Important Information

Similar documents
Security Acceleration Module

Port Type Link Status (Left Side LED) Speed (Right Side LED) Green solid: Link detected/no activity Off: No link/card offline

Maintaining E-Series Routers

Maintaining the ERX System

M-series, MX-series, and T-series Routing Engine and MCS Installation Instructions

Installing the Cisco ADE 2130 and 2140 Series Appliance Hardware Options

Maintaining the ERX System

QUICK START GUIDE 7000 SERIES DEVICES. 3D7010/7020/7030 (Chassis: CHRY-1U-AC) 3D7115/7125, AMP7150 (Chassis: GERY-1U-4C8S-AC)

SDRAM Installation Instructions

M-series and T-series Routing Engine and MCS Installation Instructions

Using Two-port 10 Gigabit Ethernet PMC and XMC NICs in Nokia IP690, IP1280, and IP2450 Appliances

G3-GS-4P-16T. Parts list G3-GS-4P-16T technical specifications. The G3-GS-4P-16T is best suited for small data centers or at your network edge.

Routing Engine, MCS, and CB Installation Instructions

Managing Individual Components

Replacing a Disk Drive

Advanced security capabilities like ETA, MACSec-256 and TrustWorthy systems.

Installing a Network Module

NAS System. User s Manual. Revision 1.0

QUICK START GUIDE 7000 SERIES DEVICES

Next Generation Firewall

G3-APEX-ENT-32T. Apex technical specifications. Parts list

Installing the IPS 4345 and IPS 4360

Installing and Upgrading Internal Modules and FRUs

Wiwynn SV320 Maintenance User Manual

apple Service Source Xserve RAID 17 March Apple Computer, Inc. All rights reserved.

Configuring a Cluster in IPSO 5 with Both Members in Active Mode

Wiwynn SV Maintenance User Manual

Installing the ASA 5550

Installing a Network Module

Upgrading or Host Interface Card in the ST2500 M2 Array Module

Removing and Installing the ISA and the ISM

apple Service Source Xserve RAID Xserve RAID and Xserve RAID (SFP) Updated: 25 May Apple Computer, Inc. All rights reserved.

G3-GS-8P-1152T. Parts list. G3-GS-8P-1152T technical specifications. The G3-GS-8P-1152T is best suited for 40 Gb data centers.

45 10.C. 1 The switch should have The switch should have G SFP+ Ports from Day1, populated with all

IDENTIFICATION OF VOLATILE AND NON-VOLATILE STORAGE AND SANITIZATION OF SYSTEM COMPONENTS JUNIPER NETWORKS SRX SERIES SERVICES GATEWAY SRX650

HP 3PAR OS Messages and Operators Guide

Central Processing Unit (CPU) Replacement

Acme Packet gigabit NIU Installation Guide. Formerly Net-Net 4500

Dell SC5020 and SC5020F Storage System Owner s Manual

FreeNAS Mini and Mini XL Network Upgrade Kit

H3C SecPath M9000-S NSQM2MPUD0 main processing unit

Installation Note for the Cisco ME 3800X and ME 3600X Switch Power Supply and Fan Modules

Catalyst 2960-X and 2960-XR Switch Hardware Guide

This article describes how to upgrade CS200 and CS400 series Nimble Storage arrays from 1 GigE to 10 GigE connectivity.

Installing the IPS 4260

Next Generation Firewall

J-series Services Router Crypto Accelerator Module Installation Instructions

16Hi HARDWARE INSTALLATION GUIDE

This quick start guide describes how to install and use the Signamax SFP 8-Port 100BaseFX SFP Fiber Switch.

Product Overview. Switch Descriptions. Front Panel CHAPTER

This section describes the software and hardware requirements for the module.

Dell Networking C9010 Getting Started Guide

Installing a Network Module

All product specifications are subject to change without notice.

Security & Mobile Connectivity. Product Summary Guide

Product Overview. Switch Model

Replacing an Advanced Power and Cooling (APC) Unit

Cisco ASR 9000 Modular Line Card and Modular Port Adapters

Dell EMC PowerVault MD3460 Storage Arrays

Connect Router to the Network

McAfee Network Security Platform 9.1

Ixia xbalancer. A Purpose-Built Load Balancer for 10G Networks. The Load Balancing Solution DATA SHEET. Highlights

Install your TPS 440T and 2200T security devices

Product Overview. Switch Features Overview CHAPTER

Next Generation Firewall

INSTALLATION INSTRUCTIONS FOR THE BV10-100/1000

McAfee Network Security Platform 8.1

Catalyst 6500 Series Wireless LAN Services Module Installation and Verification Note

STONESOFT. New Appliances2012

Installing IDS-4235 and IDS-4250

efolder Replibit Mini Appliance Maintenance Manual (1000 and 2000 Models) Replibit Mini Appliance Maintenance Manual

Installing and Replacing Hardware Options

Veritas Appliance Hardware Service Procedure

I/O Modules Overview. Before You Begin. I/O Module Options. ESD Requirements

Veritas Appliance Hardware Service Procedure

NVR Spare Hard Drive Replacement

Next Generation Firewall

PIC and Transceiver Installation Instructions

SCv3000 and SCv3020 Storage System. Owner s Manual

Veritas Appliance Hardware Service Procedure

Installation Guide. Getting Started with MaxAttach NAS 6000 Rack Mount Base Unit Systems

FVT/FVR20D2I1C4E INSTALLATION AND OPERATION MANUAL

McAfee Network Security Platform

Stonesoft Next Generation Firewall. Hardware Guide Models 5201, 5205, Revision C

HP CX4 & XFP Interface Cards User Guide

M5 and M10 Routers Power Supply and Power Cord Component Replacement Instructions

ARX 2000 / D108 RMA4 Replacement Script Full Appliance March 20, 2011 Version 1.03

7x50 High Scale (HS) MDA Installation Guide

Ixia Net Optics ilink Agg xstream

WHITE PAPER. Monitoring Converged Networks: Link Aggregation

Getting Started with Citrix NetScaler

The list below shows items not included with a SmartVDI-110 Server. Monitors Ethernet cables (copper) Fiber optic cables Keyboard and mouse

NetScreen-5000 Series Hardware Installation and Configuration Guide

Cisco FirePOWER 8000 Series Appliances

PIX 535. PIX 535 Product Overview CHAPTER

64 Bays SAS to SAS/SATA JBOD Subsystem. User Manual. Revision 1.0

Veritas Appliance Hardware Service Procedure

Next Generation Firewall

Check Point Appliance

CNMC[2]SFP[POE][/M] Series

Transcription:

Important Information Documentation Resources and Considerations for Check Point IP1220 and IP1260 ADP Services Modules Because this document provides important information that you need to know before you start installing and configuring your Accelerated Data Path (ADP) services modules, it is essential that you read it first. This document also provides installation procedures and information about how to access supporting documentation for your Check Point IP1220 and IP1260 ADP modules. Included in this document is the following information: Where to Find Documentation That Supports Your Check Point IP1220 and IP1260 ADP Modules About Using Check Point IP1220 and IP1260 ADP Modules Installing and Replacing ADP Modules Check Point ADP Card LED Reference Information Configuring Check Point IPSO for IP1220 and IP1260 ADP Interfaces Effect on Interfaces Check Point ADP Card Interface Names for IP1220 and IP1260 Appliances Configuration Example with VRRP Related Documentation Where to Find Documentation That Supports Your Check Point IP1220 and IP1260 ADP Modules To access the most up-to-date installation instructions, go to http://support.checkpoint.com. About Using Check Point IP1220 and IP1260 ADP Modules Check Point IP1220 and IP1260 ADP modules help to accelerate firewall and VPN throughput. ADP is a technology designed to forward packets at the highest possible rate. Check Point ADP modules provide this technology by offloading processing from the CPU to network processors. Part No. N450000905 Rev 001 *N450000905~Rev~001* May 2009

