Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AfterMath
Collaborator

Connect physically security gateway 5200 Aplliance to virtual management server

Hi Guys!

I´m with 5200 CheckPoint Appliance, and i want to be managed by an virtual machine!

Is there a book on how to connect (trust) physically security gateway 5200 Appliance to virtual management server (open server)?

3 Replies
Matt_Ricketts
Employee
Employee

What you are after is what is called a Distributed Mode setup. Where you have a dedicated Mgmt server managing you gateway(s). This is different that a Stand-Alone where both the Mgmt and Gateway functions are within the same appliance.

You can read up on how to do this within the Administration Guides of the version you are wanting to deploy. R81.10 is our Recommended version as of today, with the Recommended Jumbo Hotfix (JHF) installed as well. 

At a super high level, boot your VM off the ISO image and install your version. Please see sk104848 for Best Practices on deploying a Management server in a virtual environment. Once installed, run the First Time Wizard and step through the questions/settings there. Pay attention to the page that asks if this will be a Security Gateway / Security Management. You will want to deselect the Security Gateway box as you are standing up a management server. Once everything is online and you can open SmartConsole to your Management server, you will repeat the process on your 5200. You can boot off a portable USB DVD drive or use the ISOmorphic tool (sk65205) to create a bootable USB stick. (<= 16 GB and USB 2.0 stick)

During the First Time Wizard on the 5200, pay attention to the same Security Gateway / Security Management page. In this case you will deselect the Management box. You will also set a OTP to establish SIC (Secure Internal Communication) at a later time. When this First Time Wizard is all complete, return to your SmartConsole and Add a New Gateway. Fill in the relevant details and initialize with your OTP you previously set.

the_rock
Legend
Legend

One would literally have to write a short book to describe the process lol

Just follow below and you will be fine 🙂

Andy

https://www.youtube.com/watch?v=SdG2XnbULfA

the_rock
Legend
Legend

Also, to add to my 1st comment, make sure that routing/proper communicatios is there between gateway and mgmt server, as thats required for SIC to work. Also, important to keep in mind, verify if initial policy gets loaded, as that would prevent you from doing much, so you may have to temporarily run fw unloadlocal to remove it, until you can push desired policy rules.

HTH

Andy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events