To enable and upgrade iDRAC a hotfix may be required:
Important: It is strongly recommended to export the configuration database before proceeding. The administrator can import the configuration database at a later time.
For instructions on how to download the relevant CPUSE package, refer to sk92449 - Check Point Upgrade Service Engine (CPUSE) - Gaia Deployment Agent
iDRAC firmware upgrade path:
Note: User must first upgrade to Mid version and only afterwards to the End version.
Note: Smart-1 625 requires a Request for Enhancement.
Working with iDRAC
Note: vConsole is supported only via iDRAC graphical user interface (GUI), which is built on HTML5; Java or OpenJRE are not officially supported.
Note: Check Point is in the process of integrating the LOM (iDRAC) with GAIA in order to provide more secured and robust operations. Customers who require LOM (iDRAC) now, are instructed to use it in the following fashion.
Access should be limited by placing a firewall in front of the LOM interface allowing the specific internal IP addresses that should access the LOM on port https/443 only. The IP addresses that are allowed access must be from trusted sources over a trusted network.
When defining the operator you will be required to set a password. It is strongly recommended that the password be strong.
Important:
Creating a user can only be done with the SetiDRACUser command.
Creating a user in another way may lead to problems, and is not supported by Check Point.
Proceed as follows:
- User installs the hotfix (when necessary).
- In Expert mode, the user runs: SetiDRACUser (when you open iDRAC, you get a restricted operator iDRAC user, not an Admin)
- Confirm EULA.
For R80.10:
For R80.20 JHF (Take 160 and higher), R80.30 JHF (Take 163 and higher), R80.40 and higher:
Enable access to LOM (iDRAC) in a protected environment only.
Configure a firewall in front of the LOM interface that restricts access to specific sources only. The users must connect over trusted networks.
Do you wish to continue (y/n)? y
- Enter User ID.
- Enter User name.
- Enter Password.
- The default IP address on the LOM/iDRAC is 192.168.0.100
In order to change it, in CLI, the user runs: lomipset <new-ip-address> <new-netmask> <new-default-gateway>
To Enable iDRAC User: SetiDRACUser <UserID> <UserName> <Password>
To Disable iDRAC User: UnsetiDRACUser <UserID>
Note: UserID should be between 3-16 (For example: user ID can be 5, or 12, etc.)
If you enable the LOM (iDRAC), Check Point recommends that you use the LOM (iDRAC) to only work with the following features.
The screen captures below illustrate how to navigate to the recommended features on each of the models. Click an item to show/hide its content:
- Accessing Logs
For Smart-1 525: Login and select "Logs".
For Smart-1 5050/5150: Login and select "Maintenance".
- Virtual Console
For Smart-1 525: Login and select "Virtual Console".
For Smart-1 5050/5150: Login and select "Configuration > Virtual Console".
- Monitoring
For Smart-1 525: Login and select "Server > Summary".
For Smart-1 5050/5150: Login and select "System".
- Power Monitoring
For Smart-1 525: Login and select "Power / Thermal > Power Monitoring".
For Smart-1 5050/5150: Login and select "Configuration > Power Management".
Warning: Using the LOM (iDRAC) to modify features other than those listed above may present a security risk.
Known Limitations
