Check Point Software Technologies VSX 21400
Contents
1. i i 2 i g H il I il il Empty Tn LL Customer Replaceable Parts Page 26 Installing and Removing Memory When performing a memory upgrade to the basic memory configuration Install more DIMMS in all the remaining slots The DIMMs slots must always be populated as shown in the diagram CPU 0 To remove a DIMM a Press the two retaining clips outward b Carefully pull the DIMM up You will possibly find it necessary to pull one end of the DIMM and then the other to gradually release it from the contact pins To insert a DIMM Press the new DIMM into the socket until it clicks into position The top of the DIMM is smooth The bottom edge has two different length sets of contacts which connect to the slots on the socket Be sure the contacts and slots are correctly aligned before you insert the DIMM The retaining clips move into the lock position as you press the DIMM into position Insert the lower tray and turn on the appliance a Move the system board tray into the appliance until it clicks into position b Refasten the two retaining screws for the lower tray c Connect the power cords to the appliance d Press the power switch at the rear of the appliance to turn on the power to the appliance The appliance automatically recognizes the new memory configuration Make sure the configuration is correct using the CLI C2. Lesc Page 11 Initial Configuration Initial Configuration Logging in for the First Time Check Point 21400 VSX includes a First Time Wizard to help you configure the initial settings for the appliance To log in and start the First Time Wizard 1 Connect to the appliance s Serial console using the RJ45 D subminiature cable 2 Connect the serial cable RJ45 D subminiature to the serial console port on the appliance 3 In aterminal emulation program configure these serial console settings e Speed 9600 e Data bits 8 e Parity None e Stop bit 1 4 Log in for the first time using admin as the default username and password Follow the on screen instructions and change the password 6 Log in to expert mode n a Enter expert b Enter the new admin password c Follow the on screen instructions and change the expert mode password 7 Run sysconfig to configure the appliance for the first time The Welcome window opens Welcome to Check Point SecurePlatform Pro Yak Rey 10 This wizard will guide you through the initial configuration of your SecurePlattform device Atl any time you can choose Quit q to exit this Wizard Choose Mext in to continue Press qg for Quit n for Next Your choice 8 Typen The Network Configuration window opens Network Configuration 1 Host Name 3 Domain Name Serwers 3 Routing 21 Domain Name 4 Network Connections Press g for Quit p for Previous n
3. The Check Point 21400 VSX front panel has three slots for cold swappable Line Cards also known as Network interface Cards NICs hy DODOODDEESs pppn ACICE Ce N DODO Ee DEMOS i I Te i a a Ai foan nonam e e RET i EEE doaiana ie ORDO eoRo AAGBA ne iS a ap 7 fe jel gl lj etotststete sit Set oaeouod SONS SSICGE i m oo Supported Line Cards oon mee Hefei bmi i lll S These Line Cards are available Item Line Card Description Supported Transceivers Latch Lever Color 1 10GbE SFP 10 Gb Ethernet PCl e line Fiber optic short range Black Line Card 4 Port card for SFP transceivers Fiber optic long range Blue 2 1GbE SFP Line 12 port 1Gb Ethernet Fiber optic short range Black Card 12 Port PCl e line card for SFP transceivers Fiber optic long range Blue Copper Yellow 3 1GbE Copper 12 port 1000BaseT PCl e None None Line Card 12 line card port Line Card Slot and Port Numbering Line Card slots are numbered from 1 to 3 top to bottom Slot 1 top slot 2 middle slot 3 bottom The Line Card ports are numbered from 1 left to right For example in a 12 port card the slots are numbered 1 to 12 left to right Line Card LEDs Item Description 4 Activity e OFF No Activity e Slow Blink Amber Activity Check Point 21400 VSX Front and Rear Panel Page 18 Check Point 21400 VSX Rear Panel Item Description 5 6 Link e OFF No Link
4. e ON Green Link Link e OFF No Link e ON Green 10Mbps or 1Gbps Link e ON Amber 100Mbps Link SA B 4A B SAB 2A B 1AB Item Description J 10 2 redundant hot swappable AC power supplies Each power supply connects to an electric outlet LED indicator for power supply one for each power supply e OFF power off e ON Green power on Main power switch Power supply alarm suppression button When a power supply fails or is not connected to the outlet an alarm sounds continuously Press here to turn off the alarm Grounding plug 5 replaceable CPU cooling fans behind the grille Each cooling fan operates independently of the others providing redundancy in the event of failure Fan grille retaining screw The fans are redundant pairs They are numbered from right to left 1A B 2A B 3A B 4A B 5A B Extraction handles and retaining thumb screws for the bottom tray that contains the system board and the top tray for an ADP Service module There are also extraction handles and retaining screws on the right Accelerated Data Path ADP service module tray behind the grille Check Point 21400 VSX Front and Rear Panel Page 19 Chapter 5 Customer Replaceable Parts For maximum availability and easy maintenance the appliance has many customer replaceable parts Important customers are prohibited by warranty and support agreements from changing any parts or altering the ha
