05 November 2019 1590 APPLIANCE R80.
Check Point Copyright Notice Check Point Copyright Notice © 2019 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point.
1590 Appliance R80.20 Getting Started Guide Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Certifications For third party independent certification of Check Point products, see the Check Point Certifications page. Check Point R80.20 For more about this release, see the R80.20 home page.
Table of Contents Table of Contents Introduction 6 Shipping Carton Contents 7 Setting up the Appliance 8 Wall Mounting Connecting the Cables 8 9 First Time Deployment Options 10 Appliance Diagrams and Specifications 11 Front Panel 12 Back Panel 14 Side Panels 16 Using the First Time Configuration Wizard 18 Starting the First Time Configuration Wizard 18 Welcome 19 Zero Touch 19 Authentication Details 21 Appliance Date and Time Settings 23 Appliance Name 24 Security Policy Ma
Table of Contents Information sur la Santé et la Sécurité Support 51 58 1590 Appliance R80.
Introduction Introduction Thank you for choosing Check Point's Internet Security Product Suite. Check Point products provide your business with the most up to date and secure solutions available today. Check Point also delivers worldwide technical services including educational, professional, and support services through a network of Authorized Training Centers, Certified Support Partners, and Check Point technical support personnel to ensure that you get the most out of your security investment.
Introduction Shipping Carton Contents Item Quantity Description Appliance 1 1590 Appliance appliance LAN cable 1 1.8m - RJ45 to RJ45, CAT5e, shielded, STP, black color Console cable 1 1m, USB type-C to USB-2.0 type-A, black color Power adapter 1 AC to 12VDC desktop, 40W wired, 60W WiFi, black color Power cord for adapter 1 Plug types: US, UK, EU and AUS/NZ, India, China, Japan Rubber feet 4 Assembled on the appliance Wall mount kit 1 Includes drilling hole location sticker.
Setting up the Appliance Setting up the Appliance 1. Remove the Check Point 1590 Appliance appliance from the shipping carton and place it on a tabletop. 2. Optional - Remove the transparent protective sticker from the front panel of the appliance. 3. Identify the network interface marked as LAN1. This interface is preconfigured with the IP address 192.168.1.1. Wall Mounting To mount the appliance to the wall: 1. Place the wall-mount sticker on the wall and drill two holes for the screws. 2.
Connecting the Cables Connecting the Cables 1. Connect the power supply unit to the appliance and to a power outlet. The appliance is turned on when the power supply is connected. 2. When the appliance is turned on, the Power LED on the front panel lights up in red for a short period. The LED then turns blue and starts to blink. This shows a boot is in progress and firmware is being installed. When the LED turns a solid blue, the appliance is ready for login.
First Time Deployment Options First Time Deployment Options There are different options for first time deployment of your gateways: n "Using the First Time Configuration Wizard" on page 18 n "Zero Touch Cloud Service" on page 41 n "USB Drive or SD Card" on page 42"USB Drive or SD Card" on page 42 1590 Appliance R80.
First Time Deployment Options Appliance Diagrams and Specifications This section describes the different features in the front, back, and side panels of these 1590 Appliance models: n Wired n WiFi ( with antennas) Note - Depending on which model appliance you have, some of the specifications below may vary. 1590 Appliance R80.
First Time Deployment Options Front Panel Note - There is only one set of LEDs. These LEDs show different colors (blue or red) depending on what activity is occurring. Table: LEDs Key Item 1 WiFi LED n Off - WiFi off (WiFi models only) n Blue - WiFi on and operates normally n Red - WiFi error/alert 2 Management LED Description n n Off – No management Colors - See below 1590 Appliance R80.
First Time Deployment Options Table: LEDs (continued) Key Item 3 Internet LED 4 Description Power LED (Status) n Off - No internet connection n Blue - Connected n Blinking Red - Connection failure n Solid Blue – Normal operation n Blinking Blue – Boot in progress or installing firmware. n Red – Error/Alert Note – This LED is red when the appliance is first turned on. The Management LED shows the status of the retries mechanism: Action Management LED Activity Zero Touch is running.
First Time Deployment Options The table below describes the network LEDs (RJ45 WAN and LAN ports and the SFP). Each port uses a bicolor LED to reflect the link/activity and speed, from 10M to 1GbE. RJ45 and 1G SFP LED1 (Green) LED2 (Amber) No link Off Off 1G link ON ON 1G Act Blink ON 100M link ON Off 100M Act Blink Off 10M link ON Off 10M Act Blink Off Back Panel 1590 Appliance R80.
First Time Deployment Options Key Item Description 1 Reset Short press resets the system but does not remove any user parameters. 2 Ground screw Functional grounding. 3 Factory default Press the button continuously for 12 seconds to restore the appliance to its factory default. All user parameters previously configured are removed. 4 LAN ports LAN ports 1-8. 10/100/1000MbE 5 DMZ fiber SFP port DMZ combination port. The LEDs above indicate connection and speed (see below).
First Time Deployment Options Side Panels Key Item Description 1 Anti-theft slot Insert anti-theft cable here. Use Kensington and Sunbox TL-623M cable as a reference. 2 SD slot Insert micro-SD card here. Notes: 1590 Appliance R80.
First Time Deployment Options n Micro-SD card supports formats NTFS and FAT, up to 256GB size. n While inserting the micro-SD card, make sure the golden pins are facing upward: 1590 Appliance R80.
Using the First Time Configuration Wizard Using the First Time Configuration Wizard Configure the Check Point 1590 Appliance appliance with the First Time Configuration Wizard. To close the wizard and save configured settings, click Quit. Note - In the First Time Configuration Wizard, you may not see all the pages described in this guide. The pages that show in the wizard depend on your appliance model and the options you select.
Welcome Welcome The Welcome page introduces the product and shows the name of your appliance. You can connect to the Zero Touch server to fetch settings automatically from the cloud. To change the language of the WebUI application: Select the language link at the top of the page. Note - Only English is allowed as the input language. Zero Touch Zero Touch enables a gateway to automatically fetch settings from the cloud when it is connected to the internet for the first time.
Welcome To connect to the Zero Touch server: 1. In the Welcome page, click Fetch Settings from the cloud. 2. In the window that opens, click OK to confirm that you want to proceed. 3. The Internet connection page opens. Configure your Internet connection and click Connect. 4. The Fetching settings from the cloud window opens and shows the Connecting to the service provider status. This process may take several minutes. 5. If you fail to connect, an error message appears.
Authentication Details Authentication Details In the Authentication Details page, enter the required details to log in to the Check Point 1590 appliance WebUI application or if the wizard terminates abnormally: n Administrator Name - We recommend that you change the default "admin" login name of the administrator. The name is case sensitive. n Password - A strong password has a minimum of 6 characters with at least one capital letter, one lower case letter, and a special character.
Authentication Details 1590 Appliance R80.
Appliance Date and Time Settings Appliance Date and Time Settings In the Appliance Date and Time Settings page, configure the appliance's date, time, and time zone settings manually or use the Network Time Protocol option. When you set the time manually, the host computer's settings are used for the default date and time values. If necessary, change the time zone setting to show your correct location. Daylight Savings Time is automatically enabled by default.
Appliance Name Appliance Name In the Appliance Name page, enter a name to identify the appliance, and enter a domain name (optional). When the gateway performs DNS resolving for a specified object’s name, the domain name is appended to the object name. This lets hosts in the network look up hosts by their internal names. 1590 Appliance R80.
Security Policy Management Security Policy Management In the Security Policy Management page, select how to manage security settings: n Central management - A remote Security Management Server manages the Security Gateway in SmartDashboard with a network object and security policy. n Local management - The appliance uses a web application to manage the security policy. After you configure the appliance with the First Time Configuration Wizard, the default security policy is enforced automatically.
Internet Connection Internet Connection In the Internet Connection page, configure your Internet connectivity details or select Configure Internet connection later. To configure Internet connection now: 1. Select Configure Internet connection now . 2. From the Connection type drop down list, select the protocol used to connect to the Internet. 3. Enter the fields for the selected connection protocol. The information you must enter is different for each protocol.
Internet Connection 1590 Appliance R80.
Local Network Local Network In the Local Network page, select to enable or disable switch on LAN ports and configure your network settings. By default, they are enabled. You can change the IP address and stay connected as the appliance's original IP is kept as an alias IP until the first time you boot the appliance. Tell me about the fields... n Enable switch on LAN ports - Aggregates all LAN ports to act as a switch with one IP address for the switch.
Local Network Important - If you choose to disable the switch on LAN ports (clear the checkbox), make sure your network cable is placed in the LAN1 port. Otherwise, connectivity will be lost when you click Next. 1590 Appliance R80.
Wireless Network Wireless Network For WiFi models only: In the Wireless Network page, configure wireless connectivity details. When you configure a wireless network, you must define a network name (SSID). The SSID (service set identifier) is a unique string that identifies a WLAN network to clients that try to open a wireless connection with it. We recommend that you protect the wireless network with a password. Otherwise, a wireless client can connect to the network without authentication.
Administrator Access Administrator Access In the Administrator Access page, configure if administrators can use the appliance from a specified IP address or any IP address. To configure administrator access: 1. Select the sources from where administrators are allowed access: n LAN - All internal physical ports. n Trusted wireless - A known wireless network. n VPN - Using encrypted traffic through VPN tunnels from a remote site or using a remote access client.
Administrator Access 1590 Appliance R80.
Appliance Registration Appliance Registration The appliance can connect to the Check Point User Center with its credentials to pull the license information and activate the appliance. If you have Internet connectivity configured: Click Activate License. You are notified that you successfully activated the appliance and you are shown the status of your license for each blade. If you are working offline while configuring the appliance: 1.
Appliance Registration You are notified that you successfully activated the appliance and you are shown the status of your license for each blade. To postpone appliance registration and get a 30-day trial license: 1. Click Next. The License activation was not complete notification message is shown. 2. Click OK. The appliance uses a 30-day trial license for all blades. You can register the appliance later from the WebUI Device > License page.
Appliance Registration 3. In the new window, enter: n First name n Last Name n Email . You must enter this a second time to confirm. n Company - This is the Account Name to which the appliance is paired. 4. Click Next. The Software Blades Activation page opens. 1590 Appliance R80.
Security Management Server Authentication Security Management Server Authentication For Centrally managed appliances only: When you select central management as your security policy management method, the Security Management Server Authentication page opens.
Security Management Server Connection Security Management Server Connection For Centrally managed appliances only: After you set a one-time password for the Security Management Server and the appliance, you can connect to the Security Management Server to establish trust between the Security Management Server and the appliance. To connect to the Security Management Server, select: n Connect to the Security Management Server now .
Security Management Server Connection 1590 Appliance R80.
Software Blade Activation Software Blade Activation Select the Software Blades to activate on this appliance. QoS (bandwidth control) can only be activated from the WebUI after completing the First Time Configuration Wizard. 1590 Appliance R80.
Summary Summary The Summary page shows the details of the elements configured with the First Time Configuration Wizard. Click Finish to complete the First Time Configuration Wizard. The WebUI opens on the Home > System page. To back up the system configuration in the WebUI: Go to Device > System Operations > Backup. 1590 Appliance R80.
Zero Touch Cloud Service Zero Touch Cloud Service The Zero Touch Cloud Service lets you easily manage the initial deployment of your gateways in theZero Touch portal. Zero Touch enables a gateway to automatically fetch settings from the cloud when it is connected to the internet for the first time. Note - If you already used the First Time Configuration Wizard to configure your appliance, you cannot use the Zero Touch Cloud service.
Zero Touch Cloud Service USB Drive or SD Card The USB drive or SD card can be used for rapid deployment of configuration files, or to install an image, without using the First Time Configuration Wizard. The configuration file lets you configure more settings and parameters than are available in the First Time Configuration Wizard You can deploy configuration files in these conditions: n An appliance with default settings is not configured at all.
Health and Safety Information Health and Safety Information Read these warnings before setting up or using the appliance. Warning - Do not block air vents. A minimum 1/2 inch clearance is required. Warning - This appliance does not contain any user-serviceable parts. Do not remove any covers or attempt to gain access to the inside of the product. Opening the device or modifying it in any way has the risk of personal injury and will void your warranty.
Health and Safety Information n Do not use the telephone to report a gas leak in the vicinity of the leak. n Use only the power cord and batteries indicated in this manual. Do not dispose of batteries in a fire. They may explode. Check with local codes for possible special disposal instructions. n This equipment is not suitable for use in locations where children are likely to be present. n Make sure to connect the power cord to a socket-outlet with a grounded connection.
Health and Safety Information Certification New Type CE EN 55032:2015 + AC:2016, Class B EMC, *RF/Wi-Fi CE EN 55032:2012 + AC:2013, Class B CE EN 55024:2010 / A1:2015 CE EN 55024:2010 FCC Part15B ICES-003 AS/NZS CISPR32 VCCI, V-3/2015.4 , V4/2012.
Health and Safety Information This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
Health and Safety Information If this Gateway causes harm to the telephone network, the telephone company will notify you in advance that temporary discontinuance of service may be required. But if advance notice isn't practical, the telephone company will notify the customer as soon as possible. Also, you will be advised of your right to file a complaint with the FCC if you believe it is necessary.
Health and Safety Information 1. This device may not cause interference, and 2. This device must accept any interference, including interference that may cause undesired operation of the device. Le présent appareil est conforme aux CNR d'Industrie Canada applicables aux appareils radio exempts de licence. L'exploitation est autorisée aux deux conditions suivantes: 1. L'appareil ne doit pas produire de brouillage, et 2.
Health and Safety Information 3. Le gain maximal d’antenne permis (pour les dispositifs utilisant la bande 5725-5850 MHz) doit se conformer à la limite de p.i.r.e. spécifiée pour l’exploitation point à point et non point à point, selon le cas. 4. Les pires angles d’inclinaison nécessaires pour rester conforme à l’exigence de la p.i.r.e. applicable au masque d’élévation, et énoncée à la section 6.2.2 3), doivent être clairement indiqués. (Pour 5G B2 avec les périphériques DFS uniquement) 5.
Health and Safety Information This symbol on the product or on its packaging indicates that this product must not be disposed of with your other household waste. Instead, it is your responsibility to dispose of your waste equipment by handing it over to a designated collection point for the recycling of waste electrical and electronic equipment.
Information sur la Santé et la Sécurité Information sur la Santé et la Sécurité Avant de mettre en place ou d'utiliser l'appareil, veuillez lire les avertissements suivants. Avertissement - .ne pas obturer les aérations. Il faut laisser au moins 1,27 cm d'espace libre. Avertissement - cet appareil ne contient aucune pièce remplaçable par l'utilisateur. Ne pas retirer de capot ni tenter d'atteindre l'intérieur.
Information sur la Santé et la Sécurité n Ne pas utiliser ce produit à proximité de l'eau, par exemple près d'une baignoire, d'un lavabo, d'un évier de cuisine ou de buanderie, dans un sous-sol humide ou près d'une piscine. n Evitez d'utiliser un téléphone (autre qu'un téléphone sans fil) par temps de foudre. Les éclaires impliquent un risque faible d'électrocution. n N'utilisez pas la téléphone pour signaler une fuite de gaz si vous vous tenez près de cette fuite.
Information sur la Santé et la Sécurité Certification Nouvelle Type CE EN 55032:2015 + AC:2016, Class B EMC, *RF/Wi-Fi CE EN 55032:2012 + AC:2013, Class B CE EN 55024:2010 / A1:2015 CE EN 55024:2010 FCC Part15B ICES-003 AS/NZS CISPR32 VCCI, V-3/2015.4 , V4/2012.
Information sur la Santé et la Sécurité Adresse de la compagnie: 959 Skyway Road Suite 300, San Carlos, CA 94070 Téléphone: 1-800-429-4391 Cet équipement a été testé et déclaré conforme aux limites pour appareils numériques de classe B, selon la section 15 des règlements de la FCC. Ces limitations sont conçues pour fournir une protection raisonnable contre les interférences nocives dans un environnement résidentiel.
Information sur la Santé et la Sécurité Le numéro de REN (Ringer Equivalence Number) est utilisé pour déterminer le nombre d'appareils pouvant être branchés sur une ligne téléphonique. Un trop grand nombre de REN sur une même ligne téléphonique peut avoir pour résultat que les appareils n'émettront pas de sonnerie lors d'un appel entrant. Dans la plupart des zones, la somme des REN ne devra pas dépasser cinq (5.0).
Information sur la Santé et la Sécurité Le présent appareil est conforme aux CNR d'Industrie Canada applicables aux appareils radio exempts de licence. L'exploitation est autorisée aux deux conditions suivantes: 1. L'appareil ne doit pas produire de brouillage, et 2. L'utilisateur de l'appareil doit accepter tout brouillage radioélectrique subi, même si le brouillage est susceptible d'en compromettre le fonctionnement. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
Information sur la Santé et la Sécurité Directive de l'Union européenne relative à la compatibilité électromagnétique Ce produit est certifié conforme aux exigences de la directive du Conseil concernant le rapprochement des législations des États membres relatives à la directive sur la compatibilité électromagnétique (2014/30/EU).
Support Support For technical assistance, contact Check Point 24 hours a day, seven days a week at: n +1 972-444-6600 (Americas) n +972 3-611-5100 (International) When you contact support, you must provide your MAC address. For more technical information, go to: http://supportcenter.checkpoint.com To learn more about the Check Point Internet Security Product Suite and other security solutions, go to: https://www.checkpoint.com 1590 Appliance R80.