nokia ip290 series security platform installation guide · menu commands menu commands are...
TRANSCRIPT
Part No. N450000887 Rev 001
Published March 2009
Check PointIP290 Security Platform
Installation Guide
2 Check Point IP290 Security Platform Installation Guide
© 2003-2009 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19.
TRADEMARKS:Please refer to http://www.checkpoint.com/copyright.html for a list of our trademarks.For third party notices, see http://www.checkpoint.com/3rd_party_copyright.html.
Check Point Contact InformationFor additional technical information about Check Point products, and for the latest version of this document, see the Check Point Support Center at http://support.checkpoint.com/.Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments to:
Contents
Check Point Contact Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9In This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Conventions This Guide Uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Command-Line Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13About the Check Point IP290 Security Platform. . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Check Point IP290 Appliance Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Built-in Gigabit Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Auxiliary Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
System Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Site Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Product Disposal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Safety Warnings and Cautions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Managing Check Point IP290 Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2 Installing the Check Point IP290 Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Removing the Securing Screws . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Rack Mounting a Single Check Point IP290 Appliance . . . . . . . . . . . . . . . . . . . . . . 22Rack Mounting Two Check Point IP290 Appliances Side-by-Side. . . . . . . . . . . . . . 24
3 Performing the Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Connecting to the Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Connecting Power and Turning the Power On. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Performing the Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Connecting Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Using Check Point Network Voyager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Viewing Check Point IPSO Documentation by Using Check Point Network Voyager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Using the Command-Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Using Check Point Horizon Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Check Point IP290 Security Platform Installation Guide 3
4 About IP290 Appliance Network Interface Cards . . . . . . . . . . . . . . . . . . . . . . . . 39Two-Port Copper Gigabit Ethernet NIC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Copper Gigabit Ethernet NIC Features in the IP290 . . . . . . . . . . . . . . . . . . . . . . 40Copper Gigabit Ethernet NIC Connectors and Cables. . . . . . . . . . . . . . . . . . . . . 41
Two-Port Fiber-Optic Gigabit Ethernet NICs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Fiber-Optic Gigabit Ethernet NIC Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Fiber-Optic Gigabit Ethernet NIC Connectors and Cables. . . . . . . . . . . . . . . . . . 43
5 Installing and Replacing Network Interface Cards . . . . . . . . . . . . . . . . . . . . . . . 45Deactivating Configured Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Installing NICs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Configuring and Activating Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Monitoring Network Interface Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
6 Installing and Replacing Components Other than Network Interface Cards . . 53Installing a Hard-Disk Drive. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Replacing or Upgrading Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Replacing a Check Point Encryption Accelerator Card. . . . . . . . . . . . . . . . . . . . . . 60
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Configuring Software to Use Hardware Acceleration. . . . . . . . . . . . . . . . . . . . . . 64
Replacing the Battery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
7 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69General Troubleshooting Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
A Technical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Physical Dimensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Space Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Other Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
B Compliance Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75Declaration of Conformity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75Compliance Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76FCC Notice (US) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
4 Check Point IP290 Security Platform Installation Guide
Tables
Table 1 Command-Line Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Table 2 Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Table 3 Appliance Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Table 4 NIC PCI Frequency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Check Point IP290 Security Platform Installation Guide 5
6 Check Point IP290 Security Platform Installation Guide
Figures
Figure 1 Component Locations Front View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Figure 2 Component Locations Rear View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Figure 3 Built-In Gigabit Ethernet Interface Front Panel Details . . . . . . . . . . . . . 15Figure 4 Appliance Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Figure 5 Removing the Shipping Screw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Figure 6 Installing the Mounting Brackets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Figure 7 Single Appliance Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Figure 8 Power Switch Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Figure 9 Check Point Network Voyager Reference Access Points . . . . . . . . . . . 35Figure 10 Two-Port Copper Gigabit Ethernet NIC Front Panel . . . . . . . . . . . . . . 40Figure 11 Gigabit Ethernet Cable Connector Pin Assignments . . . . . . . . . . . . . 41Figure 12 Gigabit Ethernet Crossover Cable Pin Connections . . . . . . . . . . . . . . 42Figure 13 PMC Two-Port Short-Range Gigabit Ethernet NIC . . . . . . . . . . . . . . . 43Figure 14 PMC Two-Port Long-Range Gigabit Ethernet NIC . . . . . . . . . . . . . . . 43Figure 15 DIMM Socket Locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Check Point IP290 Security Platform Installation Guide 7
8 Check Point IP290 Security Platform Installation Guide
About This Guide
This guide describes how to install and use the Check Point IP290 security platform. Installation and maintenance should be performed by experienced technicians or Check Point-approved service providers only. This preface provides the following information:
In This GuideConventions This Guide Uses
In This GuideThis guide is organized into the following chapters and appendixes:
Chapter 1, “Overview” provides a general overview of the Check Point IP290 appliance.Chapter 2, “Installing the Check Point IP290 Appliance” describes how to rack mount the appliance and how to physically connect it to a network and power.Chapter 3, “Performing the Initial Configuration” describes how to make the appliance available on the network.Chapter 4, “About IP290 Appliance Network Interface Cards” describes how to connect to the supported Ethernet ports.Chapter 5, “Installing and Replacing Network Interface Cards” describes how to install and replace NICs in your Check Point IP290 appliance.Chapter 6, “Installing and Replacing Components Other than Network Interface Cards” describes how to install components other than NICs in your Check Point IP290 appliance.Chapter 7, “Troubleshooting” describes problems you might encounter and proposes solutions to these problems.Appendix A, “Technical Specifications” provides technical specifications such as interface characteristics.Appendix B, “Compliance Information” provides compliance and regulatory information.
Conventions This Guide UsesThe following sections describe the conventions this guide uses, including notices, text conventions, and command-line conventions.
Check Point IP290 Security Platform Installation Guide 9
NoticesWarnings advise the user that bodily injury might occur because of a physical hazard.Cautions indicate potential equipment damage, equipment malfunction, loss of performance, loss of data, or interruption of service.Notes provide information of special interest or recommendations.
Command-Line ConventionsTable 1 describes the elements of commands that are available in Check Point business security products. You might encounter one or more of the following elements in a command-line path.
Table 1 Command-Line Conventions
Convention Description
command A user-generated instruction typically sent using a console or terminal. The command statement and its associated syntax must be entered exactly as shown in lowercase letters.
italics Indicates a variable in a command that you must supply. For example:delete interface if_name
Supply an interface name in place of the variable. For example:delete interface nic1
angle brackets < > Indicates arguments for which you must supply a value:retry-limit <1–100>
Supply a value. For example:retry-limit 60
-flag A flag is usually an abbreviation for a function, menu, or option name, or for a compiler or preprocessor argument. You must enter a flag exactly as shown, including the preceding hyphen.
.ext A filename extension, such as .ext, might follow a variable that represents a filename. Type this extension exactly as shown, immediately after the name of the file. The extension might be optional in certain products.
( . , ; + * - / ) Punctuation and mathematical notations are literal symbols that you must enter exactly as shown.
10 Check Point IP290 Security Platform Installation Guide
Conventions This Guide Uses
Text ConventionsTable 2 describes the text conventions this guide uses.
Table 2 Text Conventions
Convention Description
monospace font Indicates command syntax, or represents computer or screen output, for example:Log error 12453
bold monospace font Indicates text you enter or type, for example:# configure nat
Key names Keys that you press simultaneously are linked by a plus sign (+):Press Ctrl + Alt + Del.
Menu commands Menu commands are separated by a greater than sign (>):Choose File > Open.
The words enter and type Enter indicates you type something and then press the Return or Enter key.Do not press the Return or Enter key when an instruction says type.
Italics • Emphasizes a point or denotes new terms at the place where they are defined in the text.
• Indicates an external book title reference.• Indicates a variable in a command: delete interface if_name
Check Point IP290 Security Platform Installation Guide 11
1
12 Check Point IP290 Security Platform Installation Guide
1 Overview
This chapter provides an overview of the Check Point IP290 security platform and the requirements for using the appliances. The following topics are covered:
About the Check Point IP290 Security Platform on page 13Check Point IP290 Appliance Overview on page 13System Status LEDs on page 16Site Requirements on page 17Product Disposal on page 17Safety Warnings and Cautions on page 17Managing Check Point IP290 Appliances on page 18
About the Check Point IP290 Security PlatformThe Check Point IP290 security platform combines the power of Check Point IPSO for IP appliances software with your choice of firewall and VPN applications.The IP290 appliances are ideally suited for growing companies and satellite offices that want high-performance IP routing combined with the industry-leading Check Point VPN-1/FireWall-1 enterprise security suite. The small size of the IP290 appliances makes them ideal for installations that need to conserve space.As network devices, the IP290 appliances support a comprehensive suite of IP-routing functions and protocols. The integrated router functionality eliminates the need for separate intranet and access routers in security applications.For more information and technical specifications, see Appendix A, “Technical Specifications.”.
Check Point IP290 Appliance OverviewThe following figures show component locations for Check Point IP290 appliances.
Check Point IP290 Security Platform Installation Guide 13
1 Overview
Figure 1 Component Locations Front View
Figure 2 Component Locations Rear View
Built-in Gigabit Ethernet PortsFigure 3 shows the layout of the six built-in 10/100/1000 Ethernet ports and their LEDs.
00557
IP290
STATUS
SLOT 1 AUX
RESET1000BaseT
1 3 5
2 4 6CONSOLE
POWER FAULT
LINK
ACT
LINK
ACT
Built-in Gigabit Ethernet ports(10/100/1000 Mbps)
Status LEDs
Auxiliary (AUX) port
PMC slot 1
Reset switch Console port
00558
Power plug
Power switchFan vent
14 Check Point IP290 Security Platform Installation Guide
Check Point IP290 Appliance Overview
Figure 3 Built-In Gigabit Ethernet Interface Front Panel Details
NoteThe Link LED is bicolored. A green LED indicates a 1 Gbps link speed, and an orange LED indicates a 10/100 Mbps link speed.
Console PortUse the built-in console port, shown in Figure 1, to make a local connection to the appliance and to supply the initial configuration information that makes the appliance available on the network. For more information on how to make a console connection to the appliance, see “Connecting to the Console Port” on page 29.
CautionCheck Point recommends that you use the console cable that was delivered with your appliance for your console connection. Otherwise, ensure that the pin assignments for your cable match those provided in.
Auxiliary PortUse the built-in serial (AUX) port, shown in Figure 1, to establish a modem connection for managing the appliance remotely or out-of-band. Use USB cables with a standard USB A-style connector and pinout for the AUX port. For Check Point approved modem connections, you will need a USB to RS232 adaptor.
1 3 5
2 4 6
00610
Link LED (green for 1000 Mbps or orange for 10/100 Mbps)
Activity LED (orange)
RJ-45 connectors
Check Point IP290 Security Platform Installation Guide 15
1 Overview
NoteThe only modem approved for use with Check Point security appliances with USB AUX ports is the Radicom model V92MB-U-E, and you must be using Check Point IPSO 6.1 or greater.
System Status LEDsYou can monitor the basic operation of Check Point IP290 appliances by checking their status LEDs. The system status LEDs are located on the front panel of the appliance, as Figure 4 shows.
Figure 4 Appliance Status LEDs
Figure 3 describes the status conditions for each of the LEDs for all indications they might display.
Table 3 Appliance Status LEDs
Indicator Color Description
Caution None (off)
Yellow (steady)
Yellow (blinking)
Normal
Initial boot flash activityorInternal voltage problem
Temperature fault
00557
IP290
STATUS
SLOT 1 AUX
RESET1000BaseT
1 3 5
2 4 6CONSOLE
POWER FAULT
LINK
ACT
LINK
ACT
CriticalPower or Status
Caution
16 Check Point IP290 Security Platform Installation Guide
Site Requirements
Site RequirementsBefore you install a Check Point IP290 appliance, ensure that your computer room or wiring closet conforms to the environmental specifications listed in Appendix A, “Technical Specifications.”
Product Disposal
Safety Warnings and Cautions
WarningTo reduce the risk of fire, electric shock, and injury when you use telephone equipment, follow basic safety precautions. Do not use the product near water.
Power or Status
None (off)
Blue
Power off
Power on
Critical None (off)
Red
Normal
One or more fans are defective.orNo recognizable boot device with a valid kernel found.orKernel panic (followed in 20 seconds by CPU reset).
Table 3 Appliance Status LEDs (continued)
Indicator Color Description
This symbol on the product or on its packaging indicates that this product must not be disposed of with your other household waste. Instead, it is your responsibility to dispose of your waste equipment by handing it over to a designated collection point for the recycling of waste electrical and electronic equipment. The separate collection and recycling of your waste equipment at the time of disposal will help to conserve natural resources and ensure that it is recycled in a manner that protects human health and the environment. For more information about where you can drop off your waste equipment for recycling, please contact your local city office or your household waste disposal service.
Check Point IP290 Security Platform Installation Guide 17
1 Overview
WarningRisk of explosion if battery is replaced by an incorrect type. Replace the battery only with the same or equivalent type that the manufacturer recommends. Dispose of used batteries according to the manufacturer's instructions.
WarningTo reduce the risk of fire, electric shock, and injury, disconnect the power cord and any cables that connect to the appliance or gateway before you open the chassis and expose internal components. Even though the power switch is turned off, power is still present inside the appliance or gateway.
CautionDo not place objects over the ventilation holes on the IP290 appliance. The components might overheat and become damaged.
CautionFor IP290 appliances intended for shipment outside of the United States, the power cord might not be included. If a power cord is not provided, use a power cord rated at 6A, 250V, maximum 15 feet long, made of HAR cordage and IEC fittings approved by the country of end use.
Managing Check Point IP290 AppliancesYou can manage Check Point IP290 appliances by using one of the following interfaces:
Check Point Network Voyager—an SSL-secured, Web-based element management interface to Check Point IP security platforms. Voyager is preinstalled on the IP290 appliance and enabled through the IPSO operating system. With Voyager, you can manage, monitor, and configure the IP290 appliance from any authorized location within the network by using a standard Web browser.For information about how to access Network Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 34.The Check Point IPSO command-line interface (CLI)—an SSHv2-secured interface that enables you to configure Check Point IP security platforms from the command line. Most tasks that you can accomplish with Check Point Network Voyager—to manage and configure the IP290 appliance—you can also do with the CLI. For information about how to access the CLI, see the CLI Reference Guide for the version of IPSO you are using.Check Point Horizon Manager for IP appliances—a secure GUI-based software image management application. With Check Point Horizon Manager, you can securely install and
18 Check Point IP290 Security Platform Installation Guide
Managing Check Point IP290 Appliances
upgrade the proprietary Check Point IPSO operating system, plus hardware and third-party applications such as Check Point FireWall-1. Horizon Manager can perform installations and upgrades on up to 2,500 Check Point IP security platforms, offering administrators the most rapid and dependable upgrade to Check Point NG.For information about how to obtain Horizon Manager, see “For additional technical information about Check Point products, and for the latest version of this document, see the Check Point Support Center at http://support.checkpoint.com/.” on page 2.
Check Point IP290 Security Platform Installation Guide 19
1 Overview
20 Check Point IP290 Security Platform Installation Guide
2 Installing the Check Point IP290 Appliance
You can rack mount Check Point IP290 appliances in the following ways:A single appliance in a one-unit space (1U) or in a two-appliance shell with the second appliance space covered by a filler panel.Two appliances in a 1U space in a two-appliance shell.
This section describes how to perform both of these installations.
Removing the Securing ScrewsBefore you rack mount your IP290, remove the screw from the back of the appliance as shown in Figure 5. The screw is required only for shipping, and leaving it in prevents you from sliding the chassis assembly tray out. If you have two appliances in a two-appliance shell, you need to remove one screw from each appliance.
Check Point IP290 Security Platform Installation Guide 21
2 Installing the Check Point IP290 Appliance
Figure 5 Removing the Shipping Screw
Rack Mounting a Single Check Point IP290 ApplianceBefore you mount the appliance on the rack, install the two side brackets with four screws on each side as shown in Figure 6. The brackets and screws are included with the materials you receive with the appliance.Two mounting positions allow you to mount the appliance either flush with the rack (bracket position A), or two inches forward of the rack (bracket position B).
00614a
IP290
STATUS
AUXRESET
1
3
5
2
4
6
CONSOLE
POWER
FAULT
1000BaseT
LINK
ACT
LINK
ACT
SLOT 1
IP290
STATUS
SLOT 1
AUXRESET
1
3
5
2
4
6
CONSOLE
POWER
FAULT
1000BaseT
LINKACT
LINKACT
22 Check Point IP290 Security Platform Installation Guide
Rack Mounting a Single Check Point IP290 Appliance
Figure 6 Installing the Mounting Brackets
You can mount IP290 appliances in a standard 19-inch rack with four mounting screws as Figure 7 shows.
00559
IP290
STATUS
SLOT 1
AUXRESET
1
3
5
2
4
6
CONSOLE
POWER
FAULT
IP290
STATUS
SLOT 1
AUXRESET
1
3
5
2
4
6
CONSOLE
POWER
FAULT
1000BaseT
LINKACT
LINKACT
1000BaseT
LINKACT
LINKACT
Bracket position A
Bracket position B
Check Point IP290 Security Platform Installation Guide 23
2 Installing the Check Point IP290 Appliance
Figure 7 Single Appliance Installation
Rack Mounting Two Check Point IP290 Appliances Side-by-Side
The following procedure describes how to install two Check Point IP290 appliances in a 1U rack space.This method does not allow you to change the position of the mounting brackets, as you can when you use the single-appliance installation method.
To install two IP290 appliances side-by-side in a 1U space1. Secure the rack-mountable shell on the rack with two screws on each side.
