24 February 2020 1570/1590 APPLIANCE R80.20.
Check Point Copyright Notice Check Point Copyright Notice © 2020 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point.
1570/1590 Appliance R80.20.05 Getting Started Guide Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Certifications For third party independent certification of Check Point products, see the Check Point Certifications page. Check Point R80.20.05 For more about this release, see the R80.20.05 home page.
Table of Contents Table of Contents Introduction 6 Shipping Carton Contents 7 Setting up the Appliance 8 Wall Mounting Connecting the Cables 8 9 First Time Deployment Options 10 Appliance Diagramals and Specifications 11 Front Panel 14 Back Panel 18 Side Panels 20 Using the First Time Configuration Wizard 24 Starting the First Time Configuration Wizard 24 Welcome 25 Zero Touch 25 Authentication Details 27 Appliance Date and Time Settings 29 Appliance Name 30 Security Policy
Table of Contents Information sur la Santé et la Sécurité Support 58 66 1570/1590 Appliance R80.20.
Introduction Introduction Thank you for choosing Check Point's Internet Security Product Suite. Check Point products provide your business with the most up to date and secure solutions available today. Check Point also delivers worldwide technical services including educational, professional, and support services through a network of Authorized Training Centers, Certified Support Partners, and Check Point technical support personnel to ensure that you get the most out of your security investment.
Introduction Shipping Carton Contents Item Quantity Description Appliance 1 1570/1590 Appliance LAN cable 1 1.8m - RJ45 to RJ45, CAT5e, shielded, STP, black color Console cable 1 1m, USB type-C to USB-2.0 type-A, black color Power adapter 1 AC to 12VDC desktop, 40W wired, 60W WiFi, black color Power cord for adapter 1 Plug types: US, UK, EU and AUS/NZ, India, China, Japan Rubber feet 4 Assembled on the appliance Wall mount kit 1 Includes drilling hole location sticker.
Setting up the Appliance Setting up the Appliance 1. Remove the Check Point 1570/1590 Appliance appliance from the shipping carton and place it on a tabletop. 2. Optional - Remove the transparent protective sticker from the front panel of the appliance. 3. Attach antennas to the model (WiFi and LTE models only). 4. Identify the network interface marked as LAN1. This interface is preconfigured with the IP address 192.168.1.1. Wall Mounting To mount the appliance to the wall: 1.
Connecting the Cables Connecting the Cables 1. Connect the power supply unit to the appliance and to a power outlet. The appliance is turned on when the power supply is connected. 2. When the appliance is turned on, the Power LED on the front panel lights up in red for a short period. The LED then turns blue and starts to blink. This shows a boot is in progress and firmware is being installed. When the LED turns a solid blue, the appliance is ready for login.
First Time Deployment Options First Time Deployment Options There are different options for first time deployment of your gateways: n "Using the First Time Configuration Wizard" on page 24 n "Zero Touch Cloud Service" on page 48 n "USB Drive or SD Card" on page 49"USB Drive or SD Card" on page 49 1570/1590 Appliance R80.20.
First Time Deployment Options Appliance Diagramals and Specifications This section describes the different features in the front, back, and side panels of these 1570/1590 Appliance models: n Wired n WiFi n LTE-WiFi Note - Depending on which model appliance you have, some of the specifications below may vary. Wired 1570/1590 Appliance R80.20.
First Time Deployment Options WiFi 1570/1590 Appliance R80.20.
First Time Deployment Options LTE-WiFi 1570/1590 Appliance R80.20.
First Time Deployment Options Front Panel Wired/WiFi (antennas not shown) LTE-WiFi Note - There is only one set of LEDs. These LEDs show different colors (blue or red) depending on what activity is occurring. 1570/1590 Appliance R80.20.
First Time Deployment Options Table: LEDs Key Item 1 Power LED Description n Solid Blue – Normal operation n Blinking Blue – Boot in progress or installing firmware. n Red – Error/Alert Note – This LED is red when the appliance is first turned on.
First Time Deployment Options The Management LED shows the status of the retries mechanism: Action Management LED Activity Zero Touch is running. Blinks red (slowly) Successfully connected to Zero Touch Cloud Server and saved the deployment script. Blinks red (rapidly) Zero Touch process is completed. SMP activation is not needed. LED off Activation sleeping time. Blinks blue (slowly) Reactivation. Blinks blue (rapidly) SMP is connected. Solid blue. SMP mode is off.
First Time Deployment Options The table below describes the network LEDs (RJ45 WAN and LAN ports and the SFP). Each port uses a bicolor LED to reflect the link/activity and speed, from 10M to 1GbE. RJ45 and 1G SFP LED1 (Green) LED2 (Amber) No link Off Off 1G link ON ON 1G Act Blink ON 100M link ON Off 100M Act Blink Off 10M link ON Off 10M Act Blink Off 1570/1590 Appliance R80.20.
First Time Deployment Options Back Panel Wired WiFi 1570/1590 Appliance R80.20.
First Time Deployment Options LTE-WiFi Key Item Description 1 Reset Short press resets the system but does not remove any user parameters. 2 Ground screw Functional grounding. 3 Factory default Press the button continuously for 12 seconds to restore the appliance to its factory default. All user parameters previously configured are removed. 4 LAN ports LAN ports 1-8. 10/100/1000MbE 5 DMZ fiber SFP port DMZ combination port. The LEDs above indicate connection and speed (see below).
First Time Deployment Options Key Item Description 9 Power cord socket Plug the power adapter cord in here. Side Panels Wired/WiFi/ Side 1 Side 2 1570/1590 Appliance R80.20.
First Time Deployment Options LTE-WiFi Side 1 1570/1590 Appliance R80.20.
First Time Deployment Options Side 2 Key Item Description 1 Anti-theft slot Insert anti-theft cable here. Use Kensington and Sunbox TL-623M cable as a reference. 2 SD slot Insert micro-SD card here. 3 Dual SIM slot Insert one of two SIM cards here (LTE models only) n SIM1 - Micro SIM n SIM2 - Nano SIM 1570/1590 Appliance R80.20.
First Time Deployment Options SD Card Notes : n Micro-SD card supports formats NTFS and FAT, up to 256GB size. n While inserting the micro-SD card, make sure the golden pins are facing upward: Dual SIM Card Notes: n Activation is done manually via clish/WebUI. The user selects the preferred SIM. n The modem supports automatic failover between SIMs. 1570/1590 Appliance R80.20.
Using the First Time Configuration Wizard Using the First Time Configuration Wizard Configure the Check Point 1570/1590 Appliance appliance with the First Time Configuration Wizard. To close the wizard and save configured settings, click Quit. Note - In the First Time Configuration Wizard, you may not see all the pages described in this guide. The pages that show in the wizard depend on your appliance model and the options you select.
Welcome Welcome The Welcome page introduces the product and shows the name of your appliance. You can connect to the Zero Touch server to fetch settings automatically from the cloud. To change the language of the WebUI application: Select the language link at the top of the page. Note - Only English is allowed as the input language. Zero Touch Zero Touch enables a gateway to automatically fetch settings from the cloud when it is connected to the internet for the first time.
Welcome To connect to the Zero Touch server: 1. In the Welcome page, click Fetch Settings from the cloud. 2. In the window that opens, click OK to confirm that you want to proceed. 3. The Internet connection page opens. Configure your Internet connection and click Connect. 4. The Fetching settings from the cloud window opens and shows the Connecting to the service provider status. This process may take several minutes. 5. If you fail to connect, an error message appears.
Authentication Details Authentication Details In the Authentication Details page, enter the required details to log in to the Check Point 1590appliance WebUI application or if the wizard terminates abnormally: n Administrator Name - We recommend that you change the default "admin" login name of the administrator. The name is case sensitive. n Password - A strong password has a minimum of 6 characters with at least one capital letter, one lower case letter, and a special character.
Authentication Details 1570/1590 Appliance R80.20.
Appliance Date and Time Settings Appliance Date and Time Settings In the Appliance Date and Time Settings page, configure the appliance's date, time, and time zone settings manually or use the Network Time Protocol option. When you set the time manually, the host computer's settings are used for the default date and time values. If necessary, change the time zone setting to show your correct location. Daylight Savings Time is automatically enabled by default.
Appliance Name Appliance Name In the Appliance Name page, enter a name to identify the appliance, and enter a domain name (optional). When the gateway performs DNS resolving for a specified object’s name, the domain name is appended to the object name. This lets hosts in the network look up hosts by their internal names. 1570/1590 Appliance R80.20.
Security Policy Management Security Policy Management In the Security Policy Management page, select how to manage security settings: n Central management - A remote Security Management Server manages the Security Gateway in SmartDashboard with a network object and security policy. n Local management - The appliance uses a web application to manage the security policy. After you configure the appliance with the First Time Configuration Wizard, the default security policy is enforced automatically.
Internet Connection Internet Connection In the Internet Connection page, configure your Internet connectivity details or select Configure Internet connection later. To configure Internet connection now: 1. Select Configure Internet connection now . 2. From the Connection type drop down list, select the protocol used to connect to the Internet. 3. Enter the fields for the selected connection protocol. The information you must enter is different for each protocol.
Internet Connection 1570/1590 Appliance R80.20.
Local Network Local Network In the Local Network page, select to enable or disable switch on LAN ports and configure your network settings. By default, they are enabled. You can change the IP address and stay connected as the appliance's original IP is kept as an alias IP until the first time you boot the appliance. Tell me about the fields... n Enable switch on LAN ports - Aggregates all LAN ports to act as a switch with one IP address for the switch.
Local Network Important - If you choose to disable the switch on LAN ports (clear the checkbox), make sure your network cable is placed in the LAN1 port. Otherwise, connectivity will be lost when you click Next. 1570/1590 Appliance R80.20.
Wireless Network Wireless Network For WiFi models only: In the Wireless Network page, configure wireless connectivity details. When you configure a wireless network, you must define a network name (SSID). The SSID (service set identifier) is a unique string that identifies a WLAN network to clients that try to open a wireless connection with it. We recommend that you protect the wireless network with a password. Otherwise, a wireless client can connect to the network without authentication.
Wireless Network 1570/1590 Appliance R80.20.
Administrator Access Administrator Access In the Administrator Access page, configure if administrators can use the appliance from a specified IP address or any IP address. To configure administrator access: 1. Select the sources from where administrators are allowed access: n LAN - All internal physical ports. n Trusted wireless - A known wireless network. n VPN - Using encrypted traffic through VPN tunnels from a remote site or using a remote access client.
Administrator Access 1570/1590 Appliance R80.20.
Appliance Registration Appliance Registration The appliance can connect to the Check Point User Center with its credentials to pull the license information and activate the appliance. If you have Internet connectivity configured: Click Activate License. You are notified that you successfully activated the appliance and you are shown the status of your license for each blade. If you are working offline while configuring the appliance: 1.
Appliance Registration You are notified that you successfully activated the appliance and you are shown the status of your license for each blade. To postpone appliance registration and get a 30-day trial license: 1. Click Next. The License activation was not complete notification message is shown. 2. Click OK. The appliance uses a 30-day trial license for all blades. You can register the appliance later from the WebUI Device > License page.
Appliance Registration 3. In the new window, enter: n First name n Last Name n Email . You must enter this a second time to confirm. n Company - This is the Account Name to which the appliance is paired. 4. Click Next. The Software Blades Activation page opens. 1570/1590 Appliance R80.20.
Security Management Server Authentication Security Management Server Authentication For Centrally managed appliances only: When you select central management as your security policy management method, the Security Management Server Authentication page opens.
Security Management Server Connection Security Management Server Connection For Centrally managed appliances only: After you set a one-time password for the Security Management Server and the appliance, you can connect to the Security Management Server to establish trust between the Security Management Server and the appliance. To connect to the Security Management Server, select: n Connect to the Security Management Server now .
Security Management Server Connection 1570/1590 Appliance R80.20.
Software Blade Activation Software Blade Activation Select the Software Blades to activate on this appliance. QoS (bandwidth control) can only be activated from the WebUI after completing the First Time Configuration Wizard. 1570/1590 Appliance R80.20.
Summary Summary The Summary page shows the details of the elements configured with the First Time Configuration Wizard. Click Finish to complete the First Time Configuration Wizard. The WebUI opens on the Home > System page. To back up the system configuration in the WebUI: Go to Device > System Operations > Backup. 1570/1590 Appliance R80.20.
Zero Touch Cloud Service Zero Touch Cloud Service The Zero Touch Cloud Service lets you easily manage the initial deployment of your gateways in theZero Touch portal. Zero Touch enables a gateway to automatically fetch settings from the cloud when it is connected to the internet for the first time. Note - If you already used the First Time Configuration Wizard to configure your appliance, you cannot use the Zero Touch Cloud service.
Zero Touch Cloud Service USB Drive or SD Card The USB drive or SD card can be used for rapid deployment of configuration files, or to install an image, without using the First Time Configuration Wizard. The configuration file lets you configure more settings and parameters than are available in the First Time Configuration Wizard You can deploy configuration files in these conditions: n An appliance with default settings is not configured at all.
Health and Safety Information Health and Safety Information Read these warnings before setting up or using the appliance. Warning - Do not block air vents. A minimum 1/2 inch clearance is required. Warning - This appliance does not contain any user-serviceable parts. Do not remove any covers or attempt to gain access to the inside of the product. Opening the device or modifying it in any way has the risk of personal injury and will void your warranty.
Health and Safety Information IMPORTANT SAFETY INSTRUCTIONS: When using your telephone equipment, basic safety precautions should always be followed to reduce the risk of fire, electric shock and injury to persons, including the following: n Do not use this product near water for example, near a bathtub, washbowl, kitchen sink or laundry tub, in a wet basement or near a swimming pool. n Avoid using a telephone (other than a cordless type) during an electrical storm.
Health and Safety Information RF/Wi-Fi ( * marked model) Certification New Type CE EN 55032:2015 + AC:2016, Class B EMC, *RF/Wi-Fi CE EN 55032:2012 + AC:2013, Class B CE EN 55024:2010 / A1:2015 CE EN 55024:2010 FCC Part15B ICES-003 AS/NZS CISPR32 VCCI, V-3/2015.4 , V4/2012.
Health and Safety Information This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) This device must accept any interference received, including interference that may cause undesired operation. This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules.
Health and Safety Information FK1DL01AL71WD. The digits represented by 0.1 are the REN without a decimal point (e.g., 03 is a REN of 0.3). If this Gateway causes harm to the telephone network, the telephone company will notify you in advance that temporary discontinuance of service may be required. But if advance notice isn't practical, the telephone company will notify the customer as soon as possible. Also, you will be advised of your right to file a complaint with the FCC if you believe it is necessary.
Health and Safety Information Déclaration d'exposition aux radiations: Cet équipement est conforme aux limites d'exposition aux rayonnements IC établies pour un environnement non contrôlé. Cet équipement doit être installé et utilisé avec un minimum de 29 cm de distance entre la source de rayonnement et votre corps. This device complies with Industry Canada license-exempt RSS standard(s). Operation is subject to the following two conditions: 1. This device may not cause interference, and 2.
Health and Safety Information Avertissement: 1. Les dispositifs fonctionnant dans la bande 5150-5250 MHz sont réservés uniquement pour une utilisation à l’intérieur afin de réduire les risques de brouillage préjudiciable aux systèmes de satellites mobiles utilisant les mêmes canaux; 2. Le gain maximal d’antenne permis pour les dispositifs utilisant les bandes 5250-5350 MHz et 54705725 MHz doit se conformer à la limite de p.i.r.e.; 3.
Health and Safety Information Detachable Antenna Usage This radio transmitter (IC: 2417C-EM7455 / Model: EM7455) has been approved by ISED to operate with the antenna type listed below with maximum permissible gain indicated. Antenna types not included in this list, having a gain greater than the maximum gain indicated for that type, are strictly prohibited for use with this device.
Information sur la Santé et la Sécurité Information sur la Santé et la Sécurité Avant de mettre en place ou d'utiliser l'appareil, veuillez lire les avertissements suivants. Avertissement - .ne pas obturer les aérations. Il faut laisser au moins 1,27 cm d'espace libre. Avertissement - cet appareil ne contient aucune pièce remplaçable par l'utilisateur. Ne pas retirer de capot ni tenter d'atteindre l'intérieur.
Information sur la Santé et la Sécurité n Ne pas utiliser ce produit à proximité de l'eau, par exemple près d'une baignoire, d'un lavabo, d'un évier de cuisine ou de buanderie, dans un sous-sol humide ou près d'une piscine. n Evitez d'utiliser un téléphone (autre qu'un téléphone sans fil) par temps de foudre. Les éclaires impliquent un risque faible d'électrocution. n N'utilisez pas la téléphone pour signaler une fuite de gaz si vous vous tenez près de cette fuite.
Information sur la Santé et la Sécurité RF/Wi-Fi (modèle signalé par *) Certification Nouvelle Type CE EN 55032:2015 + AC:2016, Class B EMC, *RF/Wi-Fi CE EN 55032:2012 + AC:2013, Class B CE EN 55024:2010 / A1:2015 CE EN 55024:2010 FCC Part15B ICES-003 AS/NZS CISPR32 VCCI, V-3/2015.4 , V4/2012.
Information sur la Santé et la Sécurité Partie responsable Nom de la compagnie: Check Point Software Technologies Inc. Adresse de la compagnie: 959 Skyway Road Suite 300, San Carlos, CA 94070 Téléphone: 1-800-429-4391 Cet équipement a été testé et déclaré conforme aux limites pour appareils numériques de classe B, selon la section 15 des règlements de la FCC. Ces limitations sont conçues pour fournir une protection raisonnable contre les interférences nocives dans un environnement résidentiel.
Information sur la Santé et la Sécurité Le numéro de REN (Ringer Equivalence Number) est utilisé pour déterminer le nombre d'appareils pouvant être branchés sur une ligne téléphonique. Un trop grand nombre de REN sur une même ligne téléphonique peut avoir pour résultat que les appareils n'émettront pas de sonnerie lors d'un appel entrant. Dans la plupart des zones, la somme des REN ne devra pas dépasser cinq (5.0).
Information sur la Santé et la Sécurité Frequency Band Antenna Type Max. Gain Impedance Ω 2414-2462 MHz Dipole Antenna (RP-SMA) 2.22 dBi 50Ω 5180-5240MHz, 5745-5825MHz Dipole Antenna (RP-SMA) 4.29 dBi 50Ω Déclaration d'exposition aux radiations: Cet équipement est conforme aux limites d'exposition aux rayonnements IC établies pour un environnement non contrôlé. Cet équipement doit être installé et utilisé avec un minimum de 29 cm de distance entre la source de rayonnement et votre corps.
Information sur la Santé et la Sécurité Avis : Le présent matériel est conforme aux spécifications techniques d’ISED applicables au matériel terminal. Cette conformité est confirmée par le numéro d'enregistrement. Le sigle IC, placé devant le numéro d'enregistrement, signifie que l’enregistrement s’est effectué conformément à une déclaration de conformité et indique que les spécifications techniques d'ISED ont été respectées. Il n’implique pas qu’ISED a approuvé le matériel.
Information sur la Santé et la Sécurité Ce symbole apposé sur le produit ou son emballage signifie que le produit ne doit pas être mis au rebut avec les autres déchets ménagers. Il est de votre responsabilité de le porter à un centre de collecte désigné pour le recyclage des équipements électriques et électroniques.
Support Support For technical assistance, contact Check Point 24 hours a day, seven days a week at: n +1 972-444-6600 (Americas) n +972 3-611-5100 (International) When you contact support, you must provide your MAC address. For more technical information, go to: http://supportcenter.checkpoint.com To learn more about the Check Point Internet Security Product Suite and other security solutions, go to: https://www.checkpoint.com 1570/1590 Appliance R80.20.