For IP1220 and IP1260 appliances, ADP is implemented with a single module installed in a two-slot card carrier, which provides a total of eight ports. The modules use swappable small form-factor pluggable (SFP) transceivers to provide Gigabit Ethernet copper, Gigabit Ethernet short-range fiber, and Gigabit Ethernet long-range fiber interface options. Check Point ADP module transceivers are hot swappable. Check Point supports only ADP modules and transceivers sold by Check Point. For further information, contact your Check Point representative. Installing and Replacing ADP Modules Before you begin this procedure, you should review all ADP module information in the Check Point Getting Started Guide and Release s for the version of Check Point IPSO you are using and refer to both of these documents as needed as you complete the installation and configuration process. Use these instructions to install an ADP module in your appliance. Before You Begin To install a Check Point ADP module, you need the following: A Phillips-head screwdriver Physical access to the appliance Access to the appliance by using Check Point Network Voyager or the CLI A suitable, grounded work surface The ADP module kit You do not need to manually disconnect power for this procedure. Any servicing of the appliance, however, should be completed with the chassis tray assembly fully removed from the appliance. To install an ADP module in IP1220 and IP1260 appliances Use the procedures included in the Check Point IP1200 Series Security Platform Installation Guide or the Check Point IP1220 and IP1260 Security Platforms Installation Guide to install or replace Check Point ADP module in your appliance. There are few differences between the 2

procedures for installing and replacing IP1200 PMC NIC card carriers and ADP modules other than the following steps and considerations: Before you remove your PMC NIC card carriers and replace them with your ADP module, do the following: You cannot preserve the configuration for slots 1 and 2 of your appliance when you replace your PMC NIC card carriers with an ADP module or, conversely, when you replace your ADP module with PMC NIC card carriers due to interface naming convention differences. Therefore, you need to delete all existing configurations associated with slots 1 and 2. Upgrade the Check Point IPSO software to the required version as described in the Check Point Getting Started Guide and Release s that you received with your ADP module. You need to have both slots free to install the ADP module, as the module occupies both slots. That is, you must first remove any installed PMC card carriers. For the card carrier removal procedure, see the IP1200 Series Security Platform Installation Guide or the Check Point IP1220 and IP1260 Security Platforms Installation Guide. You must first power down your IP1220 or IP1260 appliance before you remove any installed card carriers. After you slide the ADP module into both carrier slots, first secure the two bottom screws, and then secure the two top screws. Ensure that both of the ejector and locking levers are fully secured. After you physically install the ADP module, reboot the system and reconfigure the interfaces as described in Configuring Check Point IPSO for IP1220 and IP1260 ADP Interfaces on page 5. The following figure shows an IP1220 and IP1260 ADP module and card carrier assembly. Link and Activity LEDs Power LED illuminates green when the module is under power Ejector and locking levers 3

To install or remove ADP transceivers in a Check Point ADP module Refer to the following figure, which shows how to install or remove Check Point ADP module transceivers. The modules are hot swappable as are the interface cables you use with them. Rotate the latch levers up or down to secure transceivers, or to release them for removal. You do not need to change the interface type in Network Voyager or the CLI, as the system makes the configuration changes automatically. To identify whether a fiber transceiver you are using is short-range or long-range, refer to the color of the latch lever as follows: Type Short-range Long range Latch lever color Beige Blue Latch lever Flip latch lever down before inserting the ADP transceiver To install an ADP transceiver: Push the transceiver into an available port in the ADP module. Rotate the module latch lever down to secure the transceiver in the ADP module. Depending on the design of your transceiver, you might need to rotate the latch lever upward to release the device. Insert an appropriate interface cable into the transceiver. To remove an ADP transceiver: Remove the cable. Release the transceiver by rotating the latch lever. Pull out the transceiver. that if you install any ADP transceivers that are not supported by Check Point, they are not recognized by Check Point IPSO; the system rejects the transceivers and includes them in a list 4

of rejected interfaces on the Interface Configuration page in Check Point Network Voyager, as shown in the following figure. The Non-Supported SFP Components table appears only if you have ADP transceivers installed that are not supported by Check Point. Check Point ADP Card LED Reference Information All Check Point IP1220 and IP1260 ADP modules provide a single LED for each port. The LED illuminates solid green for Link status and blinks green to indicate Activity. Configuring Check Point IPSO for IP1220 and IP1260 ADP Interfaces This section includes information about configuring Check Point IPSO to use the interfaces on a Check Point ADP module. To help you understand the implications of installing an ADP module, it provides an example of the steps you might perform to install an ADP module in an IP1220 or IP1260 appliance running the Virtual Router Redundancy Protocol (VRRP). Effect on Interfaces When you install ADP modules, Check Point IPSO automatically creates interface names for the ADP interfaces and changes the existing interface names and configuration information, as described below: 5

If you install an ADP module in an IP1220 or IP1260 appliance, the names and configuration information for all the interfaces previously installed in slots 1 and 2 become invalid. These changes can affect any features or protocols that use the existing interfaces or their addresses, including the following: Dynamic routing protocols Multicast routing protocols Static routing configuration VRRP IP clustering Transparent mode Link aggregation Link redundancy Traffic management/qos After you install an ADP module, reconfigure any protocols and features that used the removed interfaces to use the ADP interfaces. Reassign IP addresses from the removed interfaces to the ADP interfaces as appropriate. Check Point ADP Card Interface Names for IP1220 and IP1260 Appliances ADP module interface naming conventions differ from those for PMC NICs IP1220 and IP1260 appliances support one ADP module, which you install in slots 1 and 2. The eight ports on your ADP module are named as follows: eth-s2p1, eth-s2p2, eth-s2p3, eth-s2p4, eth-s2p5, eth-s2p6, eth-s2p7, eth-s2p8 Since the ADP interface names are not exactly the same as other PMC NIC interface names, you need to reconfigure your appliance when you replace PMC NICs with an ADP module or an ADP module with PMC NICs. 6

Configuration Example with VRRP This example describes the steps required to install an ADP module in an IP1220 or IP1260 appliance with VRRP configured. The following figure shows the Interface Configuration page of the platform before an ADP module is installed. Interfaces are installed in slots 1, 2, and 3. For this example, legacy monitored-circuit VRRP is enabled and configured with these settings: Interface eth-s1/s1p1c0 is assigned the IP address 10.1.1.1 (not shown) and uses 10.1.1.99 as the VRRP backup address. Interface eth-s1/s1p2c0 backs up interface eth-s1/s1p1c0. 7

The following figure shows the VRRP configuration: The rest of this section describes how to reconfigure the interfaces and VRRP to accommodate the ADP interfaces. Deleting VRRP Configurations After you physically remove PMC NIC card carriers that you are replacing with ADP modules, you need to delete the configuration information for the NIC interfaces. If VRRP is active at that time, you will not be able to delete the configuration information for the interfaces used by VRRP. Therefore, you should begin by deleting the existing VRRP configuration. It is best to perform the procedures in this section on the VRRP backup system first. When the installation is complete, the upgraded system can become the new master while you upgrade the original master. 8

Reconfiguring Interfaces After you install the ADP module, you need to reconfigure interface information as described below. To reconfigure interfaces for ADP modules 1. Log into the appliance using Check Point Network Voyager. 2. Navigate to the Interface Configuration page. The removed interfaces are still listed on this page, and you see a blue indicator next to each of them in the Up column. 9

Also notice that the ADP logical interfaces are named eth-s2p1c0 through eth-s2p8c0: 10

3. Delete the interface names and configuration information for each interface you removed by following the remaining steps in this procedure. To delete an interface used by VRRP or IP clustering, you must first disable the feature that uses the interface. This is why you deleted the VRRP configuration before you installed the ADP module. 4. Click a physical interface name. Network Voyager displays the Physical Configuration page for that interface. 5. In the Physical Status area, click the Delete check box. 6. Click Apply. 7. Delete the configuration information for the rest of interfaces that you removed by restarting this procedure at step 2. 8. When you have deleted the configuration information for all the interfaces that you removed, click Save. 11

The following figure shows the example system after the configuration information for all of the removed interfaces has been deleted: 9. If appropriate, configure the ADP interfaces to use the IP addresses previously assigned to the removed interfaces. In this example, you need to assign the address 10.1.1.1 to the new interface eth-s2p1c0. Reconfiguring VRRP After you finish reconfiguring interfaces, you need to reconfigure any protocols and features that used the removed interfaces to use the ADP interfaces. 12

In this example, you need to recreate the VRRP configuration using the new interfaces eth-s2p1c0 and eth-s2p2c0. The following figure shows the example system after you recreate the VRRP configuration using the new interfaces: Related Documentation For more information about installing and using your IP1220 or IP1260 appliance, see the Check Point IP1200 Series Security Platform Installation Guide or the Check Point IP1220 and IP1260 Security Platforms Installation Guide. For more information about configuring and using Check Point ADP modules, see the Check Point Network Voyager Reference Guide, Check Point CLI Reference Guide, and the Getting Started Guide and Release s for the version of Check Point IPSO you are using. 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback