Wednesday, May 19, 2010

How to Install Checkpoint Firewall NGX R65 Secureplatform

This is a step by step guide on how to install Checkpoint Firewall NGX on a secureplatform device. This article covers the basic installation part of the Firewall of the Firewall including the Enforcement Module and the Smart Center. A standalone installation is covered in this article, which means that enforcement module and the smartcenter are on the same machine.

1. Insert the Checkpoint CD into the computers CD Drive.
2. You will see a Welcome to Checkpoint SecurePlatform screen. It will prompt you to press any key. Press any key to start the installation,otherwise it will abort the installation.
3.You will now receive a message saying that your hardware was scanned and found suitable for installing secureplatform. Do you wish to proceed with the installation of Checkpoint SecurePlatform.
Of the four options given, select OK, to continue.
4.You will be given a choice of these two:
SecurePlatform
SecurePlatform Pro
Select Secureplatform Pro and enter ok to continue.
5.Next it will give you the option to select the keyboard type. Select your Keyboard type (default is US) and enter OK to continue.
6.The next option is the Networking Device. It will give you the interfaces of your machine and you can select the interface of your choice.
7.The next option is the Network Interface Configuration. Enter the IP address, subnet mask and the default gateway.
For this tutorial, we will set this IP address as 1.1.1.1 255.255.255.0 and the default gateway as 1.1.1.2 which will be the IP address of your upstream router or Layer 3 device.
8.The next option is the HTTPS Server Configuration. Leave the default and enter OK.
9.Now you will see the Confirmation screen. It will say that the next stage of the installation process will format your hard drives. Press OK to Continue.
10.Sit back and relax as the hard disk is formated and the files are being copied.
Once it is done with the formatting and copying of image files, it will prompt you reboot the machine and importantly REMOVE THE INSTALLATION CD. Press Enter to Reboot.
Note: Secureplatform disables your Num Lock by over riding System BIOS settings, so you press Num LOck to enable your Num Lock.
For the FIRST Time Login, the login name is admin and the password is also admin.
11.Start the firewall in Normal Mode.
12.Configuring Initial Login:
Enter the user name and password as admin, admin.
It will prompt you for a new password. Chose a password.
Enter new password: check$123
Enter new password again: check$123
You may choose a different user name:
Enter a user name:fwadmin
Now it will prompt you with the [cpmodule]# prompt.
13. The next step is to launch the configuration wizard. To start the configuration wizard, type "sysconfig".
You have to enter n for next and q for Quit. Enter n for next.
14.Configuring Host name: Press 1 to enter a host name. Press 1 again to set the host name.
Enter host name: checkpointfw
You can either enter an ip address of leave it blank to associate an IP address with this hostname. Leave it blank for now.
Press 2 to show host name. It now displays the name of the firewall as checkpointfw.
Press e to get out of that section.
15.Configuring the Domain name.
Press 2 to enter the config mode for configuring the domain mode. Press 1 to set the domain name.
Enter domain name:yourdomain.com

Example:
Enter domain name: checkpointfw.com
You can press 2 to show the domain name.
16. Configuring Domain Name Servers.
You can press 1 to add a new domain name server.
Enter IP Address of the domain name srever to add: Enter your domain name server IP Address HERE.
Press e to exit.
Network Connections.
17. Press 4 to enter the Network Connections parameter.
Enter 2 to Configure a new connection.
Your Choice:
1) eth0
2) eth1
3) eth2
4) eth3
Press 2 to configure eth1. (We will configure this interface as the inside interface with an IP address of 192.168.1.1 and a subnet mask of 255.255.255.0. The default gateway will be configured as 1.1.1.1.)
Press 1) Change IP settings.
Enter IP address for eth1 (press c to cancel): 192.168.1.1
Enter network Mask for interface eth2 (press c to cancel): 255.255.255.0
Enter broadcast address of the interface eth2 (leave empty for default): Enter
Pres Enter to continue....
Similarly configure the eth2 interface, which will be acting as a DMZ in this case with 10.10.10.1 255.255.255.0.
Press e to exit the configuration menu.
18.Configuring the Default Gateway Configuration.
Enter 5 which is the Routing section to enter information on the default gateway configuration.
1.Set default gateway.
2.Show default gateway.
Press 1 to enter the default gateway configuration.
Enter default gateway IP address: 1.1.1.2
19. Choose a time and date configuration item.
Press n to configure the timezone, date and local time.
This part is self explanatory so you can do it yourself.
The next prompt is the Import Checkpoint Products Configuration. You can n for next to skip this part as it is not needed for fresh installs.
20. Next is the license agreement.You have the option of V for evaluation product, U for purchased product and N for next. If you enter n for next. Press n for next.
Press Y and accept the license agreement.
21.The next section would show you the product Selection and Installation option menu.
Select Checkpoint Enterprise/Pro.
Press N to continue.
22. Select New Installation from the menu.
Press N to continue.
23. Next menu would show you the products to be installed.
Since this is a standalone installation configuration example, select
VPN Pro and
Smartcenter
Press N for next
24.Next menu gives you the option to select the Smartcenter type you would like to install.
Select Primary Smartcenter.
Press n for next.
A validation screen will be seen showing the following products:
VPN-1 Pro and Primary Smartcenter.
Press n for next to continue.
Now the installation of VPN-1 Pro NGX R60 will start.
25. The set of menu is as follows:
Do you want to add license (y/n)
You can enter Y which is the default and enter your license information.
26. The next prompt will ask you to add an administrator. You can add an administrator.
27.The next prompt will ask you to add a GUI Client. Enter the IP Address of the machine from where you want to manage this firewall.
28. The final process of installation is creation of the ICA. It will promtp you for the creation of the ICA and follow the steps. The ICA will be created. Once the random is configured ( you dont have to do anything), the ICA is initialized.
After the ICA initialized, the fingerprint is displayed. You can save this fingerprint because this will be later used while connecting to the smartcenter through the GUI. The two fingerprints should match. This is a security feature.
The next step is reboot. Reboot the firewall.

No comments: