Your hardware must meet or exceed the minimum system requirements. Your hardware will determine the throughput performance of your firewall.
Obtain your VPN-1/FireWall-1 licenses before you start installing the firewall software. The built-in evaluation license will only be valid for 15 days.
You should configure the external IP address on the first interface that comes up on your firewall. This external IP should be configured in your hosts file to resolve to the hostname of the computer.
IP forwarding must be enabled.
Disable any unnecessary services on your operating system.
Make sure DNS is configured properly, and get a PTR record setup for each NAT address you will be using on your firewall.
Be prepared to answer questions during installation about your licenses, administrators, GUI clients , SNMP extension, and group permissions.
Read the software release notes prior to installing or upgrading.
Check Point Express requires a hotfix supplement for the licenses to work correctly on NG with Application Intelligence (R54).
Begin the installation by inserting the Check Point Next Generation CD.
The SVN foundation must be installed first.
The default folder installation location for VPN-1/FireWall-1 is c:\winnt\fw1\NG.
A reboot after installing the VPN-1/FireWall-1 software should be performed.
Configure your firewall licenses, administrators, GUI clients, and CA at any time by choosing Start Programs Check Point Management Clients Check Point Configuration NG .
The SVN foundation must be removed last.
Remove packages by selecting Control Panel Add/Remove Programs .
Reboot after uninstalling VPN-1/FireWall-1.
Begin the installation by inserting the Check Point Next Generation CD and running./UnixInstallScript.
When installing from files, use the pkgadd “d command.
The SVN foundation package CPshrd-54 must be installed first.
Initial configuration screens include Licenses, Administrators, GUI Clients, SNMP Extension, Group Permissions, and CA initialization.
A reboot after installing the VPN-1/FireWall-1 CPfw1-54 package should be performed.
After reboot, the firewall will load the InitialPolicy, blocking any connection to the firewall. The policy can be unloaded by typing fw unloadlocal .
You must su “ to root to run cpconfig , which allows an administrator to reconfigure the firewall at any time.
Remove packages with the pkgrm command.
The SVN foundation CPshrd-54 package must be uninstalled last.
The first time you remove the Primary SmartCenter Server, the pkgrm will fail. Simply run it again to successfully remove the package.
A reboot after uninstalling the VPN-1/FireWall-1 CPfw1-54 package should be performed.
IPSO 3.7 is required before installing VPN-1/FireWall-1 NG FP1 on a Nokia appliance.
The command newimage is used to install new IPSO images.
The command newpkg is used to install new packages.
The SVN foundation must be installed first.
Reboot after installing the SVN foundation package.
Reboot after installing the VPN-1/FireWall-1 package.
After the package is installed, run cpconfig to finish the installation process.
Use the Voyager GUI to activate installed packages via the Manage Installed Packages link. Always Apply and Save any change you make in the Voyager GUI.
SecurePlatform is a pre- hardened , performance- tuned version of Linux created and supported directly by Check Point at no charge.
SecurePlatform turns a standard server into a security appliance in minutes.
SecurePlatform has two levels of access to the command line: restricted and expert.