NoteTo avoid damaging your equipment, Check Point recommends that you use all four rack-mounting screws when you install your appliance on the rack.
00560
IP290
STATUS
AUXRESET
1
3
5
2
4
6
CONSOLE
POWER
FAULTSLOT 1
1000BaseT
LINKACT
LINKACT
Mounting screws
24 Check Point IP290 Security Platform Installation Guide
Rack Mounting Two Check Point IP290 Appliances Side-by-Side
NoteThe procedure assumes that you are using an empty shell, but it might be populated with one or two appliances when you receive your product depending on what was ordered from the factory.
2. For each appliance you are installing into the shell, use a screwdriver to rotate both locking latches on the appliance counterclockwise until locking arms completely clear the sides of the shell to prevent damage during the installation.
00427a
Mounting Screws
IP290
STATUS
SLOT 1 AUX
RESET
1 3 5
2 4 6CONSOLE
POWER FAULT
00565
1000BaseT
LINK
ACT
LINK
ACT
Check Point IP290 Security Platform Installation Guide 25
2 Installing the Check Point IP290 Appliance
3. Slide one or two appliances into the shell openings.
4. Secure each appliance to the shell by using a screwdriver to turn the locking latch clockwise until you cannot turn it with light force.To remove the appliance, use a screwdriver to turn the locking latch counterclockwise until you cannot turn it with light force.
00563
IP290
STATUS
AUXRESET
1
3
5
2
4
6
CONSOLE
POWER
FAULTSLOT 1
1000BaseT
LINKACT
LINKACT
Filler panel
3
5
4
6
3
5
4
6
00562
To secure the appliance To release the appliance
26 Check Point IP290 Security Platform Installation Guide
Rack Mounting Two Check Point IP290 Appliances Side-by-Side
The following figure shows how the installation appears if you are using two appliances side-by-side in a 1U space.
00564
IP290
STATUS
SLOT 1
AUXRESET
1
3
5
2
4
6
CONSOLE
POWER
FAULT
IP290
STATUS
SLOT 1
AUXRESET
1
3
5
2
4
6
CONSOLE
POWER
FAULT
1000BaseT
LINK
ACT
LINK
ACT
1000BaseT
LINK
ACT
LINK
ACT
Check Point IP290 Security Platform Installation Guide 27
2 Installing the Check Point IP290 Appliance
28 Check Point IP290 Security Platform Installation Guide
3 Performing the Initial Configuration
The first time you turn on power to a Check Point IP290 appliance, the initial configuration process begins. This process enables you to configure the network settings and provides access to the admin account. You can perform the initial configuration in two ways:
Configure a DHCP server to provide the initial configuration information the first time the appliance is started. Perform the initial configuration manually by using a console connection.
This chapter describes how to perform the initial configuration manually by using a console connection. It includes the following sections:
Connecting to the Console PortConnecting Power and Turning the Power OnPerforming the Initial ConfigurationConnecting Network InterfacesUsing Check Point Network VoyagerUsing the Command-Line InterfaceUsing Check Point Horizon Manager
NoteCheck Point recommends that you physically install all hardware components before you perform the initial configuration procedure this chapter describes. For information about how to install other components, see Chapter 6, “Installing and Replacing Components Other than Network Interface Cards.”
Connecting to the Console Port If you do not use DHCP to perform the initial configuration of your Check Point IP290 appliance, you must use a serial console connection (RJ-45 null-modem cable included). After you perform the initial configuration, the console connection is no longer required.
Check Point IP290 Security Platform Installation Guide 29
3 Performing the Initial Configuration
You can use any standard VT100-compatible terminal with an RS-232 data terminal equipment (DTE) interface or terminal-emulation program configured with the following settings for the console:
9600 bps8 data bitsNo parity1 stop bit
To connect to the console port1. Connect the supplied null-modem cable (console cable) to the console port on the front
panel of the IP290 appliance.Use only the RJ-45 port labeled Console on the front panel; the serial USB port (AUX) is an auxiliary port.If you connect the console port to a data communications equipment (DCE) device, use a straight-through cable.
2. Connect the other end of the cable to the VT100 console or to a system running a terminal-emulation program.
Connecting Power and Turning the Power OnA power switch and a receptacle for the power cord are located on the power on the back of the appliance as shown in Figure 8.
00557
IP290
STATUS
SLOT 1 AUX
RESET1000BaseT
1 3 5
2 4 6CONSOLE
POWER FAULT
LINK
ACT
LINK
ACT
Console port
30 Check Point IP290 Security Platform Installation Guide
Connecting Power and Turning the Power On
Figure 8 Power Switch Location
To connect the power supply1. Attach the retaining clip included with your IP290 appliance to the power cord receptacle on
the back of the appliance.2. Connect the power cord securely into the power cord receptacle, and secure the clip to the
cord.
3. Plug the other end of the power cord into a grounded power strip or wall outlet.4. Toggle the power switch to the On position to provide power to the IP290 appliance.
CautionTo reduce stress on the power supply, after you turn the appliance on, wait at least ten seconds before you turn it off. Likewise, after you turn the power supply off, wait at least ten seconds before you turn it back on.
00558
Power switch
Power cord receptacle
00576
Check Point IP290 Security Platform Installation Guide 31
3 Performing the Initial Configuration
NoteThe IP290 appliance power supply automatically detects the input voltage (115 VAC or 220 VAC) and configures itself appropriately.
5. Check the power LED on the front panel of the appliance to ensure that the power supply is operating correctly.
If the fan is not running, or if the power LED is not illuminated, make sure that:The power cord is properly connected.The power supply switch is on.Power is turned on to the power strip or wall receptacle into which you plugged the appliance.
If the fan is still not running, or if the power LED does not illuminate, contact your Check Point service provider as listed in “For additional technical information about Check Point products, and for the latest version of this document, see the Check Point Support Center at http://support.checkpoint.com/.” on page 2 for technical support.
Performing the Initial ConfigurationThe initial configuration allows you to assign a hostname, create the admin password, and configure the management interface.
To perform the initial configuration1. Press the power switch to the “on” position to turn on power to the appliance.
The fan on the back of the appliance turns on when you press the power switch. Verify that the fan is running after you press the switch.Check the power LED on the front panel of the appliance to ensure that the power supply is operating correctly. The power LED should be illuminated. For more information about the system status LEDs, see “System Status LEDs” on page 16.If the fan is not running, or if the power LED is not illuminated:
Check the power supply cord to make sure it is properly connected.Make sure the power switch is on.Make sure the chassis tray assembly is pushed all the way in from the front of the appliance and that the front panel retaining screws are tightened.Make sure that power is turned on to the power strip or wall receptacle you plugged the appliance in to.
If the fan is still not running, or if the power LED does not illuminate, contact the Check Point Support Center at http://support.checkpoint.com/.
2. At the console a series of startup messages appears, then the console prompt appears.
32 Check Point IP290 Security Platform Installation Guide
Performing the Initial Configuration
The prompt remains on the screen for about five seconds. If you type any character during this time, the appliance activates the Check Point IPSO boot manager.BOOTMGR[0]>
NoteFor information about using the boot manager, see the IPSO Boot Manager Reference Guide.
After some miscellaneous output, the following prompt appears:Hostname?
If the Hostname? prompt does not appear on the console, check the console port and console display connections to ensure that the serial cable is completely plugged in at both ends. If you verify the console connections and still do not see either the BOOTMGR> or Hostname? prompts, verify that the terminal or terminal emulator program settings are correct. If the settings are correct, contact the Check Point Support Center at http://support.checkpoint.com/..
3. Respond to the Hostname? prompt within 30 seconds to prevent the DHCP client from starting.If the DHCP client starts, it might configure the appliance with an incorrect host name and IP address (this could happen if a DHCP server on your network is configured to respond to any request). To reset the incorrect host name and IP address:a. Establish a console connection to the appliance.b. Log into the system using the user name admin and the password password.c. Enter the following:
rm /config/active
ormv /config/active /config/active.old
d. Reboot the appliance.e. Respond to the Hostname? prompt within 30 seconds to prevent the DHCP client from
restarting.4. At each subsequent prompt, type the requested configuration information and then press
Enter.For more information about how to respond to the prompts during the initial configuration process, see the Getting Started Guide and Release Notes for the version of IPSO you are using.
5. After you complete the initial configuration, you can use Check Point Network Voyager to configure the remaining network ports.
Check Point IP290 Security Platform Installation Guide 33
3 Performing the Initial Configuration
Connecting Network InterfacesConnect at least one network interface to the network to use as the Check Point Network Voyager system-management interface.You can also connect the remaining interface cables at this point, although you are not required to do so.For details about cables and other related information, see Chapter 4, “About IP290 Appliance Network Interface Cards.”You can use Check Point Network Voyager or the command-line interface (CLI) to configure the remaining network ports on your Check Point IP290 appliance. Details about how to use Network Voyager, the CLI, and Check Point Horizon Manager are provided in the following sections.
Using Check Point Network VoyagerUse Check Point Network Voyager to configure and monitor your appliance.
To open Check Point Network Voyager1. Open a Web browser on the host you plan to use to configure or monitor your appliance.2. In the Location or Address field, enter the IP address of the initial interface you configured
for the appliance.You are prompted to enter the admin username and the password you entered when you performed the initial configuration.
NoteIf the username login screen does not open, you might not have a physical network connection between the host and your appliance, or you might have a network routing problem. Confirm the information you entered during the initial configuration and check that all cables are firmly connected. For more information, see the troubleshooting section in the installation guide for your appliance.
Viewing Check Point IPSO Documentation by Using Check Point Network Voyager
The following documentation is available from the Check Point Network Voyager interface, as shown in Figure 9:
Network Voyager Reference Guide—This guide is the comprehensive reference source for Check Point Network Voyager. To access this source, look at the list in the navigation tree on the left side of the window (as shown in Figure 9).You can also access this guide and other Check Point IPSO documentation at the Check Point Support Center at http://support.checkpoint.com/.
34 Check Point IP290 Security Platform Installation Guide
Using the Command-Line Interface
Network Voyager online help—You can access online help when you use Check Point Network Voyager. Online help is the context-sensitive information source for Check Point Network Voyager. To access online help for the window you are viewing, click Help. A Close button is available at the bottom of each online help window you view.
Figure 9 Check Point Network Voyager Reference Access Points
Using the Command-Line Interface You can also use the Check Point IPSO command-line interface (CLI) to manage and configure Check Point IP security appliances from the command line. Nearly everything that you can accomplish with Check Point Network Voyager you can also do with the CLI.
To access the command-line interface1. Log on to the appliance by using a command-line connection (SSH, console, or Telnet) over
a TCP/IP network as an admin, cadmin, or monitor user:If you log in as a cadmin (cluster administrator) user, you can change and view configuration settings on all the cluster nodes. For information about how to administer a cluster, see the traffic management commands section in the CLI Reference Guide for the version of Check Point IPSO you are using.
Link to complete user documentation
Link to online help (context sensitive help)
Check Point IP290 Security Platform Installation Guide 35
3 Performing the Initial Configuration
2. If you log in as a monitor user, you can execute only the show form of commands. That is, you can view configuration settings, but you cannot change them.
You can now execute CLI commands from the CLI shell and the Check Point IPSO shell. The Check Point IPSO shell is what you see when you initially log on to the appliance.
For more information about how to access and use the CLI, see the CLI Reference Guide for the version of Check Point IPSO you are using.
Using Check Point Horizon ManagerCheck Point Horizon Manager is an extension of the Check Point Network Voyager management functionality.While Check Point Network Voyager provides the device administrator access to network configuration tasks (such as interface configuration and routing configuration) and security configuration tasks (such as user configuration and access configuration), Check Point Horizon Manager concentrates on secure software image, inventory, and platform management of Check Point IP security platforms.Using Check Point Horizon Manager, an administrator can obtain configuration information, upgrade (or downgrade) the operating system, perform application installations, and distribute necessary licensing to multiple platforms simultaneously, thereby reducing potential human error and improving productivity.Using Check Point Horizon Manager, a network security professional can manage multiple devices simultaneously, perform parallel software upgrades, device verifications, device configuration, file backups, and more.Check Point Horizon Manager is designed to manage and configure a large number of Check Point IP security appliances that reside on a corporate enterprise, managed service provider (MSP), or hosted applications service provider network (ASP).
Execute from To Implement Purpose
Check Point IPSO command line
Enter the following command to invoke the CLI shell:clishThe prompt changes, and you can then enter CLI commands.
Enter any CLI commands in an interactive mode with help text and other helpful CLI features.
Check Point IPSO command line
Enterclish -c “cli-command”
Execute a single CLI command. You must place double-quotation marks around the CLI command.
Command files From inside the CLI shell, enter load commands filename
Load commands from a text file that contains commands. The argument must be the name of a regular file.
36 Check Point IP290 Security Platform Installation Guide
Using Check Point Horizon Manager
For information about how to obtain Check Point Horizon Manager or to learn more about the Check Point Horizon Manager, see the Check Point Web site at www.checkpoint.com.
Check Point IP290 Security Platform Installation Guide 37
3 Performing the Initial Configuration
38 Check Point IP290 Security Platform Installation Guide
4 About IP290 Appliance Network Interface Cards
This chapter describes the network interface cards (NICs) available for the Check Point IP290 appliance and how to connect those NICs to your network. The following NICs are described:
Two-Port Copper Gigabit Ethernet NICTwo-Port Fiber-Optic Gigabit Ethernet NICs
For instructions about how to add or replace NICs, see Chapter 5, “Installing and Replacing Network Interface Cards.”The NICs supported in the Check Point IP290 appliance operate at the peripheral component interconnect (PCI) frequency listed in Table 4.
CautionTo protect the IP290 appliance and the memory modules from electrostatic discharge damage, make sure you are properly grounded before you touch these components. Use a grounding wrist strap and follow the instructions provided with the wrist strap before you handle the components or open the appliance.
Two-Port Copper Gigabit Ethernet NICThe Check Point IP290 appliance supports Check Point-approved, two-port copper Gigabit Ethernet NICs installed on a PMC expansion slot. The IP290 appliance can accommodate one Gigabit Ethernet NIC.
Table 4 NIC PCI Frequency
NIC or interface portMaximum PCI operation supported
Two-port copper Gigabit Ethernet (10/100/1000 Mbps)
66 MHz
Two-port fiber-optic Gigabit Ethernet(1000 Mbps)
66 MHz
Check Point IP290 Security Platform Installation Guide 39
4 About IP290 Appliance Network Interface Cards
When you purchase a copper Gigabit Ethernet NIC with your IP290 appliance, the NIC is installed before the appliance is delivered to you. For information about how to add or replace a NIC, see Chapter 5, “Installing and Replacing Network Interface Cards.”
Copper Gigabit Ethernet NIC Features in the IP290The copper Gigabit Ethernet NIC supports:
Tracing through tcpdumpHigh bandwidthFull-duplex mode operation up to 1 Gbps Link speed auto advertising (10/100/1000)PCI operation at 66 MHz on the IP290Compliance with IEEE 802.3ab Gigabit Ethernet specifications
The copper Gigabit NICs installed in IP290 appliances run on IPSO v4.2 or later.You can configure and monitor Gigabit Ethernet NIC interfaces by using Check Point Network Voyager. Specifically, you can use Network Voyager to set the port speed and full-duplex mode to 1000, 100, or 10 Mbps.For information about how to access Network Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 34.
Figure 10 Two-Port Copper Gigabit Ethernet NIC Front Panel
\
NoteThe two-port copper Gigabit Ethernet NIC you use in IP290 appliances must be the Version 2 type, as indicated on the right end of the NIC faceplate. These NICs are sold by Check Point under the order code NIF4425.
After the power is turned on and the cables are connected, the Ethernet Link LEDs on both the appliance and on the remote equipment illuminate to indicate the connection.
00386.5
LINK
ACT
V2LINK
ACT
1000BaseT
Link LEDs (green for 10/100 Mbps, or orange for 1000 Mbps)Activity LEDs (orange)
Ports
40 Check Point IP290 Security Platform Installation Guide
Two-Port Copper Gigabit Ethernet NIC
NoteThe Link LED on the NIC is bicolored. A green LED indicates a 1 Gbps link speed, and a yellow LED indicates a 10/100 Mbps link speed. As the NIC transmits data, the activity LEDs on the appliance illuminate.
Copper Gigabit Ethernet NIC Connectors and CablesThe copper Gigabit Ethernet NIC receptacles are for RJ-45 connectors.
CautionCables that connect to the Gigabit Ethernet card must be ANSI TIA/EIA-568-A/B compliant (Cat 5 or Cat 5e) to prevent potential data loss.
To connect to a 1-Gbps hub, switch, or router, use a straight-through RJ-45 cable (Cat 5 or Cat 5e type cable, or as required by your network configuration).In Figure 11, the RJ-45 cable output connector is numbered from right to left, with the copper pins facing up and toward you.
Figure 11 Gigabit Ethernet Cable Connector Pin Assignments
00270
8 1
Pin#1000 Mbps Assignment
10/100 MbpsAssignment
1 BI_DA+ TX+
2 BI_DA- TX-
3 BI_DB+ RX+
4 BI_DC+
5 BI_DC-
6 BI_DB- RX-
7 BI_DD+
8 BI_DD-
Check Point IP290 Security Platform Installation Guide 41
4 About IP290 Appliance Network Interface Cards
To connect directly to a host, use an RJ-45 crossover cable wired as Figure 12 shows.
Figure 12 Gigabit Ethernet Crossover Cable Pin Connections
NoteAfter you turn on the appliance, the Ethernet Link LEDs on both the appliance and on the remote equipment illuminate to indicate the connection. As data is transmitted or received, the activity LEDs on the appliance illuminate.
