Support Center > Search Results > SecureKnowledge Details
Gaia Quick Standalone Setup in R77.30
Solution

General

Gaia Quick Setup is suitable for quick deployment of preconfigured settings on Check Point appliances. You can use it in production environments, for Security Checkup analysis and for demos. Quick Setup configures appliances as Check Point Standalone (Security Management Server and Security Gateway), with selected Software Blades preconfigured, and in Monitor Mode or in Bridge Mode.

 

Supported Appliances

The following appliances series are supported: 2200, 3000, 4000, 5000, 12000, 13000, 15000, 21000, and 23000.

 

Installation Instructions for R77.30

Refer to R77 versions Installation and Upgrade Guide for Gaia Platforms.

 

First Time Configuration Wizard - Step by Step

After the machine is installed, the user should login to the Gaia Portal using the default address of the management interface (192.168.1.1) and run the First Time Configuration Wizard.

Quick Setup is a simplified flow of the Gaia First Time Configuration Wizard which requires only the essential configuration.

  1. Connect to the machine Gaia Portal: https://192.168.1.1
  2. Click 'Next' on the Welcome page, and configure the following details:
    1. Password for 'admin' user (this password will be used to access both Gaia Portal and SmartConsole).
    2. IP address of Management interface.
    3. IP address of external interface for Internet connection.
    4. Networking configuration: Default Gateway, DNS, proxy.
    5. Choose topology: Monitor mode or Bridge mode.
  3. Click 'Next' and 'Finish' to start the configuration process.

Important Notes:

  • At the end of the First Time Configuration Wizard, some appliances may reboot and the initialization process will be performed in the background for several minutes.
  • During this initialization process, only read-only access is possible using SmartConsole.
  • To verify that the installation has finished, check that the bottom section of the /var/log/ftw_install.log file contains the following sentence: end policy load.

 

Details of the Quick Setup Configuration

The machine is configured as a Standalone (Security Management and Security Gateway), with bridge or monitor ports configured and optionally additional external interface for Internet connectivity.

The following Blades will be enabled:

  • Firewall
  • IPS
  • Application Control
  • URL Filtering
  • Anti-Bot
  • Anti-Virus
  • Threat Emulation
  • SmartEvent

Additional information:

  • Topology

    • Management interface is configured as 'Internal'.
    • First interface (e.g. eth1) is configured as 'External' and can be connected to the Internet.
    • Following two interfaces (e.g. eth2 and eth3) are configured as a bridge or monitor ports according to the user's choice. Monitor ports can be used as mirror ports or connected with a TAP device.

    Anti-Spoofing is disabled on all interfaces.

  • Firewall Blade

    The default policy configured with Any-Any-Accept and logging of few common protocols rules.

  • IPS Blade

    The configuration uses the blade's default value. 

  • Application Control and URL Filtering Blades

    The configuration uses the blade's default value.

  • Threat Prevention Blades

    The configuration uses the blade's default value.

  • Additional Features

    Date and time setting are automatically synchronized with the PC on which the setup is performed.

 

Manage the Device from Central Management

You can later manage this device easily using the special converting tool. The script 'standlone_to_gw_registry_update.sh' converts a device configured by QuickSetup into a Gateway-only. This should be used in order to manage the device by an existing Security Management Server.

Usage:

[Expert@HostName]# /bin/standlone_to_gw_registry_update.sh $CPDIR/registry/HKLM_registry.data

Note: Reboot is required after running this command.

 

Limitations

  • QuickSetup configuration is unable to manage Security Gateways of other versions.
  • The device is not activated automatically and a trial period of 15 days will apply until activation.
  • To activate the Threat Emulation blade, appliance activation is needed.
  • Several operations might occur in tandem with your first login to SmartConsole. You will be able to track the progress of these actions in the "recent tasks" window.
  • Verify that using external interface cards with four ports only (not two) before starting QuickSetup.
  • You will need to verify that the machine hostname is a valid Management object name before starting QuickSetup.
  • If Gaia OS is configured in Bridge mode, then before connecting the ports, run the following command in Expert mode and reboot (this command deletes all kernel parameters related to Bridge mode):
    [Expert@HostName]# sed -i '/tap/d' $FWDIR/boot/modules/fwkern.conf

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment