Document ID | CPENG01 |
Product | Security Management Server |
Version | R80.10, R80.20, R80.30, R80.40 |
OS | Gaia |
Platform / Model | All |
IP Address Details
Gateway 1 (Active) IP : Internal (eth0) –> 192.168.1.2/24
Management Server IP : 192.168.1.10/24
VMNet Details
VMnet1 : Host-Only : Internal : 192.168.1.0/24
As per the above diagram we are going to setup a Management Server with R80.20 ISO.
STEP 01: Download the R80.20 ISO file by refer the sk122485.
STEP 02: Click on Clean Install option to download the ISO images.
NOTE: CPUSE Upgrade and Clean Install are two different packages and have different approach. Like If you create a new setup then we can use clean install method but “CPUSE Upgrade package” is use when you are going to upgrade GAIA OS version like from R80.20 to R80.30 but for version upgrade we can also use clean install methods which is always recommended for Security Management Server OS version upgrade.
STEP 03: File Name: Check_Point_R80.20_T101_Security_Management.iso
STEP 04: Verify the MD5 value.
I am using MD5Checker tool to verify , also you can refer other tools to verify the MD5 value.
STEP 05: Open the MD5 Checker and add the R80.20 ISO image by clicking the “Add” icon.
STEP 06: Md5 value is showing “same” means “OK“
STEP 07: Check the Network configuration to assign network address to VMnet (Virtual Network) , so to verify the network configuration go to VMWARE —> Edit —> Virtual Network Editor
As per the below diagram I am using Network 192.168.1.0 so it required one VMnet to setup the MGMT server so I change the 10.10.10.0 network to 192.168.1.0/24 because I will configure Management Serer IP as 192.168.1.10 and Default Gateway is 192.168.1.2.
Click on “Change Setting”.
STEP 08: As below image I changed to 192.168.1.0 Network so network address : 192.168.1.0 and Subnet Mask:255.255.255.0.
NOTE: Uncheck the “Use local DHCP service to distribute IP address to VMs” because we are assign static IP address.
STEP 09: Verify that what is the IP address of that HOST machine (The Machine where we install/run the VMWARE). So basically by default if I configure the VMnet as 192.168.1.0 then Host machine will getting First host address as 192.168.1.1 but we can use any IP address from on that network segment but on our LAB we are not going to change , take as is it.
NOTE: As my personal experience some time people are using first host address such as 192.168.1.1 (example IP address ) as Gateway address or Management address so on that scenario we not able to run the GAIA First Time Wizard configuration because HOST machine by default taken the first host address.
Simply verify that , what is my machine IP address where my VMWARE setup is running.
STEP 10: Create new Virtual Machine so click on “Create a New Virtual Machine”.
STEP 11: Select the ISO Image file, click on “Browse”.
STEP 12: Select the R80.20 ISO image file.
STEP 13: Select the Guest Operating System : Other and select the Version : Other 64-bit because I am using 64-bit OS (GAIA OS 64bit)
STEP 14: Select the location where the VM configuration file is store so on my case I am selecting “D drive”.
NOTE : It is not necessary that you select the “C Drive” only , You can use other drive as well but space should be there.
STEP 15: We are going to use Maximum disk size(GB):100 and select the “Store virtual disk as a single file”
NOTE : As per my personal experience I always recommended to use minimum 60 GB disk size.
STEP 16: Select “Customize Hardware” for configure some parameter.
STEP 17: Select the memory (RAM) : 4 GB but as per the below image we can see the minimum memory require is 6 GB for Security Gateway but because this is a LAB setup so I use 4GB.
STEP 18: Select the total processor core as “2”
NOTE : As in Production setup , need to check with your checkpoint local SE for sizing.
STEP 19: Select the Network Adapter:VMnet1 because we are using VMnet:192.168.1.0
STEP 20: Click “Finish”.
STEP 21: Power on the virtual machine.
STEP 22: Select “Install Gaia on the this System”.
STEP 23: Click “OK”.
STEP 24: Click “US” because I am not using any other language keyboard.
STEP 25: I modify the default configuration as
System-swap (GB) : 7 %
System-root (GB) : 22 %
Logs (GB): 20% and Backup and upgrade (GB) : 50 % NOTE : It depends on the disk size.
STEP 26: Choose a password for Admin . So by Default username is Admin.
NOTE: Make sure that NumLk is on.
STEP 27: Assign IP address and as well as Default Gateway
NOTE : Default gateway address can configure later as well
STEP 28: Click “OK”
STEP 29: Reboot the Management Server
STEP 30: Select Login : admin and password:”****”
STEP 31: Run the First Time Configuration Wizard.
STEP 32: Check the interface configuration , like verify the IP address that we assign to the Management Server is properly or not.
STEP 33: Before we run the Gaia First Time configuration Wizard , first ping to the Management Server IP (MGMT IP:192.168.1.10) and verify.
STEP 34: Open the Browser like chrome , Mozilla, Internet Explorer, Opera or other supported browser and browse https://192.168.1.10.
NOTE: Not “http://” it should be “https://”
STEP 35: Login with Username : admin and Password : ***** and click “Login”.
STEP 36: Click “Next”.
STEP 37: Select “Continue with R80.20 configuration” and click “Next”.
STEP 38: On below The IP address that we see that I already configured (Check STEP:32) but still if you want to change the IP address and the Default Gateway then we can do it . eth0 is the only interface for Management Server because we have only one VMnet ( VMnet1 : 192.168.1.0) .
NOTE: Default gateway can be configure later.
STEP 39: Give a Host Name as per your wish , on my case I named as “SMS” and also assign the Primary and Secondary DNS then click “Next”.
NOTE: Apart from “Host Name” all the rest of configuration we can give later as well.
STEP 40: Select “Set time manually” and choose the Time Zone and after selecting this verify the other parameter such as Date and Time.
STEP 41: Select “Security Management”.
STEP 42: Select “Define Security Management Server as Primary” because in this case I am using only one Management server not Management HA , so If you are using two Management server (Management HA) for redundancy then on that case we can select Primary/Secondary.
Select the “Automatically download Blade Contracts and other important data (Highly recommended)” and click “Next”.
NOTE: In R80.20/R80.30 we have a dedicated ISO for Security Management Server so that the reason on “Products” section “Security Management” is already marked.
STEP 43: Select the Administrator Name and Password for GUI Access (Smart Console).
NOTE : As my personal experience with checkpoint I saw that some people are think that this is for changing the Administrator name “admin” to any other name for management server but its not possible by changing the name in this section , this credentials is to accessing for SmartConsole only.
STEP 44: Select “Any IP address” like any IP address on network 192.168.1.0/24 (VMnet:192.168.1.0 so from 192.168.1.2 to 192.168.1.254) can access the GUI Client (SmartConsole) but we also able to change this by selecting below option.
The Machine: Any particular machine by define the IP address (Example : 192.168.1.5,192.168.1.6)
Network: Define any Network address with subnet (Example : 192.168.1.0 and subnet mask :255.255.255.0)
Range of IPv4 addresses : Define range of IP addresses (Example : 192.168.1.20 to 192.168.20.25)
STEP 45: Select “Finish” to complete the First Time Configuration wizard.
STEP 46: Click “Yes” wait for some time until it not finished.
NOTE: After complete the process automatically reboot happen and after that you able to see the popup as “Configuration completed successfully”.
STEP 47: Now we able to see “Configuration completed successfully”. Click “Ok” to open the GAIA WebUI or we can say Gaia Portal.
STEP 48: This the GAIA WebUI Page.
STEP 49: Open CLI to access of Management Server via putty to verify the Interface and route that we define on CLI so same we able to see in this WebUI or not.
STEP 50: Click “Yes”
STEP 51: Run the command in Clish (Default shall) as “lock database override” because we open the GAIA WebUI so in order to check or change something need to run the command : “lock database override” and when again you want to access from GAIA WebUI the need to click the “Lock icon” on top to unlock and change some configuration.
STEP 52: Check the System Information via CLI by using “cpview” command and go the “SysInfo” section. Now we can see this is a Management Server with 64Bit.
STEP 53: Check the IP address on WebUI and also using CLI.
STEP 54: Also check the running services is Established or not.
command :[Clish or Expert]#cpwd_admin list
NOTE: Make sure that all service stat should be “E”.
STEP 55: For advance access need to set a expert password.
command : clish> set expert-password
STEP 56: For accessing SmartConsole R80.20 need to verify the CPM server started or not.
Command :[Expert]#$CPMDIR/scripts/check_cpm_status.sh Command :[Expert]#api status (wait still CPM showing Started)
STEP 57: Open the SmartConsole R80.20 (Refer sk122485 to download the SmartConsole R80.20).
STEP 58: Put the credentials with IP address and click “Login”.
STEP 59: Click “Proceed”.
Now its look like this :
STEP 60: Enable the Log Indexing. Location —> GATEWAYS and SERVERS —> SMS (Management Server Object) —> General Properties —> Logs —> Check Enable Log Indexing
STEP 61: Install the Database.
STEP 62: Click “Publish and Install”.
Database is installed successfully.
DONE