- Products
- Learn
- Local User Groups
- Partners
- More
Check Point
for Beginners
OPEN OTHER ARTICLES
Part 2 - Preparing the Lab
Part 10 - Identity Awareness
Site to Site VPN in R80.x - Tutorial for Beginners
Absolute Beginner’s Guide to R80.x
Handling Traffic in the Access Policy - Knowledge Nuggets
Video - Security Administration Experience
Video - Securing Hybrid Cloud Environment
Video - Smart-1 Cloud - Cloud Based Security Management
Video - Container Security
Video - Identity Based Segmentation
Video - Securing Public Cloud Environment
Video - Threat Hunting, Detection, and Monitoring
Video - Firewall as a Service (FWaaS)
Video - Application Control and URL Filtering
Video - TLS Inspection
Video - Hyper Scale Clustering with Quantum Maestro
Video - Check Point R81.X - Crash Course - Introduction
Video - Check Point R81.X - Crash Course - Admin GUI
Video - Check Point R81.X - Crash Course - SmartConsole
Check Point R81.X - Crash Course - Admin GUI Part 2
Network Security
Lights Out Management (LOM) is a dedicated management interface with its own embedded system. It allows you to manage the appliance independently of the Gaia operating system.
Even if Gaia is unavailable, frozen, or powered off, the LOM interface remains accessible as long as the appliance is connected to power.
The official LOM HTML5-based Card Administration Guide defines it as follows:
"The Lights Out Management (LOM) application lets you remotely control Check Point appliances over a dedicated management channel. This management channel also works when the appliance is turned off or is not responding, if the appliance is connected to a power source."
Whenever I ask customers whether LOM is enabled, many have never heard of it.
Instead of spending several minutes explaining the concept, I simply ask:
"Have you ever used Dell iDRAC?"
Most administrators immediately answer yes.
LOM serves a very similar purpose. Just like Dell iDRAC, it provides out-of-band management, allowing you to remotely access and control the appliance even when the main operating system is unavailable.
This comparison usually makes the concept clear in just a few seconds.
Imagine you are performing a remote Jumbo Hotfix upgrade.
Everything looks normal during the installation, but after the reboot, the firewall never comes back online.
Without LOM, you would probably need someone at the data center to connect a console cable and investigate the issue.
With LOM, you can access the appliance remotely and interact with the console almost as if you were physically in front of it. This can save hours of downtime and avoid unnecessary trips to the data center.
LOM can also mount ISO images remotely.
Imagine you are installing Gaia and discover that your USB drive is corrupted or simply does not work. Having to cancel a maintenance window because of a faulty USB drive is frustrating.
With LOM, you can mount the installation ISO remotely, reinstall Gaia, and control the entire installation process directly from your browser.
Believe me—I have been in this exact situation during a customer deployment, and LOM saved the day.
Before you begin, verify that your appliance model supports LOM by checking the LOM HTML5-based Card Administration Guide.
The initial setup is simple:
Like Gaia, the LOM card also receives firmware updates with bug fixes and improvements.
Before updating, check the recommended firmware version for your appliance in sk88064 – Check Point Appliances LOM Card Firmware Versions Map:
https://support.checkpoint.com/results/sk/sk88064
Download the recommended firmware and upload it through the LOM WebUI under:
Maintenance > Firmware Update
For a complete overview of LOM features and configuration, refer to the LOM HTML5-based Card Administration Guide.
The guide includes the First Time Wizard, firmware update procedures, and an excellent video demonstrating the initial setup.
If you'd like to learn more about LOM, you may also find these articles useful:
To make LOM permanently accessible, the customer should prepare a dedicated management network.
This typically includes:
Since LOM uses an independent management network, it remains available even when the production network or Gaia operating system has problems.
Real-Life Examples
In the photos below, you can easily identify the Ethernet cable connected to each appliance's LOM port.
Below is a great example of a clean LOM deployment in a Maestro environment, completed by a partner of mine.
The LOM interfaces are properly connected on the SGMs, providing reliable out-of-band management that could easily save the day during a future maintenance window—or an unexpected outage. 😊
LOM is one of those features that you may never need—until the day you really need it.
When that moment comes, having LOM already configured can help during troubleshooting, reduce downtime, and eliminate unnecessary trips to the data center.
For this reason, I strongly recommend enabling LOM during every Check Point deployment whenever the appliance supports it.
Lights Out Management (LOM) is a dedicated management interface with its own embedded system. It allows you to manage the appliance independently of the Gaia operating system.
Even if Gaia is unavailable, frozen, or powered off, the LOM interface remains accessible as long as the appliance is connected to power.
The official LOM HTML5-based Card Administration Guide defines it as follows:
"The Lights Out Management (LOM) application lets you remotely control Check Point appliances over a dedicated management channel. This management channel also works when the appliance is turned off or is not responding, if the appliance is connected to a power source."
Whenever I ask customers whether LOM is enabled, many have never heard of it.
Instead of spending several minutes explaining the concept, I simply ask:
"Have you ever used Dell iDRAC?"
Most administrators immediately answer yes.
LOM serves
...You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY