Table of Contents:
-
Background
-
Procedures
-
Using the First Time Configuration Wizard
-
Running the First Time Configuration Wizard again
-
Disabling/bypassing the First Time Configuration Wizard
Background
When installing a new Check Point appliance, or resetting the Check Point appliance to factory defaults, or booting another image on the Check Point appliance for the first time, it is mandatory to run the First Time Configuration Wizard.
The Wizard presents a number of windows, in which you configure the Date and Time, Network Connections, Routing, DNS Servers, Host and Domain Name, and Deployment Type. The features configured in the Wizard are accessible after completing the Wizard via the WebUI.
Procedures
Using the First Time Configuration Wizard
Refer to the relevant guides for your appliance:
Basic steps are:
-
Connect a standard network cable to the appliance's Management interface and to your management network. This interface is preconfigured with the IP address 192.168.1.1.
-
Connect to the management interface by connecting from a computer on the same network subnet as the Management interface (for example, with IP address 192.168.1.x and net mask 255.255.255.0). This can be changed later through the WebUI.
-
To access the administration interface, initiate a connection from a browser to the default administration IP address:
Note: Pop-ups must always be allowed for https://<appliance_ip_address>.
-
The login page appears. Log in with the default system administrator credentials:
- Login name:
admin
- Password:
admin
Click on Login.
-
Change the administrator password, as prompted. The default password is provided to you only to allow access to the appliance for the first time. For security purposes, you must change it to a more secure password.
-
The First Time Configuration Wizard runs. Perform all the necessary configuration steps. Check the settings that appear on the Summary page.
In addition, on Gaia OS you can check the relevant log file - /var/log/ftw_install.log
-
Click Finish to complete the First Time Configuration Wizard. The machine will automatically restart (this may take several minutes).
|
Important Note:
Upon completing the initial configuration, the First Time Configuration Wizard creates the following special (empty) files on the appliance:
| OS |
Version |
File |
| Gaia OS |
R80 and above |
/etc/.wizard_accepted/etc/.wizard_started
|
| R75.40 - R77.30 |
/etc/.wizard_accepted |
| SecurePlatform OS |
R77.30 and lower |
/opt/spwm/conf/wizard_accepted |
Existence of these files is checked each time the user tries to configure the appliance. |
Running the First Time Configuration Wizard again
If for some reason the user needs to run the First Time Configuration Wizard again, then perform the following steps:
Important Note: If this machine was configured as Security Gateway, then it is not recommended to reconfigure it as StandAlone because after performing the below activity and configuring it as a Standalone you will see Security Management Server status as "Attention" in SmartView Monitor with following messages "Error: 'Security Management Server' is not responding. Verify that 'Security Management Server' is installed on the gateway. If 'Security Management Server' should not be installed verify that it is not selected in the Products List of the gateway (SmartDashboard > Security Gateway > General Properties > Software Blades List)."
-
Login to Expert mode:
# expert
-
Delete the special file(s):
| OS |
Version |
File |
| Gaia OS |
R80 and above |
[Expert@HostName:0]# rm -i /etc/.wizard_accepted[Expert@HostName:0]# rm -i /etc/.wizard_started
|
| R75.40 - R77.30 |
[Expert@HostName:0]# rm -i /etc/.wizard_accepted |
| SecurePlatform OS |
R77.30 and lower |
[Expert@HostName]# rm -i /opt/spwm/conf/wizard_accepted |
-
Reboot the appliance to apply the changes (not required for Gaia OS):
[Expert@HostName]# reboot
-
Important Note: If this machine was configured as Security Management Server, and user will reconfigure the machine to be only the Security Gateway, then the following files must be removed from the machine (otherwise, intermittent SIC issues (e.g., 'SIC error no. 147') will arise during policy installation onto this Security Gateway):
[Expert@HostName]# rm -i $FWDIR/conf/ICA.crl
[Expert@HostName]# rm -i $FWDIR/conf/InternalCA.*
-
Next time user logs into the Gaia Portal / SecurePlatform WebUI, the First Time Configuration Wizard start automatically.
Note: The credentials for Gaia Portal / SecurePlatform WebUI are not reset to the default.
Disabling/bypassing the First Time Configuration Wizard
If for some reason the user needs to disable/bypass the First Time Configuration Wizard, then perform the following steps:
Note:
On SecurePlatform OS, if the First Time Configuration Wizard was never run, and it was disabled/bypassed, then when running the 'sysconfig' command for the first time, user must choose Option "Products Configuration" (and go through all the steps). Only then user is allowed to choose Option "Products Installation". Otherwise, user may end up with a non-functional appliance.
-
Login to Expert mode:
# expert
-
Create the special file(s):
| OS |
Version |
File |
| Gaia OS |
R80 and above |
[Expert@HostName:0]# touch /etc/.wizard_accepted[Expert@HostName:0]# touch /etc/.wizard_started
|
| R75.40 - R77.30 |
[Expert@HostName:0]# touch /etc/.wizard_accepted |
| SecurePlatform OS |
R77.30 and lower |
[Expert@HostName]# touch /opt/spwm/conf/wizard_accepted |
-
Reboot the appliance to apply the changes (not required for Gaia OS):
[Expert@HostName]# reboot
-
Next time user logs into the Gaia Portal / SecurePlatform WebUI, the First Time Configuration Wizard will not start automatically.
Note: The credentials for Gaia Portal / SecurePlatform WebUI are not reset to the default.
Related solutions and documentation:
