In this Tutorial will be installed Check Point Security Gateway R81 (SG / Firewall) Open Server in Testlab, running under VMware Workstation Player environment. The installation steps could also be used for production environment install.
Prerequisites:
- VMware Workstation Player or VMware ESXi
- in this case will be used VMware Workstation (because of simplicity, in case that somebody wants to build a Testlab on a normal workstation)
- Check Point iso Install Image (Check_Point_R81_T392.iso)
- running Security Management Server R81
Steps:
1. Create VMware Virtual Machine
1. Create VMware Virtual Machine
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-20-16_07_05-Virtual-Machine-Settings.png)
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-23-11_17_07-Virtual-Machine-Settings.png)
2. Install Check Point image in VMware virtual machine
2.1 Install Gaia on this system.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-17-17_44_07-Testlab-Checkpoint-sg1-VMware-Workstation-15-Player-Non-commercial-use-only.png)
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-17-09_38_19-Testlab-Checkpoint-sms-VMware-Workstation-15-Player-Non-commercial-use-only.png)
2.2 Checkpoint Gaia Installer scanned the hardware, recognized hardware components are under “Machine Info” present. Click OK.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-17-09_38_46-Testlab-Checkpoint-sms-VMware-Workstation-15-Player-Non-commercial-use-only.png)
2.3 Select Keyboard layout. Click OK.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-17-09_39_14-Testlab-Checkpoint-sms-VMware-Workstation-15-Player-Non-commercial-use-only.png)
2.4 Partition layout configuration. In most cases are default values sufficient. Click OK.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-20-09_06_23-Testlab-Checkpoint-sms-VMware-Workstation-15-Player-Non-commercial-use-only.png)
2.5 Type in the password for the admin account. Click OK.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-17-09_40_57-Testlab-Checkpoint-sms-VMware-Workstation-15-Player-Non-commercial-use-only.png)
2.6 Select management interface. Click OK.
Note:
To simplify the Testlab I will use the eth0 interface (vmware “Network Adapter – bridged (Automatic)”) for managing the system which represents the external interface of the firewall. For the testing purposes in the closed Testlab environment it will not be a big issue, but in production environment it is highly recommended to use isolated DMZ or at least internal interface for the management. Another reason why I used external interface is because I have in this vmware bridged network 192.168.178.0/24 the default gw, which I will be using in the next test Testlab use cases e.g. Updates / Licenses & Contracts.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-23-16_32_58-Testlab-Checkpoint-sg1-VMware-Workstation-15-Player-Non-commercial-use-only.png)
2.7 If the management interface is in isolated network, the Default Gateway can be empty.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-17-11_04_13-Testlab-Checkpoint-sg1-VMware-Workstation-15-Player-Non-commercial-use-only.png)
2.8 Start installation process. Click OK.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-17-09_48_56-Testlab-Checkpoint-sms-VMware-Workstation-15-Player-Non-commercial-use-only.png)
2.9 Installation is complete and the installer will reboot to boot the OS, which will be configured with first time wizard. Click Reboot.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-17-11_15_35-Testlab-Checkpoint-sg1-VMware-Workstation-15-Player-Non-commercial-use-only.png)
3. First Time Wizard
3.1 Start with first time wizard configuration. Click Next.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-17-10_00_28-Window.png)
3.2 Continue with R81 configuration. Click Next.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-17-10_00_56-Window.png)
3.3 Configure Management Network. Click Next.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-23-16_54_53-Window.png)
3.4 Optionally – configure other interfaces. Click Next.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-23-16_55_36-Window.png)
3.5 Configure hostname, DNS and proxy if necessary. Click Next.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-23-16_56_38-Window.png)
3.6 Configure time manually or using NTP servers. Click Next.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-17-10_02_31-Window.png)
3.7 Select “Security Gateway and/or Security Management”. Click Next.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-17-10_02_52-Window.png)
3.8 Select “Security Gateway”.
Note:
a) If you are installing cluster from scratch, select option “Unit is a part of a cluster, type”.
b) If you are installing production environment it is recommended to select “Automatically download Blade Contracts, new software, and other important data (highly recommended)”
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-23-16_57_24-Window.png)
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-17-10_03_32-Window.png)
3.9 Select No. Click Next.
Note:
DAIP Gateway
A Dynamically Assigned IP (DAIP) Security Gateway is a Security Gateway where the IP address of the external interface is assigned dynamically by the ISP.
sk167473 – Dynamically Assigned IP Address (DAIP) Gateway FAQ
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-23-16_57_43-Window.png)
3.10 type the activation key – one time password for your gateway, which will be used for trust establishment between Security Gateway and Security Management Server. Click Next.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-23-16_58_39-Window.png)
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-23-17_03_21-Window.png)
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-23-17_04_13-Window.png)
4. Connect Security Gateway to Security Management Server
4.1 log in to the Smart Console.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-23-19_34_55-Window.png)
4.2 new Gateway – classic mode.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-23-19_37_09-Window.png)
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-23-19_41_50-Window.png)
4.3 Type gateway name (usually the same as hostname configured in step 3.6) and Security Gateway management IP (configured in step 2.7, eventually 3.3). Click on Communication.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-23-19_43_36-Window.png)
4.4 Type in activation key – one time password configured in step 3.10. Click Initialize.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-23-19_44_08-Window.png)
4.5 Trust between Security Gateway and Security Management Server is established. Click OK.
Note:
more about Secure Internal Communication (SIC)
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-23-19_46_23-Window.png)
4.6 Get Topology Results. Click Close.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-23-19_46_47-Window.png)
4.7 Security Gateway configuration finished. (optionally select additional security blades). Click OK.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-23-19_47_06-Window.png)
4.8 Publish changes.
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-23-19_48_27-Window.png)
![](https://martin.frlicka.net/wp-content/uploads/2021/09/2021-09-23-19_49_16-Window.png)
At this point we have functional Check Point environment with one Security Management Server and one Security Gateway with Plug-and-Play license for 15 days.
Another option is to request 30-day Evaluation license:
Support Center – How to Generate an Evaluation License
How to Request an Evaluation License for Security Gateways and Management, Endpoint Security
Checkpoint product licenses are present in the Check Point Product Center.