Check Point VSX-1 3070 Getting Started Manual

VSX-1

Getting Started Guide

VSX NGX R65

U-40, P-20

703522 February 2009

VSX_Appliance_GettingStarted.book Page 1 Thursday, February 5, 2009 3:56 PM

VSX_Appliance_GettingStarted.book Page 2 Thursday, February 5, 2009 3:56 PM

3

distributed under licensing restricting their use, copying, distribution, and decompilation. No part of

this product or related documentation may be reproduced in any form or by any means without prior

written authorization of Check Point. While every precaution has been taken in the preparation of

this book, Check Point assumes no responsibility for errors or omissions. This publication and

features described herein are subject to change without notice.

RESTRICTED RIGHTS LEGEND:

Use, duplication, or disclosure by the government is subject to restrictions as set forth in

subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS

252.227-7013 and FAR 52.227-19.

TRADEMARKS:

Please refer to http://www.checkpoint.com/copyright.html for a list of our trademarks.

For third party notices, see http://www.checkpoint.com/3rd_party_copyright.html.

VSX_Appliance_GettingStarted.book Page 3 Thursday, February 5, 2009 3:56 PM

4

VSX_Appliance_GettingStarted.book Page 4 Thursday, February 5, 2009 3:56 PM

Health and Safety Information

Read the following warnings before setting up or using the appliance.

To prevent damage to any system board, it is important to handle it with care. The

following measures are generally sufficient to protect your equipment from static

electricity discharge:

• When handling the board, to use a grounded wrist strap designed for static

discharge elimination.

• Touch a grounded metal object before removing the board from the antistatic bag.

• Handle the board by its edges only. Do not touch its components, peripheral chips,

memory modules or gold contacts.

• When handling processor chips or memory modules, avoid touching their pins or

gold edge fingers.

• Restore the communications appliance system board and peripherals back into the

antistatic bag when they are not in use or not installed in the chassis. Some

circuitry on the system board can continue operating even though the power is

switched off.

• Under no circumstances should the Lithium battery cell used to power the

real-time clock be allowed to short. The battery cell may heat up under these

conditions and present a burn hazard.

Warning - Do not block air vents. A minimum 1/2-inch clearance is

required.

Warning - This appliance does not contain any user-serviceable parts.

Do not remove any covers or attempt to gain access to the inside of the

product. Opening the device or modifying it in any way has the risk of

personal injury and will void your warranty. The following instructions

are for trained service personnel only.

Warning - DANGER OF EXPLOSION IF BATTERY IS INCORRECTLY

REPLACED. REPLACE ONLY WITH SAME OR EQUIVALENT TYPE

RECOMMENDED BY THE MANUFACTURER. DISCARD USED

BATTERIES ACCORDING TO THE MANUFACTURER'S INSTRUCTIONS

VSX_Appliance_GettingStarted.book Page 5 Thursday, February 5, 2009 3:56 PM

• Disconnect the system board power supply from its power source before you

connect or disconnect cables or install or remove any system board components.

Failure to do this can result in personnel injury or equipment damage.

• Avoid short-circuiting the lithium battery; this can cause it to superheat and cause

burns if touched.

• Do not operate the processor without a thermal solution. Damage to the processor

can occur in seconds.

VSX_Appliance_GettingStarted.book Page 6 Thursday, February 5, 2009 3:56 PM

7

Contents

Chapter 1

Introduction

Welcome...................................................................................9

VSX-1 Overview .......................................................................11

Shipping Carton Contents .........................................................13

VSX-1 3070 ................................................................... 13

VSX-1 9070 ................................................................... 14

VSX-1 9090 ................................................................... 15

Terminology ............................................................................16

Chapter 2

Installation and Configuration

Installation and Configuration Workflow .....................................17

Installing and Setting Up VSX-1................................................18

Ear Mount Installation..................................................... 18

Installing VSX-1 in a Rack ............................................... 20

Connecting the Cables and Power On................................ 21

Initial Configuration .................................................................23

Logging in for the First Time ............................................ 23

Configuring the Management Interface.............................. 25

Setting Network and Time/Date Properties......................... 27

Selecting Cluster Options................................................. 27

Completing the Configuration........................................... 28

VSX Appliance Recovery ...........................................................29

Chapter 3

VSX-1 Hardware

Overview .................................................................................31

Front Panel Components.................................................. 32

VSX_Appliance_GettingStarted.book Page 7 Thursday, February 5, 2009 3:56 PM

8

Rear Panel Components................................................... 38

Customer Replaceable Parts......................................................40

Power Supply.................................................................. 40

Cooling Fan .................................................................... 42

Expansion Line Card........................................................ 43

Hard Disk Drive............................................................... 45

Chapter 4

Registration and Support

Registration.............................................................................47

Support...................................................................................48

Where To From Here? ...............................................................48

VSX_Appliance_GettingStarted.book Page 8 Thursday, February 5, 2009 3:56 PM

9

Chapter

1

Introduction

In This Chapter

Welcome

Thank you for choosing Check Point’s VSX-1 appliance. We

hope that you will be satisfied with this solution and our

support services. Check Point products provide your business

with the most up to date and secure solutions available today.

Check Point also delivers worldwide technical services

including educational, professional and support services

through a network of Authorized Training Centers, Certified

Support Partners and Check Point technical support personnel

to ensure that you get the most out of your security

investment.

Welcome page 9

VSX-1 Overview page 11

Shipping Carton Contents page 13

Terminology page 16

VSX_Appliance_GettingStarted.book Page 9 Thursday, February 5, 2009 3:56 PM

Welcome

10

For additional information on the NGX Internet Security Product Suite

and other security solutions, refer to: http://www.checkpoint.com or

call Check Point at 1(800) 429-4391. For additional technical

information, refer to: http://support.checkpoint.com.

Welcome to the Check Point family. We look forward to meeting all of

your current and future network, application and management

security needs.

VSX_Appliance_GettingStarted.book Page 10 Thursday, February 5, 2009 3:56 PM

VSX-1 Overview

Chapter 1 Introduction 11

VSX-1 Overview

The VSX-1 (Virtual System eXtension) appliance is a security and VPN

solution, designed to meet the demands of large-scale environments.

Based on the proven security of VPN-1, VSX provides comprehensive

protection for multiple networks or VLANs within complex

infrastructures. It securely connects them to shared resources such as

the Internet and DMZs, and allows them to safely interact with each

other. VSX is supported by SmartDefense™ Services, which provide

up-to-date preemptive security.

VSX incorporates the same patented Stateful Inspection and

Application Intelligence technologies used in the Check Point VPN-1

product line. It runs on high speed platforms (known as VSX

gateways) to deliver superior performance in high-bandwidth

environments. Administrators manage VSX via a SmartCenter server or

a Provider-1 Multi-Domain Server (MDS), delivering a unified

management architecture that supports enterprises and service

providers.

A VSX gateway contains a complete set of virtual devices that

function as physical network components, such as VPN-1 gateways

(firewalls), routers, switches, interfaces, and even network cables.

Centrally managed, and incorporating key network resources

internally, VSX allows businesses to deploy comprehensive firewall

and VPN functionality, while reducing hardware investment and

improving efficiency.

Key Features:

• Combines Virtual Firewall, VPN, and IPS

• Consolidates Up to 250 Security Gateways Onto a Single

Hardware Platform

• Includes Virtualized Networking Components- Virtual routers,

Virtual switches & Virtual cabling

• Wire-Speed Security for Gigabit Networks

• High Availability with Linear Growth Clustering

VSX_Appliance_GettingStarted.book Page 11 Thursday, February 5, 2009 3:56 PM

VSX-1 Overview

12

• Bridge Mode Support for Transparent Internal Firewalls

• Flexible Virtual Network Design

• SmartDefense Services Updates

• URL Filtering

This document provides:

• A brief overview of essential VSX-1 appliance concepts and

features

• A step by step guide to getting VSX-1 appliance up and running

VSX_Appliance_GettingStarted.book Page 12 Thursday, February 5, 2009 3:56 PM

Shipping Carton Contents

Chapter 1 Introduction 13

Shipping Carton Contents

This section describes the contents of the shipping carton.The

contents of the carton vary depending on your appliance model.

