Check Point IP2450 Security Platform Installation...

Part No. N450000897 Rev 001

Published March 2009

Check PointIP2450 Security Platform

Installation Guide

2 Check Point IP2450 Security Platform Installation Guide

© 2003-2009 Check Point Software Technologies Ltd.

All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19.

TRADEMARKS:Please refer to http://www.checkpoint.com/copyright.html for a list of our trademarks.For third party notices, see http://www.checkpoint.com/3rd_party_copyright.html.

Check Point Contact InformationFor additional technical information about Check Point products, and for the latest version of this document, see the Check Point Support Center at http://support.checkpoint.com/.

Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments to:

[email protected]

http://support.checkpoint.com/

http://www.checkpoint.com/3rd_party_copyright.html

http://www.checkpoint.com/copyright.html

mailto:[email protected]?subject=Check Point documentation feedback

Contents

Check Point Contact Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11In this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Conventions this Guide Uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15About the Check Point IP2450 Security Platform. . . . . . . . . . . . . . . . . . . . . . . . . . . 15Managing the Check Point IP2450 Security Platform . . . . . . . . . . . . . . . . . . . . . . . 16Check Point IP2450 Security Platform Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Built-In Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Expansion Slots. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Auxiliary Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19System Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Hard-Disk Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Using RAID-1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Hard-Disk Drive Hot Swap Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Hard-Disk Drive LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Power Supplies and Fan Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Power Supplies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Fan Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Site Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Safety Warnings and Cautions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Product Disposal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

2 Installing the Check Point IP2450 Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Rack Mounting the Appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Check Point IP2450 Security Platform Installation Guide 3

3 Performing the Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Using a Console Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Connecting Power and Turning the Power On . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Performing the Initial Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Connecting Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Using Check Point Network Voyager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Viewing Check Point IPSO Documentation by Using Check Point Network Voyager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Using the Command-Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Using Check Point Horizon Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

4 Installing and Replacing Network Interface Cards and ADP Modules . . . . . . . 47Removing, Installing, and Replacing NICs and ADP Modules . . . . . . . . . . . . . . . . 48

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Configuring and Activating Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Monitoring Network Interface Cards or ADP Modules . . . . . . . . . . . . . . . . . . . . . . 60

5 About IP2450 Appliance Network Interface Cards . . . . . . . . . . . . . . . . . . . . . . . 61Four-Port 10/100 Ethernet NICs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

10/100 Ethernet NIC Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62Ethernet NIC Connectors and Cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Two-Port Fiber-Optic Gigabit Ethernet NICs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64Fiber-Optic Gigabit Ethernet NIC Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64Fiber-Optic Gigabit Ethernet NIC Connectors and Cables. . . . . . . . . . . . . . . . . . 65Performance Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Two-Port and Four-Port Copper Gigabit Ethernet NIC . . . . . . . . . . . . . . . . . . . . . . 66Copper Gigabit Ethernet NIC Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Performance Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67Two-Port Copper Gigabit Ethernet NIC Connectors and Cables . . . . . . . . . . . . . 67

6 About IP2450 Appliance ADP Services Modules . . . . . . . . . . . . . . . . . . . . . . . . 69Installing and Replacing ADP Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70Using ADP Transceivers in ADP Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Identifying ADP Module and Transceiver Types with Latch Lever Color Codes. . . 75Check Point ADP Module LED Reference Information . . . . . . . . . . . . . . . . . . . . . . 75Configuring Check Point IPSO for IP2450 ADP Interfaces . . . . . . . . . . . . . . . . . . . 76

Effect on Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Check Point ADP Module Interface Names for IP2450 Appliances . . . . . . . . . . . 76Configuring Network Topology with an IP2450 Appliance . . . . . . . . . . . . . . . . . . 77Configuration Example with VRRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Deleting VRRP Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Reconfiguring Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80


Reconfiguring VRRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

7 Installing and Replacing Components Other than Network Interface Cards (NICs) and Accelerated Data Path (ADP) Services Modules . . . . . . . . . . . . . . . . . . . . . 85Replacing the Check Point Encryption Accelerator Card . . . . . . . . . . . . . . . . . . . . . 86

Configuring Software to Use Hardware Acceleration . . . . . . . . . . . . . . . . . . . . . . 88Installing or Replacing Hard-Disk Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Hard-Disk Drive Hot Swap Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Removing and Replacing a Hard-Disk Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . 90Installing a PC Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Storing System Logs on the Flash-Memory PC Card . . . . . . . . . . . . . . . . . . . . . 101Disabling Flash-Memory PC Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Transferring Files with the Flash-Memory PC Card . . . . . . . . . . . . . . . . . . . . . . 102

Replacing the Compact Flash Memory Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103Replacing or Upgrading Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107Installing or Replacing a Fan Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112Installing or Replacing a Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115Monitoring the Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Replacing the Motherboard Battery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

8 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121General Troubleshooting Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

A Technical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127Space Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

B Compliance Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129Declaration of Conformity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129Compliance Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130FCC Notice (US) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133


Figures

Figure 1 Component Locations Front View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Figure 2 Built-in Gigabit Ethernet Ports Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Figure 3 Check Point IP2450 Appliance System Status LEDs . . . . . . . . . . . . . . . 20Figure 4 Hard-Disk Drive Front Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Figure 5 Power Supply and Fan Unit Locations (AC version) . . . . . . . . . . . . . . . . 24Figure 6 Power Supply and Fan Unit Locations (DC version) . . . . . . . . . . . . . . . . 24Figure 7 Power Supply Status LED Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Figure 8 Front Rack-Mounting Screw Locations . . . . . . . . . . . . . . . . . . . . . . . . . . 30Figure 9 Power Switch Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Figure 10 Check Point Network Voyager Reference Access Points . . . . . . . . . . . 43Figure 11 Four-Port 10/100 Ethernet NIC Front Panel Details . . . . . . . . . . . . . . . 62Figure 12 Output Connector for the Ethernet Cable . . . . . . . . . . . . . . . . . . . . . . . 63Figure 13 Ethernet Crossover-Cable Pin Connections . . . . . . . . . . . . . . . . . . . . . 63Figure 14 PMC Two-Port Short-Range Gigabit Ethernet NIC . . . . . . . . . . . . . . . . 64Figure 15 PMC Two-Port Long-Range Gigabit Ethernet NIC . . . . . . . . . . . . . . . . 65Figure 16 Two-Port Copper Gigabit Ethernet NIC Front Panel Details . . . . . . . . . 66Figure 17 Four-Port Copper Gigabit Ethernet NIC Front Panel Details . . . . . . . . 67Figure 18 Ethernet Cable Connector Output Pin Assignments . . . . . . . . . . . . . . . 68Figure 19 Ethernet Crossover Cable Pin Connections . . . . . . . . . . . . . . . . . . . . . 68Figure 20 ADP Module Front Panel Details and LED Information . . . . . . . . . . . . 73Figure 21 Location of Hard-Disk Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89Figure 22 Slot 3 PC Card Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96


Tables

Table 1 Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Table 2 Pin Assignments for Console Connector and Console Cable . . . . . . . . . 18Table 3 System Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Table 4 Hard-Disk Drive LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Table 5 Power Supply Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Table 6 Check Point IP2450 Disk-Based Security Platform Software Requirements

27Table 7 Check Point IP2450 Flash-Based Security Platform Software Requirements

28Table 8 NIC PCI Frequency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Table 9 Identifying ADP Modules and Transceivers . . . . . . . . . . . . . . . . . . . . . . . 75


About this Guide

This manual provides information for the installation and use of the Check Point IP2450 security platforms. Installation and maintenance should be performed by experienced technicians or Check Point-approved service providers only. This preface provides the following information:

In this GuideConventions this Guide Uses

In this GuideThis guide is organized into the following chapters and appendixes:

Chapter 1, “Overview” presents a general overview of the Check Point IP2450 Security Platform.Chapter 2, “Installing the Check Point IP2450 Appliance” describes how to install the Check Point IP2450 appliance.Chapter 3, “Performing the Initial Configuration” describes how to physically connect it to a network and to a power source and how to make the appliance available on the network.Chapter 4, “Installing and Replacing Network Interface Cards and ADP Modules” describes how to install, monitor, and replace network interface cards (NICs) and Check Point Accelerated Data Path (ADP) services modules for IP appliances.Chapter 5, “About IP2450 Appliance Network Interface Cards” describes how to connect to and use each of the supported NICs.Chapter 6, “About IP2450 Appliance ADP Services Modules” describes how to connect to and use each of the supported ADP modules.Chapter 7, “Installing and Replacing Components Other than Network Interface Cards (NICs) and Accelerated Data Path (ADP) Services Modules” describes how to install or replace parts, other than NICs and ADP modules, that you can order from Check Point.Chapter 8, “Troubleshooting” discusses problems you might encounter and proposes solutions to these problems.Appendix A, “Technical Specifications” provides technical specifications such as interface characteristics.Appendix B, “Compliance Information” provides compliance and regulatory information.


2 About this Guide

Conventions this Guide UsesThe following sections describe the conventions this guide uses, including notices, text conventions, and command-line conventions.

Notices

WarningWarnings advise the user that either bodily injury might occur because of a physical hazard, or that damage to a structure, such as a room or equipment closet, might occur because of equipment damage.

CautionCautions indicate potential equipment damage, equipment malfunction, loss of performance, loss of data, or interruption of service.

NoteNotes provide information of special interest or recommendations.

Text ConventionsTable 1 describes the text conventions this guide uses.

Table 1 Text Conventions

Convention Description

monospace font Indicates command syntax, or represents computer or screen output, for example:Log error 12453

bold monospace font Indicates text you enter or type, for example:# configure nat

Key names Keys that you press simultaneously are linked by a plus sign (+):Press Ctrl + Alt + Del.

Menu commands Menu commands are separated by a greater than sign (>):Choose File > Open.


Conventions this Guide Uses

The words enter and type Enter indicates that you type something and then press the Return or Enter key.Do not press the Return or Enter key when an instruction says type.

Italics • Emphasizes a point or denotes new terms at the place where they are defined in the text.

• Indicates an external book title reference.• Indicates a variable in a command: delete interface if_name

Table 1 Text Conventions

Convention Description


2 About this Guide


1 Overview

This chapter provides an overview of the Check Point IP2450 security platform and the requirements for its use. The following topics are covered:

About the Check Point IP2450 Security PlatformManaging the Check Point IP2450 Security PlatformCheck Point IP2450 Security Platform OverviewSite RequirementsSafety Warnings and CautionsSoftware RequirementsProduct Disposal

About the Check Point IP2450 Security PlatformThe Check Point IP2450 is a high-end, next-generation security appliance designed for the demanding price performance, multi-Gigabit Ethernet throughput, and port-density requirements of large enterprises and carriers. The IP2450 supports quad-core technology and is purpose-built to run Check Point VPN-1, Check Point VPN-1 UTM, and next-generation, multi-threaded enterprise security applications such as Check Point CoreXL. The IP2450 is optimized to provide scalability, reliability, and investment protection into the next decade. In addition, the IP2450 allows you to boost performance as needed through next-generation, high-end Check Point Accelerated Data Path (ADP) services modules for IP appliances and Check Point IPSO for IP appliances system upgrades.The IP2450 appliance is available as either a disk-based or flash-based platform. In base configurations, the IP2450 appliance ships with one hard-disk drive, and the flash-based appliance ships with high-capacity compact flash memory.The IP2450 security platform is a two-rack unit appliance that incorporates a serviceable slide-out chassis tray assembly into design. The front panel of the IP2450 security platform has two interface slots. Optional 6U PMC carriers can be inserted into slots 1 and 2. Each 6U PMC carrier supports two PMC network interface cards (NICs) for a total of four NICs. Alternatively, you can install ADP modules in slots 1 and 2. These network interfaces provide exceptional data forwarding and monitoring performance when used with Check Point and partner applications.The front panel of the IP2450 security platform also contains:


1 Overview

Two additional single-NIC slots (slots 3 and 4), one of which (slot 4) is pre-populated with a four-port 1000 BASE-T Ethernet interfaceConsole portSerial port

The network interfaces in the external PMC slot are designated for management, monitoring, and high-availability traffic. Partner application and operating system storage is provided on the hard-disk drive in disk-based systems or in flash memory in flash-based systems.The IP2450 security platform is designed to meet other mid- to high-end availability requirements, including port density for connections to redundant internal, external, DMZ, and management networks. In addition, the IP2450 security platform provides redundant power supplies, N + 1 cooling, and hot swapping of hard-disk drives and PMC NICs.

NoteADP modules are not hot swappable.

As a network device, the IP2450 security platform supports a comprehensive suite of IP-routing functions and protocols.The integrated router functionality eliminates the need for separate intranet and access routers in security applications.

Managing the Check Point IP2450 Security PlatformYou can manage the Check Point IP2450 security platform by using the following interfaces:

Check Point Network Voyager for IP appliances—an SSL-secured, Web-based element management interface to Check Point IP security platforms. Check Point Network Voyager is preinstalled on the IP2450 security platform and enabled through the Check Point IPSO operating system. With Check Point Network Voyager, you can manage, monitor, and configure the IP2450 security platform from any authorized location within the network by using a standard Web browser. Use one of the four Ethernet management ports to access the Check Point Network Voyager interface.For information about how to access Check Point Network Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 42.The Check Point IPSO command-line interface (CLI)—an SSHv2-secured interface that enables you to easily configure Check Point IP security platforms from the command line. Everything that you can accomplish with Check Point Network Voyager—manage, monitor, and configure the IP2450 security platform —you can also do with the CLI. For information about how to access the CLI, see the CLI Reference Guide for the version of Check Point IPSO you are using.Check Point Horizon Manager for IP appliances—a secure GUI-based software image management application. With Check Point Horizon Manager, you can securely install and upgrade the Check Point IPSO operating system and applications such as Check Point


Check Point IP2450 Security Platform Overview

VPN-1. Check Point Horizon Manager can perform installations and upgrades on up to 2,500 Check Point IP security platforms, offering administrators the most rapid and dependable method to perform Check Point application upgrades.For information about how to obtain Check Point Horizon Manager, see the Check Point Web site at www.checkpoint.com.

Check Point IP2450 Security Platform OverviewFigure 1 shows the component locations for the Check Point IP2450 security platform.

Figure 1 Component Locations Front View

Built-In Ethernet PortsThe built-in Gigabit Ethernet ports are located in slot 4. Figure 2 shows the layout of the Ethernet ports and link LEDs. The top link LED represents the left-most port (port 1). The remaining LEDs represent the remaining ports from top to bottom and left to right.

IP2450

RESET

00616.1

CONSOLE AUX AUX2

HDD B

SLOT 3SLOT 2

SLOT 1HDD A

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

1000BaseT

PC CARD

1234

SUB SLOT 1 SUB SLOT 2

POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

Dual 6U PMC carrier(slots 1 and 2)

Console port

System status LEDs

PMC slot 3 Four-port Gigabit Ethernet ports(PMC slot 4)

Serial (AUX) port

Hard-disk drive AHard-disk drive B

Grounding plug

Hard-disk drive hot swap buttons


http://www.checkpoint.com

1 Overview

Figure 2 Built-in Gigabit Ethernet Ports Details

CautionCables that connect to the Gigabit Ethernet NIC must be IEEE 802.3 compliant to prevent potential data loss.

Expansion SlotsThe IP2450 appliance uses two 6U dual 6U PMC carriers or ADP modules in slot 1 and slot 2 along with single-NIC slots 3 and 4 to provide a total of up to six expansion subslots for NICs. For more information about NICs and ADP modules that the IP2450 supports, see Chapter 5, “About IP2450 Appliance Network Interface Cards” and Chapter 6, “About IP2450 Appliance ADP Services Modules”.

NoteCheck Point products support only NICs and ADP modules purchased from Check Point or Check Point-approved resellers. Check Point support services can provide support only for Check Point products that use Check Point-approved accessories. For sales or reseller information, see the Check Point Web site at www.checkpoint.com.

Console PortThe default configuration of the serial ports are: 9600 baud, 8 bits, no parity, and 1 stop. Table 2 provides pin assignment information for console connections. If you need to access the device locally, you must use the console port.

Table 2 Pin Assignments for Console Connector and Console Cable

00620

1000BaseT

1234

RJ-45 connectors

LInk LEDs (green)

Por

t 3

Por

t 4

Por

t 2

Por

t 1

Console Port (DTE) RJ-45 to RJ-45 Rollover Cable

RJ-45 to DB-9Terminal Adapter Console Device

Signal RJ-45 Pin RJ-45 Pin DB-9 Pin Signal

RTS 1 8 8 CTS


http://www.checkpoint.com/index.html


The console cable provided with the IP2450 is comprised of two parts:A 6’ rollover cable with RJ-45 terminationsAn RJ-45 to DB-9 adapter

One RJ-45 termination has a retractable shroud that releases or secures the RJ-45 tab. Use this end of the cable when connecting to the console port of the IP2450. You can easily remove the console cable by pulling back on the shroud.On the opposite end of the console cable, connect the RJ-45 to the DB-9 adapter, which you can then connect to the host terminal.

Auxiliary PortUse the built-in serial (AUX) port, shown in Figure 1, to establish a modem connection for managing the appliance remotely or out-of-band. Use USB cables with a standard USB A-style connector and pinout for the AUX port. For Check Point approved modem connections, you will need a USB to RS232 adaptor.

NoteThe only modem approved for use with Check Point security appliances with USB AUX ports is the Radicom model V92MB-U-E, and you must be using Check Point IPSO 6.1 or greater.

System Status LEDsYou can visually monitor the status of the Check Point IP2450 appliance by checking the system status LEDs. The system status LEDs are located on the center of the front panel, as shown in Figure 3.

DTR 2 7 6 DSR

TxD 3 6 2 RxD

GND 4 5 5 GND

GND 5 4 5 GND

RxD 6 3 3 TxD

DSR 7 2 4 DTR

CTS 8 1 7 RTS

Console Port (DTE) RJ-45 to RJ-45 Rollover Cable

RJ-45 to DB-9Terminal Adapter Console Device


1 Overview

Figure 3 Check Point IP2450 Appliance System Status LEDs

The location and meaning of the status LEDs for the installed network interface cards (NICs) is described in Chapter 5, “About IP2450 Appliance Network Interface Cards.”The location and meaning of the status LEDs for the installed ADP modules is described in Chapter 6, “About IP2450 Appliance ADP Services Modules.”

NoteThe symbols in Table 3 are visible only if there is an alarm condition, as specified.

Table 3 shows the system status LEDs and describes their meaning.

Table 3 System Status LEDs

Status Indicator Meaning Symbol

Solid yellow Appliance is experiencing an internal voltage problem.

Blinking yellow Appliance is experiencing a temperature problem.

Solid red One or more fans are not operating properly.Power supply over temperature fault.

Blinking green System activity indicator

00617.1

SLOT 3SLOT 2

SLOT 1

SLOT 4

1000BaseT

PC CARD

1234


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

Fault (red)

Warning(yellow)

System OK (green)

!

!



Hard-Disk DrivesThe Check Point disk-based IP2450 appliance supports up to two hard-disk drives. The hard-disk drives support hot swapping (when you use the hot swap button on the drive front panel), and an optional RAID-1 feature, which is described in the following section.

Using RAID-1The IP2450 contains a hardware RAID-1 feature that provides fault tolerance by allowing the IP2450 appliance to continue working in the event of a disk failure. When you use RAID-1 with your disk-based IP2450 with two hard-disk drives, the two drives appear as one volume, which is named sd0.

NoteIf your IP2450 contains two hard-disk drives when you receive it, the RAID-1 feature is already enabled.

NoteIf you add a second disk drive to implement RAID-1 be sure that your secondary drive is the same capacity or larger than your primary drive.

If the two drives are completely synchronized, you can remove either drive after first pressing the hot swap button and waiting until the Hot Swap Ready LED illuminates solid blue.The RAID-1 volume consists of a master (or source) hard-disk drive (which holds the active copy of the operating system) and a slave (or mirror) hard-disk drive. The slave hard-disk drive contains a copy of all of the files on the master hard-disk drive, and if the master hard-disk drive fails, the slave hard-disk drive immediately takes over. The IP2450 appliance continues to operate normally, and the switchover to the slave drive should be transparent to your data connections.You can use Check Point Network Voyager or the command-line interface (CLI) to view RAID-1 volume and synchronization status, current volume configuration, and the primary volume designation.You can, if necessary, configure a RAID volume with the Check Point IPSO boot manager. The following actions are available to you under the boot manager raid command:

disableenablecreatedeleteactivatedeactivate


1 Overview

NoteThe RAID configuration is established for you without your intervention, so there shouldn’t be any need for you to use these boot manager commands.

For more information about the boot manager, see the Boot Manager Reference Guide.

NoteThe IP2450 flash-based appliances do not support RAID-1.

For more information about RAID-1, including configuration details, see Implementing Disk Mirroring or RAID on a Network Security Appliance, which is available at the Check Point Support Center at http://support.checkpoint.com/.

Hard-Disk Drive Hot Swap FeatureFor any active or RAID-1 synchronized hard-disk drive, you must use the hot swap button, shown in Figure 4, before you remove or replace a hard-disk drive without shutting the appliance down. If you replace or remove drives with the IP2450 shut off, the RAID firmware will lose track of RAID volume data. For information about how to remove and replace a hard-disk drive, see “Installing or Replacing Hard-Disk Drives” on page 88.

Hard-Disk Drive LEDsThe hard-disk drive LEDs are located on the front panel of each hard-disk drive, as shown in Figure 4. The LEDs provide the status of the hard-disk drives as described in Table 4.

Figure 4 Hard-Disk Drive Front Panel

CautionTo avoid damage to the ejector and locking lever, loosen the two retaining screws before you remove the hard-disk drive. Once screw is located behind the ejector and locking lever, and the other screw is on the opposite side.

00621

ACTIVITY

HARD DRIVE

STATUS HOT SWAP

READY

POWER

REQUEST

Hard-disk drive LEDsHot swap button




Table 4 Hard-Disk Drive LEDs

LED LED State Meaning

Activity Off No current disk activity.

Blinking green Current disk activity.

Status Solid red Hard-disk drive is turned on but is malfunctioning.

Solid green Hard-disk drive is turned on and is functioning.

Off One of the following:• The hard-disk drive failed its test and was powered off.• The hard-disk drive is ready to be removed using the hot

swap feature.

Blinking green One of the following:• The system is booting up.• The hard-disk drive is starting up.• The system is testing the hard-disk drive.

NoteDo not remove the hard-disk drive if the Status LED is blink-ing green or if the Hot Swap Ready LED is not illuminated solid blue.


1 Overview

Power Supplies and Fan UnitThe power supplies and fan unit are located at the rear of the IP2450 appliance, as shown in Figure 5 and Figure 6.

Figure 5 Power Supply and Fan Unit Locations (AC version)

Figure 6 Power Supply and Fan Unit Locations (DC version)

Power SuppliesThe Check Point IP2450 appliance supports up to two power supplies for power sharing and redundancy. The IP2450 comes with two power supplies as the standard package. The power supplies are hot swappable and perform load sharing while two active power supplies are installed, increasing the life of the power supplies.

700W AC

FAULT

OVERTEMPPWR OK

00623

700W AC

FAULT

OVERTEMPPWR OK

Power cord receptaclePower switches

Power supplies

Fan unit

Status LEDs

00624

700W AC FAULT

OVERTEMPPWR OK

+ —

700W AC FAULT

OVERTEMPPWR OK

+ —

Power connections Power switches

Power supplies

Fan unit

Status LEDs



NoteOn an appliance with two active power supplies installed, both power supplies should be turned on for load sharing and redundancy. If both power supplies are not turned on, the Fault LED illuminates. For more information about the power supply status LEDs, see “Power Supply Status LEDs” on page 25.

The AC power supplies are autosensing and can accept input voltages between 85 VAC and 264 VAC. The power supply output is regulated to a tolerance of ± 5 percent of the specified output voltage.For information about how to install or remove and replace a failed power supply, see “Installing or Replacing a Power Supply” on page 114.

DC Power Supplies

CautionDo not use a combination of one AC power supply and one DC supply. Your IP2450 does not work with such a configuration.

For IP2450 appliances that use DC power supplies, the following specifications apply for Check Point approved components:Input voltage:

-48 volts DC nominalVoltage/Current range:

-40VDC/20A and -60VDC/13A

Power Supply Status LEDs

The power supply status LEDs provide the status of the power supplies as described in Table 5.

Table 5 Power Supply Status LEDs

LED LED status Meaning

Fault Red Power supply has a voltage problem and power was turned off.orOne power supply in a redundant system is not turned on.

Over Temp Yellow Power supply has an internal temperature problem. All power to the unit is turned off. After the internal temperature returns to normal, power will be turned back on.

PWR OK Green Power is on and the power supply is functioning properly.


1 Overview

Figure 7 Power Supply Status LED Location

Fan UnitThe IP2450 appliance fan unit is a single unit made up of eight individual fans to provide the air flow required to maintain a proper operating temperature. The fan unit can provide proper airflow for a short time even if an individual fan fails.

CautionIf an individual fan fails, replace the fan unit as soon as possible. For information about how to replace a failed fan unit, see “Installing or Replacing a Fan Unit” on page 112.

The system status LEDs on the front panel of the appliance show the status of the fan unit. For more information about the system status LEDs, see “System Status LEDs” on page 19.

Site RequirementsBefore you install an IP2450 appliance, ensure that your computer room or wiring closet conforms to the environmental specifications listed in Appendix A, “Technical Specifications.”

Safety Warnings and Cautions

WarningHazardous radiation exposure can occur if you use controls, make performance adjustments, or follow procedures that are not described in this document.

WarningTo reduce the risk of fire, electric shock, and injury when you use telephone equipment, follow basic safety precautions. Do not use the product near water.

FAULT

OVERTEMPPWR OK

00625

Status LEDs


Software Requirements

WarningOn IP2450 intended for shipment outside of the United States, the cord set might be optional. If a cord set is not provided, use a power cord rated at 10A, 250V, maximum 15 feet long, made of HAR cordage and IEC fittings approved by the country of end use.

WarningReplacement of fuses replaceable only by service personnel.

CautionReplace the battery only with the same or equivalent type battery recommended by the manufacturer. Dispose of used batteries according to the manufacturer's instructions.

CautionDo not block any of the ventilation holes on the appliance. The components might overheat and become damaged.

NoteA readily accessible disconnect device shall be incorporated in the building installation wiring.

NoteInstallation instructions indicate listed circuit breaker or branch rated fuse, rating, number of poles, and special characteristics.

Software RequirementsTable 6 and Table 7 describe operating system and applications requirements for the Check Point IP2450 appliances.

Table 6 Check Point IP2450 Disk-Based Security Platform Software Requirements

PlatformCheck Point IPSO Version Software

Check Point IP2450

v4.2 or later Check Point VPN-1 versions compatible with the version of Check Point IPSO you are using


1 Overview

For information about updates to the software requirements or additional applications that have become available since this guide was published, see the Check Point Support Center at at http://support.checkpoint.com/.

Product Disposal

Table 7 Check Point IP2450 Flash-Based Security Platform Software Requirements

PlatformCheck Point IPSO Version Software

Check Point IP2450

v4.2 or later Check Point VPN-1 versions compatible with the version of Check Point IPSO you are using

This symbol on the product or on its packaging indicates that this product must not be disposed of with your other household waste. Instead, it is your responsibility to dispose of your waste equipment by handing it over to a designated collection point for the recycling of waste electrical and electronic equipment. The separate collection and recycling of your waste equipment at the time of disposal will help to conserve natural resources and ensure that it is recycled in a manner that protects human health and the environment. For more information about where you can drop off your waste equipment for recycling, please contact your local city office or your household waste disposal service.




2 Installing the Check Point IP2450 Appliance

This chapter describes how to install the Check Point IP2450 appliance. The following topics are discussed:

Rack Mounting the ApplianceBefore You Begin

CautionTo help guard against electrostatic discharge damage, make sure you are properly grounded by using a grounding wrist strap and following the instructions provided with the wrist strap before you handle the components or open the appliance. The grounding plug on the front of the appliance (shown in Figure 1 on page 17) provides a chassis grounding point If you do not have a grounding wrist strap, make sure you are properly grounded before you touch any electronic component.

Rack Mounting the ApplianceThe Check Point IP2450 appliance mounts in a standard 19-inch equipment rack with four mounting screws, as Figure 8 shows. Optional rear-mounting brackets are included with your appliance shipment.

NoteTo avoid damaging your equipment, Check Point recommends that you use all four front rack-mounting bolts when you install your appliance on the rack.



Figure 8 Front Rack-Mounting Screw Locations

Two front rack-mounting positions allow you to mount the appliance either flush with the equipment rack, or four inches forward of the rack. If the space behind the rack is insufficient, the rack mounting brackets can be attached further back on the side of the appliance.

CautionDuring installation, do not block any ventilation openings. Doing so might result in damage to the appliance when it is turned on.

Before You BeginTo rack-mount the appliance, you need:

Phillips-head screwdriverDisposable grounding wrist strapSuitable, grounded work surface on which to place the chassis tray assembly

IP2450

RESET

00616.1

CONSOLE AUX AUX2

HDD B

SLOT 3SLOT 2

SLOT 1HDD A

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

1000BaseT

PC CARD

1234


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

Rack-mounting screw locations


Before You Begin

Before you rack mount the appliance, you can ground it by using the grounding lugs provided.

To ground your IP2450 appliance

NoteConsult your company policy to determine the equipment grounding procedure that you use with this unit installation.

1. Put on the wrist strap and attach the free end to the wrist-strap jack to the ESD grounding plug on the front of the appliance.

2. Secure one end of the grounding cable to the side of the appliance either vertically or horizontally, as shown in the figure, with the two 10-32 screws and kep washers included in the grounding cable kit. Torque the screws to 80 inch ounces.

