Installing a Security Gateway

Notes:

This procedure applies to both Check Point Appliances and Open Servers.
This procedure does not apply to Check Point Small Office Appliance models lower than 3000.

Procedure:

Install the Security Gateway

Step	Instructions
1	Install the Gaia Operating System: Installing the Gaia Operating System on Check Point Appliances Installing the Gaia Operating System on Open Servers
2	Follow Configuring Gaia for the First Time.
3	During the First Time Configuration Wizard, you must configure these settings: In the Installation Type window, select Security Gateway and/or Security Management. In the Products window: In the Products section, select Security Gateway only. In the Clustering section, clear Unit is a part of a cluster, type. In the Dynamically Assigned IP window, select the applicable option. In the Secure Internal Communication window, enter the applicable Activation Key (between 4 and 127 characters long).
4	Install a valid license. See Working with Licenses.

Configure the Security Gateway object in SmartConsole

Configuring in Wizard Mode

Step	Instructions
1	Connect with SmartConsole to the Security Management Server or Domain Management Server that should manage this Security Gateway.
2	From the left navigation panel, click Gateways & Servers.
3	Create a new Security Gateway object in one of these ways: From the top toolbar, click the New () > Gateway. In the top left corner, click Objects menu > More object types > Network Object > Gateways and Servers > New Gateway. In the top right corner, click Objects Pane > New > More > Network Object > Gateways and Servers > Gateway.
4	In the Check Point Security Gateway Creation window, click Wizard Mode.
5	On the General Properties page: In the Gateway name field, enter the applicable name for this Security Gateway object. In the Gateway platform field, select the correct hardware type. In the Gateway IP address section, select the applicable option: If you selected Static IP address, configure the same IPv4 and IPv6 addresses that you configured on the Management Connection page of the Security Gateway's First Time Configuration Wizard. Make sure the Security Management Server or Multi-Domain Server can connect to these IP addresses. If this Security Gateway receives its IP addresses from a DHCP server, click Cancel and follow the procedure Step 2 of 3: Configure the Security Gateway object in SmartConsole - Classic Mode below. Click Next.
6	On the Trusted Communication page: Select the applicable option: If you selected Initiate trusted communication now, enter the same Activation Key you entered during the Security Gateway's First Time Configuration Wizard. If you selected Skip and initiate trusted communication later, make sure to follow Step 7. Click Next.
7	On the End page: Examine the Configuration Summary. Select Edit Gateway properties for further configuration. Click Finish. Check Point Gateway properties window opens on the General Properties page.
8	If during the Wizard Mode, you selected Skip and initiate trusted communication later: The Secure Internal Communication field shows `Uninitialized`. Click Communication. In the Platform field: Select Open server / Appliance for all Check Point appliance models 3000 and higher. Select Open server / Appliance for an Open Server. Select Small Office Appliance only for Check Point Small Office Appliance models lower than 3000. Enter the same Activation Key you entered during the Security Gateway's First Time Configuration Wizard. Click Initialize. Make sure the Certificate state field shows `Established`. Click OK.
9	On the General Properties page: On the Network Security tab, enable the applicable Software Blades. On the Threat Prevention tab, enable the applicable Software Blades.
10	Click OK.
11	Publish the SmartConsole session.

Configuring in Classic Mode

Step

Instructions

Connect with SmartConsole to the Security Management Server or Domain Management Server that should manage this Security Gateway.

From the left navigation panel, click Gateways & Servers.

Create a new Security Gateway object in one of these ways:

From the top toolbar, click the New () > Gateway.
In the top left corner, click Objects menu > More object types > Network Object > Gateways and Servers > New Gateway.
In the top right corner, click Objects Pane > New > More > Network Object > Gateways and Servers > Gateway.

In the Check Point Security Gateway Creation window, click Classic Mode.

Check Point Gateway properties window opens on the General Properties page.

In the Name field, enter the applicable name for this Security Gateway object.

In the IPv4 address and IPv6 address fields, configure the same IPv4 and IPv6 addresses that you configured on the Management Connection page of the Security Gateway's First Time Configuration Wizard.

Make sure the Security Management Server or Multi-Domain Server can connect to these IP addresses.

If this Security Gateway receives its IP addresses from a DHCP server, select Dynamic Address.

Establish the Secure Internal Communication (SIC) between the Management Server and this Security Gateway:

Near the Secure Internal Communication field, click Communication.
In the Platform field:
- Select Open server / Appliance for all Check Point models 3000 and higher.
- Select Open server / Appliance for an Open Server.
Enter the same Activation Key you entered during the Security Gateway's First Time Configuration Wizard.
Click Initialize.
Click OK.

If the Certificate state field does not show Established, perform these steps:

Connect to the command line on the Security Gateway.
Make sure there is a physical connectivity between the Security Gateway and the Management Server (for example, pings can pass).

Run:

cpconfig

Enter the number of this option:

Secure Internal Communication

Follow the instructions on the screen to change the Activation Key.
In SmartConsole, click Reset.
Enter the same Activation Key you entered in the cpconfig menu.
In SmartConsole, click Initialize.

In the Platform section, select the correct options:

In the Hardware field:
- If you install the Security Gateway on a Check Point Appliance, select the correct appliances series.
- If you install the Security Gateway on an Open Server, select Open server.
In the Version field, select R80.40.
In the OS field, select Gaia.

Enable the applicable Software Blades:

On the Network Security tab.
On the Threat Prevention tab.

Click OK.

Publish the SmartConsole session.

Configure the applicable Security Policy for the Security Gateway in SmartConsole

Step	Instructions
1	Connect with SmartConsole to the Security Management Server or Domain Management Server that manages this Security Gateway.
2	From the left navigation panel, click Security Policies.
3	Create a new policy and configure the applicable layers: At the top, click the + tab (or press CTRL T). On the Manage Policies tab, click Manage policies and layers. In the Manage policies and layers window, create a new policy and configure the applicable layers. Click Close. On the Manage Policies tab, click the new policy you created.
4	Create the applicable Access Control rules.
5	Install the Access Control Policy on the Security Gateway object.
6	Create the applicable Threat Prevention rules.
7	Install the Threat Prevention Policy on the Security Gateway object.

For more information, see the:

R80.40 Security Management Administration Guide
R80.40 Threat Prevention Administration Guide
Applicable Administration Guides on the R80.40 Home Page.