Check Point 61000 Getting Started Manual

Catégorie
La mise en réseau
Taper
Getting Started Manual
30 April 2018
Getting Started Guide
CHECK POINT 61000
SECURITY SYSTEM
R75.40VS FOR 61000
Protected
© 2018 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and
distributed under licensing restricting their use, copying, distribution, and decompilation. No part
of this product or related documentation may be reproduced in any form or by any means without
prior written authorization of Check Point. While every precaution has been taken in the
preparation of this book, Check Point assumes no responsibility for errors or omissions. This
publication and features described herein are subject to change without notice.
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in
subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS
252.227-7013 and FAR 52.227-19.
TRADEMARKS:
Refer to the Copyright page http://www.checkpoint.com/copyright.html for a list of our
trademarks.
Refer to the Third Party copyright notices http://www.checkpoint.com/3rd_party_copyright.html
for a list of relevant copyrights and third-party licenses.
Important Information
Latest Software
We recommend that you install the most recent software release to stay up-to-date with the latest
functional improvements, stability fixes, security enhancements and protection against new and
evolving attacks.
Latest Documentation
The latest version of this document is at:
http://supportcontent.checkpoint.com/documentation_download?ID=20444
To learn more, visit the Check Point Support Center http://supportcenter.checkpoint.com.
For more about this release, see the R75.40VS for 61000 home page
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetail
s=&solutionid=sk89900.
Revision History
Date
Description
30 April 2018 Updated: Installing the SGM with Snapshot Import (on page 55).
05 November 2017 Updated: General updates.
23 January 2014 Added: Health and Safety Information in French ("Informations
relatives à la santé et à la sécurité" on page 9).
Improved: Formatting and document layout.
Added: SGM260 LEDs support information.
16 September 2013 Added: After configuring a Security Gateway, verify the configuration
by running asg diag ("Confirming the Security Gateway Software
Configuration" on page 63).
9 July 2013
Corrected: Syntax of asg monitor command ("Monitoring Chassis
and Component Status (asg monitor)" on page 73).
Corrected: Examples of asg search command ("Searching for a
Connection (asg search)" on page 83).
21 March 2013 Added: Before creating the VSX Gateway, if the management
interface is not eth1-Mgmt4, see sk92556 ("Configuring a VSX
Gateway" on page 64).
10 February 2013 First release of this document.
Feedback
Check Point is engaged in a continuous effort to improve its documentation.
Please help us by sending your comments
mailto:cp_techpub_feedback@checkpoint.com?subject=Feedback on R75.40VS Check Point 61000
Security System Getting Started Guide.
Contents
Important Information ................................................................................................... 3
Health and Safety Information ...................................................................................... 7
Informations relatives à la santé et à la sécuri .......................................................... 9
Introduction ................................................................................................................. 12
Overview of Check Point 61000 Security Systems ................................................... 12
Check Point Virtual Systems ................................................................................... 13
In this Document ..................................................................................................... 14
Shipping Carton Contents ....................................................................................... 14
Hardware Components ............................................................................................... 16
61000 Security System Front Panel Modules .......................................................... 16
Security Switch Module ........................................................................................... 18
SSM160 Security Switch Module .................................................................................... 19
SSM60 Security Switch Module ...................................................................................... 21
Security Switch Module LEDs ........................................................................................ 22
Security Gateway Module (SGM) ............................................................................. 23
SGM260 LEDs ................................................................................................................ 23
SGM220 LEDs ................................................................................................................ 26
AC Power Supply Units (PSUs) ................................................................................ 27
AC Power Cords ...................................................................................................... 29
DC Power Entry Modules (PEMs) ............................................................................ 31
PEM Panel and LED Indicators ...................................................................................... 31
Fan Trays ................................................................................................................ 33
Chassis Management Modules................................................................................ 34
Blank Filler Panels for Airflow Management .......................................................... 36
Front Blank Panels with Air Baffles............................................................................... 36
Step 1: Site Preparation .............................................................................................. 37
Rack Mounting Requirements ................................................................................. 37
Required Tools ........................................................................................................ 37
Step 2: Installing the Chassis in a Rack ....................................................................... 38
Step 3: Installing Hardware Components and Connecting Power Cables ................... 39
Inserting AC Power Supply Units ............................................................................ 40
Inserting Fan Trays ................................................................................................. 41
Inserting Chassis Management Modules ................................................................ 42
