Support Center > Search Results > SecureKnowledge Details
Enabling LOM (iDRAC) Management For Smart-1 525/5050/5150/625 Technical Level
Solution

To enable and upgrade iDRAC a hotfix may be required:

Version Appliance Solution
R80.10 Smart-1 525
Smart-1 5050/5150
R80.10 JHF Take 283 and higher. Contact Check Point Support to get a hotfix.
R80.20 Smart-1 525
Smart-1 5050/5150
R80.20 JHF Take 183 and higher
R80.30 Smart-1 525
Smart-1 5050/5150
R80.30 JHF Take 217 and higher
R80.40 Smart-1 525
Smart-1 5050/5150
Smart-1 625
No hotfix is required.
R81 Smart-1 525
Smart-1 5050/5150
Smart-1 625
No hotfix is required.

Important: It is strongly recommended to export the configuration database before proceeding. The administrator can import the configuration database at a later time.

For instructions on how to download the relevant CPUSE package, refer to sk92449 - Check Point Upgrade Service Engine (CPUSE) - Gaia Deployment Agent

iDRAC firmware upgrade path:

Note: User must first upgrade to Mid version and only afterwards to the End version.

Check Point Model Part Current Version Mid version Upgrade To
Smart-1 525 iDRAC8 v2.50.50.50 Not Necessary To upgrade Smart-1 525 to firmware 2.70.70.70 (End version)
Smart-1 5050/5150 iDRAC9 v3.15.15.15 To upgrade Smart-1 5050/5150 to firmware 3.30.30.30 (Mid version) To upgrade Smart-1 5050/5150 to firmware 4.20.20.20 (End version)
Smart-1 625 iDRAC9 v3.30.30.30 Not Necessary

Note: Smart-1 625 requires a Request for Enhancement


Working with iDRAC

Note: vConsole is supported only via iDRAC graphical user interface (GUI), which is built on HTML5; Java or OpenJRE are not officially supported.

Note:
 Check Point is in the process of integrating the LOM (iDRAC) with GAIA in order to provide more secured and robust operations. Customers who require LOM (iDRAC) now, are instructed to use it in the following fashion.

Access should be limited by placing a firewall in front of the LOM interface allowing the specific internal IP addresses that should access the LOM on port https/443 only. The IP addresses that are allowed access must be from trusted sources over a trusted network.

When defining the operator you will be required to set a password. It is strongly recommended that the password be strong.

Important: 

Creating a user can only be done with the SetiDRACUser command.
Creating a user in another way  may lead to problems, and  is not supported by Check Point.

Proceed as follows:

  1. User installs the hotfix (when necessary).
  2. In Expert mode, the user runs: SetiDRACUser (when you open iDRAC, you get a restricted operator iDRAC user, not an Admin)
    1. Confirm EULA.

      For R80.10:



      For R80.20 JHF (Take 160 and higher), R80.30 JHF (Take 163 and higher), R80.40 and higher:

      Enable access to LOM (iDRAC) in a protected environment only.
      Configure a firewall in front of the LOM interface that restricts access to specific sources only. The users must connect over trusted networks.

      Do you wish to continue (y/n)? y
    2. Enter User ID.
    3. Enter User name.
    4. Enter Password.
  3. The default IP address on the LOM/iDRAC is 192.168.0.100
    In order to change it, in CLI, the user runs: lomipset <new-ip-address> <new-netmask> <new-default-gateway>

To Enable iDRAC User: SetiDRACUser <UserID> <UserName> <Password>

To Disable iDRAC User: UnsetiDRACUser <UserID>

Note: UserID should be between 3-16 (For example: user ID can be 5, or 12, etc.)

If you enable the LOM (iDRAC), Check Point recommends that you use the LOM (iDRAC) to only work with the following features.

The screen captures below illustrate how to navigate to the recommended features on each of the models. Click an item to show/hide its content:

  • Accessing Logs
    For Smart-1 525: Login and select "Logs".



    For Smart-1 5050/5150:  Login and select "Maintenance".

  • Virtual Console
    For Smart-1 525: Login and select "Virtual Console".



    For Smart-1 5050/5150: Login and select "Configuration > Virtual Console".

  • Monitoring
    For Smart-1 525: Login and select "Server > Summary". 



    For Smart-1 5050/5150: Login and select "System".



  • Power Monitoring
    For Smart-1 525: Login and select "Power / Thermal > Power Monitoring".



    For Smart-1 5050/5150: Login and select "Configuration > Power Management".

Warning: Using the LOM (iDRAC) to modify features other than those listed above may present a security risk.


Known Limitations


Issue ID Description

Gaia ISO install via IDRAC LOM is not supported.

Access to iDRAC is available only with restricted operator user.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment