Below is a step-by-step guide from scratch (beginner-friendly) to install and enable Check Point Quantum SD-WAN on firewalls/clusters, with validation checkpoints at each stage.

Assumptions (adjust to your environment):

• Gateway/Cluster running Gaia (appliance or open server).
• Management via SmartConsole (Smart-1 Cloud or on-prem).
• SD-WAN managed through the Infinity Portal.
• You have at least two WAN/ISP links (SD-WAN makes the most sense in this setup).
• Initial goal: Local Breakout (the simplest). We’ll expand later to Overlay/Backhaul.

0) Prerequisites (before changing anything)

0.1 Licensing and Version

• Confirm that your gateway/cluster has compatible licensing and that the software version is supported (R81.10, R81.10.X, R81.20, R82, R82.10). For more details, refer to sk180605.
• Confirm you have access to the Infinity Portal and the required permissions for SD-WAN.

1) Prepare the Gateway/Cluster (Gaia) — from basics to SD-WAN

1.1 Configure WAN and LAN interfaces

In Gaia (WebUI/CLI):

• Configure the IP address, subnet mask, and VLAN (if needed).
• Use clear, consistent interface names (e.g., WAN_ISP1, WAN_ISP2, LAN_USERS).

Gaia interfaces.

1.2 Configure routing (without SD-WAN yet)

The goal here is to ensure each ISP link is fully operational before enabling SD-WAN.

Common options:

• Two default routes with different metrics (primary/secondary)
• Or a temporary simple policy-based route to test each link independently

Validation

• Run ping and traceroute to a public IP via each WAN interface.
• Confirm DNS resolution is working.
• Ensure there are no upstream blocks (ISP/edge restrictions).

Gaia routes + connectivity tests.

2) Install and validate SD-WAN components (Nano Agent and services)

In Quantum SD-WAN, the Nano Agent is the foundation of the control plane: it connects the gateway to the cloud control layer and manages the Nano Services (orchestration / SD-WAN / logger / metrics).

2.1 Onboard the Gateway to the Infinity Portal

In the Infinity Portal:

• Navigate to the SD-WAN section / Gateways area.

• Select the gateway (or create/import it, depending on your environment).
• Generate the Nano Agent installation command/script.
• In the middle section, click Profiles.

Click Quantum Profile to open it.

Note: The SD-WAN application automatically creates this Quantum Profile in the following cases:

• You connect your on-premises management server to the Infinity Portal and configure Object Sharing.

Follow the instructions in the Download and Deployment section to install the Agent on the Security Gateway.

2.2 Install the Nano Agent on the Gateway/Cluster Member

On the gateway (and on each cluster member, if applicable):

• Run the installation command provided by the portal.
  Command execution and successful completion.

2.3 Validate the Nano Agent and Nano Services

On the gateway, run:

cpnano -s

You should see:

• The agent is registered/connected
• Relevant services are Running
• A reasonable last update timestamp
• No communication errors

Output of cpnano -s.

If the Nano Agent does not connect, fix the following before proceeding: DNS, outbound routing, proxy, and/or SSL inspection on the gateway’s outbound path.

In Infinity Portal > SD-WAN > Network > Agents, you can review the connected Security Gateway.

3) Prepare management (SmartConsole) — without this, SD-WAN won’t apply

3.1 Ensure the Security Policy allows the traffic

Critical point for beginners: SD-WAN only steers traffic that is allowed by the Security Policy.

In SmartConsole, verify you have rules that allow:

• LAN → Internet (for the traffic you want to test, e.g., HTTPS/DNS)
• Appropriate NAT (typically Hide NAT for Internet browsing)

Access Control rule + NAT rule (if applicable).

3.2 Publish and install the policy on the gateway/cluster

• Publish in SmartConsole
• Install Policy on the gateway/cluster

4) Configurar SD-WAN no Infinity Portal — do zero (Local Breakout)

4.1 In Infinity portal > SD-WAN application,

From the left navigation panel, click Network.

In the middle panel, click Getting Started.

In the Configure SD-WAN section, click Open Wizard.

In Step (1) Environment, click Next.

In Step (2) Uses Cases:

1.  In this case, for example, select the option “Use only Internet use cases, but no overlay use cases.”

 However, you should choose the option that best matches your environment and requirements.

1. Click Next.

 Quantum Gateways:

1. Select the connected Security Gateway  the one where you previously installed the agent.

1. Click Next.

WAN Link Mapping:

1. Map to the following interfaces:

• WAN 1 : eth1
• WAN 2 : eth2

1. Click Next.

Summary:

1. Select the option : "Publish and Enforce the policy now".

1. Click Done

And that’s it—your initial SD-WAN setup is complete. From this point on, you’ll need to define your SD-WAN rules based on your environment’s requirements. For more information, refer to sk180605:
https://support.checkpoint.com/results/sk/sk180605

Fontes: Quantum SD-WAN - Technical | eLearning https://checkpointpartners.litmoseu.com/course/1588097 , 

Admin Guide:  https://support.checkpoint.com/results/sk/sk180605

Demo Point: SD-WAN https://usercenter.checkpoint.com/ucapps/techpoint/demo-point