Inserting Security Switch Modules .......................................................................... 43
Inserting Security Gateway Modules ....................................................................... 44
Inserting Transceivers ............................................................................................ 45
Inserting Twisted Pair Transceivers .............................................................................. 46
Inserting Fiber Optic Transceivers ................................................................................ 47
Inserting QSFP Splitters ................................................................................................ 47
Inserting Front Blank Panels .................................................................................. 48
Connecting DC Power .............................................................................................. 48
Connecting a Second Chassis .................................................................................. 50
Step 4: Turning on the System .................................................................................... 51
Step 5: Dual Chassis System Validation ...................................................................... 52
Step 6: Installing the Software .................................................................................... 53
Before Installing SSM160 Firmware and Software ................................................. 53
Installing the SGM Image ........................................................................................ 55
Installing the SGM with Snapshot Import ...................................................................... 55
Installing the SGM Image from Removable Media ......................................................... 55
Step 7: Connecting to the Network .............................................................................. 58
Step 8: Initial Software Configuration ......................................................................... 59
Connecting a Console .............................................................................................. 59
Running the Initial Setup ......................................................................................... 60
Step 9: SmartDashboard Configuration ...................................................................... 62
Defining a Security Gateway .................................................................................... 62
Confirming the Security Gateway Software Configuration ............................................. 63
Configuring a VSX Gateway ..................................................................................... 64
Wizard Step 1: Defining VSX Gateway General Properties ............................................. 65
Wizard Step 2: Selecting Virtual Systems Creation Templates ...................................... 65
Wizard Step 3: Establishing SIC Trust............................................................................ 65
Wizard Step 4: Defining Physical Interfaces .................................................................. 65
Virtual Network Device Configuration ........................................................................... 66
Wizard Step 6: VSX Gateway Management ..................................................................... 67
Completing the VSX Wizard ........................................................................................... 67
Confirming the VSX Gateway Software Configuration .................................................... 67
Basic Configuration Using gclish ................................................................................ 69
Licensing and Registration .......................................................................................... 71
Monitoring and Configuration ..................................................................................... 72
Showing Chassis and Component States (asg stat)................................................. 72
Monitoring Chassis and Component Status (asg monitor) ...................................... 73
Monitoring Performance Indicators and Statistics (asg perf) ................................. 75
Monitoring Hardware Components (asg hw_monitor) ............................................ 77
Monitoring SGM Resources (asg resource) ............................................................. 81
Searching for a Connection (asg search) ................................................................ 83
Configuring Alerts for SGM and Chassis Events (asg alert) .................................... 85
Monitoring the System with SNMP .......................................................................... 88
SNMP in a VSX Gateway ................................................................................................. 89
Troubleshooting .......................................................................................................... 90
Collecting System Diagnostics (asg diag)................................................................ 90
Error Types.................................................................................................................... 95
Changing Compliance Thresholds ................................................................................. 95
Health and Safety Information
Check Point 61000 Security System Getting Started Guide R75.40VS for 61000 | 7
Health and Safety Information
Read these warnings before setting up or using the appliance.
Warning -
Do not block air vents. This is to ensure sufficient airflow for the individual SGMs
in the Chassis.
This appliance does not contain any user-serviceable parts. Do not remove any
covers or attempt to gain access to the inside of the product. Opening the device
or modifying it in any way has the risk of personal injury and will void your
Handle SGM system parts carefully to prevent damage. These measures are sufficient to protect
your equipment from static electricity discharge:
When handling components (Fans, CMMS, SGMS, PSUs, SSMs) use a grounded wrist-strap
designed for static discharge elimination.
Touch a grounded metal object before removing the board from the anti-static bag.
Hold the board by its edges only. Do not touch its components, peripheral chips, memory
modules or gold contacts.
When holding memory modules, do not touch their pins or gold edge fingers.
Restore SGMs to the anti-static bag when they are not in use or not installed in the Chassis.
Some circuitry on the SGM can continue operating after the power is switched off.
Do not let the lithium battery cell (used to power the real-time clock on the CMM) short. The
battery can heat up and become a burn hazard.
Warning -
DANGER OF EXPLOSION IF BATTERY IS INCORRECTLY REPLACED. REPLACE
ONLY WITH SAME OR EQUIVALENT TYPE RECOMMENDED BY CHECK POINT
SUPPORT.
DISCARD USED BATTERIES ACCORDING TO INSTRUCTIONS FROM CHECK
POINT.
Do not operate the processor without a thermal solution. Damage to the processor can occur
in seconds.
Before you install or remove a chassis, or work near power supplies, turn off the power and
unplug the power cord.
For California:
Perchlorate Material - special handling can apply. See
http://www.dtsc.ca.gov/hazardouswaste/perchlorate
The foregoing notice is provided in accordance with California Code of Regulations Title 22,
Division 4.5, Chapter 33. Best Management Practices for Perchlorate Materials. This product, part,
or both may include a lithium manganese dioxide battery, which contains a perchlorate substance.
Proposition 65 Chemical
Health and Safety Information
Check Point 61000 Security System Getting Started Guide R75.40VS for 61000 | 8
Chemicals identified by the State of California, pursuant to the requirements of the California Safe
Drinking Water and Toxic Enforcement Act of 1986, California Health & Safety Code s. 25249.5, et
seq. ("Proposition 65"), that is "known to the State to cause cancer or reproductive toxicity" (see
http://www.calepa.ca.gov)
WARNING:
Handling the cord on this product will expose you to lead, a chemical known to the State of
California to cause cancer, and birth defects or other reproductive harm. Wash hands after
handling.
Federal Communications Commission (FCC) Statement:
Note: This equipment has been tested and found to comply with the limits for a Class A digital
device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference when the equipment is operated in a commercial
environment. This equipment generates, uses, and can radiate radio frequency energy and, if not
installed and used in accordance with the instruction manual, may cause harmful interference to
radio communications. Operation of this equipment in a residential area is likely to cause harmful
interference in which case the user will be required to correct the interference at his own
expense.
Information to user:
The user's manual or instruction manual for an intentional or unintentional radiator shall caution
the user that changes or modifications not expressly approved by the party responsible for
compliance could void the user's authority to operate the equipment. In cases where the manual is
provided only in a form other than paper, such as on a computer disk or over the Internet, the
information required by this section may be included in the manual in that alternative form,
provided the user can reasonably be expected to have the capability to access information in that
form.
Canadian Department Compliance Statement:
This Class A digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la
classe A est conforme à la norme NMB-003 du Canada.
Japan Class A Compliance Statement:
European Union (EU) Electromagnetic Compatibility Directive
This product is herewith confirmed to comply with the requirements set out in the Council
Directive on the Approximation of the Laws of the Member States relating to Electromagnetic
Compatibility Directive (2004/108/EC).
This product is in conformity with Low Voltage Directive 2006/95/EC, and complies with the
requirements in the Council Directive 2006/95/EC relating to electrical equipment designed for
use within certain voltage limits and the Amendment Directive 93/68/EEC.
Informations relatives à la santé et à la sécuri
Check Point 61000 Security System Getting Started Guide R75.40VS for 61000 | 9
Product Disposal
This symbol on the product or on its packaging indicates that this product must not be disposed of
with your other household waste. Instead, it is your responsibility to dispose of your waste
equipment by handing it over to a designated collection point for the recycling of waste electrical
and electronic equipment. The separate collection and recycling of your waste equipment at the
time of disposal will help to conserve natural resources and ensure that it is recycled in a manner
that protects human health and the environment. For more information about where you can drop
off your waste equipment for recycling, please contact your local city office or your household
waste disposal service.
Informations relatives à la santé et à la
sécurité
Avant de mettre en place ou d'utiliser l'appareil, veuillez lire ces avertissements.
Avertissement :
Ne pas obturer les aérations. Les SGM dans le châssis doivent disposer d'une
aération suffisante.
Cet appareil ne contient aucune pièce remplaçable par l'utilisateur. Ne pas
retirer de capot ni tenter d'atteindre l'intérieur. L'ouverture ou la modification de
l'appareil peut traîner un risque de blessure et invalidera la garantie. Les
Manipulez avec précautions les pièces du SGM pour ne pas les endommager. Les mesures
suivantes sont suffisantes pour protéger votre équipement contre les décharges d'électricité
statique :
Avant de manipuler un composant (ventilateur, CMM, SGM, PSU, SSM), portez au poignet un
bracelet antistatique rel à la terre.
