In this lecture, we will cover deployment and initial configuration of a Security Gateway.
Deployment
As mentioned in our first lecture, Security Gateway can be deployed in three different options:
- Check Point Security Appliance;
- Open Server;
- A Virtual Machine.
Note: in the practical part of this lecture, we will be installing our lab Security Gateway as a virtual machine.
Check Point Security Appliance
With Check Point, there are four categories of Security Gateway Appliances:
- Small and Medium Business,
- Enterprise,
- High End Enterprise and Data Center,
- Large Data Centers and Telcos, also known as Scalable Platforms (SP).
Note: SMB and SP appliances use different OS and software and are not part of our discussion.
![_Val__0-1591875088313.png _Val__0-1591875088313.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6514i8970F8FEE5E004F8/image-size/medium?v=v2&px=400)
Similar to what we have noted previously for the case of Smart-1 deployment, Check Point Security Gateway comes preinstalled with at least one version of Check Point Gaia software. If you want to re-image the appliance or install a software version different from the available factory defaults, look into sk65205.
Open Server / virtual machine
If you are deploying your Security Gateway on an Open Server or as a virtual machine, consult with the Hardware Compatibility List to make sure your deployment option is supported by Check Point. Installation flow for open server and a virtual machine is practically identical.
Installing a Software Gateway
In our lab, we will be installing a Security Gateway as a virtual machine. Let us review the lab configuration:
![_Val__1-1591875088319.png _Val__1-1591875088319.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6515iF065CB8003F71B10/image-size/medium?v=v2&px=400)
Create a new virtual machine with the following parameters:
![_Val__2-1591875088314.png _Val__2-1591875088314.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6513iE6AE49CCF8692010/image-size/medium?v=v2&px=400)
Note there are three different NICs defined. The initial installation flow is very similar to the Management Server installation covered in the previous lecture. The only difference is about configuring interfaces.
![_Val__3-1591875088317.png _Val__3-1591875088317.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6516i904396962EF03A6A/image-size/medium?v=v2&px=400)
At this step, choose NIC that shares a network with Lab User PC (VMnet2). In our case, it is eth2. Set up IP as 192.168.1.254/24 and leave Default gateway settings empty.
![_Val__4-1591875088335.png _Val__4-1591875088335.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6519i65F8DFAE4A623D91/image-size/medium?v=v2&px=400)
Continue the installation and reboot.
Initializing Security Gateway
Initialization process is very similar for any Gaia based deployment: an appliance or open server, management or gateway. You are already familiar with the process from the last lecture.
In your browser, connect to https://192.168.1.254 and login with admin user and the password you have defined during installation process (vpn123 in our case). Start the First Time Configuration Wizard and choose “Continue with R80.10 configuration”.
Leave interface eth2 settings as is.
![_Val__5-1591875088335.png _Val__5-1591875088335.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6518iA10FF7770C09882E/image-size/medium?v=v2&px=400)
Wizard will advise you to set up other interfaces. Skip them at this point by pressing Next. We will set up other networks later on.
![_Val__6-1591875088337.png _Val__6-1591875088337.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6521i2ACB7CC85976D538/image-size/medium?v=v2&px=400)
In Device Information menu, set up the machine hostname (SG), domain name (testlab.local) and the Primary DNS Server (8.8.8.8):
![_Val__7-1591875088339.png _Val__7-1591875088339.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6520iBAF0506F36D3831D/image-size/medium?v=v2&px=400)
Leave Date and Time as default and press Next.
Choose “Security Gateways and/or Security Management” for Installation Type and press и Next:
![_Val__8-1591875088340.png _Val__8-1591875088340.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6522iBF7DE98079F4DD09/image-size/medium?v=v2&px=400)
For Products, chose only Security Gateway. Press Next to continue.
![_Val__9-1591875088341.png _Val__9-1591875088341.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6523i794DD23B8357D85E/image-size/medium?v=v2&px=400)
Choose No for Dynamically Assigned IP (DIAP) and press Next:
![_Val__10-1591875088342.png _Val__10-1591875088342.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6524iD2F946435CE3BEE0/image-size/medium?v=v2&px=400)
The last part of the Wizard is about SIC – Secure Internal Communication. In a few words, all parts of Check Point based Security System are using TLS encrypted channel to interconnect. This tunnel is known as SIC. It uses certificate based encryption. Certificates are issued by the Management Server and are initialized with an activation key we are defining at this step.
For further information about SIC, feel free to click on “learn more about SIC” link in the menu.
![_Val__11-1591875088342.png _Val__11-1591875088342.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6525iD5DEA7F9D8645082/image-size/medium?v=v2&px=400)
Press Finish to conclude the initialization process. The machine will reboot.
![_Val__12-1591875088343.png _Val__12-1591875088343.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6526iB03F62B1DB6FA0DB/image-size/medium?v=v2&px=400)
After reboot, you will be able to login into Gaia WebUI, same as in the case of SMS in the previous lecture.
![_Val__13-1591875088347.png _Val__13-1591875088347.png](https://community.checkpoint.com/t5/image/serverpage/image-id/6527i4EB37B4A178C2F84/image-size/medium?v=v2&px=400)
Congratulations, you have successfully finished installation and initial configuration of two major elements of Check Point security system: Security Management and Security Gateway.
Next time we will continue configuring our system and will work with Gaia WebUI and CLI.