NoteThe green/yellow insulated copper ground connector should be a minimum of #12 AWG (minimum 2.5 mm2 cross-sectional areas).

3. Use the 1/4-inch screw and kep washer included with the appliance or gateway to attach the other end of the cable to the appliance or gateway rack-mount hardware (or other appropriate earth ground location that meets the specifications of your installation site) with the kep washer between the screw and cable lug. Torque the screw to 384 inch ounces

or

00646

Secure grounding-cable lug to rack or other appropriate grounding location with 1/4-inch screw and kep washer

Attach cable lug to side of appliance with two 10-32 screws

Grounding cable

Grounding lug can be positioned either vertically or horizontally



To rack mount the appliance

CautionThe appliance is heavy. Carefully remove it from the packaging.

1. Remove the appliance from the packaging.2. Optionally, remove the fan unit from the back of the appliance.

a. Locate the fan unit and the four retaining screws that secure it on the back of the IP2450.

b. Loosen the retaining screws by turning them counterclockwise.c. Slowly pull the fan unit out of the chassis tray assembly toward the rear.

700W AC

FAULT

OVERTEMPPWR OK

00623

700W AC

FAULT

OVERTEMPPWR OK

Fan unit

00631

700W AC

FAULTOVERTEMPPWR OK

700W AC

FAULTOVERTEMPPWR OK


Before You Begin

3. Optionally, remove the power supplies from the rear of the appliance.a. Locate the power supply on the back of the IP2450 and the two screws that secure it.

b. Remove the two retaining screws.c. Remove the grounding lugs.

d. Use the handles to gently pull the power supply out of the chassis tray assembly.

4. Optionally, remove the chassis tray assembly from the appliance.

700W AC

FAULT

OVERTEMPPWR OK

00623

700W AC

FAULT

OVERTEMPPWR OK

Power supplies

00630

700W AC

FAULTOVERTEMPPWR OK

700W AC

FAULTOVERTEMPPWR OK



CautionTo help guard against electrostatic discharge damage, make sure you are properly grounded by using a grounding wrist strap and following the instructions provided with the wrist strap before you handle the components or open the appliance. The grounding plug on the front of the appliance (shown in Figure 1 on page 17) provides a chassis grounding point. If you do not have a grounding wrist strap, make sure you are properly grounded before you touch any electronic component.

a. Loosen the four chassis tray assembly retaining screws from the front panel of the appliance.

b. Slide the chassis tray assembly forward and pull it entirely out of the appliance.

c. Place the chassis tray assembly on a properly grounded surface.5. Adjust the front mounting brackets on the side of the appliance if necessary.

IP2450

RESET

00616.1

CONSOLE AUX AUX2

HDD B

SLOT 3SLOT 2

SLOT 1HDD A

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

1000BaseT

PC CARD

1234


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

Chassis tray assembly screws

IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

SLOT 1

HDD A

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

00637

1000BaseT

1234

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK


Before You Begin

6. Mount the appliance into a standard 19-inch rack by using four standard rack mounting screws.

7. Optionally, you can install the rear mounting brackets included with your appliance as shown in the following figure.

8. Slide the chassis tray assembly back into the appliance until it clicks into place, and resecure the four chassis tray assembly retaining screws.

9. Reinstall the fan unit into the rear of the appliance.10. Reinstall the power supplies.

00554a

Apply 160 inch ounces of torque when you secure the two mounting screws


3 Performing the Initial Configuration

The first time you turn on power to a Check Point IP2450 appliance, the initial configuration process begins. This process enables you to configure the network settings and provides access to the admin account. You can perform the initial configuration in two ways:

Configure a DHCP server to provide the initial configuration information the first time the appliance is started. Perform the initial configuration manually by using a console connection.

This chapter describes how to perform the initial configuration manually by using a console connection. It includes the following sections:

Using a Console ConnectionConnecting Power and Turning the Power OnPerforming the Initial ConfigurationConnecting Network InterfacesUsing Check Point Network VoyagerUsing the Command-Line InterfaceUsing Check Point Horizon Manager

For information about how to use the DHCP client for initial configuration, see the Read Me First document, Using DHCP to Configure Your Appliance, included with the appliance.

NoteCheck Point recommends that you physically install all network interface cards (NICs), Accelerated Data Path (ADP) modules, and other hardware components before you perform the initial configuration procedure this chapter describes. For information about how to install NICs and ADP modules, see Chapter 4, “Installing and Replacing Network Interface Cards and ADP Modules.” For information about how to install other components, see Chapter 7, “Installing and Replacing Components Other than Network Interface Cards (NICs) and Accelerated Data Path (ADP) Services Modules.”



Using a Console ConnectionIf you do not use DHCP to perform the initial configuration of your Check Point IP2450 appliance, you must use a serial console connection (cable included). After you perform the initial configuration, you no longer need the console connection.You can use any standard VT100-compatible terminal with an RS-232 data terminal equipment (DTE) interface or terminal-emulation program configured with the following settings for the console:

9600 bps8 data bitsNo parity1 stop bit

To connect to the console1. Connect the supplied null-modem cable (console cable) to the console port on the front

panel of the IP2450 appliance.

NoteThe supplied console cable is Cisco compatible.

Use only the DB9 port labeled Console on the front panel; the serial (AUX) port is an auxiliary port.If you connect the console port to a data communications equipment (DCE) device, use a straight-through cable.

For cable pin assignments for the console connection, see “Console Port” on page 18.2. Connect the other end of the cable to the VT100 console or to a system running a terminal-

emulation program.

IP2450

RESET

00616.1

CONSOLE AUX AUX2

HDD B

SLOT 3SLOT 2

SLOT 1HDD A

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

1000BaseT

PC CARD

1234


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

Console port


Connecting Power and Turning the Power On

Connecting Power and Turning the Power OnA power switch and a receptacle for the power cord are located on each power supply on the back of the appliance as shown in Figure 9.

Figure 9 Power Switch Location

CautionTo avoid potential service interruptions from momentary facility power interruptions and potential power spikes that might damage your equipment, Check Point strongly recommends that you use an uninterruptible power supply (UPS) with surge protection with your IP2450 appliance.

To connect the power supply1. Connect the power cord securely into the power cord receptacle on the power supply. 2. Plug the other end of the power cord into a three wire grounded power strip or wall outlet.3. Toggle the 1/O power switch to the 1 position to provide power to the IP2450 appliance.

The fan unit on the power supply turns on when you press the power switch. Verify that the power supply fans are running after you press the switch.

NoteThe IP2450 appliance power supply automatically detects the input voltage (115 VAC or 220 VAC [85 to 264]) and configures itself appropriately.

If the fans are not running, make sure:The power cord is properly connected.

700W AC

FAULT

OVERTEMPPWR OK

00623

700W AC

FAULT

OVERTEMPPWR OK

Power cord receptacles

Power switch

Power supplies



The power supply switch is on.The chassis assembly is pushed all the way in from the front of the appliance.That power is turned on to the power strip or wall receptacle into which you plugged the appliance.

If the fans are still not running, contact your Check Point service provider or Check Point Support Center at http://support.checkpoint.com/.

NoteOn an appliance with two active power supplies installed, connect and turn on both power supplies for load sharing and redundancy. If two power supplies are installed and both power supplies are not turned on, the Fault LED illuminates.

Performing the Initial ConfigurationIf you do not use DHCP to perform the initial configuration of your Check Point IP2450 appliance, you must use a serial console connection (cable included). After you perform the initial configuration, you no longer need the console connection.

To perform the initial configuration1. Turn on the appliance.

At the console a series of startup messages appears, then the following prompt appears:Type any character to enter command mode.

The prompt remains on the screen for about five seconds. If you type any character during this time, the system activates the Check Point IPSO boot manager.

NoteFor information about how to use the boot manager, see the IPSO Boot Manager Reference Guide.

After some miscellaneous output appears, the following prompt appears:Hostname?

If the Hostname? prompt does not appear on the console, check the console port and console display connections to ensure that the serial cable is completely plugged in at both ends. If you verify the console connections and still do not see either the BOOTMGR> or Hostname? prompts, verify that the terminal or terminal emulator program settings are correct. If the settings are correct, contact your Check Point service provider as listed in “Check Point Contact Information” on page 2.

2. Respond to the Hostname? prompt within 30 seconds to prevent the DHCP client from starting.



Performing the Initial Configuration

If the DHCP client starts, it might configure the appliance with an incorrect host name and IP address (this could happen if a DHCP server on your network is configured to respond to any request). To reset the incorrect host name and IP address:a. Establish a console connection to the appliance.b. Log into the system using the user name admin and the password password.c. Enter the following:

rm /config/active

ormv /config/active /config/active.old

d. Reboot the appliance.e. Respond to the Hostname? prompt within 30 seconds to prevent the DHCP client from

restarting.3. At each subsequent prompt, enter the requested configuration information.

For more information about how to respond to the prompts during the initial configuration process, see the release notes for the Check Point software release you are running.

4. When you are prompted to select an interface, Check Point recommends that you select one of the Ethernet management interface ports. To select an interface, enter the number adjacent to the physical ID in the list of connected interfaces.

NoteA physical ID identifies the NIC or ADP module interface type (interface_type) and provides information about its slot number (slot_num), subslot number (subslot_num) and port number (port_num). The physical ID syntax is:

interface_type-sslot_num/ssubslot_numpport_num

For example, the physical ID for the first port of a two-port Ethernet NIC in slot 1, subslot 2 would be:

eth-s1/s2p1

The Ethernet management interface ports are numbered eth-s4p1 through eth-s4p4.

After you complete the initial configuration, you can use Check Point Network Voyager to configure the remaining network ports.



Connecting Network InterfacesConnect at least one network interface to the network to use as the Check Point Network Voyager system-management interface. This interface is configured during the initial configuration process, which is described in Chapter 3, “Performing the Initial Configuration.”You can also connect the remaining LAN interface cables at this point, although you are not required to do so.

NoteCheck Point recommends that you use one of the four front-panel Ethernet management ports for this connection.

To connect Ethernet devices, use a straight-through RJ-45 cable to connect to a hub.For details, see “Ethernet NIC Connectors and Cables” on page 63.To connect Gigabit Ethernet devices, use a fiber-optic cable with an LC connector for each NIC or ADP module interface. The destination end of the cable can be either LC or SC, depending on the type of connector required for the destination Gigabit Ethernet device.For details, see “Fiber-Optic Gigabit Ethernet NIC Connectors and Cables” on page 65.

Using Check Point Network VoyagerUse Check Point Network Voyager to configure and monitor your appliance.

To open Check Point Network Voyager1. Open a Web browser on the host you plan to use to configure or monitor your appliance.2. In the Location or Address field, enter the IP address of the initial interface you configured

for the appliance.You are prompted to enter the admin username and the password you entered when you performed the initial configuration.

NoteIf the username login screen does not open, you might not have a physical network connection between the host and your appliance, or you might have a network routing problem. Confirm the information you entered during the initial configuration and check that all cables are firmly connected. For more information, see the troubleshooting section in the installation guide for your appliance.


Using Check Point Network Voyager

Viewing Check Point IPSO Documentation by Using Check Point Network Voyager

The following documentation is available from the Check Point Network Voyager interface, as shown in Figure 10:

Network Voyager Reference Guide—This guide is the comprehensive reference source for Check Point Network Voyager. To access this source, look at the list in the navigation tree on the left side of the window (as shown in Figure 10).You can also access this guide and other Check Point IPSO documentation at the Check Point Support Center at http://support.checkpoint.com/. Network Voyager online help—You can access online help when you use Check Point Network Voyager. Online help is the context-sensitive information source for Check Point Network Voyager. To access online help for the window you are viewing, click Help. A Close button is available at the bottom of each online help window you view.

Figure 10 Check Point Network Voyager Reference Access Points

Link to complete user documentation

Link to online help (context sensitive help)





Using the Command-Line Interface You can also use the Check Point IPSO command-line interface (CLI) to manage and configure Check Point IP security appliances from the command line. Nearly everything that you can accomplish with Check Point Network Voyager you can also do with the CLI.

To access the command-line interface1. Log on to the appliance by using a command-line connection (SSH, console, or Telnet) over

a TCP/IP network as an admin, cadmin, or monitor user:If you log in as a cadmin (cluster administrator) user, you can change and view configuration settings on all the cluster nodes. For information about how to administer a cluster, see the traffic management commands section in the CLI Reference Guide for the version of Check Point IPSO you are using.

2. If you log in as a monitor user, you can execute only the show form of commands. That is, you can view configuration settings, but you cannot change them.

You can now execute CLI commands from the CLI shell and the Check Point IPSO shell. The Check Point IPSO shell is what you see when you initially log on to the appliance.

For more information about how to access and use the CLI, see the CLI Reference Guide for the version of Check Point IPSO you are using.

Using Check Point Horizon ManagerCheck Point Horizon Manager is an extension of the Check Point Network Voyager management functionality.While Check Point Network Voyager provides the device administrator access to network configuration tasks (such as interface configuration and routing configuration) and security configuration tasks (such as user configuration and access configuration), Check Point Horizon

Execute from To Implement Purpose

Check Point IPSO command line

Enter the following command to invoke the CLI shell:clishThe prompt changes, and you can then enter CLI commands.

Enter any CLI commands in an interactive mode with help text and other helpful CLI features.

Check Point IPSO command line

Enterclish -c “cli-command”

Execute a single CLI command. You must place double-quotation marks around the CLI command.

Command files From inside the CLI shell, enter load commands filename

Load commands from a text file that contains commands. The argument must be the name of a regular file.


Using Check Point Horizon Manager

Manager concentrates on secure software image, inventory, and platform management of Check Point IP security platforms.Using Check Point Horizon Manager, an administrator can obtain configuration information, upgrade (or downgrade) the operating system, perform application installations, and distribute necessary licensing to multiple platforms simultaneously, thereby reducing potential human error and improving productivity.Using Check Point Horizon Manager, a network security professional can manage multiple devices simultaneously, perform parallel software upgrades, device verifications, device configuration, file backups, and more.Check Point Horizon Manager is designed to manage and configure a large number of Check Point IP security appliances that reside on a corporate enterprise, managed service provider (MSP), or hosted applications service provider network (ASP).For information about how to obtain Check Point Horizon Manager or to learn more about the Check Point Horizon Manager, see the Check Point Web site at www.checkpoint.com.


http://www.checkpoint.com/

4 Installing and Replacing Network Interface Cards and ADP Modules

The Check Point IP2450 appliance may come with one of the network interface cards (NICs) or Accelerated Data Path (ADP) modules that you ordered already installed. NICs or ADP modules installed in IP2450 slots 1 and 2 are housed in a 6U PMC carrier. NICs housed in 6U PMC carriers are hot swappable, but NICs in slots 3 and 4 and ADP modules are not, and you must power down your appliance to install or replace them.

NoteADP modules can be installed only in slots 1 and 2.

