Introduction
In this lecture, we will cover installation and initial configuration of a new Security Management Server. The labs settings from the previous lecture.
Deployment Options
Security Management Server (SMS) can be deployed in two different options: Smart-1 Appliance or Open Server.
Let talk about both options in more detail.
1. Smart-1 Appliance
Check Point provides a wide range of Smart-1 appliances that are divided into two groups:
- Enterprise (Smart-1 405, 410, 225, 525)
- High End Enterprise (Smart-1 3050, 5050, 3150, 5150)
![_Val__0-1591874721331.png _Val__0-1591874721331.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6487i6030ECEC111A4022/image-size/medium?v=v2&px=400)
The main difference between two categories is about amount of Security Gateways such appliance can manage. The more firewalls to manage, the bigger the performance requirements for the management server appliance in CPU, RAM, and hard disk size.
2. Open Server
In case of the Open Server deployment, you install SMS on a dedicated physical server or as a virtual machine, with Gaia OS. If the physical server is your choice, check the Hardware Compatibility List.
Deploying SMS as a virtual machine is also a popular option. SMS VM production deployment is supported on several ESX versions, Hyper-V and KVM. See Hardware Compatibility List, tab "Virtual Machines" for more details.
We are deploying SMS as a VM in our lab.
Installation Procedure
Smart-1 and Open Servers installation procedures lightly differ in details. Let’s talk about appliance deployment in brief before covering the Open Server option.
Smart-1 Deployment
By default, Smart-1 appliance comes preinstalled with at least one version of Check Point Gaia software. In most cases, all you need is to initialize it. However, if you want to re-image the appliance or install a software version different from the available factory defaults, look into sk65205 for tools and details.
Deployng SMS as a VM
Our first lab starts here. To install a Security Management Server, we will be using a Windows based WMware Workstation.
By default, with Vmware Workstation installed on your PC, you have two additional network adapters related to VMware Workstation networks: VMnet1 (Host-only) и VMnet8 (NAT).
![_Val__1-1591874721337.png _Val__1-1591874721337.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6485i0814FFACAA241D25/image-size/medium?v=v2&px=400)
We need one more virtual network adapter: - VMnet2.To create in, in the VMware Workstation menu choose Edit -> Virtual Network Editor -> Add Network
After creating a new network, uncheck – “Use local DHCP service…” setting to disable DHCP on it.
![_Val__2-1591874721338.png _Val__2-1591874721338.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6486i1628CCE62ACB7D41/image-size/medium?v=v2&px=400)
Now we can create a new Virtual Machine with the following parameters:
- Virtual Machine Name - SMS
- Guest operating system - Other 64-bit
- RAM - 8GB[i]
- Processors - 2
- HDD - 50
- CD/DVD - Check_Point_R80.10_T462_Gaia.iso
- Network Adapter - VMnet2
![_Val__3-1591874721354.png _Val__3-1591874721354.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6489i9C5F6619AD0AECFC/image-size/medium?v=v2&px=400)
Once you start the machine, it boots from the DVD ISO image file, and the following screen appears:
![_Val__4-1591874721360.png _Val__4-1591874721360.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6490i6C8CE1AAD55102A8/image-size/medium?v=v2&px=400)
Choose “Install Gaia on this system” to start the installation process. It includes six steps:
Proceed with the installation by pressing OK
![_Val__5-1591874721341.png _Val__5-1591874721341.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6488i1F5BA59026F92213/image-size/medium?v=v2&px=400)
Choose the keyboard locale from the menu (we are using US) and press OK again
![_Val__6-1591874721342.png _Val__6-1591874721342.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6491iF96E98418FBE6805/image-size/medium?v=v2&px=400)
Partition the hard drive. In the real world when deploying an Open Server, it is usually safe to rely default Gaia partitioning. Yet, if require, you can change sizes for System-root and Logs partitions.
In production SMS deployment, always set up Logs as the biggest partition. For lab purposes only, we will set up System-root for 17GB, leaving only 10GB for the Logs.
![_Val__7-1591874721342.png _Val__7-1591874721342.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6493i381D2AEDFBEFEAB8/image-size/medium?v=v2&px=400)
Set up the initial admin password. You can chose your own, but we are setting “vpn123” password at this step.
![_Val__8-1591874721343.png _Val__8-1591874721343.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6492iA69BA2883F283BEF/image-size/medium?v=v2&px=400)
Set up IP address, network mask, and the default gateway.
![_Val__9-1591874721344.png _Val__9-1591874721344.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6494i1EDCDC2ADA7C08E9/image-size/medium?v=v2&px=400)
Confirm the setup parameters and start installation by pressing OK.