Touchez un objet métallique relié à la terre avant de retirer la carte de son sachet antistatique.
Ne tenez la carte que par ses bords. Ne touchez aucun composant, puce périphérique, module
mémoire ou contact plaqué or.
Lorsque vous manipulez des modules mémoire, ne touchez pas leurs broches ou les pistes de
contact dorées.
Informations relatives à la santé et à la sécuri
Check Point 61000 Security System Getting Started Guide R75.40VS for 61000 | 10
Remettez dans leur sachet antistatique les SGM lorsqu'ils ne sont pas utilisés ou installés
dans le châssis. Certains circuits du SGM peuvent continuer de fonctionner même si l'appareil
est éteint.
Il ne faut jamais court-circuiter la pile au lithium (qui alimente l'horloge temps-réel du CMM).
Elle pourrait chauffer et déclencher un incendie.
Avertissement :
DANGER D'EXPLOSION SI LA PILE N'EST PAS CORRECTEMENT REMPLACÉE. NE
REMPLACER QU'AVEC UN TYPE IDENTIQUE OU ÉQUIVALENT, RECOMMANDÉ
PAR L'ASSISTANCE CHECKPOINT.
LES PILES DOIVENT ÊTRE MISES AU REBUT CONFORMÉMENT AUX
INSTRUCTIONS DE CHECKPOINT.
Ne pas faire fonctionner le processeur sans refroidissement. Le processeur peut être
endommagé en quelques secondes.
Avant de manipuler une appliance ou ses blocs d’alimentations, l’éteindre et débrancher son
câble électrique.
Pour la Californie :
Matériau perchloraté : manipulation spéciale potentiellement requise. Voir
http://www.dtsc.ca.gov/hazardouswaste/perchlorate
L'avis suivant est fourni conformément au California Code of Regulations, titre 22, division 4.5,
chapitre 33. Meilleures pratiques de manipulation des matériaux perchloratés. Ce produit, cette
pièce ou les deux peuvent contenir une pile au dioxyde de lithium manganèse, qui contient une
substance perchloratée.
Produits chimiques « Proposition 65 »
Les produits chimiques identifiés par l'état de Californie, conformément aux exigences du
California Safe Drinking Water and Toxic Enforcement Act of 1986 du California Health & Safety
Code s. 25249.5, et seq. (« Proposition 65 »), qui sont « connus par l'état pour causer le cancer ou
être toxiques pour la reproduction » (voir http://www.calepa.ca.gov)
AVERTISSEMENT :
La manipulation de ce cordon vous expose au contact du plomb, un élément reconnue par l'état de
Californie pour causer de cancer, des malformations à la naissance et autres dommages relatifs à
la reproduction. Se laver les mains après toute manipulation.
Déclaration à la Federal Communications Commission (FCC) :
Remarque : Cet équipement a été testé et déclaré conforme aux limites pour appareils
numériques de classe A, selon la section 15 des règlements de la FCC. Ces limitations sont
conçues pour fournir une protection raisonnable contre les interférences nocives
dans un environnement commercial. Cet appareil génère, et peut diffuser des fréquences radio et,
dans le cas d’une installation et d’une utilisation non conformes aux instructions, il peut
provoquer des interférences nuisibles aux communications radio. Le fonctionnement de cet
équipement dans une zone résidentielle engendrera vraisemblablement des perturbations
préjudiciables, auquel cas l’utilisateur sera tenu d’éliminer ces perturbations à sa charge.
Information à l'intention de l'utilisateur :
Le manuel utilisateur ou le manuel d'instruction d'un dispositif rayonnant (intentionnel ou non)
doit avertir que toute modification non approuvée expressément par la partie responsable de la
Informations relatives à la santé et à la sécuri
Check Point 61000 Security System Getting Started Guide R75.40VS for 61000 | 11
conformité peut annuler le droit de faire fonctionner l'équipement. Si le manuel n'est pas fourni
sous forme imprimée (par exemple sur le disque d'un ordinateur ou via Internet), les informations
requises par cette section doivent être incluses dans ces versions du manuel, sous réserve que
l'utilisateur soit raisonnablement capable d'y accéder.
Déclaration de conformité du département canadien :
This Class A digital apparatus complies with Canadian ICES-003. appareil numérique de la classe
A est conforme à la norme NMB-003 du Canada.
Déclaration de conformité de classe A pour le Japon :
Directive de l'Union européenne relative à la compatibilité électromagnétique
Ce produit est certifié conforme aux exigences de la directive du Conseil concernant concernant le
rapprochement des législations des États membres relatives à la directive sur la compatibilité
électromagnétique (2004/108/CE).
Ce produit est conforme à la directive basse tension 2006/95/CE et satisfait aux exigences de la
directive 2006/95/CE du Conseil relative aux équipements électriques conçus pour être utilisés
dans une certaine plage de ensions, selon les modifications de la directive 93/68/CEE.
Mise au rebut du produit
Ce symbole apposé sur le produit ou son emballage signifie que le produit ne doit pas être mis au
rebut avec les autres déchets ménagers. Il est de votre responsabilité de le porter à un centre de
collecte désigné pour le recyclage des équipements électriques et électroniques. Le fait de
séparer vos équipements lors de la mise au rebut, et de les recycler, contribue à préserver les
ressources naturelles et s'assure qu'ils sont recyclés d'une façon qui protège la santé de
l'homme et l'environnement. Pour obtenir plus d'informations sur les lieux où déposer vos
équipements mis au rebut, veuillez contacter votre municipalité ou le service de gestion des
déchets.
Check Point 61000 Security System Getting Started Guide R75.40VS for 61000 | 12
CHAPT ER 1
Introduction
In This Section:
Overview of Check Point 61000 Security Systems ...................................................... 12
Check Point Virtual Systems ........................................................................................ 13
In this Document ........................................................................................................... 14
Shipping Carton Contents ............................................................................................ 14
Thank you for choosing the Check Point 61000 Security System. We hope that you will be satisfied
with this system and our support services. Check Point products supply your business with the
most up to date and secure solutions available today.
Check Point also delivers worldwide technical services including educational, professional and
support services through a network of Authorized Training Centers, Certified Support Partners
and Check Point technical support personnel to ensure that you get the most out of your security
investment.
For additional information on the Internet Security Product Suite and other security solutions,
refer to the Check Point Web site (http://www.checkpoint.com), or call Check Point at 1(800)
429-4391. For additional technical information about Check Point products, consult the Check
Point Support Center http://supportcenter.checkpoint.com.
Welcome to the Check Point family. We look forward to meeting all of your current and future
network, application and management security needs.
Overview of Check Point 61000 Security Systems
The Check Point 61000 Security System is a high performance, scalable, carrier class solution for
Service Providers and high-end data centers. The system gives advanced Security Gateway
functionality to meet your dynamically changing security needs. Supported Security Gateway
Software Blades include: Firewall, IPS, Application Control, Identity Awareness, URL Filtering,
IPSec VPN, Anti-Bot, and Anti-Virus.
The Check Point 61000 Security System is a 14-15U Chassis and includes:
Component(s) Function
Up to 12 Security Gateway Modules
(SGMs)
Runs a high performance Firewall, and other
Software Blades.
2 Security Switch Modules (SSMs) Distributes network traffic to SGMs.
2 Chassis Management Modules (CMMs) Monitors the Chassis, the SSMs and the SGMs with
zero downtime.
Introduction
Check Point 61000 Security System Getting Started Guide R75.40VS for 61000 | 13
The 61000 Security System:
Is highly fault tolerant, and provides redundancy between Chassis modules, power supplies
and fans. For extra redundancy, you can install a Dual Chassis deployment.
Has NEBS-ready and Non-NEBS versions. The Network Equipment Building Systems (NEBS)
certificate ensures that 61000 Security System meets the environmental and spatial
requirements for products used in telecommunications networks.
Includes a rich variety of CLI monitoring and management tools. The system can be centrally
managed from Check Point Security Management Server or a Multi-Domain Security
Management.
Lets you install different numbers of SGMs to match the processing needs of your network.
You can operate the 61000 Security System as a Security Gateway or as a VSX Gateway for Check
Point Virtual Systems.
Check Point Virtual Systems
Administrators can replicate physical security gateways with Virtual Systems with advanced
protection for many networks and network segments. Virtual Systems can support up to 250
Virtual Systems on a 61000 Security System. This gives you scalability, availability, reliability and
optimal performance while minimizing hardware investment, space requirements and
maintenance costs.
Network virtualization supports easy deployment and configuration of network topology with
simple inter-Virtual System communication. Integrated Virtual Switches and direct links to
destinations eliminate the requirement for external network switches.
KEY FEATURES
Consolidate many Security Gateways on one 61000 Security System
Software Blade Architecture
Gaia 64-bit operating system
Separation of management duties
Customized security policies per Virtual System
Per Virtual System Monitoring of resource usage
KEY BENEFITS
Easily add virtual systems to a security gateway
Decreased hardware cost and simplified network policy
High performance
Granularity with customizable policies for each Virtual System
Better usage-based resource planning with per Virtual System monitoring
Better performance with Multi-core CoreXL technology
Introduction
Check Point 61000 Security System Getting Started Guide R75.40VS for 61000 | 14
In this Document
A brief overview of necessary 61000 Security System concepts and features
A step by step guide to getting the 61000 Security System up and running
Note - Many examples in this guide show the largest model available at the time of publication.
The concepts and procedures are applicable to all models.
Shipping Carton Contents
This section describes the contents of the shipping carton.
Item
Description
Check Point 61000 Security
System
A single 61000 Security System Chassis
61000 Security System
components
2 to 12 Security Gateway Modules
2 Security Switch Modules
2 Chassis Management Modules
Power Supplies (preinstalled)
5 AC Power Supply Units (PSUs) or
1 to 2 DC Power Entry Modules (PEMs)
6 Fans (preinstalled)
Power cord set
Documentation EULA
Welcome document
Obligatory Hardware Purchases
Transceivers are not included in the shipping carton and must be purchased separately.
SSM60 Transceivers
Ports
Required Transceivers
Network and Synchronization Fiber transceiver for 10GbE XFP ports (SR/LR)
Management and log Fiber transceiver for 1GbE SFP ports (SX/LR)
Twisted-pair transceiver for 1GbE SFP ports
Fiber transceiver for 10GbE XFP ports (SR/LR)
Introduction
Check Point 61000 Security System Getting Started Guide R75.40VS for 61000 | 15
SSM160 Transceivers
Ports
Required Transceivers
Network and Synchronization SFP+ (10GbE) Fiber transceiver for SFP+ ports (SR/LR)
SFP (1GbE) Fiber transceiver for SFP+ ports (SX/LX)
Twisted pair (1GbE) transceiver for SFP+ ports
QSFP transceiver for 40GbE ports (SR/LR)
QSFP splitter for 40GbE ports
Management and log Fiber/Twisted pair transceiver for 1GbE SFP+ ports (SX/LX)
SFP+ (10GbE) Fiber transceiver for SFP+ ports (SR/LR)
Check Point 61000 Security System Getting Started Guide R75.40VS for 61000 | 16
CHAPT ER 2
Hardware Components
In This Section:
61000 Security System Front Panel Modules ............................................................. 16
Security Switch Module ................................................................................................ 18
Security Gateway Module (SGM) .................................................................................. 23
AC Power Supply Units (PSUs) .................................................................................... 27
AC Power Cords ............................................................................................................ 29
DC Power Entry Modules (PEMs) ................................................................................. 31
Fan Trays ....................................................................................................................... 33
Chassis Management Modules .................................................................................... 34
Blank Filler Panels for Airflow Management ............................................................. 36
This section shows the hardware components of the 61000 Security System.
61000 Security System Front Panel Modules
Hardware Components
Check Point 61000 Security System Getting Started Guide R75.40VS for 61000 | 17
Item
Description
1 The Security Gateway Modules (SGMs) in the Chassis work together as a single, high
performance Security Gateway or VSX Gateway. Adding a Security Gateway Module
improves system performance. A Security Gateway Module can be added or removed
without losing connections. If an SGM is removed or fails, traffic is sent to the other active
SGMs.
Security Gateway Module slots are numbered 1 to 12, left to right. Slot 7 for example,
(labeled [7] in the diagram) is the slot that is immediately to the right of the two Security
Switch Module slots.
2 Console port, for a serial connection to a specific SGM using a terminal emulation
program.
3 USB port, for a connection to external media, such as a DVD drive.
4 The Security Switch Module (SSM) distributes network traffic to the Security Gateway
Modules and forwards traffic from the Security Gateway Modules. Two are inserted in a
chassis. Two SSM versions are available:
SSM60
Not supported in a VSX Gateway
SSM160
For more about each port, see
Security Switch Module Ports
("Security Switch Module" on
page 18).
5 The Chassis Management Module (CMM) monitors the status of the chassis hardware
components. It also supplies DC current to the cooling fan trays.
If the Chassis Management Module fails or is removed from the chassis, the 61000
Security System continues to forward traffic. However, hardware monitoring is not
available. Adding or removing a Security Gateway Module to or from the chassis is not
recognized. If the two CMMs are removed, the cooling fans stop working.
Warning - There must be at least one CMM in the chassis.
A second Chassis Management Module can be used to supply CMM High Availability.
In the CLI output, the lower slot is listed bay 1. The upper slot is listed as bay2.
Hardware Components
Check Point 61000 Security System Getting Started Guide R75.40VS for 61000 | 18
Item
Description
6 Power:
AC Power Supply Units (PSUs)
100 VAC to 240 VAC
3-5 PSUs
Or:
DC Power Entry Modules (PEMs)
48 VDC to 60 VDC
2 PEMs
Field-replaceable and hot-swappable
In the CLI output:
Upper slots are for DC PEMs. They are listed as bay 1 and bay 2, numbered right to
left.
Lower slots are for AC PSUs. They are listed as bay 1 to bay 5, numbered right to left.
Security Switch Module
The Security Switch Module (SSM) distributes network traffic to the Security Gateway Modules and
forwards traffic from the Security Gateway Modules. Two are inserted in a Chassis. Two SSM
versions are available:
SSM60
Not supported in a VSX Gateway
SSM160
Hardware Components
Check Point 61000 Security System Getting Started Guide R75.40VS for 61000 | 19
SSM160 Security Switch Module
Item
Description
1 1 port for direct access through LAN
1 port for direct access through console (serial)
2 2 x 40GbE QSFP data ports.
In the initial setup program, the interface names are:
Left Security Switch Module:
eth1-09, eth1-13
Right Security Switch Module:
eth2-09, eth2-13
Use a QSFP splitter to split each of the two QSFP ports to 4 x 10GbE.
When using a QSFP splitter the interface names are:
Left Security Switch Module upper QSFP port:
eth1-09 to eth1-12
Left Security Switch Module lower QSFP port:
eth1-13 to eth1-16
Right Security Switch Module upper QSFP port:
eth2-09 to eth2-12
Right Security Switch Module lower QSFP port:
eth2-13
to
eth2-16
3 7 x 10GbE SFP+ data ports
Can use 1GbE or 10GbE transceivers
In the initial setup program, the interface names are:
Left Security Switch Module:
eth1-01, eth1-02, ... eth1-07
Right Security Switch Module:
eth2-01, eth2-02, ... eth2-07
In SmartDashboard, define used interfaces as internal or external.
4 1 synchronization port for connecting to and synchronizing with another 61000
appliance that functions as a high availability peer.
10 GbE SFP+ port
Interface names are eth1-Sync in the left and eth2-sync on the right.
5 Management and logging ports. Connect these ports to the management/logging
network. Security Management Server or dedicated logging servers should be accessible
from these interfaces.
2x 10GbE SFP+ port
In the 61000 appliance initial setup program, these interfaces are labeled:
On the left SSM: eth1-Mgmt1, eth1-Mgmt2
On the right SSM:
eth2-Mgmt1, eth2-Mgmt2
Hardware Components
Check Point 61000 Security System Getting Started Guide R75.40VS for 61000 | 20
6 Management and logging ports. Connect these ports to the management/logging
network. Security Management Server or dedicated logging servers should be accessible
from these interfaces.
2 x 1GbE SFP port
In the 61000 appliance initial setup program, these interface are labeled
On the left SSM: eth1-Mgmt3, eth1-Mgmt4
On the right SSM:
eth2-Mgmt3, eth2-Mgmt4
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95

Check Point 61000 Getting Started Manual

Catégorie
La mise en réseau
Taper
Getting Started Manual

dans d''autres langues