5. e ON Amber HDD Activity 5 Hard disk drive HDD Power e OFF HDD Power off e ON Green HDD Power on 6 Link e OFF No Link e ON Green Link 7 Activity e OFF No Activity e Slow Blink Amber Activity Check Point 21400 VSX Front and Rear Panel Page 16 Check Point 21400 VSX Front Panel Managing Check Point 21400 VSX Using the LCD Panel The appliance has an LCD panel that you can use to do basic management operations You can enable DHCP You can configure the management IP address netmask and default gateway of the appliance You can reboot the appliance Menu Options Purpose Set Internal IP Set the management interface IP address Set the management interface network mask set Default GW Set the management interface default gateway Menu Sub menu Network or Set Mgmt IP Set Netmask System Reboot LCD Panel Keys To Enter the main menu Navigate the menu Select a menu option Go back to previous menu Reboot the appliance Press Enter Aor V Enter ESC When Entering an IP Address To Move to the next digit Move back to the previous digit Approve the change Cancel the IP change Change current digit Press Enter ESC Enter when the cursor is located on the last digit ESC when the cursor is located on the first digit Aor V Check Point 21400 VSX Front and Rear Panel Page 17 Check Point 21400 VSX Front Panel Line Cards
6. for Next Your choice 9 Use the menus and windows to set the Host Name Domain Name and Domain Name Servers 10 Enter n The Network Connections window opens Configuring the Management Interface Use the Network Configuration window to configure the parameters of the Management interface To configure the Management interface settings 1 In the Network Configuration window enter 4 Configuring Check Point 21400 VSX Page 12 Initial Configuration 9 The Network Connections window opens Choose a network connections configuration item e to exit 1 Add new connection 4 Select management connection 21 Configure connection 5 Show connection configuration 3 Remove connection Your choice Enter 2 The Configure connection window opens Choose a connection to display e to exit 1 Mgmt 4 ethl 03 7 ethl O6 10 eth1l 0 13 ethl 12 2 ethl 0l1 3 ethl 04 8 ethl 07 11 ethi 10 3 ethl 02 6 ethl Os 9 ethl 08 12 ethl 11 Enter the number to select the Mgmt interface The Choose Mgmt item to configure window opens Choose Mgmt item to configure e to exiti 1 Change IP settings 3 Remove IP from interface 21 Change MTU settings 4 Change from static to dynamic IP Your choice Enter 1 The Change IP settings window opens Enter an IP address network mask and broadcast address for the Management interface Enter e twice to return to the Network Configuration window Enter 5 The Routing
7. power to the appliance Customer Replaceable Parts Page 31 Chapter 6 VSX Appliance Recovery VSX comes preloaded on your Check Point 21400 VSX appliance If for any reason you need to reinstall VSX on the appliance follow this procedure To reinstall VSX software on the appliance 1 SOPOP Connect to the appliance console using the designated cord received in your shipping carton RJ45 D subminiature cable and connect to the console using Terminal Emulation software such as HyperTerminal or PuTTY Load the Installation CD that you received in your shipping carton into a portable USB CD ROM DVD ROM drive Connect the portable CD ROM DVD ROM drive to the appliance s USB socket Power On your appliance Once the appliance boots from the CDROM DVD drive press Enter to start the installation The installation automatically installs all required components and the progress of each stage is shown When you see the message You may safely reboot your system reboot the appliance manually using the master power button Turn the appliance off and disconnect the USB CD ROM DVD ROM After several seconds press the master power button to turn on the appliance again To install the existing security policy and configuration on the recovered gateway or cluster members 1 2 From the command line of the Security Manager server or Multi Domain Security Management run yvsx til reconfigure Enter the following inform
8. Check Point 21400 VSX R67 10 Getting Started Guide 24 November 2011 softwareblades Check Point a SOFTWARE TECHNOLOGIES LTD We Secure the Internet P N 704712 Models G 50 2011 Check Point Software Technologies Ltd All rights reserved This product and related documentation are protected by copyright and distributed under licensing restricting their use copying distribution and decompilation No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point While every precaution has been taken in the preparation of this book Check Point assumes no responsibility for errors or omissions This publication and features described herein are subject to change without notice RESTRICTED RIGHTS LEGEND Use duplication or disclosure by the government is subject to restrictions as set forth in subparagraph c 1 il of the Rights in Technical Data and Computer Software clause at DFARS 252 227 7013 and FAR 52 227 19 TRADEMARKS Refer to the Copyright page http www checkpoint com copyright html for a list of our trademarks Refer to the Third Party copyright notices http www checkpoint com 3rd_party_copyright html for a list of relevant copyrights and third party licenses Important Information Latest Software We recommend that you install the most recent software release to stay up to date with the latest functional impr
9. Ds System power system status and hard disk activity 2 LCD display screen 3 Keypad for LCD screen 4 2 Hard disk drives When monitoring the disks using the raid diagnostic command DiskID 0 is the top disk and DiskID 1 Is the bottom disk 5 Hard disk power and activity LEDs 6 Three slots for Ethernet interface line cards 7 Console port for a serial connection to the appliance using a terminal emulation program such as HyperTerminal 8 LOM Light Out Management port for the optional LOM card Page 15 Check Point 21400 VSX Front Panel Item Description 9 Management connection port for an Ethernet connection to a remote management computer 10 USB ports Check Point 21400 VSX Front Panel LEDS i ot he ery i Z 5 5 ti 1q d H f TT J r i i z F 7 f j m l d 1 LFT b Fr a lz i Check Paint em 21400 VSA Co SS ee i aa a I z Fo l p mmea E i j r i 1 rof F P i r Tr Uk 7 Fis 3 r k Fo m a ad r e brr p p Iri Oep GOOGOOQ L on oh am J F F z i Item Description 1 System Power e OFF System power off e ON Green System power on 2 System Status e Green System OK e Orange Alarm for voltage temperature or fan 3 Hard disk drive HDD Activity e OFF No HDD Activity e ON Green HDD Activity 4 Hard disk drive HDD Activity e OFF No HDD Activity
10. ailable on the Check Point Support Center http supportcenter checkpoint com Be sure to also use the Online Help when you are working with the Check Point SmartConsole clients Page 33 Appendix A Compliance Information This appendix contains declaration of conformity compliance and related regulatory information In This Appendix Declaration of Conformity 34 Declaration of Conformity Manufacturer s Name Check Point Software Technologies Ltd Manufacturer s Address 5 Ha Solelim Street Tel Aviv 67897 Israel Declare that under our sole responsibility the products Model Number G50 Product Options All Serial Number 1 to 100 000 Date First Applied 2011 Conforms to the following Product Specifications EMC FCC 47 CFR Part 15 Information Technology Equipment Radio Disturbance Class A Characteristics VCCI V 3 Class A Information Technology Equipment Radio Disturbance Characteristics AS NZS CISPR22 Information Technology Equipment Radio Disturbance Class A Characteristics ICES 003 Class A Information Technology Equipment Radio Disturbance Characteristics EN55022 Class A Information Technology Equipment Radio Disturbance Characteristics EN 61000 3 2 Information Technology Equipment Harmonics Characteristics EN61000 3 3 Information Technology Equipment Flicker Characteristics CISPR22 Information Technology Equipment Radio Disturbance Characteristics Page 34 Declarat
11. and the memory modules from electrostatic discharge damage make sure you are properly grounded before you touch these components Use a grounding wrist strap and follow the instructions provided with the wrist strap before you handle the components or open the appliance The grounding plug on the rear of the appliance Check Point 21400 VSX Rear Panel on page 19 provides a chassis grounding point If you do not have a grounding wrist strap make sure you are properly grounded before you touch any electronic component To add or replace DIMMs 1 Power down the appliance and remove the lower tray a Use the CLI to shut down the appliance b Press the power switch at the rear of the appliance to turn off power to the appliance c Remove the power cords from the appliance d Loosen the two retaining screws for the lower tray Check Point 21400 VSX Rear Panel on page 19 e Pull hard on the extraction handles and fully remove the tray from the appliance 2 Find the DIMM memory slots on the system board The basic memory configuration of the Check Point 21400 VSX ship with six DIMMs installed The optional memory configuration of the appliance ships with 12 DIMMs installed Each DIMM is 2 Gbyte When replacing a DIMM in the basic memory configuration Use the same six slots The DIMMs slots must always be populated as shown in the diagram Empty Empty MTT T TTTS i Empty i L pm o oe e o e ee eee eee eee ee eee E
12. ar Growth Clustering Bridge Mode Support for Transparent Internal Firewalls Flexible Virtual Network Design IPS Services Updates URL Filtering This document provides A brief overview of essential VSX concepts and features A step by step guide to getting VSX up and running Note Screen shots in this guide may apply only to the highest model to which this guide applies Important Solutions For more information about R67 10 VSX go to the Check Point R67 10 VSX Home Page http supportcontent checkpoint com solutions id sk65291 For a list of open issues see the Known Limitations http supportcontent checkpoint com solutions id sk65292 For a list of closed issues see the Resolved Issues http supportcontent checkpoint com solutions id sk65293 Shipping Carton Contents Item Description Check Point 21400 VSX A single VSX appliance Check Point 21400 VSX e 1 1GbE copper line card 12 port for Sync Management components or Data e 2 front facing slots for optional line cards e 12GB dynamic RAM e 2 hard disk drives with RAID e 2 power supplies e Full complement of fans quantity 5 Rack mounting accessories Hardware mounting kit Introduction Page 8 Shipping Carton Contents Item Description Cables 2 power cords e Getting Started Guide e User License Agreement Documentation Introduction Page 9 Chapter 2 Mounting the Appliance in a Rack To learn how to mount the Check Point 21400 VSX in
13. art of the unit 4 Ifthe alarm sounds press the red Alarm Off button to the right of the power supply The alarm stops To install a replacement power supply 1 Insert the power supply into its slot and push firmly until it clicks into position 2 Tighten the retaining screw 3 Insert the power cord 4 Lock the power cord clip Make sure that the green power supply LED is illuminated Installing and Removing Hard Disks The appliance contains two hot swappable redundant hard disk drives Customer Replaceable Parts Page 23 Installing and Removing Hard Disks To remove a hard disk 1 Move out the LCD panel and lock the spring loaded screw into retaining ring 2 On the hard disk drive push left on the ejector handle and turn outward 3 Remove the hard disk drive by pulling on the ejector handle and the hard disk drive bezel Move the hard disk drive of the chassis Z y os al Al T T7 Wr OOS To install a hard disk 1 Insert the hard disk drive into the slot 2 Turn the ejector handle to the closed position 3 Press on the hard disk drive until it sits in its connector To do this apply pressure at the same time on the e Right side of the bezel using your left hand e Flat part of the ejector handle using your right hand 4 Release the LCD panel Press the spring loaded screw to release the panel from the retaining ring 5 Move the LCD panel t