To connect the appliance to other network components, you can order appropriate adapter cables separately from a cable vendor of your choice.
Two-Port Fiber-Optic Gigabit Ethernet NICsThe IP290 appliance supports Check Point-approved, two-port, fiber-optic Gigabit Ethernet NICs installed in the PMC expansion slot. The IP290 appliance can accommodate one Gigabit Ethernet NIC.When you purchase a Gigabit Ethernet NIC with your IP290 appliance, the NIC is installed before the appliance is delivered to you. For information about how to add or replace a NIC, see Chapter 5, “Installing and Replacing Network Interface Cards.”
Fiber-Optic Gigabit Ethernet NIC FeaturesThe short-range and long-range fiber-optic Gigabit Ethernet NICs support:
High bandwidthFull-duplex mode operation up to 1 Gbps (no half-duplex support)Link speed auto advertisingTracing through tcpdumpCompliance with IEEE 802.3z Gigabit Ethernet specification
The short-range multi-mode fiber (MMF) fiber-optic Gigabit Ethernet NICs in the IP290 run on IPSO v4.0.1 or higher.
00020
12345678
12345678
42 Check Point IP290 Security Platform Installation Guide
Two-Port Fiber-Optic Gigabit Ethernet NICs
The long-range single-mode fiber (SMF) fiber-optic Gigabit Ethernet NICs in the IP290 run on IPSO v4.2 or higher.You can configure and monitor Gigabit Ethernet NIC interfaces with Check Point Network Voyager. Specifically, you set the port speed and full-duplex mode with Network Voyager. For information about how to access Network Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 34.Figure 13 shows the front panel details for the two-port short-range (1000 BASE-SX) fiber-optic Gigabit Ethernet NIC you can use in IP290 appliance.
Figure 13 PMC Two-Port Short-Range Gigabit Ethernet NIC
Figure 14 shows the front panel details for the two-port long-range (1000 BASE-LX) fiber-optic Gigabit Ethernet NIC you can use in your IP290.
Figure 14 PMC Two-Port Long-Range Gigabit Ethernet NIC
After the power is turned on and the cables are connected, the Ethernet link LEDs on both the IP290 and on the remote equipment illuminate to indicate the connection. As data is transmitted, the activity LEDs on the appliance illuminate.
Fiber-Optic Gigabit Ethernet NIC Connectors and CablesFor short-range NICs, to connect the fiber-optic Gigabit Ethernet NIC to other network components, use a multi-mode, fiber-optic cable with an LC connector for each NIC interface. You can use either 50 or 62.5 micron cable; 50 micron-type cable provides longer transmission reach.
00206
GIG
E
Link LEDs (solid green)Activity LEDs (blinking amber)
Ports
00555
LINK
ACT1000B-LX
Link LEDs (solid green)Activity LEDs (blinking amber)
Ports
Check Point IP290 Security Platform Installation Guide 43
4 About IP290 Appliance Network Interface Cards
For long-range NICs, to connect the fiber-optic Gigabit Ethernet NIC to other network components, use a single-mode, fiber-optic cable with an LC connector for each NIC interface.The destination end of the cable can be either LC or SC, depending on the type of connector required for the destination Gigabit Ethernet device. You can also use a half-duplex LC-to-LC cable to loop back the transmit port of an interface to the receiver port. LC and SC define the fiber-optic connector types; LC connectors are smaller than SC connectors.
CautionDepending on the product you order, one or more LC-to-SC cables are included with fiber-optic Gigabit Ethernet NICs. You can order additional cables from a cable vendor of your choice.Cables that connect to the Gigabit Ethernet NIC must be IEEE 802.3z compliant to prevent potential data loss.
44 Check Point IP290 Security Platform Installation Guide
5 Installing and Replacing Network Interface Cards
Your Check Point IP290 appliance comes with any network interface cards (NICs) you ordered already installed. All NICs installed in the appliance are housed in PMC expansion slots. You should have a working knowledge of networking equipment before you attempt to service a appliance.This chapter describes how to remove, add, or replace NICs later if it becomes necessary. The following topics are covered:
Deactivating Configured InterfacesInstalling NICsConfiguring and Activating InterfacesMonitoring Network Interface Cards
For detailed information on specific network interface cards, see Chapter 4, “About IP290 Appliance Network Interface Cards.”
CautionLimit service of the appliance to the procedures described in this chapter.
CautionTo help guard against electrostatic discharge damage, make sure you are properly grounded by using a grounding wrist strap and following the instructions provided with the wrist strap before you handle the components or open the appliance.
Deactivating Configured InterfacesIf you are removing or replacing an installed NIC, use Check Point Network Voyager to deactivate any configured ports on the NIC before removing it.
Deactivate all of the logical interfaces on the NIC.Deactivate all of the physical interfaces on the NIC.
Check Point IP290 Security Platform Installation Guide 45
5 Installing and Replacing Network Interface Cards
If you do not deactivate the interfaces before removing the NIC, you may have to reinstall the NIC to deactivate its logical and physical interfaces in Network Voyager.For information about how to access Network Voyager, see “Using Check Point Network Voyager” on page 34.
Installing NICs
NoteBefore removing a configured network interface card with these instructions, you must deactivate the NIC by using Check Point Network Voyager. For additional information, see “Deactivating Configured Interfaces” on page 45.
Use these instructions to install a NIC in the IP290 appliance. Some steps are not applicable to all procedures. The instructions point out steps appropriate to each procedure.
Before You BeginTo install a Check Point NIC, you need the following:
A Phillips-head screwdriverPhysical access to the applianceAccess to the appliance by using Check Point Network Voyager or the CLIA suitable, grounded work surface A field replaceable unit kit, including the NIC
NoteYou do not need to manually disconnect power for this procedure. Any servicing of the appliance should be completed with the chassis tray assembly fully removed from the appliance.
To install a network interface card1. Use Check Point Network Voyager or command-line interface (CLI) to perform an orderly
shutdown of the IP290 appliance. For information about how to access Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 34.
2. Turn off the power to the IP290 appliance.3. Remove the power cord.
46 Check Point IP290 Security Platform Installation Guide
Installing NICs
4. Loosen the two front panel retaining screws.
5. Slide the chassis tray assembly forward, and completely remove the chassis to expose the motherboard components.
6. Place the chassis tray assembly on a table top.
IP290
STATUS
SLOT 1 AUX
RESET
1 3 5
2 4 6CONSOLE
POWER FAULT
00565
1000BaseT
LINK
ACT
LINK
ACT
Chassis tray assembly retaining screws
00563
IP290
STATUS
AUXRESET
1
3
5
2
4
6
CONSOLE
POWER
FAULTSLOT 1
1000BaseT
LINKACT
LINKACT
Check Point IP290 Security Platform Installation Guide 47
5 Installing and Replacing Network Interface Cards
7. From underneath the chassis tray assembly, remove the retaining screws.
If you are installing a NIC in an unoccupied slot, remove the blank bezel that occupies the space in the appliance front panel and retain it for future use.
00570
IP290
STATUS
SLOT 1
AUXRESET
1
3
5
2
4
6
CONSOLE
POWER
FAULT
48 Check Point IP290 Security Platform Installation Guide
Installing NICs
8. Insert the new NIC.a. Insert the NIC bezel into the front panel.b. Gently push the back of the NIC down toward the chassis tray assembly.
Make sure that the NIC edge is completely seated into the connectors on the chassis tray assembly.
00572
IP290
STATUS
SLOT 1
AUXRESET
1
3
5
2
4
6
CONSOLE
POWER
FAULT
LINK
ACT
LINK
ACT
1000BaseT
Check Point IP290 Security Platform Installation Guide 49
5 Installing and Replacing Network Interface Cards
9. From the top of the chassis tray assembly, screw the NIC retaining screws into the standoffs on the back of the NIC.
10. From beneath the chassis tray assembly, screw in the bezel retaining screws.
11. Slide the chassis tray assembly back into the appliance.
00571
IP290
STATUS
SLOT 1
AUXRESET
1
3
5
2
4
6
CONSOLE
POWER
FAULT
1000BaseT
LINKACT
LINKACT
50 Check Point IP290 Security Platform Installation Guide
Configuring and Activating Interfaces
The Check Point IPSO operating system automatically recognizes the NIC and applies the original configuration to the new NIC.
12. Resecure the two chassis tray assembly retaining screws.13. Replace the power cord.14. Turn on the power.
Configuring and Activating InterfacesThe IP290 appliance automatically detects any new NIC when the appliance is restarted. Use Check Point Network Voyager to configure and activate the logical and physical interfaces on the NIC.For information about how to access Network Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 34.
Monitoring Network Interface CardsYou can assess the general operating condition of the NICs in your appliance by looking at the LED status indicators on the NICs.For the status indicator information for the built-in Ethernet ports, see Figure 4 on page 16.For the status indicator information for the Gigabit Ethernet NICs, see Chapter 4, “About IP290 Appliance Network Interface Cards.”.Use Network Voyager to access detailed port information. For information about accessing Network Voyager, see “Using Check Point Network Voyager” on page 34. You can also use the IPSO tcpdump command to examine the track on a specific port.
