operating System:

2

Run the Gaia First Time Configuration Wizard.

3

During the First Time Configuration Wizard, you must configure these settings:

  • In the Installation Type window, select Security Gateway and/or Security Management.
  • In the Products window:
    1. In the Products section, select Security Gateway only.
    2. In the Clustering section, clear Unit is a part of a cluster, type.
  • In the Dynamically Assigned IP window, select the applicable option.
  • In the Secure Internal Communication window, enter the desired Activation Key (between 4 and 127 characters long).

Step 2 of 3: Configure the Security Gateway object in SmartConsole - Wizard Mode

Step

Description

1

Connect with SmartConsole to the Security Management Server or Domain Management Server that should manage this Security Gateway.

2

From the left navigation panel, click Gateways & Servers.

3

Create a new Security Gateway object in one of these ways:

  • From the top toolbar, click the New (Star icon) > Gateway.
  • In the top left corner, click Objects menu > More object types > Network Object > Gateways and Servers > New Gateway.
  • In the top right corner, click Objects Pane > New > More > Network Object > Gateways and Servers > Gateway.

4

In the Check Point Security Gateway Creation window, click Wizard Mode.

5

On the General Properties page:

  1. In the Gateway name field, enter the desired name for this Security Gateway object.
  2. In the Gateway platform field, select the correct hardware type.
  3. In the Gateway IP address section, select the applicable option:
    • If you selected Static IP address, configure the same IPv4 and IPv6 addresses that you configured on the Management Connection page of the Security Gateway's First Time Configuration Wizard. Make sure the Security Management Server or Multi-Domain Server can connect to these IP addresses.
    • If this Security Gateway receives its IP addresses from a DHCP server, click Cancel and follow the procedure Step 2 of 3: Configure the Security Gateway object in SmartConsole - Classic Mode below.
  4. Click Next.

6

On the Trusted Communication page:

  1. Select the applicable option:
    • If you selected Initiate trusted communication now, enter the same Activation Key you entered during the Security Gateway's First Time Configuration Wizard.
    • If you selected Skip and initiate trusted communication later, make sure to follow Step 7.
  2. Click Next.

7

On the End page:

  1. Examine the Configuration Summary.
  2. Select Edit Gateway properties for further configuration.
  3. Click Finish.

Check Point Gateway properties window opens on the General Properties page.

8

If during the Wizard Mode, you selected Skip and initiate trusted communication later:

  1. The Secure Internal Communication field shows Uninitialized.
  2. Click Communication.
  3. In the Platform field:
    • Select Open server / Appliance for all Check Point appliances models except 1100, 1200R, and 1400.
    • Select Open server / Appliance for an Open Server.
    • Select Small Office Appliance only for 1100, 1200R, and 1400 Check Point appliances models.
  4. Enter the same Activation Key you entered during the Security Gateway's First Time Configuration Wizard.
  5. Click Initialize.

    Make sure the Certificate state field shows Established.

  6. Click OK.

9

On the Network Security tab, enable the desired Software Blades.

Important - Do not select anything on the Management tab.

10

Click OK.

11

Publish the SmartConsole session.

Step 2 of 3: Configure the Security Gateway object in SmartConsole - Classic Mode

Step

Description

1

Connect with SmartConsole to the Security Management Server or Domain Management Server that should manage this Security Gateway.

2

From the left navigation panel, click Gateways & Servers.

3

Create a new Security Gateway object in one of these ways:

  • From the top toolbar, click the New (Star icon) > Gateway.
  • In the top left corner, click Objects menu > More object types > Network Object > Gateways and Servers > New Gateway.
  • In the top right corner, click Objects Pane > New > More > Network Object > Gateways and Servers > Gateway.

4

In the Check Point Security Gateway Creation window, click Classic Mode.

Check Point Gateway properties window opens on the General Properties page.

5

In the Name field, enter the desired name for this Security Gateway object.

6

In the IPv4 address and IPv6 address fields, configure the same IPv4 and IPv6 addresses that you configured on the Management Connection page of the Security Gateway's First Time Configuration Wizard. Make sure the Security Management Server or Multi-Domain Server can connect to these IP addresses.

If this Security Gateway receives its IP addresses from a DHCP server, select Dynamic Address.

7

Establish the Secure Internal Communication (SIC) between the Management Server and this Security Gateway:

  1. Near the Secure Internal Communication field, click Communication.
  2. In the Platform field:
    • Select Open server / Appliance for all Check Point appliances models except 1100, 1200R, and 1400.
    • Select Open server / Appliance for an Open Server.
    • Select Small Office Appliance only for 1100, 1200R, and 1400 Check Point appliances models.
  3. Enter the same Activation Key you entered during the Security Gateway's First Time Configuration Wizard.
  4. Click Initialize.
  5. Click OK.

 

If the Certificate state field does not show Established, perform these steps:

  1. Connect to the command line on the Security Gateway.
  2. Make sure there is a physical connectivity between the Security Gateway and the Management Server (for example, pings can pass).
  3. Run: cpconfig
  4. Enter the number of this option: Secure Internal Communication.
  5. Follow the instructions on the screen to change the Activation Key.
  6. In the SmartConsole, click Reset.
  7. Enter the same Activation Key you entered in the cpconfig menu.
  8. Click Initialize.

8

In the Platform section, select the correct options:

  1. In the Hardware field:
    • If you install the Security Gateway on a Check Point Appliance, select the correct appliances series.
    • If you install the Security Gateway on an Open Server, select Open server.
  2. In the Version field, select R80.30.
  3. In the OS field, select Gaia.

9

On the Network Security tab, enable the desired Software Blades.

Important - Do not select anything on the Management tab.

10

Click OK.

11

Publish the SmartConsole session.

Step 3 of 3: Configure the applicable Access Control policy for the Security Gateway in SmartConsole

Step

Description

1

Connect with SmartConsole to the Security Management Server or Domain Management Server that manages this Security Gateway.

2

From the left navigation panel, click Security Policies.

3

Create a new policy and configure the applicable layers:

  1. At the top, click the + tab (or press CTRL T).
  2. On the Manage Policies tab, click Manage policies and layers.
  3. In the Manage policies and layers window, create a new policy and configure the applicable layers.
  4. Click Close.
  5. On the Manage Policies tab, click the new policy you created.

4

Create the applicable Access Control rules.

5

Install the Access Control Policy on the Security Gateway object.

For more information, see the:

15 March 2020
Was this helpful?
Incorrect information Not what I'm looking for Too much information Confusing information
© 2020 Check Point Software Technologies Ltd. All rights reserved.