Overview
This is document to detail steps required in order to get fully functional setup for Check Point UTM-1 Edge appliance in centrally managed architecture.
While the Check Point UTM-1 Edge appliance can run "stand-alone" and be managed via it's web interface, the power of Edge appliance is ability to integrate with Check Point's SmartCenter management server for centralized (a) policy management, and (b) reporting. In addition, Check Point has Edge deployment tool -- SmartLSM -- to ease configuration and deployment of large number of Edge devices.
If centralized management with SmartCenter is not a priority, Check Point has an alternative strategy with Safe@Office product line. The Safe@Office product line is very similar to UTM-1 Edge appliance, but lacks integration with SmartCenter. The Safe@Office appliances can be centrally managed via Sofaware Management Portal (aka "SMP") but lacks some Enterprise-class features of SmartCenter integration. The SMP solution is ideal for Managed Service Providers.
Both Check Point UTM-1 Edge and Safe@Office appliance have no moving parts, have model options for integrated wireless and ADSL modem, and include Check Point features of SmartDefense (IPS), anti-virus scan, web filtering, and anti-spam service options. All additional software features enabled with license key activation.
Pieces of Puzzle
The following elements are required for successful evaluation of Check Point UTM-1 Edge appliance:
UTM-1 Edge appliance and power supply
Check Point SecurePlatform CD (aka "SPLAT"). Note: SPLAT is Check Point's self-contained linux-based security platform. Since based on hardened version of Linux, the SPLAT installation does not require licensing of underlying OS (example: Windows Server).
Check Point SecureConsole management suite install file. This software installed on workstation of Check Point administrator.
Check Point UTM-1 Edge libsw software for SmartCenter. Note: Each Edge firmware release includes a corresponding libsw release for installation on SmartCenter server. There are different libsw builds depending on whether SmartCenter deployed on Linux, Windows, or Solaris.
Check Point NGX 30-day evaluation key. The evaluation key is "activated" to the IP address of SmartCenter server. All Check Point key management, support tickets, knowledge base, documentation, and software updates accessed at Check Point User Center. No purchase is required to create a "UC" account -- only a valid email address.
x86 Hardware or VMware platform for SmartCenter SPLAT installation.
Prepare SmartCenter Server Instance
Note: this assumes use of VMware Workstation to host Check Point SmartCenter Server (the software installation will be SecurePlatform).
Create VMware instance with following "CUSTOM" properties:
name: SPLAT
Other linux 2.4 kernel, 256+MB RAM, 8+GB DISK, Bridged IP, BusLogic or LSI Logic SCSI controllers both work -- SCSI disks.
Insert SecurePlatform CD in CD-ROM drive of VMware host
Start VMware SPLAT instance, should boot off CDROM.
You will be prompted to hit "Enter" to proceed with SecurePlatform installation.
During SPLAT installation, you will be prompted for network settings. Please enter fixed IP address that will be routable to your local network (and Edge appliance installed on same network).
Once SPLAT installation is complete, you must finalize configuration via web browser.
Connect to SPLAT "Web User Interface" via URL detailed in console of VMware instance.
Prepare UTM-1 Edge Appliance
SmartCenter Management
