Important: It is strongly recommended to export the management database from the Smart-1 appliance before proceeding. The administrator can import the configuration database at a later time.
Virtual console keyboard and mouse redirection, Virtual Media
Notes:
vConsole is supported only via the iDRAC graphical user interface (GUI), which is built on HTML5; Java or OpenJRE are not officially supported.
Check Point is in the process of integrating the LOM (iDRAC) with Gaia OS to provide more secured and robust operations. Customers who require LOM (iDRAC) now, are instructed to use it in the following fashion:
Access should be limited by placing a firewall in front of the LOM interface. Firewall must allow traffic to the LOM interface (HTTPS, port 443) only from the specific internal IP addresses on your network. These internal IP addresses must be trusted, and their connections to the LOM interface must be over a trusted network.
Important:
Creating a user can only be done with the SetiDRACUser command.
Creating a user in another way may lead to problems, and is not supported by Check Point.
Procedure:
Install the required hotfix (if necessary) on the Smart-1 appliance.
In Expert mode, create a new restricted operator iDRAC user. Run:
On R80.20 with R80.20 JHF (Take 160 and higher), R80.30 with R80.30 JHF (Take 163 and higher), R80.40 and higher:
Enable access to LOM (iDRAC) in a protected environment only.
Configure a firewall in front of the LOM interface that restricts access to specific sources only. The users must connect over trusted networks.
Do you wish to continue (y/n)? y
On R80.10:
Warning!
You are installing a hotfix enabling an administrative control of the Check Point Smart-1 appliance through a LOM interface, being offered to users who have requested to have the LOM interface enabled prior to the release of a formal update. By proceeding with the installation, you acknowledge and agree that this is a preliminary interim solution developed without having undergone Check Point's ordinary testing and development processes and may therefore carry certain vulnerabilities.
You further acknowledge that this hotfix is provided to you for your own internal use and agree to treat it as confidential and proprietary and not allow its release or installation by anyone outside your organization.
Do you wish to continue (y/n)? y
Enter the User ID.
Note: The User ID should be between 3-16 (For example: 5, 7, 12).
Enter the User Name.
Enter the User Password.
It is strongly recommended that the password be strong.
The default IP address of the LOM/iDRAC interface is: 192.168.0.100
To change this IP address:
Connect to the command line on the Smart-1 Appliance.
This section applies only to Smart-1 6000-L / 6000-XL models.
This section applies only to R81.20 and higher releases.
There are two available procedures:
Installing Gaia OS when the current host Gaia OS is accessible
Installing Gaia OS when the current host Gaia OS is not accessible and requires recovery
Procedure for Installing Gaia OS when the current host Gaia OS is accessible
Connect to the iDRAC web interface.
Mount a Virtual Media:
A. Go to Virtual Console. B. Click Virtual Media. C. Click Connect Virtual Media. D. Add the Gaia OS installation image.
Change the boot order in the host Gaia OS and reboot:
A. Connect to the command line on the host Gaia OS (from the Virtual Console or through an SSH connection). B. Log in to the Expert mode. C. Configure the boot order to start the boot from the UCD-DVD device: cpidrac --set_first_boot_device=UCD-DVD Note: This command does not show an output. D. Reboot the appliance: reboot
Installation starts during the boot.
Example:
Procedure for Installing Gaia OS when the current host Gaia OS is not accessible and requires recovery
Log in to the iDRAC web interface with the user you created with the "SetiDRACUser" command during the initial configuration and deployment of the Smart-1 appliance.
Re-initialize the RAID through the iDRAC Console connection.
Important - This is a critical step that forces the appliance to cycle through the boot order. Because the RAID is built from scratch, there is no boot partition. The appliance continues to the next available boot option, and eventually gets to the Virtual Media you connect in Step # 4 below.
A. Go to Virtual Console. B. Press the CTRL+R keys to reboot the appliance. C. During boot, press the F2 key to open the BIOS Configuration Utility. D. From the top, go to the VD Mgmt menu. E. Go to Disk Group > Virtual Disks > select ID: 0, Virtual Disk. F. Press the F2 key > click on Initialization > select Fast Init > and press the Enter key. Example: G. The appliance reboots. H. During boot, press the F11 key to open the Boot Manager. I. Select One-shot BIOS Boot Menu and press the Enter key
Connect the Gaia ISO file as a Virtual Media. For instructions, see step # 2 above.
Reboot the appliance (for example, using the Power button).
Important - The appliance tries to boot from its available boot devices in the order they are configured. Because the RAID is built from scratch, there is no boot partition. The appliance continues to the next available boot option, and eventually gets to the Virtual Media you connected.
DSA-2019-059: Dell EMC Network Attached Storage System using Windows Storage Server Security Update for Multiple Hardware Appliance Firmware Vulnerabilities
CVE-2018-15774
Affected iDRAC firmware: iDRAC9 firmware versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 (CVE-2018-15774)
DSA-2021-177: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities
CVE-2021-36347
Affected iDRAC firmware: iDRAC8 firmware versions prior to 2.82.82.82 iDRAC9 firmware versions prior to 5.00.20.00
Note - For Smart-1 525 appliances, an update for 2.82.82.82 will be released in the future. If you need it now, Contact Check Point Support to get a Hotfix for this issue.
DSA-2021-177: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities
CVE-2021-36346
Affected iDRAC firmware: iDRAC8 firmware versions prior to 2.82.82.82
Note - For Smart-1 525 appliances, an update for 2.82.82.82 will be released in the future. If you need it now, Contact Check Point Support to get a Hotfix for this issue.
Smart-1 525
CVE-2021-3712
DSA-2021-177: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities
CVE-2021-3712 CVE-2021-36347
Affected iDRAC firmware: iDRAC8 firmware versions prior to 2.82.82.82 iDRAC9 firmware versions prior to 5.10.00.00
Note - For Smart-1 525 appliances, an update for 2.82.82.82 will be released in the future. If you need it now, Contact Check Point Support to get a Hotfix for this issue.
Gaia ISO install via IDRAC LOM is not supported. Resolved in R81.20. See the section "Installing Gaia OS (R81.20 and higher) in iDRAC on Smart-1 6000-L / 6000-XL models" above.
-
Access to iDRAC is available only with restricted operator user.
-
In iDRAC firmware 4.40.0.0 (End version), if a cable is not connected to the iDRAC port, the IP address is not reported. If a cable is plugged into the iDRAC port and linked up, the correct IP address is reported.
PMTR-68408
It takes about one minute for the lomipset command to apply changes in the network configuration settings.
Give us Feedback
Thanks for your feedback!
Are you sure you want to rate this stars?