14. aste electrical and electronic equipment The separate collection and recycling of your waste equipment at the time of disposal will help to conserve natural resources and ensure that it is recycled in a manner that protects human health and the environment For more information about where you can drop off your waste equipment for recycling please contact your local city office or your household waste disposal service Health and Safety Information Page 5 Contents Jighelelgtslal ialielgagt i Osaa 3 Health and Safety Information cccccsseesseeeeeseecenseseeneecenseseaneeceneesenseseeneeseaees 4 PFT OC UIGUION eae 7 MVCIC ONG oeeie atau stat eanste en yane uid eie a bine piattetn bia ate bia bind eed ota eae 7 Overview of Check Point 21400 VSX cc cecccceccccsecceseeeeseeeeeseeeeseeesseeeeseeeesaeeess 7 VSA OVEIVIGW siccitetelet ci dodecate E Ei 7 Ap Oma Ml SOMMMONS atte ctcctt nts erate ant etter anaes ence heel aeeiate heat atieat ss 8 SIDING Ganon CONICS esikoe rae Ee i oa ea oar 8 Mounting the Appliance in a Rack ccccccsscseseeeeeeeeeeeeeeneeeaeeeaseeaeeeaeeeaeeeneeeaeenaes 10 Configuring Check Point 21400 VSX ccssceeeseeeeeseseeseesenseseeseeeeneesenseseeneesoaees 11 FO WETING OM aeisi a e A ESE 11 M a Cono urato sse a eae atentd 12 LOGOING IM TOR TVG INST TIMO sa dcediunt axenic dceduntcuwesunerdceduntincedd 12 Configuring the Management Interface cccceccesseceeseeeeceeeesseeeese
15. ation when prompted a IP address of the Security Manager server or CMA that holds the VSX object b Administrator username and password c Gateway or Cluster member object name d SIC activation key for the recovered gateway or cluster member Reboot the reconfigured gateway or Cluster member The VSX appliance now contains the security policy and is part of the network configuration For more information about the vsx util reconfigure command see the VSX NGX R67 Administration Guide http supportcontent checkpoint com documentation_download ID 10165 Page 32 Chapter 7 Registration and Support In This Chapter Registration 33 Support 33 Where To From Here Sh Registration Check Point 21400 VSX requires a specific Check Point license Obtain a license and register at the Check Point Appliance Registration site http register checkpoint com cpapp Note The MAC address of the management interface is required to obtain a license Support For additional technical information about Check Point products consult the Check Point Support Center http supportcenter checkpoint com Where To From Here You have now learned the basics that you need to get started The next step is to obtain more advanced knowledge of your Check Point software See the VSX NGX R67 Administration Guide http supportcontent checkpoint com documentation_download ID 10165 also available on the CD Check Point documentation is av
16. azardouswaste perchlorate The foregoing notice is provided in accordance with California Code of Regulations Title 22 Division 4 5 Chapter 33 Best Management Practices for Perchlorate Materials This product part or both may include a lithium manganese dioxide battery which contains a perchlorate substance WARNING Handling the cord on this product will expose you to lead a chemical known to the State of California to cause cancer and birth defects or other reproductive harm Wash hands after handling Information to user The user s manual or instruction manual for an intentional or unintentional radiator shall caution the user that changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment In cases where the manual is provided only in a form other than paper such as on a computer disk or over the Internet the information required by this section may be Health and Safety Information Page 4 Welcome included in the manual in that alternative form provided the user can reasonably be expected to have the capability to access information in that form Product Disposal This symbol on the product or on its packaging indicates that this product must not be disposed of with your other household waste Instead it is your responsibility to dispose of your waste equipment by handing it over to a designated collection point for the recycling of w
17. cseeeeeeeseeeeseeeeeeeeeeeesseesaeeens 28 Installing and Removing the System Board Battery cccccseeeeeseeeeeeeeeeseeeens 29 Installing and Removing a LOM Card ccccccccecsececseeeeseeeeseeeeeseeeeseeeeseeeesseeeas 30 V SAAD ONANCE RECOVER 32 Registration and SUpport sce cstcisisusaieacenatciarccndeesessciusntecaieecesantuaatwonseaeensteuaateutcusens 33 ReEgStTalO nene a a Polede Mccain 33 SPEO ea a T E a evs OMe Te ees 33 Where To From Here resien gneisses eE E EA E EEEE 33 CG ompliance INTORMAUON sssini a a 34 Deciarati on ol COMMOMMIRY sinipi 34 Chapter 1 Introduction In This Chapter Welcome Overview of Check Point 21400 VSX VSX Overview Important Solutions Shipping Carton Contents CO CON N N Welcome Thank you for choosing Check Point 21400 VSX We hope that you will be satisfied with this system and our support services Check Point products provide your business with the most up to date and secure solutions available today Check Point also delivers worldwide technical services including educational professional and support services through a network of Authorized Training Centers Certified Support Partners and Check Point technical support personnel to ensure that you get the most out of your security investment For additional information on the Internet Security Product Suite and other security solutions refer to the Check Point Web site http www checkpoint com For additional technica
18. eeesaeeeees 12 Setting Network and Time Date Properties ccccceecccseeeeeeeeeeeeeeeseeeeeaaees 13 SeleCting CUSE r ODON eiia E T 13 Completing the Configuratio M si airne iaai a ai 14 Contirming the Buile NUMDGIS cesariana E O N 14 Check Point 21400 VSX Front and Rear Pannel sscccsseseeseseeeeseeeeneeeeneeeeaees 15 Check Point 21400 VSX Front Paneles cerner 15 Check Point 21400 VSX Front Panel LEDS cc ccccccecceceeeeseeeeeeeeeesaeeeens 16 Managing Check Point 21400 VSX Using the LCD Panel eeeee ee 17 LNE CANAS eraren aa a a ee etic cielo deater eda toaeOrcauaaede 18 Gheck Point 21400 VSX Rear Panel lksanese an 19 Customer Replaceable Parts cicesiecstscscetsicotcanstanncedaysotcunetennccderdoseenetanneadervebentevaads 20 Installing and Removing Line Cards ccccccccceeecceeeeeeeeeeseeeeeseeeeseeeeseeeesseeeeas 20 Installing and REMOVING Transceivers cccccceecceeeceeeseeeeeeeseeeseeeseeeseeeneeeneeenes 21 Installing and Removing Power Supplies ccccccccseceeeeeeeeeseeeseeeeeeeeseeesaeeess 22 Installing and Removing Hard DISKS ccccccceecceeeceeeseeeeeeeeeeeseeeseeeseeeneeeneeenes 23 Hard Disk Drives RAID Monitoring cccccccceeeseeeeeeeeeeeseeeseeeseeeseeeneeeneeenes 24 Installing ANd REMOVING MEMOSY cccceccceeeceeeceeeceeeeeeeseeseeeseeeseeeteeeseeeneeenes 25 Installing and Removing Cooling FaNS ccccseccceeee
19. ges only Do not touch its components peripheral chips memory modules or gold contacts e When handling processor chips or memory modules avoid touching their pins or gold edge fingers e Restore the communications appliance system board and peripherals back into the antistatic bag when they are not in use or not installed in the chassis Some circuitry on the system board can continue operating even though the power is switched off e Under no circumstances should the lithium battery cell used to power the real time clock be allowed to short The battery cell may heat up under these conditions and present a burn hazard Warning DANGER OF EXPLOSION IF BATTERY IS INCORRECTLY REPLACED REPLACE ONLY WITH SAME OR EQUIVALENT TYPE RECOMMENDED BY THE MANUFACTURER DISCARD USED BATTERIES ACCORDING TO THE MANUFACTURER S INSTRUCTIONS e Disconnect the system board power supply from its power source before you connect or disconnect cables or install or remove any system board components Failure to do this can result in personnel injury or equipment damage e Avoid short circuiting the lithium battery this can cause it to superheat and cause burns if touched e Do not operate the processor without a thermal solution Damage to the processor can occur in seconds e CLASS 1 LASER PRODUCT A TOTALLY ENCLOSED LASER SYSTEM CONTAINING A CLASS 1 LASER For California Perchlorate Material special handling may apply See http www dtsc ca gov h
20. ion of Conformity EN 55024 Information Technology Equipment Immunity Characteristics EN61000 4 2 Information Technology Equipment Electrostatic Discharge Immunity EN61000 4 3 Information Technology Equipment Radiated RF Immunity EN61000 4 4 Information Technology Equipment Fast Transient Immunity EN61000 4 5 Information Technology Equipment Surge Immunity EN61000 4 6 Information Technology Equipment Conducted RF Immunity EN61000 4 11 Information Technology Equipment Voltage Dips and Short Interruptions Immunity Safety CAN CSA C22 2 No Safety of Information Technology Equipment 60950 1 07 UL 60950 1 2007 Safety of Information Technology Equipment second edition EN 60950 Safety of Information Technology Equipment 1 2006 A11 2009 The product herewith complies with the requirements of the EU Directive 2006 95 EC and the EMC Directive 2004 108 EC Date and Place of issue July 2011 Tel Aviv Israel FCC Notice US This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this e
21. l information about Check Point products consult the Check Point Support Center http supportcenter checkpoint com Welcome to the Check Point family We look forward to meeting all of your current and future network application and management security needs Overview of Check Point 21400 VSX The Check Point 21400 VSX model is ideally suited for securing medium to large data center environments and high end enterprise networks The Check Point 21400 VSX model is purpose built Security Gateways in a compact 2U form factor The Check Point 21400 VSX model is highly modular for greater scalability and flexibility Up to 36 I O ports are available with the optional 12x1GbE copper and fiber SFP Network Interface Cards For 10GbE network connectivity an optional 4x10GbE fiber SFP module is also available This makes the Check Point 21400 VSX ideal for demanding network environments and for securing many different networks The Check Point 21400 VSX model delivers high serviceability and redundancy for components such as the hot swappable dual power supplies and the hot swappable dual hard disk drive with RAID support Accessories include NICs memory upgrades and a Light Out Management LOM card module for out of band management VSX Overview The VSX Virtual System eXtension appliance is a security and VPN solution designed to meet the demands of large scale environments Based on the proven security of Security Gateway VSX provide
22. most the same information as the raid diagnostic command but in tabular format To monitor the RAID state of the disks Using SNMP To monitor the RAID status of the disks Using SNMP set up SNMP traps to send information about the RAID Use OID 1 3 6 1 4 1 2620 1 6 7 7 To Hot Swap a disk Important Make sure that at least one fully synchronized disk is in the system 1 When the system is up remove the failed disk 2 Wait 15 seconds for the system to recognize that the disk was removed 3 Insert a new disk at this time or at a later time You can reboot the system with one disk The system automatically adds the new disk to the RAID configuration Installing and Removing Memory The Check Point 21400 VSX has 12 dual inline memory module DIMM sockets This section describes how to upgrade or replace the memory by using a Check Point approved memory upgrade kit Only use memory kits purchased from Check Point or Check Point approved resellers The DIMM sockets are in two groups of four sockets The sockets are located on the left font and right rear of the Check Point 21400 VSX system board as you look at the appliance from the front Before You Begin To upgrade or replace your appliance memory you need e Physical access to the appliance e Check Point memory upgrade kit e Access to the appliance using the CLI Customer Replaceable Parts Page 25 Installing and Removing Memory AN Caution To protect the appliance
23. o its usual position Hard Disk Drives RAID Monitoring The Check Point 21400 VSX performs RAID1 mirroring across two hard disk drives using software RAID This lets the Check Point 21400 VSX continues working in the event of a disk failure Customer Replaceable Parts Page 24 Installing and Removing Memory The mirror rebuild is automatic The two disks must be the same type First Boot Up At first boot up let the disk fully synchronize After two hours the disks are synchronized Do not reboot the system until the disks are fully synchronized If you reboot before the disks are synchronized the synchronization starts again at the next boot To monitor the RAID state of the disks from the CLI 1 Log into the appliance 2 Enter expert mode 3 Use one of these tools to monitor the RAID status of the disks e Atthe command line run raid diagnostic This shows information about the RAID and disks with the progress of the synchronization DiskID 0 isthe top disk DiskID 1 is the bottom disk Expert cpmodule raid diagnostic Raid Status VolumeID 0 RaidLevel RAID 1 NumberOfDisks 2 RaidSize 465GB State DEGRADED Flags ENABLED RESYNC _IN PROGRESS DiskID 0 DiskNumber 0 Vendor ATA ProductID lt HDD Model gt Size 465GB State ONLINE Flags NONE DiskID 1 DiskNumber 1 Vendor ATA ProductID lt HDD Model gt Size 465GB State INITIALIZING Flags OUT OF SYNC SyncState 12 e Atthe command line run cpstat os f raidiInfo This shows al
24. onfigure and install a security policy according to the VSX NGX R67 Administration Guide http supportcontent checkpoint com documentation_download ID 10165 To complete the First Time Wizard and reboot the appliance 1 You can add a license 2 Enter and confirm a SIC activation key This key establishes SIC trust between the gateway and the management server 3 If VSX clustering features are enabled you can enable ClusterXL for Active Standby Bridge Mode 4 Enter y to reboot the appliance Confirming the Build Numbers Confirm that the system has the most recent build numbers Run these CLI commands to display the build number for these products Product Command VSX Appliance Build SecurePlatform ras This ae Check Point SecurePlatiorm Pro Vox VSX NGX R67 10 Build 012 i ated ver 650000001 Dynamic Routing J _ it k VSX DE This is Check Point VPN 1 VSX NGX R67 10 build 006 kernel NGX R67 10 Build 006 j k Performance Pack E This is Check Point Performance Pack version NGX R67 10 build 003 Kernel version NGX R67 10 Build 003 Configuring Check Point 21400 VSX Page 14 Chapter 4 Check Point 21400 VSX Front and Rear Panel This chapter describes the Check Point 21400 VSX front and rear panel In This Chapter Check Point 21400 VSX Front Panel 15 Check Point 21400 VSX Rear Panel 19 Check Point 21400 VSX Front Panel Item Description 1 System LE
25. ovements stability fixes security enhancements and protection against new and evolving attacks Latest Documentation The latest version of this document is at http supportcontent checkpoint com documentation_download ID 12528 For additional technical information visit the Check Point Support Center http supportcenter checkpoint com Revision History Date Description 24 November 2011 Added Confirming the Build Numbers on page 14 9 October 2011 First release of this document Feedback Check Point is engaged in a continuous effort to improve its documentation Please help us by sending your comments mailto cp_techpub_feedback checkpoint com subject Feedback on Check Point 21400 VSX R67 10 Getting Started Guide Welcome Health and Safety Information QE Note The Check Point Check Point 21400 VSX correlate with the following model numbers for certification purposes G50 Read the following warnings before setting up or using the appliance Warning Do not block air vents A minimum 1 2 inch clearance is required To prevent damage to any system board it is important to handle it with care The following measures are generally sufficient to protect your equipment from static electricity discharge e When handling the board to use a grounded wrist strap designed for static discharge elimination e Touch a grounded metal object before removing the board from the antistatic bag e Handle the board by its ed
26. oving a LOM Card d Loosen the two retaining screws for the lower tray Check Point 21400 VSX Rear Panel on page 19 e Pull hard on the extraction handles and fully remove the tray from the appliance Find the small coin battery It is in a black battery slot on the left wall of the system board tray looking from the rear Remove the battery a Move aside the battery retaining clip b Use a small nonconducting device such as a plastic probe to move the battery out of the battery holder Caution You must place the new battery into the battery holder observing the correct polarity The positive terminal of the battery must be facing the wall of the chassis case With the positive side facing the wall of the chassis slide the new battery into the battery holder Make sure that the battery is securely installed Insert the lower tray and turn on the appliance a Move the system board tray into the appliance until it clicks into position b Refasten the two retaining screws for the lower tray c Connect the power cords to the appliance d Press the power switch at the rear of the appliance to turn on the power to the appliance Reset the appliance date and time information using the CLI It is necessary to do this because the battery keeps the date and time when you shut down the appliance Installing and Removing a LOM Card The Check Point 21400 VSX Lights Out Management card provides out of band remote acce
27. quipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense Caution Any changes or modifications not expressly approved by the grantee of this device could void the user s authority to operate the equipment Compliance Information Page 35