![_Val__10-1591874721346.png _Val__10-1591874721346.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6495iD8058BAD2FB39035/image-size/medium?v=v2&px=400)
At the end of installation procedure, you will see the note about first time configuration accessible via https://192.168.1.100. Press reboot and wait until the VM is fully up.
![_Val__11-1591874721347.png _Val__11-1591874721347.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6496i5A423FA6D8B4ABBE/image-size/medium?v=v2&px=400)
At this point, we have finished the installation. Let’s run a First Time Wizard to complete configuration of our SMS.
Initializing
Although, as mentioned above, installation / re-imaging of Smart-1 appliance and Open Server differ, First Time Wizard flow is identical in both cases.
To continue, we need to set up an IP address on virtualization host (your PC) VMnet2 adapter as 192.168.20 and network mask for class C (255.255.255.0).
![_Val__12-1591874721362.png _Val__12-1591874721362.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6499i1AC92C441D46D787/image-size/medium?v=v2&px=400)
Once the IP address is set, you can connect with a browser to https://192.168.1.100. Most probably, you will see “Invalid Certificate” security warning. Default Gaia installation uses self-signed certificates, so you can ignore the message and connect. You will see an authentication prompt.
![_Val__13-1591874721350.png _Val__13-1591874721350.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6497iA93684F49AA108FC/image-size/medium?v=v2&px=400)
Type in username admin and the password you chose previously (vpn123). You will see the First Time Wizard Welcome screen. Press Next button:
![_Val__14-1591874721364.png _Val__14-1591874721364.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6498iAA3794067D948940/image-size/medium?v=v2&px=400)
Choose “Continue with R80.10 configuration” and press Next:
![_Val__15-1591874721351.png _Val__15-1591874721351.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6500iFF970A764E1A7262/image-size/medium?v=v2&px=400)
Do not change Management Connection settings and continue by pressing Next:
![_Val__16-1591874721351.png _Val__16-1591874721351.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6503i66BE3761F6348A3F/image-size/medium?v=v2&px=400)
Set up a Host Name - SMS, Domain Name - testlab.local, and DNS server – 8.8.8.8, then press Next:
![_Val__17-1591874721348.png _Val__17-1591874721348.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6502i8B92F08335E949E6/image-size/medium?v=v2&px=400)
You can leave default time and date settings:
![_Val__18-1591874721349.png _Val__18-1591874721349.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6507iD5C1DFB2036F72C9/image-size/medium?v=v2&px=400)
On Installation Type screen chose the first option – Security Gateways and/or Security Management, then press Next:
![_Val__19-1591874721353.png _Val__19-1591874721353.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6506iDD2C6F254A454B62/image-size/medium?v=v2&px=400)
On the Products screen chose only Security Management option and press Next:
![_Val__20-1591874721355.png _Val__20-1591874721355.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6504i2008ADC3ACEB89B3/image-size/medium?v=v2&px=400)
We will be using Gaia administrator settings for Security Management default Administrator account:
![_Val__21-1591874721357.png _Val__21-1591874721357.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6508iEEE5782231DE040B/image-size/medium?v=v2&px=400)
We will also leave the default “Any IP Address” settings for GUI clients list:
![_Val__22-1591874721366.png _Val__22-1591874721366.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6509iDD65223132681F77/image-size/medium?v=v2&px=400)
Finally, confirm all the settings and press Finish to start configuration process.
![_Val__23-1591874721367.png _Val__23-1591874721367.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6510i51D84F0B4F344896/image-size/medium?v=v2&px=400)
The process takes 10 to 15 minutes:
![_Val__24-1591874721367.png _Val__24-1591874721367.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6511i474E2C89A85B7EBB/image-size/medium?v=v2&px=400)
Once it is finished, we get access to Gaia OS WebUI:
![_Val__25-1591874721368.png _Val__25-1591874721368.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6512i548D3781557FE57A/image-size/medium?v=v2&px=400)
In the next lecture, we will describe installation and initial configuration of a new Security Gateway. Stay tuned!
[i] In case of very limited resources, you can use 5GB, but remember, the minimal requirements for SMS RAM are 8GB.
----------------------------
Authors and contributors
Author - Evgeniy Olkov, CTO at TS Solution.
Founded in 2010, the TS Solution is a fast growing Russian company, focused on integrating high-tech networking, security and server virtualization systems and technologies, along with maintenance and professional services.
Translation and editing - Valeri Loukine
Review and editing - Dameon Welch-Abernathy