This chapter describes the following topics:Removing, Installing, and Replacing NICs and ADP Modules

To remove and install 6U card carriers or ADP modules, and to replace network interface cards (NICs) in 6U PMC carriersTo replace a network interface card (NIC) in slot 3 or 4

Configuring and Activating InterfacesMonitoring Network Interface Cards or ADP Modules

For detailed information about specific network interface cards, see Chapter 5, “About IP2450 Appliance Network Interface Cards.”

CautionYou should have a working knowledge of networking equipment before you attempt to service an IP2450. Limit service of the appliance to the procedures described in this chapter.



CautionTo help guard against electrostatic discharge damage, make sure you are properly grounded by using a grounding wrist strap and following the instructions provided with the wrist strap before you handle the components or open the appliance. The grounding plug on the front of the appliance (shown in Figure 1 on page 17) provides a chassis grounding point. If you do not have a grounding wrist strap, make sure you are properly grounded before you touch any electronic component.

Removing, Installing, and Replacing NICs and ADP Modules

IP2450 appliances have two slots on the front of the appliance that hold two 6U PMC carriers or ADP modules. You must first remove the 6U PMC carrier or ADP module from its slot before you can remove or install a NIC or ADP module. You must also remove both PMC carriers or ADP modules to install or replace NICs in slot 3 or 4.To install or replace ADP modules, you only need to refer to the steps related to removing and installing 6U PMC carriers in this section, but you also need to refer to Chapter 6, “About IP2450 Appliance ADP Services Modules.”

NoteCheck Point recommends that you distribute installed NICs equally across the 6U PMC carriers. For example, if you install only two NICs, put one in each carrier. As you add NICs, fully load the 6U carriers before you install NICs in slots 3 and 4.

NoteBecause the IP2450 supports hot swapping of NICs, you do not have to turn off power from the system to remove, install, or replace a NIC. You cannot, however hot swap ADP modules.

Before You Begin

NoteBefore you install a NIC, make sure that the rubber gasket around the front of the NIC is installed properly.

To remove, install, or replace a NIC or ADP module, you need the following:Phillips-head screwdriver



For slots 1 and 2, a suitable, grounded work surface on which to place the 6U PMC carrier or ADP moduleReplacement or new NIC or ADP module

NoteIf you are servicing the slot 1 carrier or ADP module, Check Point recommends that you disconnect interface cables from the ports after you remove the carrier, as it is more difficult to remove cables from a carrier or ADP module installed in that location.

To remove and install 6U card carriers or ADP modules, and to replace network interface cards (NICs) in 6U PMC carriers1. Identify the location (6U PMC carrier and slot) of the NIC or ADP module to be replaced.2. For 6U carriers, press the hot swap button on the 6U PMC carrier with an open paper clip or

similar device and wait for the hot swap LED to illuminate solid blue.For ADP modules, do the following:a. Use Check Point Network Voyager or the CLI to perform an orderly shutdown of the

IP2450. For information about how to access Check Point Network Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 42.

b. Press the power switches, located on each power supply at the back of the appliance, to turn off power to the appliance.

NoteHot swap is not supported for ADP modules.

3. Loosen the screws on each side of the 6U PMC carrier or ADP module. The screws are located behind the ejector and locking levers.

CautionTo avoid damage to the ejector and locking lever, loosen the retaining screw behind each ejector and locking lever before you remove the 6U PMC carrier or ADP module.

1000B-LX

ACT

LINK

00661


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

Hot swap button and hot swap LED



4. Press the red buttons on the ejector and locking levers on the 6U PMC carrier or ADP module. The lock is released.

NotePressing both red buttons on the front of the ejector and locking levers disengages the lock and removes power from the 6U PMC carrier or ADP module. The power LED on the front of the PMC carrier or ADP module turns off when the power is removed.

5. Press or push the levers toward the outer edges of the IP2450.

6. Continue to press or push the levers outward until the 6U PMC carrier or ADP module is released and extends slightly beyond the front panel of the IP2450.

00645

IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

SLOT 1

HDD A

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

1000BaseT

1234

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

Ejector and locking levers

Push red button to disengage or engage lock

Unscrew screw to release

Release or lock into place



7. Gently pull the 6U PMC carrier or ADP module out from the slot and place it on a suitable, grounded work surface.

8. Locate the bezel retaining screws, used to keep the NIC attached, on the underside of the 6U PMC carrier.

9. Remove the two bezel retaining screws with a Phillips screwdriver.

NoteIf you are installing a NIC in an unoccupied slot on the 6U PMC carrier, remove the blank bezel that covers the slot and retain it for future use. Proceed to step 12.

00643

IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

SLOT 1

HDD A

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

ACT

STAT

SLOT 4

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

1000BaseT

1234

1000B-LX

ACT

LINK

1000B-LX

ACT

LINK

V2

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

00311



10. Locate and remove the two NIC retaining screws from the back of the NIC.

11. Remove the NIC by lifting the back of the NIC away from the chassis tray assembly and pulling it gently away from the front panel.

00312

00313.1



12. Insert the new NIC or a blank bezel by doing one of the following:a. Being careful to push down only where the motherboard connectors are located, press the

back end of the NIC down into the connectors until it is fully seated.

b. If you are not replacing a NIC you are removing, insert a blank bezel into the location formerly occupied by the NIC.Make sure that the bezel is completely seated onto the slot on the front of the 6U PMC carrier and that the screw holes on the bottom of the bezel align with those on the bottom of the PMC carrier. Proceed to step 14.

NoteTo reduce electromagnetic interference (EMI), a blank bezel needs to be installed in the place of any NIC you have removed.

13. From the top of the 6U PMC carrier, screw the NIC retaining screws into the standoffs on the back of the NIC.

00314.1

00312



14. From the underside of the 6U PMC carrier, screw in the bezel retaining screws.

15. Insert the 6U PMC carrier or ADP module back into its original slot on the front of the IP2450 appliance until it clicks into place.

16. Press both levers to make sure that they are locked into place and power is restored to the 6U PMC carrier or ADP module.The power indicator LED on the 6U PMC carrier or ADP module illuminates green.

.

If you are replacing a NIC or ADP module with a new NIC or ADP module of the same type, the Check Point IPSO operating system automatically recognizes the NIC or ADP module and applies the original configuration to the new NIC or ADP module.If you are installing a new or different NIC or ADP module, configure the new NIC or ADP module by using Check Point Network Voyager. For information about how to access Check Point Network Voyager, see “Using Check Point Network Voyager” on page 42.

00311

00643

IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

SLOT 1

HDD A

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

ACT

STAT

SLOT 4

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

1000BaseT

1234

1000B-LX

ACT

LINK

1000B-LX

ACT

LINK

V2

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK



To replace a network interface card (NIC) in slot 3 or 4

NoteBecause power to an IP2450 is automatically disconnected when the chassis assembly is opened, you do not need to manually disconnect the power for this procedure. Any servicing of the appliance, however, should be completed with the chassis assembly fully removed from the appliance.

NoteSome figures for this procedure show a slot 3 NIC replacement, but the same procedure applies for both slots 3 and 4.

1. Use Check Point Network Voyager or the CLI to perform an orderly shutdown of the IP2450. For information about how to access Check Point Network Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 42.

2. Loosen the four front panel retaining screws.

IP2450

RESET

00616.1

CONSOLE AUX AUX2

HDD B

SLOT 3SLOT 2

SLOT 1HDD A

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

1000BaseT

PC CARD

1234


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK




3. Slide the chassis tray assembly forward, press and tray release lever, and completely remove the tray from the appliance.

4. Remove the six screw that secure the metal shield above the two 6U PMC carriers and remove the shield.

IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

SLOT 1

HDD A

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

00637

1000BaseT

1234

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

6U PMC carrier shield

Slot 3

Tray release lever

Slot 4



5. Remove any installed 6U PMC carriers so that both slot 1 and slot 2 are not occupied.

6. Remove the two front bezel screws and remove the slot 3 or slot 4 filler panel or installed NIC.

IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

HDD A

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

00654.1

1000BaseT

1234

Remove 6U PMC carriers

Remove six screws and 6U PMC carrier shield



7. Raise the back end of the NIC approximately 45 degrees as you insert the front end into slot 3 in the front panel.

00657.2

IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

SLOT 1

HDD A

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 41000BaseT

1234

LINKACT

V2

LINKACT

1000BaseT

LINKACT

V2

LINKACT

1000BaseT



8. Being careful to push down only where the motherboard connectors are located, press the back end of the NIC down into the connectors until it is fully seated.

9. Secure the back end of the NIC with the two screws provided with the kit.10. Secure the front end of the NIC by replacing the two front bezel screws that you removed

previously.11. Slide the chassis assembly back into the appliance until it clicks into place.12. Resecure the chassis assembly retaining screws.13. Press the power switch, located on each power supply at the back of the appliance, to turn on

the power to the appliance.

NoteMake sure that you turn on both power supplies.

If you are replacing a NIC with a new NIC of the same type, the Check Point IPSO operating system automatically recognizes the NIC and applies the original configuration to the new NIC.If you are installing a new or different NIC, configure the new NIC by using Check Point Network Voyager. For information about how to access Check Point Network Voyager, see “Using Check Point Network Voyager” on page 42.

00644.2

IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

SLOT 1

HDD A

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 41000BaseT

1234

PC CARD

1000BaseT

LINKACT

LINKACT

1000BaseT

LINKACT

LINKACT

Take care that the EMI gasket doesn’t roll back during NIC installation

Arrows indicate locations where the gasket might roll back

Secure the two rear NIC screws

Reinstall the two bezel screws



Configuring and Activating InterfacesThe Check Point IP2450 appliance automatically detects any new interfaces when either 6U PMC carrier or ADP module is completely installed. Use Check Point Network Voyager to configure and activate the logical and physical interfaces on the NIC or ADP module.For information about configuring and activating ADP module interfaces, see Chapter 6, “About IP2450 Appliance ADP Services Modules.”For information about how to access Check Point Network Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 42.

Monitoring Network Interface Cards or ADP ModulesYou can assess the general operating condition of the NICs or ADP modules in your appliance by looking at the LED status indicators on each NIC or ADP module. The status indicators for each NIC are explained in Chapter 5, “About IP2450 Appliance Network Interface Cards.”The status indicators for ADP modules are explained in Chapter 6, “About IP2450 Appliance ADP Services Modules.”Use Check Point Network Voyager to access detailed port information. For information about how to access Check Point Network Voyager, see “Using Check Point Network Voyager” on page 42.You can also use the Check Point IPSO tcpdump command to examine the traffic on a specific port.


5 About IP2450 Appliance Network Interface Cards

This chapter describes the network interface cards available for the Check Point IP2450 appliance and how to connect those NICs to your network. The following NICs are described:

Four-Port 10/100 Ethernet NICsTwo-Port Fiber-Optic Gigabit Ethernet NICsTwo-Port and Four-Port Copper Gigabit Ethernet NIC

For instructions about how to add or replace NICs, see Chapter 4, “Installing and Replacing Network Interface Cards and ADP Modules.”The NICs supported in the IP2450 operate at the peripheral component interconnect (PCI) frequency listed in Table 8.

CautionTo protect the IP2450 and the memory modules from electrostatic discharge damage, make sure you are properly grounded before you touch these components. Use a grounding wrist strap and follow the instructions provided with the wrist strap before you handle the components or open the appliance. The grounding plug on the front of the appliance (shown in Figure 1 on page 17) provides a chassis grounding point. If you do not have a grounding wrist strap, make sure you are properly grounded before you touch any electronic component.

Table 8 NIC PCI Frequency

NIC or interface port Maximum PCI operation supported

10/100 Ethernet 133 MHz

Fiber-optic Gigabit Ethernet 133 MHz

Copper Gigabit Ethernet (10/100/1000) 133 MHz



Four-Port 10/100 Ethernet NICsThe IP2450 supports Check Point-approved, four-port UTP5 dual-mode (10-Mbps and 100-Mbps) Ethernet NICs installed in a 6U PMC carrier or in slot 3 (slot 4 is reserved for a four-port copper Gigabit Ethernet NIC). When you purchase a 10/100 Ethernet NIC with your IP2450, the NIC is installed before the appliance is delivered to you. For information about how to add or replace a NIC, see Chapter 4, “Installing and Replacing Network Interface Cards and ADP Modules.”

10/100 Ethernet NIC FeaturesThe four-port 10/100 Ethernet NIC supports PCI operation at 133 MHz and runs on Check Point IPSO 4.2 or higher.Both the four-port and two-port Ethernet NICs support the following features:

Hot swappabilityTracing through tcpdumpPCI operation at 33 MHz and 66 MHzCompliance with IEEE 802.3z Gigabit Ethernet specification

You can configure and monitor Ethernet NIC interfaces by using Check Point Network Voyager. Specifically, you set the port speed and full-duplex or half-duplex mode with Check Point Network Voyager. For information about how to access Check Point Network Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 42.

Figure 11 Four-Port 10/100 Ethernet NIC Front Panel Details

After the power is turned on and the cables are connected, the Ethernet link LEDs on both the IP2450 and on the remote equipment illuminate to indicate the connection. As data is transmitted, the activity LEDs on the appliance illuminate.

00026.2

3211234

4

10/100 BaseT

Activity LED (blinking green)Link LED (solid green)

PortsRJ-45 connectors


Four-Port 10/100 Ethernet NICs

Ethernet NIC Connectors and CablesThe Ethernet connectors on the two-port and four-port 10/100 Ethernet NICs are RJ-45 connectors. Use a straight-through cable to connect the NIC to a hub or switch, or a crossover cable to connect directly to a host. Use IEEE 802.3 10/100 BASE-TX Cat 5 unshielded twisted-pair, full-duplex, or half-duplex cable. You can order appropriate adapter cables separately from a cable vendor of your choice.

CautionCables that connect to the Ethernet card must be IEEE 802.3 compliant to prevent potential data loss.

Figure 12 shows the pin assignments for the RJ-45 cable. The connector is numbered from right to left, with the copper tabs facing up and toward you.

Figure 12 Output Connector for the Ethernet Cable

Figure 13 shows the pin assignments for the RJ-45 cross-over cable.

Figure 13 Ethernet Crossover-Cable Pin Connections

00270

Pin Assignment

1 TX +

2 TX -

3 RX +

4

5

6 RX -

7

8

8 1

00017.1

12345678

12345678



Two-Port Fiber-Optic Gigabit Ethernet NICsThe IP2450 supports Check Point-approved, two-port, fiber-optic Gigabit Ethernet NICs installed on a PMC expansion slot. The IP2450 can accommodate up to four Gigabit Ethernet NICs.When you purchase a Gigabit Ethernet NIC with your IP2450, the NIC is installed before the appliance is delivered to you. For information about how to add or replace a NIC, see Chapter 4, “Installing and Replacing Network Interface Cards and ADP Modules.”

Fiber-Optic Gigabit Ethernet NIC FeaturesThe short-range and long-range fiber-optic Gigabit Ethernet NICs support:

High bandwidthFull-duplex mode operation up to 1 Gbps (no half-duplex support)Link speed auto advertisingTracing through tcpdumpCompliance with IEEE 802.3z Gigabit Ethernet specification

The short-range multi-mode fiber (MMF) fiber-optic Gigabit Ethernet NICs in the IP2450 run on Check Point IPSO 4.2 or higher.The long-range single-mode fiber (SMF) fiber-optic Gigabit Ethernet NICs in the IP2450 run on Check Point IPSO 4.2 or higher.You can configure and monitor Gigabit Ethernet NIC interfaces with Check Point Network Voyager. Specifically, you set the port speed and full-duplex mode with Check Point Network Voyager. For information about how to access Check Point Network Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 42.Figure 14 shows the front panel details for the two-port short-range (1000 BASE-SX) fiber-optic Gigabit Ethernet NIC you can use in IP2450 appliance.

Figure 14 PMC Two-Port Short-Range Gigabit Ethernet NIC

00206

GIG

E

Link LEDs (solid green)Activity LEDs (blinking amber)

Ports


Two-Port Fiber-Optic Gigabit Ethernet NICs

Figure 15 shows the front panel details for the two-port long-range (1000 BASE-LX) fiber-optic Gigabit Ethernet NIC you can use in your IP2450.

Figure 15 PMC Two-Port Long-Range Gigabit Ethernet NIC

After the power is turned on and the cables are connected, the Ethernet link LEDs on both the IP2450 and on the remote equipment illuminate to indicate the connection. As data is transmitted, the activity LEDs on the appliance illuminate.

Fiber-Optic Gigabit Ethernet NIC Connectors and CablesFor short-range NICs, to connect the fiber-optic Gigabit Ethernet NIC to other network components, use a multi-mode, fiber-optic cable with an LC connector for each NIC interface. You can use either 50 or 62.5 micron cable; 50 micron-type cable provides longer transmission reach. For long-range NICs, to connect the fiber-optic Gigabit Ethernet NIC to other network components, use a single-mode, fiber-optic cable with an LC connector for each NIC interface.The destination end of the cable can be either LC or SC, depending on the type of connector required for the destination Gigabit Ethernet device. You can also use a half-duplex LC-to-LC cable to loop back the transmit port of an interface to the receiver port. LC and SC define the fiber-optic connector types; LC connectors are smaller than SC connectors.

CautionDepending on the product you order, one or more LC-to-SC cables are included with fiber-optic Gigabit Ethernet NICs. You can order additional cables from a cable vendor of your choice.Cables that connect to the Gigabit Ethernet NIC must be IEEE 802.3z compliant to prevent potential data loss.

Performance ConsiderationsIf you are using two two-port fiber-optic Gigabit Ethernet NICs in an IP2450, place one NIC in each of the two 6U PMC carrier units to get maximum system throughput. Each 6U PMC carrier unit has a separate PCI bus connection to the main system motherboard. In the configuration described here, each of the two fiber-optic two-port Gigabit Ethernet NICs access a separate PCI bus.

00555

LINK

ACT1000B-LX

Link LEDs (solid green)Activity LEDs (blinking amber)

Ports



Two-Port and Four-Port Copper Gigabit Ethernet NICThe Check Point IP2450 appliance supports Check Point-approved, two-port and four-port copper Gigabit Ethernet NICs installed on a 6U PMC carrier or in slot 3 (slot 4 is reserved for a four-port copper Gigabit Ethernet NIC and it is replaceable). The IP2450 can accommodate up to six Gigabit Ethernet NICs. When you purchase a copper Gigabit Ethernet NIC with your IP2450, the NIC is installed before the appliance is delivered to you. For information about how to add or replace a NIC, see Chapter 4, “Installing and Replacing Network Interface Cards and ADP Modules.”

Copper Gigabit Ethernet NIC FeaturesThe copper Gigabit Ethernet NIC supports:

High bandwidthFull-duplex mode operation up to 1 Gbps Link speed auto advertising (10/100/1000)Hot swappingPCI operation at 33 MHz, 66 MHz, and 133 MhzCompliance with IEEE 802.3z and 802.3ab Gigabit Ethernet specifications

You can configure and monitor Gigabit Ethernet NIC interfaces with Check Point Network Voyager. Specifically, you can use Check Point Network Voyager to set the port speed and full-duplex mode to 1000, 100, or 10 Mbps.For information about how to access Check Point Network Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 42.Figure 16 shows the front panel details for the PMC two-port copper Gigabit Ethernet NIC you can use in Check Point IP2450 appliances.

Figure 16 Two-Port Copper Gigabit Ethernet NIC Front Panel Details

Figure 17 shows the front panel details for the PMC four-port copper Gigabit Ethernet NIC you can use in Check Point IP2450 appliances.

00386.5

LINK

ACT

V2LINK

ACT

1000BaseT

Link LEDs (green or yellow)Activity LEDs (yellow)

Ports


Two-Port and Four-Port Copper Gigabit Ethernet NIC

Figure 17 Four-Port Copper Gigabit Ethernet NIC Front Panel Details

After the power is turned on and the cables are connected, the Ethernet link LEDs on both the IP2450 and on the remote equipment illuminate to indicate the connection.

NoteThe Link LED on the NIC is bicolored. A green LED indicates a 1 Gbps link speed, and a yellow LED indicates a 10/100 Mbps link speed. As the NIC transmits data, the activity LEDs on the appliance illuminate.

Performance ConsiderationsIf you are using two two-port or four-port copper Gigabit Ethernet NICs in an IP2450, place one NIC in each of the two 6U PMC carrier units to get maximum system throughput. Each 6U PMC carrier unit has a separate PCI bus connection to the main system motherboard. In the configuration described here, each of the two copper Gigabit Ethernet NICs access a separate PCI bus.

Two-Port Copper Gigabit Ethernet NIC Connectors and CablesThe IP2450 receptacles are RJ45 connectors.

CautionCables that connect to the Gigabit Ethernet card must be IEEE 802.3 compliant to prevent potential data loss.

To connect to a hub, switch, or router, use a straight-through RJ-45 cable (Cat 5 type cable, or as required by your network configuration).

NoteCertain circumstances might require shielded Cat 5 Ethernet cables to meet Class B emissions requirements.

00641

3211234

4

1000 BaseT

Link LEDs (solid green)Activity LEDs (blinking green)

Ports



In Figure 18, the RJ-45 cable output connector is numbered from right to left, with the copper pins facing up and toward you.

Figure 18 Ethernet Cable Connector Output Pin Assignments

To connect directly to a host, use an RJ-45 crossover cable wired as Figure 19 shows.

Figure 19 Ethernet Crossover Cable Pin Connections

NoteAfter you turn on the appliance, the Ethernet link LEDs on both the appliance and on the remote equipment illuminate to indicate the connection. As data is transmitted or received, the activity LEDs on the appliance illuminate.

To connect the IP2450 to other network components, you can order appropriate adapter cables separately from a cable vendor of your choice.

00270

8 1

Pin#

GigabitEthernetAssignment

10/100 MbpsAssignment

1 BI_DA+ TX

2 BI_DA- TX

3 BI_DB+ RX

4 BI_DC+

5 BI_DC-

6 BI_DB- RX

7 BI_DD+

8 BI_DD-

00017.1

12345678

12345678


6 About IP2450 Appliance ADP Services Modules

This chapter describes the Accelerated Data Path (ADP) services modules available for the Check Point IP2450 appliance and how to connect those modules to your network. It includes the following sections:

Installing and Replacing ADP ModulesUsing ADP Transceivers in ADP ModulesIdentifying ADP Module and Transceiver Types with Latch Lever Color CodesCheck Point ADP Module LED Reference InformationConfiguring Check Point IPSO for IP2450 ADP Interfaces

Check Point IP2450 ADP modules help to accelerate firewall and VPN throughput. ADP is a technology designed to forward packets at the highest possible rate. Check Point ADP modules provide this technology by offloading processing from the CPU to network processors.For IP2450 appliances, ADP is implemented with a single module on connections that benefit from the Check Point SecureXL feature.

NoteYou can use up to two ADP module at a time, and you can install single modules in either slot 1 or 2.

One version of the module has built-in RJ-45 ports that provide 10/100/1000 Gigabit Ethernet service. Other versions use swappable ADP transceivers to provide several different types of services. Hardware configurations available from Check Point are described in the following table.

ADP module type Number of ports Supported speeds Supported ADP transceivers

Build in RJ-45 12 10/100/1000 Mbps n.a.



For information about how to identify short-range and long-range ADP transceivers, see “To install or remove ADP transceivers in a Check Point ADP module” on page 74. The ADP transceivers are hot swappable.

NoteCheck Point supports only ADP modules and ADP transceivers sold by Check Point. For further information, contact your Check Point representative.

NoteFor IP2450 appliances, you need to install Check Point IPSO 6.x or later to use ADP modules.

Installing and Replacing ADP Modules

NoteBefore you begin this procedure, you should review all ADP module information in the Getting Started Guide and Release Notes for the version of Check Point IPSO you are using.

Use these instructions to install an ADP module in your appliance.

Before You BeginTo install a Check Point ADP module, you need the following:

A Phillips-head screwdriverPhysical access to the applianceAccess to the appliance by using Check Point Network Voyager or the CLIA suitable, grounded work surface The ADP module kit

Gigabit Ethernet SFP 12 1000 Mbps • Fiber-optic (short range)• Fiber-optic (long range)• Copper

10 Gigabit Ethernet XFP 3 10 Gbps • Fiber-optic (short range)• Fiber-optic (long range)

ADP module type Number of ports Supported speeds Supported ADP transceivers



To install an ADP module in IP2450 appliancesFor information about how to install or replace Check Point ADP module in your appliance, see Chapter 4, “Installing and Replacing Network Interface Cards and ADP Modules.” There are few differences between the procedures for installing and replacing IP2450 PMC NIC card carriers and ADP modules other than the following steps and considerations:

Before you remove your PMC NIC card carriers and replace them with your ADP module, do the following:

You cannot preserve the configuration for slots 1 and 2 of your appliance when you replace a PMC NIC card carrier with an ADP module or, conversely, when you replace your ADP module with a PMC NIC card carrier due to interface naming convention differences. Therefore, you need to delete all existing configurations associated with any affected slots.Upgrade the Check Point IPSO software to the required version as described in the Getting Started Guide and Release Notes that you received with your ADP module.

Remove the installed PMC card carrier for a slot that you are installing ADP modules in. For the card carrier removal procedure, see Chapter 4, “Installing and Replacing Network Interface Cards and ADP Modules.”.

NoteYou must first power down your appliance before you remove any installed card carriers.

CautionWhen you install an ADP module, take care not to scrape the bottom surface, as this can damage the device.

After you slide the ADP module into the carrier slot, secure the two screws and ensure that both of the ejector and locking levers are fully secured.After you physically install the ADP module, reboot the system and reconfigure the interfaces as described in “Configuring Check Point IPSO for IP2450 ADP Interfaces” on page 76.

The following figure shows the fiber and copper IP2450 Gigabit Ethernet ADP modules and card carrier assemblies.

NoteHot Swap switch functionality is not supported by Check Point IPSO at the time of this guide’s publication. The RDY LED, however, illuminates during booting and then turns off.



NoteYou might notice that the orange Activity LED, as shown in the following figure, might blink at longer intervals than typical for traffic when an ADP module port is connected to a switch. This likely indicates that the switch is sending ARP (address restoration protocol) requests to the port, and no traffic is present.



Figure 20 ADP Module Front Panel Details and LED Information

00655

00656

00658

ADP 10G CARD

L

A

PWR

RDY

HOT SWAP

REQ

2 3

L

A

1

L

A

Power LED illuminates green when the ADP module is under power


Twelve-port copper Gigabit Ethernet ADP module

Twelve-port copper and fiber Gigabit Ethernet ADP module (fiber in this example)

Link 10/100 Mbps: Orange (solid)1000 Mbps: Green (solid)

Activity Orange (blinking)

Activity Orange (blinking)Link 1000 Mbps: Green (solid)


Link 10 Gbps: Green (solid)Activity Orange (blinking)


Three-port fiber10 Gigabit Ethernet ADP module



Using ADP Transceivers in ADP Modules

For ADP modules that require ADP transceivers, refer to the following procedure, which describes how to install or remove Check Point ADP transceivers. The transceivers are hot swappable as are the interface cables you use with them. Rotate the latch levers up or down to secure transceivers, or to release them for removal. You do not need to change the interface type in Check Point Network Voyager or the CLI, as the system makes the configuration changes automatically.Hardware configurations available from Check Point that use ADP are described in the table on on page 69.To identify the types of transceivers you are using in your ADP modules, refer to Table 9 on page 75.

To install or remove ADP transceivers in a Check Point ADP moduleTo install an ADP transceiver:

Push the transceiver into an available port in the ADP module.Rotate the transceiver latch lever down to secure the transceiver in the ADP module.

NoteDepending on the design of your ADP transceiver, you might need to rotate the latch lever upward to release the device.

Insert an appropriate interface cable into the transceiver. To remove an ADP transceiver:

Remove the cable.Release the transceiver by rotating the latch lever.Pull out the transceiver.

Note that if you install any ADP transceivers that are not supported by Check Point, they are not recognized by Check Point IPSO; the system rejects the transceivers and includes them in a list

00652a

Latch lever

Flip latch lever down before inserting the ADP transceiver


Identifying ADP Module and Transceiver Types with Latch Lever Color Codes

of rejected interfaces on the Interface Configuration page in Check Point Network Voyager, as shown in the following figure.

NoteThe Non-Supported Components table appears only if you have ADP transceivers installed that are not supported by Check Point.

Identifying ADP Module and Transceiver Types with Latch Lever Color Codes

To identify the types of ADP modules and transceivers you are using, refer to the color of the latch levers as described in the following table.

Check Point ADP Module LED Reference InformationAll Check Point IP2450 ADP modules provide two LEDs for each port to indicate Link and Activity status. For information about the LEDs, see Figure 20 on page 73.

Table 9 Identifying ADP Modules and Transceivers

Type Latch lever color

RJ-45 Gigabit Ethernet ADP modules Yellow

Gigabit Ethernet short range Black

Gigabit Ethernet long range Blue

10 Gigabit Ethernet short range Beige

10 Gigabit Ethernet long range Blue



Configuring Check Point IPSO for IP2450 ADP InterfacesThis section includes information about configuring Check Point IPSO to use the interfaces on a Check Point ADP module. To help you understand the implications of installing an ADP module, it provides an example of the steps you might perform to install an ADP module in an IP2450 appliance running the Virtual Router Redundancy Protocol (VRRP).

Effect on InterfacesWhen you install ADP modules, Check Point IPSO automatically creates interface names for the ADP interfaces and changes the existing interface names and configuration information, as described below:

If you install an ADP module in an IP2450 appliance, the names and configuration information for all the interfaces previously installed in an affected slot become invalid.

These changes can affect any features or protocols that use the existing interfaces or their addresses, including the following:

Dynamic routing protocolsMulticast routing protocolsStatic routing configurationVRRPIP clusteringTransparent modeLink aggregationLink redundancyTraffic management/QoS

NoteAfter you install an ADP module, reconfigure any protocols and features that used the removed interfaces to use the ADP interfaces. Reassign IP addresses from the removed interfaces to the ADP interfaces as appropriate.

Check Point ADP Module Interface Names for IP2450 AppliancesADP module interface naming conventions differ from those for PMC NICsThe twelve ports on your ADP module are named as follows:For slot 1:eth-s1p1, eth-s1p2, eth-s1p3, eth-s1p4, eth-s1p5, eth-s1p6, eth-s1p7, eth-s1p8, eth-s1p9, eth-s1p10, eth-s1p11, eth-s1p12For slot 2:


Configuring Check Point IPSO for IP2450 ADP Interfaces

eth-s2p1, eth-s2p2, eth-s2p3, eth-s2p4, eth-s2p5, eth-s2p6, eth-s2p7, eth-s2p8, eth-s2p9, eth-s2p10, eth-s2p11, eth-s2p12Since the ADP interface names are not exactly the same as other PMC NIC interface names, you need to reconfigure your appliance when you replace PMC NICs with an ADP module or an ADP module with PMC NICs.

Configuring Network Topology with an IP2450 ApplianceThere are several constraints that are relevant to your network topology after you install an ADP module in an IP2450 appliance that are also relevant to the interaction of ADP interfaces and NIC interfaces. When you install an ADP module in an IP2450 appliance, Check Point recommends that you configure your network so that your appliance does not forward traffic between ADP interfaces and PMC NIC interfaces even if the NIC interfaces are Gigabit Ethernet. Using a configuration of this type can significantly degrade throughput due to the need for packets to traverse multiple PC backplane buses.When you install an ADP module in an IP2450 appliance, the network processor in the module performs all VPN encryption and decryption, even for VPN packets that are sent through PMC NIC interfaces. The built-in Check Point encryption accelerator continues to accelerate IKE traffic but does not perform any other processing. If VPN traffic is sent through a NIC interface, throughput is negatively affected because the packets must transit the IP2450 appliance backplane to reach the network processor in the ADP module. Check Point recommends that you configure your VPNs to use only ADP interfaces to avoid this performance loss.

Configuration Example with VRRPThis example describes the steps required to install an ADP module in an IP2450 appliance with VRRP configured. The following figure shows the Interface Configuration page of the platform before an ADP module is installed.



Interfaces are installed in slots 1, 2, and 3.

For this example, legacy monitored-circuit VRRP is enabled and configured with these settings:Interface eth-s1/s1p1c0 is assigned the IP address 10.1.1.1 (not shown) and uses 10.1.1.99 as the VRRP backup address. Interface eth-s1/s1p2c0 backs up interface eth-s1/s1p1c0.



The following figure shows the VRRP configuration:

The rest of this section describes how to reconfigure the interfaces and VRRP to accommodate the ADP interfaces.

Deleting VRRP ConfigurationsAfter you physically remove PMC NIC card carriers that you are replacing with ADP modules, you need to delete the configuration information for those interfaces. If VRRP is active at that time, you will not be able to delete the configuration information for the interfaces used by VRRP. Therefore, you should begin by deleting the existing VRRP configuration.

NoteIt is best to perform the procedures in this section on the VRRP backup system first. When the installation is complete, the upgraded system can become the new master while you upgrade the original master.



Reconfiguring InterfacesAfter you install the ADP module, you need to reconfigure interface information as described below.

To reconfigure interfaces for ADP modules1. Log into the appliance using Check Point Network Voyager.2. Navigate to the Interface Configuration page.

The removed interfaces are still listed on this page, and you see a blue indicator next to each of them in the Up column.Also notice that the ADP logical interfaces are named eth-s2p1c0 through eth-s2p12c0:



3. Delete the interface names and configuration information for each interface you removed by following the remaining steps in this procedure.

NoteTo delete an interface used by VRRP or IP clustering, you must first disable the feature that uses the interface. This is why you deleted the VRRP configuration before you installed the ADP module.

4. Click a physical interface name. Check Point Network Voyager displays the Physical Configuration page for that interface.

5. In the Physical Status area, click the Delete check box.

6. Click Apply.7. Delete the configuration information for the rest of interfaces that you removed by restarting

this procedure at step 2.8. When you have deleted the configuration information for all the interfaces that you

removed, click Save.



The following figure shows the example system after the configuration information for all of the removed interfaces has been deleted:

9. If appropriate, configure the ADP interfaces to use the IP addresses previously assigned to the removed interfaces.

In this example, you need to assign the address 10.1.1.1 to the new interface eth-s2p1c0.

Reconfiguring VRRPAfter you finish reconfiguring interfaces, you need to reconfigure any protocols and features that used the removed interfaces to use the ADP interfaces.In this example, you need to recreate the VRRP configuration using the new interfaces



eth-s2p1c0 and eth-s2p2c0. The following figure shows the example system after you recreate the VRRP configuration using the new interfaces:


7 Installing and Replacing Components Other than Network Interface Cards (NICs) and Accelerated Data Path (ADP) Services Modules

This chapter provides information about how to install or replace orderable parts other than network interface cards (NICs) in your Check Point IP2450 appliance. The following topics are covered:

Replacing the Check Point Encryption Accelerator CardInstalling or Replacing Hard-Disk DrivesInstalling a PC CardReplacing the Compact Flash Memory CardReplacing or Upgrading MemoryInstalling or Replacing a Fan UnitInstalling or Replacing a Power SupplyReplacing the Motherboard Battery

For information about how to add or replace NICs, see Chapter 4, “Installing and Replacing Network Interface Cards and ADP Modules.”You should have a working knowledge of networking equipment before you attempt to service an IP2450. Limit service of the appliance to the procedures described in this chapter.



7 Installing and Replacing Components Other than Network Interface Cards (NICs) and Accelerated Data Path

Replacing the Check Point Encryption Accelerator CardThe IP2450 comes with the Check Point encryption accelerator card preinstalled as part of its base bundle to further enhance VPN performance. The accelerator card provides high-speed cryptographic processing that enhances VPN performance.The IP2450 appliance uses a PMC format accelerator card. The accelerator card has no external connections and requires no cables. The accelerator card software package is part of Check Point IPSO, so the appliance automatically detects and configures the card.Use Check Point Network Voyager to configure your software applications to make use of the available hardware accelerator. For information about how to configure software applications, see “Configuring Software to Use Hardware Acceleration” on page 88.This section describes how to install an accelerator card.

To install the Check Point encryption accelerator cardTo install a Check Point encryption accelerator card, you need:

Physical access to the applianceThe Check Point encryption accelerator card and installation kitPhillips-head screwdriverFour screws (included in kit)Grounding wrist strap (included in kit)

CautionTo avoid potential equipment malfunction, Check Point recommends that you obtain encryption accelerator cards only from Check Point or authorized resellers. For further information, see the Check Point Web site at www.checkpoint.com.



2. Press the power switches, located on each power supply at the back of the appliance, to turn off power to the appliance.



Replacing the Check Point Encryption Accelerator Card

NoteMake sure that you turn off both power supplies.



5. Install the encryption accelerator card as shown in the following graphic, press the right side of the card to fully seat the connector, and secure the four screws included in the kit.

IP2450

RESET

00616.1

CONSOLE AUX AUX2

HDD B

SLOT 3SLOT 2

SLOT 1HDD A

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

1000BaseT

PC CARD

1234


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK


00659

IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

HDD A

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 41000BaseT

1234

SLOT 1

ACT

ACT

STAT

LINK

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

Check Point encryption accelerator card



6. Slide the chassis assembly back into the appliance until it clicks into place.7. Resecure the chassis assembly retaining screws.8. Press the power switches, located on each power supply at the back of the appliance, to turn

on the power to the appliance.

Configuring Software to Use Hardware AccelerationThe Check Point encryption accelerator software package is part of the Check Point IPSO operating system, so the appliance automatically detects and configures the Check Point encryption accelerator card.For the Check Point IP2450 appliances, SecureXL is on by default. After you install the Check Point encryption accelerator card and reboot the appliance, SecureXL automatically uses the Check Point encryption accelerator card for encryption acceleration. If you do not want to use SecureXL for encryption acceleration, use the Check Point cpconfig utility to disable SecureXL.You can also configure the IP2450 appliances to use the Check Point encryption accelerator card for IKE acceleration. When you enable IKE acceleration, the Check Point encryption accelerator card performs cryptographic operations for IPsec tunnel negotiation.

To enable IKE acceleration1. From the Check Point Network Voyager home page, click Security and Access

Configuration, then click IKE Acceleration. For information about how to access Check Point Network Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 42.

2. On the IKE Acceleration page, click Register the module.3. Click Apply.4. The PKCS#11 token that enables IKE acceleration is registered with the Check Point

software on your appliance. After you register the module, you must install the Check Point security policy on the firewall for the Check Point encryption accelerator card to perform IKE acceleration.

Installing or Replacing Hard-Disk DrivesThe Check Point disk-based IP2450 appliance supports up to two hard-disk drives with the RAID-1 feature in the Check Point IPSO operating system. If the appliance has only one hard-disk drive installed, it is in the top slot (slot A). You can add a second hard-disk drive into the bottom slot (slot B) or replace the hard-disk drive in slot A.This section describes how to remove and replace a failed hard-disk drive, and how to add an optional second hard-disk drive to implement the RAID-1 feature.Figure 21 shows the location of the hard-disk drives on the front of the IP2450.


Installing or Replacing Hard-Disk Drives

Figure 21 Location of Hard-Disk Drives

Hard-Disk Drive Hot Swap FeatureA hot swap button is located on the front panel of each hard-disk drive. Pressing the hot swap button allows you to hot swap hard-disk drives if you have configured and enabled RAID-1, and the drive you are replacing is not being actively used by your IP2450.For more information about RAID-1, including configuration details, see Implementing Disk Mirroring or RAID on a Network Security Appliance, which is available at the Check Point Support Center at http://support.checkpoint.com/.

CautionHard-disk drives are susceptible to damage from shock. Handle them with care.


CautionIf you fail to use the following procedure when you remove the hard-disk drive, the drive might become damaged or you might lose data.

IP2450

RESET

00616.1

CONSOLE AUX AUX2

HDD B

SLOT 3SLOT 2

SLOT 1HDD A

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

1000BaseT

PC CARD

1234


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINKHard-disk drive AHard-disk drive B

Hard-disk drive hot switches




CautionThe operating system is disabled if all of the following occurs:• Both hard-disk drive slots are occupied.• The appliance is turned on.• RAID-1 is not enabled.• You press the hot swap button on the source hard-disk drive.

Before You BeginTo upgrade or replace a Check Point IP2450 appliance hard-disk drive, you need:

Physical access to the applianceCheck Point hard-disk drive kit and accompanying documentationPhillips-head screwdriver

Removing and Replacing a Hard-Disk Drive If you have RAID-1 configured on your Check Point IP2450 appliance, you can remove a failed hard-disk drive without shutting down the appliance.You must replace the hard-disk drive with a drive that has a capacity equal to or larger than the drive you are replacing.Back up your hard-disk drive files to a remote system on a regular basis. For backup and restore procedures, see the documentation for Check Point Network Voyager or Check Point Horizon Manager and the online help for both products.

To replace a hard-disk drive by using the hot-swap feature

CautionFor any active or RAID-1 synchronized hard-disk drive, you must use the hot swap button, shown in Figure 4, before you remove or replace a hard-disk drive without shutting the appliance down. If you replace or remove drives with the IP2450 shut off, the RAID firmware will lose track of RAID volume data.If the two hard-disk drives are fully synchronized, then either drive can be removed using this procedure. If the two hard-disk drives are not fully synchronized, then only the slave drive can be removed using this procedure.



NoteYou must have RAID-1 implemented to use the hot swap feature.

1. Locate the hard-disk drive to remove.

2. Press the hot swap button on the hard-disk drive with an open paper clip or similar device and wait for the hot swap LED to illuminate solid blue.

3. Loosen the retaining screws on both sides of the hard-disk drive.

CautionTo avoid damage to the ejector and locking lever, loosen the retaining screw behind each ejector and locking lever before you remove the hard-disk drive.

00621

ACTIVITY

HARD DRIVE

STATUS HOT SWAP

READY

POWER

REQUEST

Hot swap button and hot swap LED



4. When the status LED stops blinking, use your thumb or forefinger to press the ejector and locking lever to eject the hard-disk drive from the chassis.

00627.1

IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

SLOT 1

HDD A

SLOT 4

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

1000BaseT

1234

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK







5. Gently pull the hard-disk drive forward to remove it from the appliance.

6. Install a replacement hard-disk drive into the empty hard-disk drive bay. 7. Lock the hard-disk drive in place by pressing the ejector and locking lever.8. Tighten the screws on both sides of the hard-disk drive.9. Press the recessed hot swap button again to restore power to the hard-disk drive.

The IP2450 recognizes the new hard-disk drive. 10. Use Check Point Network Voyager or the CLI to implement RAID-1.

To remove a hard-disk drive without using the hot swap feature1. Unless both of the following are true:

You are removing a hard-disk drive used as part of a RAID-1 implementation, andThe hard-disk drive is not active

you need to perform an orderly shutdown of your appliance before completing the rest of this procedure.

2. Loosen the retaining screws on both sides of the hard-disk drive.

CautionTo avoid damage to the ejector and locking lever, loosen the retaining screw behind each ejector and locking lever before you remove the hard-disk drive.

00628

IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

SLOT 1

HDD A

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

1000BaseT

1234

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK



3. Use your thumb or forefinger to press the ejector and locking lever on the hard-disk drive that you are removing to eject the hard-disk drive from the chassis.

00627.1

IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

SLOT 1

HDD A

SLOT 4

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

1000BaseT

1234

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK






Installing a PC Card

4. Gently pull the hard-disk drive forward to remove it from the appliance.

5. Insert the new hard-disk drive until it locks into place. The ejector and locking lever clicks into the locked position.

6. Tighten the retaining screws on both sides of the hard-disk drive.

CautionIf two disk drives are installed, the contents of the drive installed in the top slot or location will be synchronized with the drive in the bottom slot (as long as the second drive is not already identified with a different volume) as soon as the IP2450 is rebooted.

Installing a PC CardAfter you install a single-slot PCMCIA carrier card, which you can purchase from Check Point, the IP2450 supports a PC card with 1-GB flash memory that Check Point offers with or without system software included. You can use the carrier card in slot 3, which is located on the front panel of the appliance, as shown in Figure 22.Check Point supports only PC cards purchased from Check Point or Check Point-approved resellers. For more information, see the Check Point Web site at www.checkpoint.com.

00628

IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

SLOT 1

HDD A

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

1000BaseT

1234

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK




Figure 22 Slot 3 PC Card Location

To install the single-slot PCMCIA carrier cardTo install a single-slot PCMCIA carrier card, you need:

Physical access to the applianceA Check Point single-slot PCMCIA carrier cardAccess to the appliance by using Check Point Network Voyager or the CLI

CautionTo avoid potential equipment malfunction, Check Point recommends that you obtain flash-memory PC cards only from Check Point or authorized resellers. For further information, see the Check Point Web site at www.checkpoint.com.



00617.1

SLOT 3SLOT 2

SLOT 1

SLOT 4

1000BaseT

PC CARD

1234


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

PC card slot









IP2450

RESET

00616.1

CONSOLE AUX AUX2

HDD B

SLOT 3SLOT 2

SLOT 1HDD A

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

1000BaseT

PC CARD

1234


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK


IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

SLOT 1

HDD A

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

00637

1000BaseT

1234

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK


Slot 3

Tray release lever




6. Remove the two front bezel screws and remove the slot 3 filler panel or installed NIC.

IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

HDD A

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

00654.1

1000BaseT

1234


Remove six screws and 6U PMC carrier shield



7. Raise the back end of the PCMCIA carrier card approximately 45 degrees as you insert the front end into slot 3 in the front panel.

00657.2

IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

SLOT 1

HDD A

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 41000BaseT

1234

LINKACT

V2

LINKACT

1000BaseT

LINKACT

V2

LINKACT

1000BaseT



8. Being careful to push down only where the motherboard connectors are located, press the back end of the carrier card down into the connectors until it is fully seated.

9. Secure the back end of the carrier card with the two screws provided with the kit.10. Secure the front end of the carrier card by replacing the two front bezel screws that you

removed previously.11. Slide the chassis assembly back into the appliance until it clicks into place.12. Resecure the chassis assembly retaining screws.13. Press the power switches, located on each power supply at the back of the appliance, to turn



To install the PC card1. Insert the PC card into the PC card slot until it snaps in place.2. Press gently on the card until it is firmly seated in the slot.

The eject button to the left of the slot should be flush with the card.

00644.2

IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

SLOT 1

HDD A

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 41000BaseT

1234

PC CARD

1000BaseT

LINKACT

LINKACT

1000BaseT

LINKACT

LINKACT

Take care that the EMI gasket doesn’t roll back during carrier card installation

Arrows indicate locations where the gasket might roll back

Secure the two rear carrier card screws

Reinstall the two bezel screws



To remove a PC card in an IP24501. Perform a system shutdown by using Check Point Network Voyager or the CLI halt

command.2. Press the eject button to remove the PC card.

CautionTo prevent the card from ejecting too quickly, hold the PC card while you push the eject button.

3. Reboot the appliance.

Storing System Logs on the Flash-Memory PC CardYou can use the flash-memory PC card to store system log messages. Use Check Point Network Voyager to configure the flash-memory PC card as an optional disk. After you reboot the Check Point IP2450 appliance, use Check Point Network Voyager to configure system logging options. For more information, see the Check Point Network Voyager documentation or online help.

Disabling Flash-Memory PC CardsIf you configure the flash-memory PC card as an optional disk, you must disable the card before you remove it. You can disable the card by using Check Point Network Voyager or the CLI.

To use Check Point Network Voyager to disable a flash-memory PC card 1. Click System Logging under System Configuration and check the Unselect check box.2. Click Apply.3. Click Up.4. Click Optional Disks under System Configuration and click the Off radio button under Local

Logging.5. Click Apply.6. Click Save.7. Click Up.8. Click Reboot, Shut Down System to shut down or reboot the appliance.You can now remove the flash-memory PC card.

To use the CLI to disable a flash-memory PC card 1. Enter the following command:

set syslog local-log off



2. Enter the following command, where the number 1 or 2 indicates the PC-card slot:set optional-disk device-id <1 | 2> off

3. Enter the following command:halt or reboot

You can now remove the flash-memory PC card.

CautionWhen you remove the card, hold the flash-memory PC card while you push the eject button to prevent the card from ejecting too quickly.

Transferring Files with the Flash-Memory PC CardYou can copy configuration files between the internal compact flash memory and the flash-memory PC card. If you do not use Check Point Network Voyager to configure the flash-memory PC card as an optional disk, you must mount the flash-memory PC card when you insert it in the PC-card slot, and you must unmount the flash-memory PC card before you remove it. You do not need to reboot or shut down the system if you manually mount and unmount the flash-memory PC card.

To transfer Check Point IPSO images or configuration files to the flash-memory PC card:1. Insert the flash-memory PC card into the IP2450 appliance.2. Connect to the IP2450 appliance by using a console or terminal connection.3. Mount the flash-memory PC card by using the following command:

mount /dev/wd1 /cdrom

The /cdrom directory is a default directory in Check Point IPSO for mounting media.4. Use the cp command to transfer Check Point IPSO images or configuration files to and from

the flash-memory PC card.For example, to copy the current Check Point IPSO image from the compact flash to the flash-memory PC card, use the following command:cp /image/current/ipso.tgz /cdrom/

5. Use the following command to unmount the flash-memory PC card before you eject it:umount /cdrom

6. To remove the card, slowly push the eject button located to the left of the card.

CautionHold the flash-memory PC card while you push the eject button to prevent the card from ejecting too quickly.


Replacing the Compact Flash Memory Card

Replacing the Compact Flash Memory CardThe compact flash memory is located in a slot on the motherboard near the front of the chassis. You cannot see the compact flash memory unless you remove the hard-disk drives.To replace the compact flash memory card, you need:

Physical access to the applianceAccess to the appliance by using Check Point Network Voyager or the CLIA Phillips-head screwdriverReplacement compact flash memory card and accompanying documentation

You must perform an orderly shutdown of the appliance and turn the power off whenever you open the chassis assembly to service internal components.

CautionYou risk damage to the appliance or loss of data if you do not use the following procedure when you replace the compact flash memory.

To replace the compact flash memory card1. Use Check Point Network Voyager or the CLI halt command to perform an orderly

shutdown of the IP2450 appliance.For information about how to access Check Point Network Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 42.



3. Locate and unlock the hard-disk drives. 4. Slowly pull the hard-disk drives out of the chassis.

00316a.2

IP2450



5. Loosen the chassis assembly retaining screws on the front panel of the appliance.

6. Slide the chassis tray assembly forward, press the tray release lever, and completely remove the tray to expose the compact flash memory slot on the motherboard.

IP2450

RESET

00616.1

CONSOLE AUX AUX2

HDD B

SLOT 3SLOT 2

SLOT 1HDD A

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

1000BaseT

PC CARD

1234


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK


IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

SLOT 1

HDD A

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

00637

1000BaseT

1234

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

Tray release lever


Replacing the Compact Flash Memory Card

7. Locate the compact flash memory card socket, and remove the stopper screw and spacer located between the module and the edge of the motherboard as shown in the following figure.

00653

Stopper screw

Spacer



8. Remove the existing compact flash memory card from the slot by gently sliding it out of the slot.

9. Gently insert the new compact flash memory card into the slot.10. Replace the stopper screw and spacer, and secure the screw with a screwdriver.11. Slide the chassis assembly back into the appliance until it clicks into place.12. Resecure the chassis assembly retaining screws.13. Replace the hard-disk drives.14. Press the power switches, located on each power supply at the back of the appliance, to turn



Replacing or Upgrading MemoryThe Check Point IP2450 appliance has eight dual inline memory-module (DIMM) sockets. This section describes how to upgrade or replace the memory by using a Check Point-approved memory upgrade kit.

00639


Replacing or Upgrading Memory

Check Point products only support memory kits purchased from Check Point or Check Point-approved resellers. For more information, see the Check Point Web site at www.checkpoint.com.The DIMM sockets are located on the left rear of the IP2450 mother board, as you look at the appliance from the front.

Before You BeginTo upgrade or replace your Check Point IP2450 appliance memory, you need:

Physical access to the applianceCheck Point memory upgrade kit and accompanying documentationAccess to the appliance by using Check Point Network Voyager or the CLI



To add or replace DIMMs1. Use Check Point Network Voyager or the CLI to perform an orderly shutdown of the

IP2450. For information about how to access Check Point Network Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 42.







IP2450

RESET

00616.1

CONSOLE AUX AUX2

HDD B

SLOT 3SLOT 2

SLOT 1HDD A

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

1000BaseT

PC CARD

1234


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK




4. Slide the chassis assembly forward, press the tray release lever, and remove the tray to expose the DIMM memory slots on the motherboard.

IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

SLOT 1

HDD A

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

00637

1000BaseT

1234

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

Tray release lever



IP2450 appliances ship with four DIMMs installed in slots J7, J10, J46, and J48, and these slots should be used for any DIMM replacements with all four slots occupied. For memory upgrades, install additional DIMMS in slots J8, J9, J45, and J47.

NoteDIMMs slots J7, J10, J46, and J48 must always be populated in pairs, and, if additional DIMMs are installed, slots J8, J9, J45, and J47 must also be completely populated. Each of these sets of four DIMMs must all be the same identical type.

00636

IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

HDD A

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 41000BaseT

1234

00636.1

SLOT 1

ACT

ACT

STAT

LINK

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

J47

J45

J9

J8

J48

J46

J10

J7

DIMM slots numbering



5. Remove the DIMM by pressing the two retaining clips outward and carefully pulling each DIMM upward.

You might need to pull opposite ends of the DIMM alternately to gradually free it from the contact pins.

6. Press the new DIMM into the socket until it clicks into place.

0634



The top of the DIMM is smooth. The bottom edge has two different-length sets of contacts, which mate with the slots on the socket. Be sure the contacts and slots are properly aligned before you insert the DIMM.

The retaining clips move into the lock position as you press the DIMM into place.7. Slide the chassis assembly back into the appliance until it clicks into place.8. Resecure the four chassis assembly retaining screws.9. Press the power switches, located on each power supply at the back of the appliance, to turn


The IP2450 automatically recognizes the new memory configuration. You can verify the configuration by using Check Point Network Voyager or the CLI.

Installing or Replacing a Fan UnitThe fan unit is hot swappable. You can remove and install the fan unit on the back of the IP2450 without shutting the appliance down.

Before You BeginTo replace a fan unit, you need:

Physical access to the IP2450 appliance.Replacement fan unit kit and appropriate documentation.

0635


Installing or Replacing a Fan Unit

CautionComponents inside the appliance can overheat if they are not cooled even for a short period of time. If you are replacing a failed fan unit, and do not completely remove power to the appliance, do not allow the appliance to run without a fan unit for any longer than necessary.

To replace a fan unit1. Locate the fan unit on the back of the IP2450 appliance and the four retaining screws that

secure it.

2. Loosen the retaining screws by turning them counterclockwise.

700W AC

FAULT

OVERTEMPPWR OK

00623

700W AC

FAULT

OVERTEMPPWR OK

Fan unit



3. Slowly pull the fan unit out of the chassis toward the rear.

4. If the IP2450 appliance is running, immediately install a replacement fan unit by sliding it into the back of the appliance.

5. Tighten the four retaining screws on the new fan unit.

Installing or Replacing a Power SupplyThe power supplies in the Check Point IP2450 appliance are hot swappable, and perform load sharing while two active power supplies are connected in parallel. Load sharing increases the life of the power supplies.

NoteOn an appliance with two active power supplies installed, both power supplies should be turned on for load sharing and redundancy. If both power supplies are not turned on, the Fault LED illuminates. For more information about the Fault LED, see “Power Supply Status LEDs” on page 25.

The power supplies are autosensing and can accept input voltages between 85 VAC and 264 VAC. The power supply output is regulated to a tolerance of ± 5 percent of the specified output voltage.Under certain circumstances, the power supplies feel hot to the touch. This happens when the power supply is connected to AC power, but is not turned on. In this state the 3.3 V standby

00631

700W AC

FAULTOVERTEMPPWR OK

700W AC

FAULTOVERTEMPPWR OK


Installing or Replacing a Power Supply

circuitry is powered on, causing the power supply to heat up. Because the power supply is not turned on, the integrated cooling fan is not operating.In this situation, the power supply still meets all safety standards.This condition is normal and does not affect the performance of the Check Point IP2450. To cool the power supply down, use the power supply switch to turn on power and activate the integrated cooling fan.

CautionThe Check Point IP2450 appliance power supply might be hot to the touch when the power supply unit is plugged in to an AC power source and the power supply is not turned on.

CautionDo not use a combination of one AC power supply and one DC supply. Your IP1280 does not work with such a configuration.

Before You BeginTo replace a power supply, you need:

Physical access to the IP2450 appliance.Phillips-head screwdriver.Replacement power supply and appropriate documentation.

To replace a power supply1. Locate the power supply and the two screws that secure it on the back of the IP2450

appliance.2. Turn off the power to the power supply to be removed.3. Loosen the two retaining screws.

700W AC

FAULT

OVERTEMPPWR OK

00623

700W AC

FAULT

OVERTEMPPWR OK

Power supply switchesIntegrated power supply cooling fans

Power supply A

Power supply B

AC power receptacle



4. Remove the grounding lugs.5. Use the handles to gently pull the power supply out of the chassis.

6. Insert the new power supply into the empty bay.7. Replace the grounding lugs.8. Reinstall the two retaining screws.9. Turn on power to the power supply.

Monitoring the Power SupplyYou can monitor the status of the Check Point IP2450 appliance power supply with Check Point Network Voyager. Similarly, you can also use the command-line interface (CLI). For information about the CLI, see the CLI Reference Guide.

To monitor the power supply by using Check Point Network Voyager1. Log on to the appliance by using Check Point Network Voyager.2. Click Monitor.3. Click Hardware Monitoring > System Status.

To the right of the Power Supply link, the status indicator is green for normal and red for fault.

4. For more detailed information about the power supply status, click Power Supply.

00630

700W AC

FAULTOVERTEMPPWR OK

700W AC

FAULTOVERTEMPPWR OK


Replacing the Motherboard Battery

Replacing the Motherboard BatteryThis section describes how to change the CMOS battery on the motherboard of the Check Point IP2450 appliance.

WarningRisk of explosion if battery is replaced by an incorrect type. Replace the battery only with the same or equivalent type that the manufacturer recommends. Dispose of used batteries according to the manufacturer's instructions.

WarningMake certain that you removed the power cord from the appliance before you proceed with any of the following steps. Failure to do so could cause electric shock with burns or death resulting for the user.

CautionMake certain that you are properly grounded when you handle components internal to the appliance to protect against electrostatic discharge damage to the appliance. Use the disposable grounding wrist strap included in the battery replacement kit.

To replace the batteryTo replace an IP2450 battery, you need:

Physical access to the applianceA replacement batteryAccess to the appliance by using Check Point Network Voyager or the CLI








4. Slide the chassis tray assembly forward, press the tray release lever, and completely remove the tray from the appliance.