VSX-1 3070

Table 1-1 Contents of the VSX-1 3070 Shipping Carton

Item Description

Appliance A single VSX-1 3070 appliance

Rack Mounting Accessories Hardware mounting kit

Cables •1 Power cable

• 1 Standard RJ-45 network cable

• 1 Serial console cable

• 1 RJ-45 loopback plug

2 CDs Includes the following:

• CD1: VSX-1 Installation

• CD2: VSX-1 Getting Started Guide

VSX NGX R65 documentation

Certifications, Regulations,

and Documentation

Certification data sheet and user license

agreement

VSX_Appliance_GettingStarted.book Page 13 Thursday, February 5, 2009 3:56 PM

Shipping Carton Contents

14

VSX-1 9070

Table 1-2 Contents of the VSX-1 9070 Shipping Carton

Item Description

Appliance A single VSX-1 9070 appliance

Rack Mounting Accessories Hardware mounting kit

Cables • 2 Power cables

• 1 Standard RJ-45 network cable

• 1 Serial console cable

• 1 RJ-45 loopback plug

2 CDs Includes the following:

• CD1: VSX-1 Installation

• CD2: VSX-1 Getting Started Guide

VSX NGX R65 documentation

Certifications, Regulations,

and Documentation

Certification data sheet and user license

agreement

VSX_Appliance_GettingStarted.book Page 14 Thursday, February 5, 2009 3:56 PM

Shipping Carton Contents

Chapter 1 Introduction 15

VSX-1 9090

Table 1-3 Contents of the VSX-1 9090 Shipping Carton

Item Description

Appliance Two VSX-1 9070 appliances

Rack Mounting Accessories Hardware mounting kit

Cables •4 Power cables

• 2 Standard RJ-45 network cable

• 2 Serial console cable

• 2 RJ-45 loopback plug

2 CDs Includes the following:

• CD1: VSX-1 Installation

• CD2: VSX-1 Getting Started Guide

VSX NGX R65 documentation

Certifications, Regulations,

and Documentation

Certification data sheet and user license

agreement

VSX_Appliance_GettingStarted.book Page 15 Thursday, February 5, 2009 3:56 PM

Terminology

16

Terminology

The following VSX terms are used throughout this chapter:

• Gateway: The VPN-1 engine that enforces the organization’s

security policy and acts as a security enforcement point.

• Security Policy: The policy created by the system administrator

that regulates the flow of incoming and outgoing

communication.

• SmartCenter Server: The server used by the system administrator

to manage the security policy. The organization’s databases and

security policies are stored on the SmartCenter server and

downloaded to the gateway.

• SmartConsole: GUI applications that are used to manage various

aspects of security policy enforcement. For example, SmartView

Tracker is a SmartConsole application that manages logs.

• SmartDashboard: A SmartConsole GUI application that is used

by the system administrator to create and manage the security

policy.

• Centrally Managed Deployment: When the gateway and the

SmartCenter server are installed on separate machines.

• Virtual Routers: Independent routing domains within a VSX

Gateway that function like physical routers.

• Virtual System: A routing and security domain featuring firewall

and VPN capabilities supported by a standard Check Point

Gateway. Multiple Virtual Systems can run concurrently on a

single VSX Gateway, isolated from one another by their use of

separate system resources and data storage.

• VSX Clustering: The connection of two or more VSX Gateways in

such a way that if one fails, another immediately takes its place.

A single VSX Gateway contains multiple Virtual Routers and

Virtual Systems.

VSX_Appliance_GettingStarted.book Page 16 Thursday, February 5, 2009 3:56 PM

17

Chapter

2

Installation and Configuration

In This Chapter:

This chapter covers installing and configuring the VSX-1

appliance.

Installation and Configuration

Workflow

Below is an overview of the steps needed to configure your

VSX-1 appliance. Each step is explained in detail further on.

To configure VSX-1:

1. Install VSX-1 by ear mount or in the rack.

2. Connect the cables and power on.

3. Log in and perform the initial configuration.

Installation and Configuration Workflow page 17

Installing and Setting Up VSX-1 page 18

Initial Configuration page 23

VSX Appliance Recovery page 29

Note - A SmartCenter or Provider-1 Server is not installed

locally on the VSX-1 appliance. VSX-1 appliance is only

supported in a centrally managed environment.

VSX_Appliance_GettingStarted.book Page 17 Thursday, February 5, 2009 3:56 PM

Installing and Setting Up VSX-1

18

Installing and Setting Up VSX-1

VSX-1 appliance can be installed by ear mount or in the rack.

Ear Mount Installation

The VSX-1 appliance ships with two ear mount kits, and screws

of the type shown in Figure 2-1:

Figure 2-1 Ear Mount Screws

One ear mount fits on each side of the chassis.

To assemble the ear mounts:

1. Take out the L shape ear mount kits.

2. Place the side with four holes against the chassis. The side

with two holes faces outward, as shown in Figure 2-2.

VSX_Appliance_GettingStarted.book Page 18 Thursday, February 5, 2009 3:56 PM

Installing and Setting Up VSX-1

Chapter 2 Installation and Configuration 19

Figure 2-2 Ear Mounts

3. Fasten the four retaining screws on each ear mount.

4. Fasten the two screws that connect the ear mount to the

handle.

Retaining

Screws

VSX_Appliance_GettingStarted.book Page 19 Thursday, February 5, 2009 3:56 PM

Installing and Setting Up VSX-1

20

Installing VSX-1 in a Rack

Install the system in the rack with the network ports facing the

front of the rack.

Figure 2-3 Installing VSX-1 9070

VSX_Appliance_GettingStarted.book Page 20 Thursday, February 5, 2009 3:56 PM

Page is loading ...

Check Point VSX-1 3070 Getting Started Manual

This manual is also suitable for

Check Point VSX-1 3070 Getting Started Manual

Related papers

Other documents