28. rdware in any way except as noted below or as directed by Check Point technical support In This Chapter Installing and Removing Line Cards 20 Installing and Removing Transceivers 21 Installing and Removing Power Supplies 22 Installing and Removing Hard Disks 23 Installing and Removing Memory 25 Installing and Removing Cooling Fans 28 Installing and Removing the System Board Battery 29 Installing and Removing a LOM Card 30 Installing and Removing Line Cards This section presents the procedures for removing and installing Line Cards There are three Line Card slots in the front of the appliance Important Make sure that you are electromagnetically grounded when performing these procedures Static electricity can damage the appliance To remove a Line Card 1 Turn off the appliance 2 Loosen the thumb screws on the two sides the Line Card 3 Squeeze the spring loaded section of the ejector handle in the direction of the outer edge of the Line Card and turn the ejector out Do this at the same time on the right and the left ejectors 4 Holding the ejector pull the Line Card out of the slot Page 20 Installing and Removing Transceivers To install a Line Card 1 Turn off the appliance 2 Insert the Line Card with the ejectors rotated out a small distance Make sure that the alignment pins behind the thumb screws engage the top hole 3 Push the card in until the Line Card is fully inserted When the card is f
29. s comprehensive protection for multiple networks or VLANs within complex infrastructures It securely connects them to shared resources such as the Internet and DMZs and allows them to safely interact with each other VSX is supported by IPS which provide up to date preemptive security Page 7 Important Solutions VSX incorporates the same patented Stateful Inspection and Application Intelligence technologies used in the Check Point Security Gateway product line It runs on high speed platforms known as VSX Gateways to deliver superior performance in high bandwidth environments Administrators manage VSX via a Security Management server or a Multi Domain Security Management delivering a unified management architecture that supports enterprises and service providers A VSX gateway contains a complete set of virtual devices that function as physical network components such as Security Gateways routers switches interfaces and even network cables Centrally managed and incorporating key network resources internally VSX allows businesses to deploy comprehensive firewall and VPN functionality while reducing hardware investment and improving efficiency Key Features Combines Virtual Firewall VPN and IPS Consolidates Security Gateways Onto a Single Hardware Platform Includes Virtualized Networking Components Virtual routers Virtual switches amp Virtual cabling Wire Speed Security for Gigabit Networks High Availability with Line
30. ss to the appliance even when it is turned off The Lights Out Management card is an optional accessory To insert or remove a LOM card 1 Power down the appliance and remove the lower tray a Use the CLI to shut down the appliance b Press the power switch at the rear of the appliance to turn off power to the appliance c Remove the power cords from the appliance d Loosen the two retaining screws for the lower tray Check Point 21400 VSX Rear Panel on page 19 e Pull hard on the extraction handles and fully remove the tray from the appliance Find the LOM card slot or the LOM card if already installed It is near the middle of the left side of the system board tray looking from the rear To insert the LOM card a Hold the LOM card at a small angle to align with connector b Insert the LOM card into the connector c Press down on the LOM card until it lies flat d Lock the card into the socket To remove the LOM card a Pull the socket locking levers OUT away from the card edge b Lift the back of the card up and away from system board Insert the lower tray and turn on the appliance Customer Replaceable Parts Page 30 Installing and Removing a LOM Card Move the system board tray into the appliance until it clicks into position Refasten the two retaining screws for the lower tray Connect the power cords to the appliance Press the power switch at the rear of the appliance to turn on the
31. the rack see the 27000 Appliances Rack Mounting Guide http supportcenter checkpoint com file_download id 12318 Page 10 Chapter 3 Configuring Check Point 21400 VSX The workflow for configuring Check Point 21400 VSX is 1 Mount the Check Point 21400 VSX in the rack 2 Connect the cables and power on 3 Use the First Time Wizard to configure the appliance 4 Configure VSX in SmartDashboard and install a policy Note Check Point 21400 VSX must be managed by a Security Management Server or Multi Domain Security Management as described in the VSX NGX R67 Administration Guide http supportcontent checkpoint com documentation_download ID 10165 Security Management Server is not installed locally on Check Point 21400 VSX In This Chapter Powering On 14 Initial Configuration 12 Confirming the Build Numbers 14 Powering On To power on Check Point 21400 VSX 1 Connect the power cable 2 On the rear panel turn on the Power button to start the appliance Note When a power supply fails or is not connected to the outlet an alarm sounds continuously If you hear the alarm replace the faulty power supply immediately and connect the new unit to an A C outlet 3 After the appliance initializes and boots The status of the appliance is displayed on the LCD screen The appliance is ready for use when the model number is displayed a N C PWR Fak Check Point O STATUS eames 21400 VSX HDD
32. ully inserted the ejector rotates in AN N AN VARA N 4 j 5 fi if ji lt A ONS N SONVAVAVAV Ne IX A fo 4 Tighten the thumb screws on the two sides of the Line Card Installing and Removing Transceivers Line Cards with fiber optic ports require transceivers The transceivers are hot swappable Item Line Card Description Supported Transceivers Latch Lever Color 1 10GbE SFP 10 Gb Ethernet PCl e line Fiber optic short range Beige Line Card 4 Port card for SFP transceivers Fiber optic long range Blue 2 1GbE SFP Line 12 port 1Gb Ethernet Fiber optic short range Black Card 12 Port PCl e line card for SFP transceivers Fiber optic long range Blue Copper Yellow 3 1GbE Copper 12 port 1000BaseT PCl e None None Line Card 12 line card port eS Note Check Point supports only transceivers sold by Check Point Laser Safety Warnings Caution When laser products such as fiber optic devices or transmitters are installed note the following e Do not remove the covers Removing the covers of the laser product could result in exposure to hazardous laser radiation There are no serviceable parts inside the device Customer Replaceable Parts Page 21 Installing and Removing Power Supplies CLASS 1 LASER PRODUCT A TOTALLY ENCLOSED LASER SYSTEM CONTAINING A CLASS 1 LASER Note Laser radiation when open Do not stare into the beam do not vie