IP2450

RESET

00616.1

CONSOLE AUX AUX2

HDD B

SLOT 3SLOT 2

SLOT 1HDD A

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

HOT SWAPHOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

1000BaseT

PC CARD

1234


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK


POWER

READY REQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK


IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

SLOT 1

HDD A

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

00637

1000BaseT

1234

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

SUB SLOT 1

SUB SLOT 2

POWER

READYREQUEST

HOT SWAP

FIO CARRIER

1000B-LX

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK

V2

1000BaseT

ACT

LINK

ACT

LINK


Slot 3

Tray release lever


Replacing the Motherboard Battery


IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

HDD A

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 4

00654.1

1000BaseT

1234


Remove 6U PMC carrier shield



7. Locate the battery on the motherboard. The battery is in a black battery holder secured with a battery retaining pin.

8. Remove the old battery. Use a small nonconducting device, such as a plastic probe, to slide the battery out of the battery holder through the cutout in the holder.

CautionYou must place the new battery into the battery holder observing the correct polarity. The positive terminal of the battery must be facing up.

9. With the positive side facing up, slide the new battery through the cutout into the battery holder. Make sure that the battery is securely installed in the battery holder.

10. Reassemble the appliance.11. Press the power switches, located on each power supply at the back of the appliance, to turn

on the power to the appliance.The appliance should start up normally with the new battery installed. If it does not, repeat Step 1 through Step 6. If the appliance does not start up normally after that, contact your Check Point service provider.

12. Reset the appliance date and time information using Check Point Network Voyager or the command-line interface. You need to do this because the battery is required to maintain the date and time whenever you shut down the appliance.

IP2450

RESET

CONSOLE

AUX

AUX2

HDD B

SLOT 3

SLOT 2

HDD A

HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS HOT SWAP

HOT SWAP

POWER

ACTIVITY

HARD DRIVE

STATUS

SLOT 41000BaseT

1234

00640


8 Troubleshooting

This chapter provides troubleshooting tips, problems, and solutions related to Check Point IP2450 appliance installations.For information about how to reinstall the Check Point IPSO operating system onto your appliance, see the Boot Manager Reference Guide.

General Troubleshooting InformationThe information in this section relates to problems you might encounter during the IP2450 installation.

Problems Interfacing to 1483 Devices (Classical IP)

Problem Remote and local devices are not configured for the same VC and VP value.Solution Set remote and local devices to the same VC and VP values. Consult your 1483 device documentation.

Problem Remote and local devices are not in the supported VC range of the network interface card.Solution Use ipsctl to determine the VC range. Enter the following command:ipsctl ifphys:logical interface:max_rxlabel

Problem Encapsulation is not set to LLC/SNAP.Solution Set encapsulation to LLC/SNAP. Consult your 1483 device documentation.

Problem The MTU size is not 1500 (for Ethernet interfaces) or 16018 (for Gigabit Ethernet interfaces).Solution The MTU size must be 1500 (for Ethernet interfaces) or 16018 (for Gigabit Ethernet interfaces). Check Point IPSO does not support larger MTU sizes.


8 Troubleshooting

Appliance Not Receiving Power

Problem Power cord is not properly plugged in.Solution Check cord. Make sure it is properly seated at both ends.

Problem Power supply not providing power.Solution Check power source. If the source has no power, take appropriate action such as inserting a new fuse or resetting circuit breaker.

Unable to Log In to the Console Port—No Error MessageTwo laptop computers (using terminal emulation programs) or terminals should be able to communicate back to back in the same way that the terminal communicates with the IP2450. If this is not possible by using your laptop computer or terminal, the problem is with the terminal or cable and not with the appliance.

Problem No console connection to the IP2450.Solution For information about how to create a console connection, see “To connect to the console” on page 38.

Problem Not connected with a null-modem cable. Solution Verify that you are using a null-modem cable. For pinout information, see “To connect to the console” on page 38.

Problem Wrong terminal settings.Solution Verify terminal settings: 8 data bits, 1 stop bit, no parity, 9600 bps.

Problem Terminal set for flow control.Solution The IP2450 does not use flow control. The terminal should be set for no flow control.

Problem Defective IP2450 or file system.Solution Contact the Check Point Support Center.

Login Prompt Appears, But Password Not Accepted

Problem Database is corrupt.Solution Return to default settings as described in “To reset the default database settings” on page 124, or contact the Check Point Support Center.


General Troubleshooting Information

Problem Entered wrong password.Solution Obtain a valid password or set the password to a default value.

NoteYou must have local serial access to your appliance console to perform this procedure. With a keyboard and monitor directly connected to the appliance, the boot: prompt does not appear, and you cannot perform this procedure.

To reset the admin password to a default value1. Boot up the appliance in single-user mode by restarting or power cycling the appliance.

When the boot: prompt appears, type boot -s and press enter before the appliance goes into multiuser mode; you have about 10 seconds to do this.

2. After the appliance boots up, the following text appears:Enter pathname of shell or RETURN for sh:

Press Enter.3. Type /etc/overpw at the prompt.

When the response asks if you want to continue, type y.When you are returned to the prompt, type Ctrl + d to reboot with admin user and a new password.

4. The admin password defaults to no password for admin.Continue to boot to multiuser mode.

5. Reconfigure the password as you normally would.

NoteBlank passwords are not accepted in Check Point Network Voyager. In such cases, enter the following command to reset the password from the command line using a blank password:dbpasswd admin newpassword ""The two double quotation marks at the end of the command properly indicate a blank password.After you execute this command, the system reports that the password was not successfully changed. However, the password is changed and is now newpassword.

Finally, return the entire database to its default settings and bring up the new system-startup procedure. The new system-startup procedure is described in Chapter 3, “Performing the Initial Configuration.”


8 Troubleshooting

To reset the default database settings1. Log in to the IP2450 as admin by using Check Point Network Voyager.

For information about how to access Check Point Network Voyager and the related reference materials, see “Using Check Point Network Voyager” on page 42.

2. Under Configuration Database Management (Config > System Configuration > Manage Configuration Sets), choose the option to create a new factory default configuration.

3. Create the new default configuration.

Do Not Get a Login Prompt—Error Messages Appear

Problem The IP2450 is defective, or the file system on the IP2450 is defective.Solution Contact the Check Point Customer Support Center.

NoteUse the full installation procedure to install a new system. The new system completely replaces the contents of the drive and might be needed to restore or reload an IP2450. This procedure erases any configuration database on the appliance. For information about how to complete the full installation procedure, see the current release notes. The release notes are located on the Check Point Support Center at http://support.checkpoint.com/.

Not Able to Connect to Check Point Network Voyager Using the Ethernet Port, But Console Access Works

Problem Using the wrong Ethernet cable.Solution Use a crossover Ethernet cable if you are connecting directly to the computer. Use a straight-through cable if you are connecting to a hub. For cabling information, see “Ethernet NIC Connectors and Cables” on page 63.

Problem Port is not configured as active. Solution View the port in Check Point Network Voyager or from the CLI, and verify that the interface is configured as active.

Problem Host port configuration is incorrect.Solution Check host Ethernet port settings. Verify that the IP address and netmask settings are correct for the IP2450 configuration.

Problem Wrong link speed.Solution Verify that the port on the host and the port on the IP2450 are set for the same speed (10 Mbps or 100 Mbps). An unblinking data and activity LED on a port is a good indication of a speed mismatch.




General Troubleshooting Information

Problem Duplex setting is wrong.Solution Correct duplex setting.

Problem NIC or 6U PMC carrier is not installed correctly.Solution Remove the NIC or 6U PMC carrier and reinstall it. Ensure that you can tighten the retaining screws on both sides of the NIC and that 6U PMC carrier locking levers are secured.

Do Not See Interfaces that Should be Present

Problem IP2450 ports do not appear. Solution Your NIC or ADP module might be defective. Contact the Check Point Support Center.

NoteThe problem could be with the interface slot. Try installing the NIC or ADP module in another slot.

Common Ethernet Problems—Connectivity with Attached Device

Problem No link light. Solution You might have used the wrong cable. Use a crossover cable between the IP2450 and a host, and a straight-through cable between an appliance and a hub.

Problem Solid activity LED. Solution You might have set the wrong speed. Verify that the speeds match on each end of the Ethernet connection (10 Mbps, 100 Mbps, or 1000 Mbps).

Problem Port not enabled.Solution Verify from the Interface page in Check Point Network Voyager that the interface port is configured as active.

Problem High collision rate on the hub. Solution Disconnect connections one at a time until the problem is localized to one computer and troubleshoot further.


8 Troubleshooting

Appliance Does Not Recognize New Memory Configuration

Problem The DIMMs are not properly seated in DIMM sockets.Solution Repeat memory installation procedures. Make sure DIMMs are fully seated in sockets. Be sure DIMMs click into place. Make sure DIMMs are installed as described in “Replacing or Upgrading Memory” on page 106.


A Technical Specifications

Space RequirementsThe Check Point IP2450 Security Platform is designed for front-screw mounting in a 19-inch rack. Each IP2450 requires the following space in a rack:

3.5 inches (8.89 centimeters) of vertical space 18 inches (46 centimeters) behind the front-panel of the rack 6 inches (15 centimeters) behind the IP2450 to allow the back exit fan to move air through the appliances

CautionDo not block the ventilation holes on the IP2450. The appliance might overheat and get damaged.

Dimensions Height: 3.5 in. (8.89 cm)

Width: 17 in. (44 cm)19 in. (48 cm) rack mountable

Depth: 21 in. (53.34 cm)

Operational Temperature -5° C to +40° C (23° F to 104° F)Humidity 5% to 85%

Short Term Operational Temperature(not to exceed 96 consecutive hours)

-5° C to 50° C (23° F to 122° F)Humidity 5% to 90%


A Technical Specifications


B Compliance Information

This appendix contains declaration of conformity, compliance, and related regulatory information.

Declaration of ConformityAccording to ISO/IEC 17050:

declares that the product:

conforms to the following standards:

Supplementary information:Pursuant to ISO/IEC 17050 this product complies with the requirements of the Low Voltage Directive 73/23/EEC and the EMC Directive 2004/108/EC.

Manufacturer’s Name: Nokia Inc.

Manufacturer’s Address: 313 Fairchild DriveMountain View, CA 94043-2215USA

Model Number: IP2450

Product Options: All

Serial Number: 1 to 100,000

Date First Applied: 2007

Safety: EN60950-1:2001+A11; IEC60950-1:2001; UL60950, Third Edition:2000; CAN/CSA-C22.2 No.60950:2000

EMC: EN55024 1998, EN55022A (Class A) 2006, EN61000-3-2, EN61000-3-3

Christopher SaleemCompliance & Reliability Engineering ManagerSecurity & Mobile Connectivity, Enterprise SolutionsMountain View, CaliforniaJune 2007



Compliance StatementsThis hardware complies with the standards listed in this section.

Emissions Standards

Immunity Standards

Harmonics and Voltage Fluctuation

Safety Standards

FCC Notice (US)This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful

FCC Part 15 Subpart B Class A US/Canada

EN55022 (CISPR 22 Class A) European Community (CE)

EN55024 European Community (CE)

EN61000-4-2

EN61000-4-3

EN61000-4-4

EN61000-4-5

EN61000-4-6

EN61000-4-11

EN61000-3-2 European Community (CE)

EN61000-3-3 European Community (CE)

UL60950/EN60950 US/European Community(CE)

CAN/CSA-C22.2 No.60950 Canada


FCC Notice (US)

interference in which case the user will be required to correct the interference at his own expense.

CautionAny changes or modifications not expressly approved by the grantee of this device could void the user’s authority to operate the equipment.

060425


Index

Numerics10/100 Ethernet NIC features 626U PMC carrier 15

installing a NIC 53removing 49

AAccelerated Data Path services modules

see ADP services modulesaccessing and removing DIMMs 107activating interfaces 60ADP services modules 69appliance

configuring 37management 16overview 17rack-mounting 32

AUX portmodem support 19

auxiliary port 19

Bblinking green LED 20blinking yellow LED 20

Ccaution notices 12Check Point Horizon Manager 16Check Point IPSO command-line interface 16Check Point IPSO requirements 27Check Point Network Voyager 16Check Point Voyager

opening 42Check Point VPN-1 requirements 27component locations 17configuring

using a console connection 38connecting Ethernet devices 42connecting network interfaces 42connections

Check Point IP2450 Security Platform Installation Guide

Ethernet network interface cards 63, 67fiber-optic Gigabit Ethernet NIC 65modem 19power 39

connector pin assignments, Ethernet network interface cards 63

connectors forEthernet network interface cards 63

console cable 38pin assignments 18

console connection 38console port 16cooling 16cryptographic processing 86

Ddata communications equipment device 38DB-9 terminal adapter 18DC power supplies 25DIMMs

accessing and removing 107adding 107

document structure 11dual inline memory-module sockets (DIMMs) 106

EEthernet cable output connector 63Ethernet crossover-cable pin connections 63Ethernet devices, connecting 42Ethernet network interface cards

cable pin assignments 63connecting to 63, 67connectors 63

Ethernet NICs 66expansion slots, PMC 18

Ffan unit

overview 26fiber-optic cable 42fiber-optic Gigabit Ethernet NICs 65

Index - 133

flash memory 95front panel 15, 17

Ggasket 48Gigabit Ethernet interface

built-in 16grounding 31

Hhard-disk drives

overview 21removing 90replacing 88status LEDs 22

host terminal 19hot swap button 89hot swapping components 16

IIEEE 802.3z 64installing network interface cards 47IP-routing 16

LLC connector 42, 65LEDs, system status 19

Mmanaging the appliance 16memory

capacity 106flash 95upgrading 106

modem support 19monitoring the appliance 19multi-mode, fiber-optic cable 65

Nnetwork interface cards

Ethernet 66installing 47list of available 61monitoring 60removing 48replacing 48two-port Ethernet 64, 65

two-port fiber-optic Gigabit Ethernet 64network interfaces, connecting 42null-modem cable 38

Oopening Check Point Network Voyager 42output connector, Ethernet cable 63

PPC card

removing 101pin assignments

console connection 18power connections 39power supplies

load-sharing 25, 40, 114redundancy 25, 40, 114status LEDs 25

power supply status 116

Rrack space 15rack-mounting the appliance 32RAID

Check Point IPSO boot manager, configuring with 21Using 21

red LED 20replacing

fan unit 112hard-disk drive 88memory 106power supplies 114

RJ-45connector 18

RJ-45 cable 42RJ-45 connector 63RS-232 data terminal equipment 38

Sserial port 16, 19single-mode, fiber-optic cable 65site requirements 26slot identification 41slot numbering 41space requirements 127specifications, technical 127status 20system status LEDs 19

Index - 134 Check Point IP2450 Security Platform Installation Guide

Ttechnical specifications 127text conventions 12troubleshooting 121two-port Ethernet network interface card 64, 65

Uupgrading memory 106UTP5 dual-mode Ethernet 62

VVPN performance 86VT100-compatible terminal 38

Wwarning notices 12

Yyellow LED 20

Check Point IP2450 Security Platform Installation Guide Index - 135

Index - 136 Check Point IP2450 Security Platform Installation Guide

Check Point IP2450 Security Platform Installation...

Documents

Transcript of Check Point IP2450 Security Platform Installation...