00563
IP290
STATUS
AUXRESET
1
3
5
2
4
6
CONSOLE
POWER
FAULTSLOT 1
1000BaseT
LINKACT
LINKACT
Check Point IP290 Security Platform Installation Guide 51
5 Installing and Replacing Network Interface Cards
52 Check Point IP290 Security Platform Installation Guide
6 Installing and Replacing Components Other than Network Interface Cards
This chapter provides information about how to install or replace components other than network interface cards (NICs) in your appliance. The following topics are covered:
Installing a Hard-Disk DriveReplacing or Upgrading MemoryReplacing a Check Point Encryption Accelerator CardReplacing the Battery
For information about how to add or replace NICs, see Chapter 5, “Installing and Replacing Network Interface Cards.”You should have a working knowledge of networking equipment before you attempt to service an IP290 appliance. Limit service of the appliance to the procedures described in this chapter.
NoteTo protect the IP290 appliance and the memory modules from electrostatic discharge damage, make sure you are properly grounded before you touch these components. Use a grounding wrist strap and follow the instructions provided with the wrist strap before you handle the components or open the appliance.
Installing a Hard-Disk DriveThe IP290 appliance is a flash-based appliance that also supports one optional hard-disk drive that plugs into connectors on the motherboard. The hard-disk drive provides 40 GB of storage space.The hard-disk drive is not included in the standard package. When you purchase your IP290 appliance, you can order one hard disk drive for factory installation or order one later and install it yourself.This section describes how to install a hard-disk drive.
Check Point IP290 Security Platform Installation Guide 53
6 Installing and Replacing Components Other than Network Interface Cards
Before You Begin
CautionHard-disk drives are susceptible to damage from shock. Handle them with care.
CautionTo help guard against electrostatic discharge damage, make sure you are properly grounded by using a grounding wrist strap and following the instructions provided with the wrist strap before you handle the components or open the appliance. If you do not have a grounding wrist strap, make sure you are properly grounded before you touch any electronic component.
To install or replace a hard-disk drive, you need:Physical access to the applianceCheck Point hard-disk drive kitA Phillips-head screwdriver
The following procedure requires removing the chassis tray assembly from the chassis.
CautionMake sure you perform an orderly shut down of the system before attempting to remove the chassis tray assembly.
You must replace the hard-disk drive with a drive that has a capacity equal to or larger than the drive you are replacing. Back up your hard-disk drive files to a remote system on a regular basis.
To remove or replace a hard-disk drive
CautionIf you fail to use the following procedure when you remove the hard-disk drive, the drive might become damaged or you might lose data.
1. Use Check Point Network Voyager or the command-line interface (CLI) to perform an orderly shutdown of the IP290 appliance. For information about how to access Network Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 34.
2. Turn off the power to the IP290 appliance.3. Remove the power cord.
54 Check Point IP290 Security Platform Installation Guide
Installing a Hard-Disk Drive
WarningTo reduce the risk of fire, electric shock, and injury, disconnect the power cord and any cables that connect to the appliance or gateway before you open the chassis and expose internal components. Even though the power switch is turned off, power is still present inside the appliance or gateway.
4. Loosen the two front panel retaining screws.
5. Slide the chassis tray assembly forward, and completely remove the chassis to expose the motherboard components.
NoteIf you are unable to slide out the chassis tray assembly, you might need to remove the shipping screw from the back of the appliance. For details, see Figure 5 on page 22.
6. Place the chassis tray assembly on a table top.
IP290
STATUS
SLOT 1 AUX
RESET
1 3 5
2 4 6CONSOLE
POWER FAULT
00565
1000BaseT
LINK
ACT
LINK
ACT
Chassis tray assembly retaining screws
00563
IP290
STATUS
AUXRESET
1
3
5
2
4
6
CONSOLE
POWER
FAULTSLOT 1
1000BaseT
LINKACT
LINKACT
Check Point IP290 Security Platform Installation Guide 55
6 Installing and Replacing Components Other than Network Interface Cards
7. Remove the four screws from the base of the hard-disk drive and remove the hard-disk drive.
8. Slide the new hard-disk drive onto the mounting locations.9. Replace the four screws.10. Slide the chassis tray assembly back into the appliance.11. Resecure the two chassis tray assembly retaining screws.
NoteWhen you resecure the chassis tray assembly retaining screws, do not exceed a torque of 4.5 inch-pounds.
12. Replace the power cord.13. Turn on the power.
Replacing or Upgrading MemoryThe appliance has two dual inline memory-module (DIMM) sockets that are double data rate (DDR2), which perform at high speed. This section describes how to upgrade or replace the memory by using a Check Point-approved memory upgrade kit.
00575
IP290
STATUS
SLOT 1
AUXRESET
1
3
5
2
4
6
CONSOLE
POWER
FAULT
1000BaseT
LINKACT
LINKACT
56 Check Point IP290 Security Platform Installation Guide
Replacing or Upgrading Memory
The IP290 appliance comes with either 1 or 2 GB of RAM using 1-GB DIMMs, and a 1-GB system can be upgraded to 2 GB of RAM with the addition of a 1-GB DIMM.Check Point products support only memory kits purchased from Check Point or Check Point-approved resellers. For further information, contact the Check Point Support Center at http://support.checkpoint.com/.The DIMM sockets are located on the left rear of the IP290 appliance motherboard, as you look at the appliance from the front, as Figure 15 shows.
Figure 15 DIMM Socket Locations
Before You BeginTo upgrade or replace your appliance memory, you need:
Physical access to the applianceCheck Point memory upgrade kitAccess to the appliance by using Check Point Network Voyager or command-line interface (CLI)A Phillips-head screwdriverGrounding wrist strap
00569
IP290
STATUS
SLOT 1
AUXRESET
1
3
5
2
4
6
CONSOLE
POWER
FAULT
1000BaseT
LINKACT
LINKACT
DIMM sockets
Check Point IP290 Security Platform Installation Guide 57
6 Installing and Replacing Components Other than Network Interface Cards
CautionTo protect the IP290 appliance and the memory modules from electrostatic discharge damage, make sure you are properly grounded before you touch these components. Use a grounding wrist strap and follow the instructions provided with the wrist strap before you handle the components or open the appliance.
To replace DIMMs1. Use Check Point Network Voyager or the command-line interface (CLI) to perform an
orderly shutdown of the appliance.For information about how to access Network Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 34.
2. Turn off the power to the IP290 appliance.3. Remove the power cord.
WarningTo reduce the risk of fire, electric shock, and injury, disconnect the power cord and any cables that connect to the appliance or gateway before you open the chassis and expose internal components. Even though the power switch is turned off, power is still present inside the appliance or gateway.
4. Loosen the two front panel retaining screws.
5. Slide the chassis tray assembly forward and completely remove the chassis to expose the motherboard components.
00557
IP290
STATUS
SLOT 1 AUX
RESET1000BaseT
1 3 5
2 4 6CONSOLE
POWER FAULT
LINK
ACT
LINK
ACT
Chassis tray assembly retaining screws
58 Check Point IP290 Security Platform Installation Guide
Replacing or Upgrading Memory
NoteIf you are unable to slide out the chassis tray assembly, you might need to remove the shipping screw from the back of the appliance. For details, see Figure 5 on page 22.
6. To remove a DIMM, push down on the two retaining clips, which allows you to gradually pull the DIMM out of its socket. You might need to pull up on one end of the DIMM and then the other in order to remove it.
7. To install DIMMS, press the new DIMM into the socket until it clicks into place.The top of the DIMM is smooth. The bottom edge has two different-length sets of contacts, which mate with the slots on the socket. Be sure the contacts and slots are properly aligned before you insert the DIMM.
00563
IP290
STATUS
AUXRESET
1
3
5
2
4
6
CONSOLE
POWER
FAULTSLOT 1
1000BaseT
LINKACT
LINKACT
00612a
Check Point IP290 Security Platform Installation Guide 59
6 Installing and Replacing Components Other than Network Interface Cards
The retaining clips move into the lock position as you press the DIMM into place.
8. Slide the chassis tray assembly back into the appliance.9. Resecure the two chassis tray assembly retaining screws.
NoteWhen you resecure the chassis tray assembly retaining screws, do not exceed a torque of 4.5 inch-pounds.
10. Replace the power cord.11. Turn on the power.The IP290 appliance automatically recognizes the new memory configuration. You can verify the configuration by using Check Point Network Voyager or the CLI.
Replacing a Check Point Encryption Accelerator CardYou can install an optional Check Point encryption accelerator card to further enhance VPN performance. The accelerator card provides high-speed cryptographic processing that enhances VPN performance.The IP290 appliance uses a PMC format accelerator card. The accelerator card has no external connections and requires no cables. The accelerator card software package is part of Check Point IPSO, so the appliance automatically detects and configures the card.Use Check Point Network Voyager to configure your software applications (IPSec or Check Point VPN) to make use of the available hardware accelerator. For information about how to configure software applications, see “Configuring Software to Use Hardware Acceleration” on page 64.This section describes how to replace a previously installed accelerator card.
00612
60 Check Point IP290 Security Platform Installation Guide
Replacing a Check Point Encryption Accelerator Card
Before You BeginTo install the accelerator card, you need:
Physical access to the applianceThe Check Point encryption accelerator card and installation kitPhillips-head screwdriverFour screws (included in kit)Grounding wrist strap (included in kit)
CautionTo help guard against electrostatic discharge damage, make sure you are properly grounded by using a grounding wrist strap and following the instructions provided with the wrist strap before you handle the components or open the appliance.
To install the accelerator card1. Use Check Point Network Voyager or the command-line interface (CLI) to perform an
orderly shutdown of the IP290 appliance. For information about how to access Network Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 34.
2. Turn off the power to the IP290 appliance.3. Remove the power cord.
WarningTo reduce the risk of fire, electric shock, and injury, disconnect the power cord and any cables that connect to the appliance or gateway before you open the chassis and expose internal components. Even though the power switch is turned off, power is still present inside the appliance or gateway.
4. Loosen the two chassis tray assembly retaining screws.
5. Slide the chassis tray assembly forward and completely remove the chassis to expose the motherboard components.
IP290
STATUS
SLOT 1 AUX
RESET
1 3 5
2 4 6CONSOLE
POWER FAULT
00565
1000BaseT
LINK
ACT
LINK
ACT
Chassis tray assembly retaining screws
Check Point IP290 Security Platform Installation Guide 61
6 Installing and Replacing Components Other than Network Interface Cards
NoteIf you are unable to slide out the chassis tray assembly, you might need to remove the shipping screw from the back of the appliance. For details, see Figure 5 on page 22.
6. Locate the PMC encryption accelerator card connector on the motherboard. The connector is located on the middle, left side of the motherboard.
CautionDo not use the PMC connectors located at the front of the motherboard for the acceleration card. Those connectors are for the NICs.
7. Position the male PMC connector on the card over the female PMC connector on the motherboard.The connectors should be aligned with each other. The three screw holes and three standoffs should also be aligned with each other.
00563
IP290
STATUS
AUXRESET
1
3
5
2
4
6
CONSOLE
POWER
FAULTSLOT 1
1000BaseT
LINKACT
LINKACT
62 Check Point IP290 Security Platform Installation Guide
Replacing a Check Point Encryption Accelerator Card
8. Push down on the card until it is properly seated on the motherboard.
9. Place the screws through the standoff holes on the card and into the standoffs on the motherboard.
10. Turn each screw clockwise to attach the card to the standoffs. Do not overtighten.Make sure that all standoff connections are properly aligned before tightening the screws completely.
11. Slide the chassis tray assembly back into the appliance.12. Resecure the two chassis tray assembly retaining screws.
NoteWhen you resecure the chassis tray assembly retaining screws, do not exceed a torque of 4.5 inch-pounds.
13. Replace the power cord.14. Turn on the power.15. Configure your software to use hardware acceleration by following the instructions in
“Configuring Software to Use Hardware Acceleration” on page 64.
00568
00175.1
Screw
Accelerator cardStandoff hole
Motherboard standoff
Check Point IP290 Security Platform Installation Guide 63
6 Installing and Replacing Components Other than Network Interface Cards
Configuring Software to Use Hardware AccelerationThe Check Point encryption accelerator software package is part of the Check Point IPSO operating system, so the appliance automatically detects and configures the Check Point encryption accelerator card.For the Check Point IP290 appliances, SecureXL is on by default. After you install the Check Point encryption accelerator card and reboot the appliance, SecureXL automatically uses the Check Point encryption accelerator card for encryption acceleration. If you do not want to use SecureXL for encryption acceleration, use the Check Point cpconfig utility to disable SecureXL.You can also configure the IP290 appliances to use the Check Point encryption accelerator card for IKE acceleration. When you enable IKE acceleration, the Check Point encryption accelerator card performs cryptographic operations for IPsec tunnel negotiation.
To enable IKE acceleration1. From the Network Voyager home page, click Security and Access Configuration, then click
IKE Acceleration. For information about how to access Network Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 34.
2. On the IKE Acceleration page, click Register the module.3. Click Apply.The PKCS#11 token that enables IKE acceleration is registered with the Check Point software on your appliance. After you register the module, you must install the Check Point security policy on the firewall for the Check Point encryption accelerator card to perform IKE acceleration.
Replacing the BatteryTo replace the battery, you need the following:
The appropriate Check Point battery replacement kit for your appliancePhysical access to the applianceA Phillips-head screwdriverA grounding wrist strap(Optional) Safety glasses
WarningRisk of explosion if battery is replaced by an incorrect type. Replace the battery only with the same or equivalent type that the manufacturer recommends. Dispose of used batteries according to the manufacturer's instructions.
64 Check Point IP290 Security Platform Installation Guide
Replacing the Battery
WarningMake certain to remove the power cord from the appliance before you proceed with any of the following steps. Failure to do so could cause electric shock with burns or death resulting for the user.
CautionMake certain that you are properly grounded when you handle components internal to the appliance to protect against electrostatic discharge damage to the appliance. Use the grounding strap included in the battery replacement kit.
To install the battery1. Use Check Point Network Voyager or the command-line interface (CLI) to perform an
orderly shutdown of the IP290 appliance. For information about how to access Network Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 34.
2. Turn off the power to the IP290 appliance.3. Remove the power cord.
WarningTo reduce the risk of fire, electric shock, and injury, disconnect the power cord and any cables that connect to the appliance or gateway before you open the chassis and expose internal components. Even though the power switch is turned off, power is still present inside the appliance or gateway.
4. Loosen the two front panel retaining screws.
5. Slide the chassis tray assembly forward and completely remove the chassis to expose the motherboard components.
IP290
STATUS
SLOT 1 AUX
RESET
1 3 5
2 4 6CONSOLE
POWER FAULT
00565
1000BaseT
LINK
ACT
LINK
ACT
Chassis tray assembly retaining screws
Check Point IP290 Security Platform Installation Guide 65
6 Installing and Replacing Components Other than Network Interface Cards
NoteIf you are unable to slide out the chassis tray assembly, you might need to remove the shipping screw from the back of the appliance. For details, see Figure 5 on page 22.
6. Locate the battery on the motherboard.
00563
IP290
STATUS
AUXRESET
1
3
5
2
4
6
CONSOLE
POWER
FAULTSLOT 1
1000BaseT
LINKACT
LINKACT
66 Check Point IP290 Security Platform Installation Guide
Replacing the Battery
The battery is in a battery holder to the side of the power supply.
7. To remove the old battery, hold on to the holder with one hand while you push the top of the battery toward the power supply to release it from the securing clips and lift the battery out of the holder
CautionReplace the battery only with the same or equivalent type battery recommended by the manufacturer. Dispose of used batteries according to the manufacturer's instructions.
8. With the positive side toward the power supply, and with the top of the battery angled toward the power supply, slide the bottom of the new battery into the battery holder, and then push the top of the battery firmly into the securing clips.
CautionYou must place the new battery into the battery holder observing the correct polarity.
9. Slide the chassis tray assembly back into the appliance.10. Resecure the two chassis tray assembly retaining screws.
00613
Power supply
Battery securing clips
Check Point IP290 Security Platform Installation Guide 67
6 Installing and Replacing Components Other than Network Interface Cards
NoteWhen you resecure the chassis tray assembly retaining screws, do not exceed a torque of 4.5 inch-pounds.
11. Replace the power cord.12. Turn on the power.After you replace the battery, you need to reset the date and time using Network Voyager or the CLI.
68 Check Point IP290 Security Platform Installation Guide
7 Troubleshooting
This chapter provides troubleshooting tips, problems, and solutions related to Check Point IP290 appliance installations.
General Troubleshooting InformationThe information in this section relates to problems you might encounter during the Check Point IP290 appliance installation.
Appliance Not Receiving Power
Problem Power cord is not properly plugged in.Solution Check cord. Make sure it is properly seated at both ends.
Problem Power supply not providing power.Solution Check power source. If no power is present at the source, take appropriate action such as inserting a new fuse or resetting circuit breaker.
Unable to Log In to the Console Port—No Error MessageTwo laptop computers (using terminal emulation programs) or terminals should be able to communicate back to back in the same way that the terminal communicates with the IP290 appliance. If this is not possible with your laptop computer or terminal, the problem is with the terminal or cable and not with the appliance.
Problem No console connection to the IP290 appliance.Solution For information about how to create a console connection, see “To connect to the console port” on page 30.
Problem Not connected with a null-modem cable. Solution Verify that you are using a null-modem cable. For pinout information, see “To connect to the console port” on page 30.
Check Point IP290 Security Platform Installation Guide 69
7 Troubleshooting
Problem Wrong terminal settings.Solution Verify terminal settings: 8 data bits, 1 stop bit, no parity, 9600 bps.
Problem Terminal set for flow control.Solution The IP290 appliance does not use flow control. The terminal should be set for no flow control.
Problem Defective IP290 appliance or file system.Solution Contact the Check Point Support Center at http://support.checkpoint.com/.
Login Prompt Appears, But Password Not Accepted
Problem Database is corruptSolution Return to default settings or contact the Check Point Support Center at http://support.checkpoint.com/.
Problem Entered wrong password.Solution Obtain a valid password or set the password to a default value.
NoteYou must have local serial access to your appliance console to perform this procedure. With a keyboard and monitor directly connected to the appliance, the boot prompt does not appear, and you cannot perform this procedure.
For information about how to reset the admin password to a default value or how to reset the default database settings, see the Voyager Reference Guide or CLI Reference Guide for the version of IPSO you are using.
Do Not Receive a Login Prompt—Error Messages Appear
Problem The IP290 appliance is defective, or the file system on the appliance is defective.Solution Contact the Check Point Support Center at http://support.checkpoint.com/.
NoteUse the full installation procedure to install a new system. The new system completely replaces the contents of the drive and might be needed to restore or reload an IP290 appliance. This procedure erases any configuration database on the appliance. For information about how to complete the full installation procedure, see the current release notes.
70 Check Point IP290 Security Platform Installation Guide
General Troubleshooting Information
Not Able to Connect to Check Point Network Voyager Using the Ethernet Port, But Console Access Works
Problem Voyager access or Ethernet port disabled.Solution Use the CLI over the console connection to verify the interface configuration and modify the configuration as necessary. For more information, see the CLI Reference Guide for the version of IPSO you are using.
Do Not See Interfaces That Should be Present
Problem Local IP290 appliance ports do not appear. Solution Your IP290 appliance might be defective. Contact the Check Point Support Center at http://support.checkpoint.com/.
NoteThe problem could be with the Ethernet port. Try connecting the Ethernet cable to another port.
Common Ethernet Problems—Connectivity with Attached Device
Problem No link light. Solution You might have used the wrong cable. Use a crossover cable between the IP290 appliance and a host, and a straight-through cable between an appliance and a hub.
Problem Unblinking activity LED. Solution You might have set the wrong speed. Verify that the speeds match on each end of the Ethernet connection (10 or 100 Mbps).
Problem Port not enabled.Solution Verify from the Interface page in Network Voyager that the interface port is configured as active.
Problem High collision rate on the hub. Solution Disconnect connections one at a time until the problem is localized to one computer and troubleshoot further.
Check Point IP290 Security Platform Installation Guide 71
7 Troubleshooting
72 Check Point IP290 Security Platform Installation Guide
A Technical Specifications
Physical Dimensions
Space RequirementsCheck Point IP290 appliances are designed for front-screw mounting in a 19-inch rack. Each IP290 appliance requires the following space in a rack:
1.6 inches (4.1 centimeters) of vertical space for a single appliance1.7 inches (4.3 centimeters) of vertical space for appliances in a shell16.0 inches (40.6 centimeters) behind the front-panel of the rack plus 2.0 inches (5.1 centimeters) behind the appliance to allow the back exit fan to circulate air properly.2.0 inches (5.1 centimeters) at each side of the appliance to allow air circulation for the side vents.
CautionDo not place objects over the ventilation holes on the IP290 appliance. The appliance might overheat and become damaged.
For information about changes to the software requirements or additional applications that have become available since this guide was published, contact the Check Point Support Center at http://support.checkpoint.com/.
Dimensions Height: 1.7 in. (4.3 cm) in shell
Width: 8.5 in. (21.7 cm) single appliance without rack mounting brackets17.0 in. (43.2 cm) two appliances without rack mounting brackets19.0 in. (48.3 cm) shell with rack mounting brackets
Depth: 19.0 in (48.3 cm) including front handles
Weight9.1 lbs. (4.1kg) single base system with mounting brackets23.6 lbs. (10.7 kg) shell containing two base systems
Check Point IP290 Security Platform Installation Guide 73
A Technical Specifications
Other Specifications
Maximum altitude of operation To 10, 000 feet or 3300 meters above sea level
Operating temperature range 41 to 104° Fahrenheit5 to 40° Celsius
Input voltage requirement 115 VAC or 220 VAC, 50 or 60 Hz
Current 2A
Power consumption 35 watts
74 Check Point IP290 Security Platform Installation Guide
B Compliance Information
This appendix contains declaration of conformity, compliance, and related regulatory information.
Declaration of ConformityAccording to ISO/IEC 17050:
declares that the product:
conforms to the following standards:
Supplementary information:Pursuant to ISO/IEC 17050 this product complies with the requirements of the Low Voltage Directive 73/23/EEC and the EMC Directive 2004/108/EC.
Manufacturer’s Name: Nokia Inc.
Manufacturer’s Address: 313 Fairchild DriveMountain View, CA 94043-2215USA
Product Name: IP290
Model Number: IP290
Product Options: All
Serial Number: 1 to 100,000
Date First Applied: 2007
Safety: UL 60950-1CSA C22.2 No. 60950-1-03IEC 60950-1:2001EN 60950-1:2001+A11
EMC: EN55024 1998, EN55022A 1998, EN61000-3-2, EN61000-3-3
Check Point IP290 Security Platform Installation Guide 75
B Compliance Information
Compliance StatementsThis hardware complies with the standards listed in this section.
Emissions Standards
Immunity Standards
Harmonics and Voltage Fluctuation
Christopher SaleemCompliance & Reliability Engineering ManagerSecurity & Mobile Connectivity, Enterprise SolutionsMountain View, CaliforniaApril 2007
FCC Part 15 Subpart B Class A US/Canada
EN55022 (CISPR 22) Class A European Community (CE)
EN55024 European Community (CE)
EN61000-4-2
EN61000-4-3
EN61000-4-4
EN61000-4-5
EN61000-4-6
EN61000-4-11
EN61000-3-2 European Community (CE)
EN61000-3-3 European Community (CE)
76 Check Point IP290 Security Platform Installation Guide
FCC Notice (US)
Safety Standards
FCC Notice (US)This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense.
CautionAny changes or modifications not expressly approved by the grantee of this device could void the user’s authority to operate the equipment.
050316
UL60950-1/EN60950-1 US/European Community(CE)
CAN/CSA-C22.2 No.60950-1 Canada
Check Point IP290 Security Platform Installation Guide 77
B Compliance Information
78 Check Point IP290 Security Platform Installation Guide
Index
Aaccessing and removing DIMMs 58activating interfaces 51appliance
components 13monitoring the IP290 16
AUX portmodem support 15
auxiliary port 15
Bbattery
location 67replacing 64
Ccables
console 30Check Point Network Voyager
opening 34components 13configuring console connection, using a 29configuring interfaces 51connecting
console, to the 30network interfaces 34
connectionscopper Gigabit Ethernet NIC 41fiber-optic Gigabit Ethernet NIC 43modem 15power 30
consolecable 30
console cable connection 30copper Gigabit Ethernet NIC 39, 41cryptographic processing 60
Ddata communications equipment device 30deactivating, network interface cards 45
Check Point IP290 Security Platform Installation Guide
DHCP server, initial configuration 29DIMMs 57
accessing and removing 58adding 58retaining clips 60socket locations 57
dual inline memory-module sockets (DIMMs) 56dual-port Ethernet network interface card 43
Eencryption accelerator card
installing an 60location 62replacing 60
end-of-life information 17
Ffiber-optic Gigabit Ethernet NICs 43
Hhard-disk drive
installing 53replacing 54
IIEEE 802.3ab 40IEEE 802.3z 42installing NICs 46interfaces
connecting network 34IP290 appliances
configuring 29monitoring 16
LLC connector 43, 44
Mmemory
Index - 79
capacity 56replacing or upgrading 56
modem support 15monitoring
NICs 51monitoring IP290 appliances 16multi-mode, fiber-optic cable 43
Nnetwork interface cards
deactivating 45dual-port Ethernet 43installing 45, 46list of available 39monitoring 51PCI operation 39two-port copper Gigabit Ethernet 39two-port fiber-optic Gigabit Ethernet 42two-port Gigabit Ethernet 40
network interfacesconnecting 34
network interfaces, connecting 34null-modem cable 30
PPCI operation of NICs 39PMC connector 62PMC expansion slots 45power connections 30
Rrandom access memory 57recycling retired equipment 17retaining clips, DIMM 60
Sserial port 15single-mode, fiber-optic cable 44specifications
space requirements 73standoffs, motherboard 63
Ttechnical specifications
See specificationstroubleshooting 69two-port Gigabit Ethernet 40
Uupgrading memory 56
VVPN performance 60
Index - 80 Check Point IP290 Security Platform Installation Guide