33. unit because of the tight fit 5 If the appliance is running immediately install a replacement fan Push the fan into the chassis until it locks into position 6 Replace the fan grille 7 Tighten the retaining thumb screw of the fan grille Installing and Removing the System Board Battery This section describes how to change the CMOS battery on the system board of the Check Point 21400 VSX AN Warning Risk of explosion if battery is replaced by an incorrect type Replace the battery only with the same or equivalent type that the manufacturer recommends Dispose of used batteries according to the manufacturer s instructions Warning Make certain that you removed the power cord from the appliance gt before you proceed with any of the following steps AN Caution Make certain that you are properly grounded when you handle components internal to the appliance to protect against electrostatic discharge damage to the appliance Before You Start To replace a Check Point 21400 VSX battery you need e Physical access to the appliance e A replacement battery e Access to the appliance by using the CLI To replace the battery 1 Power down the appliance and remove the lower tray a Use the CLI to shut down the appliance b Press the power switch at the rear of the appliance to turn off power to the appliance c Remove the power cords from the appliance Customer Replaceable Parts Page 29 Installing and Rem
34. ustomer Replaceable Parts Page 27 Installing and Removing Cooling Fans Installing and Removing Cooling Fans The 5 CPU fan units are hot swappable You can remove and install a fan unit at the rear of the appliance without shutting down the appliance Before You Start To replace a fan unit you need e Physical access to the appliance e Replacement fan unit e Flat headed screwdriver Caution Components inside the appliance can overheat if they are not i cooled even for a short period of time If you replace a failed fan unit and do not completely remove power to the appliance do not let the appliance run without a fan unit for longer than necessary To replace a fan unit 1 Find the fan grille at the rear of the appliance and the retaining screw that secures it Check Point 21400 VSX Rear Panel on page 19 The fans are numbered as in the diagram fant6 ronze Fanas Fanas Fanss rania ranza Fansa Fenaa Fonsa a i CPU 0 2 Use the screwdriver to loosen the retaining thumb screw by turning it counterclockwise 3 Remove the fan grille Emply 000 00TTTn 2GByte 2GByte 2GByte a Use your fingernail to move the grille to the right b Pull out the grille Customer Replaceable Parts Page 28 Installing and Removing the System Board Battery 4 Pull the fan out to remove it If necessary use leverage For example use the flat head of a screwdriver to slowly remove the fan
35. w directly with optical instruments and avoid direct exposure to the beam To install a transceiver 1 Push the transceiver into an available port in the Line Card 2 Turn the transceiver latch lever down to secure the transceiver in the Line Card 3 Insert a correct interface cable into the transceiver To remove a transceiver 1 Remove the cable 2 Release the transceiver by rotating the latch lever AA DACA e NN DABAD A Wy WAR X ALAS SA x N J A T AA wwe 3 Pull out the transceiver Installing and Removing Power Supplies This section shows how to remove and install a power supply The appliance contains two redundant hot swappable power supplies The two active power supplies do load sharing Load sharing increases the life of the power supplies Additionally if one fails the system continues to operate Customer Replaceable Parts Page 22 Installing and Removing Hard Disks The power supply LEDs at the rear of the appliance show the status of the power supplies To remove a power supply unit 1 Loosen the retaining screw located at the top left of the power supply 2 Unlock the power cord clip 3 Pull the extraction handle to remove the power supply unit Q5 Note Use only the extraction handle to remove the power supply unit To prevent damaging the power supply do not pull on the retaining screw power cord clip or any other p
36. window opens Enter 1 The Set Default Gateway window opens Enter the parameters for the default gateway of the network 10 Enter e twice to return to the Network Configuration menu 11 Enter n The Time and Date Configuration window opens Setting Network and Time Date Properties To set the system time and date 1 2 ee In the Time and Date Configuration window set the time zone date and local time Enter n to continue Enter n again and continue with the Check Point Configuration Program Read the license agreement Enter y The Cluster Options window opens Selecting Cluster Options You can configure the VSX appliance to work with clusters of virtual systems To configure VSX clustering features 1 Configure VSX clustering features e Enter y to enable and configure VSX clustering e Enter nto skip VSX clustering configuration Skip step 2 Configuring Check Point 21400 VSX Page 13 Confirming the Build Numbers 2 Configure the Per Virtual System State This feature is required for the Virtual System Load Sharing VSLS e Enter y when prompted to enable this feature e f you do not intend to use these features enter n Note You can use the cpconfig CLI command to change the VSX clustering settings Completing the Configuration Complete the last steps of the First Time Wizard The appliance reboots and is configured according to your settings To use the VSX appliance you must c
Download Pdf Manuals
Related Search