Disabling/bypassing the First Time Configuration Wizard
Background
When installing a new Check Point appliance, or resetting the Check Point appliance to factory defaults, or booting another image on the Check Point appliance for the first time, it is mandatory to run the First Time Configuration Wizard.
The Wizard presents a number of windows, in which you configure the Date and Time, Network Connections, Routing, DNS Servers, Host and Domain Name, and Deployment Type. The features configured in the Wizard are accessible after completing the Wizard via the WebUI.
Connect a standard network cable to the appliance's Management interface and to your management network. This interface is preconfigured with the IP address 192.168.1.1.
Connect to the management interface by connecting from a computer on the same network subnet as the Management interface (for example, with IP address 192.168.1.x and net mask 255.255.255.0). This can be changed later through the WebUI.
To access the administration interface, initiate a connection from a browser to the default administration IP address:
Gaia OS Portal: https://192.168.1.1
SecurePlatform OS WebUI: https://192.168.1.1:4434
Note: Pop-ups must always be allowed for https://<appliance_ip_address>.
The login page appears. Log in with the default system administrator credentials:
Login name: admin
Password: admin
Click on Login.
Change the administrator password, as prompted. The default password is provided to you only to allow access to the appliance for the first time. For security purposes, you must change it to a more secure password.
The First Time Configuration Wizard runs. Perform all the necessary configuration steps. Check the settings that appear on the Summary page.
In addition, on Gaia OS you can check the relevant log file - /var/log/ftw_install.log
Click Finish to complete the First Time Configuration Wizard. The machine will automatically restart (this may take several minutes).
Important Note:
Upon completing the initial configuration, the First Time Configuration Wizard creates the following special (empty) files on the appliance:
OS
Version
File
Gaia OS
R80 and above
/etc/.wizard_accepted
/etc/.wizard_started
R75.40 - R77.30
/etc/.wizard_accepted
SecurePlatform OS
R77.30 and lower
/opt/spwm/conf/wizard_accepted
Existence of these files is checked each time the user tries to configure the appliance.
Running the First Time Configuration Wizard again
If for some reason the user needs to run the First Time Configuration Wizard again, then perform the following steps:
Important Note: If this machine was configured as Security Gateway, then it is not recommended to reconfigure it as StandAlone because after performing the below activity and configuring it as a Standalone you will see Security Management Server status as "Attention" in SmartView Monitor with following messages "Error: 'Security Management Server' is not responding. Verify that 'Security Management Server' is installed on the gateway. If 'Security Management Server' should not be installed verify that it is not selected in the Products List of the gateway (SmartDashboard > Security Gateway > General Properties > Software Blades List)."
Reboot the appliance to apply the changes (not required for Gaia OS):
[Expert@HostName]# reboot
Important Note: If this machine was configured as Security Management Server, and user will reconfigure the machine to be only the Security Gateway, then the following files must be removed from the machine (otherwise, intermittent SIC issues (e.g., 'SIC error no. 147') will arise during policy installation onto this Security Gateway):
Next time user logs into the Gaia Portal / SecurePlatform WebUI, the First Time Configuration Wizard start automatically.
Note: The credentials for Gaia Portal / SecurePlatform WebUI are not reset to the default.
Disabling/bypassing the First Time Configuration Wizard
If for some reason the user needs to disable/bypass the First Time Configuration Wizard, then perform the following steps:
Note: On SecurePlatform OS, if the First Time Configuration Wizard was never run, and it was disabled/bypassed, then when running the 'sysconfig' command for the first time, user must choose Option "Products Configuration" (and go through all the steps). Only then user is allowed to choose Option "Products Installation". Otherwise, user may end up with a non-functional appliance.