Internet Security Product Suite
Getting Started Guide
Version NGX R65
702023 January 24, 2008

3
© 2003-2007 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and
distributed under licensing restricting their use, copying, distribution, and decompilation. No part of
this product or related documentation may be reproduced in any form or by any means without prior
written authorization of Check Point. While every precaution has been taken in the preparation of
this book, Check Point assumes no responsibility for errors or omissions. This publication and
features described herein are subject to change without notice.
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in
subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS
252.227-7013 and FAR 52.227-19.
TRADEMARKS:
©2003-2008 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor,
Application Intelligence, Check Point Endpoint Security, Check Point Express, Check Point Express
CI, the Check Point logo, ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra
Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoreXL, CoSa,
DefenseNet, Dynamic Shielding Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia
Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection
Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Clientless Security, Integrity
SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security Extension, OPSEC,
OSFirewall, Pointsec, Pointsec Mobile, Pointsec PC, Pointsec Protector, Policy Lifecycle
Management, Provider-1, PureAdvantage, PURE Security, the puresecurity logo, Safe@Home,
Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform
Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard, Security
Management Portal, Sentivist, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter

Power, SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense,
SmartDefense Advisor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartUpdate,
SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SMP,
SMP On-Demand, SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard,
UAM, UserAuthority, User-to-Address Mapping, UTM-1, UTM-1 Edge, UTM-1 Edge Industrial,
UTM-1 Total Security, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express
CI, VPN-1 Power, VPN-1 Power Multi-core, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient,
VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX, Web
Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus, ZoneAlarm ForceField,
ZoneAlarm Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs,
and the Zone Labs logo are trademarks or registered trademarks of Check Point Software
Technologies Ltd. or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company.
All other product names mentioned herein are trademarks or registered trademarks of their
respective owners. The products described in this document are protected by U.S. Patent No.
5,606,668, 5,835,726, 5,987,611, 6,496,935, 6,873,988, 6,850,943, and 7,165,076 and may be
protected by other U.S. Patents, foreign patents, or pending applications.
For third party notices, see “THIRD PARTY TRADEMARKS AND COPYRIGHTS” on page 101.
4
5
Contents
Chapter 1
Internet Security Product Suite NGX R65
Welcome 9
In This Guide 11
NGX R65 Documentation 11
Endpoint Security Integration 11
Feedback 11
Chapter 2
Introduction
Overview 13

Product CD-ROMs 14
On CD1 14
On CD2 15
On CD3 16
On CD4 17
On CD5 18
For New Check Point Customers 19
What’s New in NGX R65 20
SmartCenter 20
FireWall and SmartDefense 21
Connectra Central Management 21
VPN 21
ClusterXL 22
Eventia Analyzer 22
Eventia Reporter 22
SecureClient Mobile 23
UTM-1 Edge 23
Provider-1/SiteManager-1 23
6
Chapter 3
Getting Started
VPN-1 Power/UTM Terminology 26
Provider-1/SiteManager-1 Terminology 27
Hardware and Software Requirements 29
Compatibility Table 29
Notes to Compatibility Table 31
Notes to Supported by Platform Table 32
Supported Upgrade Paths and Interoperability 33
Upgrading Management Servers 33
Backward Compatibility For Gateways 33

Licensing NGX R65 35
Licensing VPN-1 Power/UTM 35
Licensing Provider-1/SiteManager-1 36
Upgrading VPN-1 Power/UTM Licenses 37
Licensing Eventia Suite 38
Chapter 4
Performing a New Installation
Overview 39
VPN-1 Power/UTM Installation 40
Installing on SecurePlatform 42
Installing on a Windows Platform 53
Installing on a Solaris Platform 55
Installing on a Linux Platform 57
Installing on a Nokia Platform 60
Initial Configuration 63
Provider-1/SiteManager-1 Installation 71
Overview 71
Building the Standard Provider-1 Network 73
Logging In to the MDG for the First Time 78
Table of Contents 7
Where To From Here? 81
Chapter 5
Installing the Eventia Suite
Eventia Suite Installation 84
Standalone Installation vs. Distributed Installation 85
Installing Eventia Suite on Multiple Versions of SmartCenter
Management 85
Standalone Installation 86
Windows Platform 86
Solaris & Linux Platforms 88

SecurePlatform 88
Distributed Installation 89
Windows Platform 89
Solaris & Linux & SecurePlatform 91
Enabling Connectivity Through a Firewall 92
Preparing Eventia Suite in SmartCenter 94
Working with R55 SmartCenter Server 95
Preparing Eventia Suite on Provider-1 MDS 96
For Provider-1/SiteManager-1 Version R55 96
For Provider-1/SiteManager-1 Version R60 98
For Provider-1/SiteManager-1 Version R61 and Up 99
Index 109
8
9
Chapter
1
Internet Security Product
Suite NGX R65
In This Chapter
Welcome
Thank you for choosing Check Point’s Internet Security
Product Suite. We hope that you will be satisfied with this
solution and our support services. Check Point products
provide your business with the most up to date and secure
solutions available today.
Check Point also delivers worldwide technical services
including educational, professional and support services
through a network of Authorized Training Centers, Certified
Support Partners and Check Point technical support personnel
to ensure that you get the most out of your security

investment.
Welcome page 9
In This Guide page 11
NGX R65 Documentation page 11
Endpoint Security Integration page 11
Feedback page 11
Welcome
10
To extend your organization’s growing security infrastructure and
requirements, we recommend that you consider adopting the OPSEC
platform (Open Platform for Security). OPSEC is the industry's open,
multi-vendor security framework, which has over 350 partners and the
largest selection of best-of-breed integrated applications and
deployment platforms.
For additional information on the NGX Internet Security Product Suite
and other security solutions, go to: or call
Check Point at 1(800) 429-4391. For additional technical
information, go to: .
Welcome to the Check Point family. We look forward to meeting all of
your current and future network, application and management
security needs.
In This Guide
Chapter 1 Internet Security Product Suite NGX R65 11
In This Guide
This guide provides a brief overview of NGX R65 Internet Security
Product Suite applications and installation procedures.
NGX R65 Documentation
Technical documentation is available on your NGX R65 CD-ROM at:
CD2\Docs\CheckPoint_Suite
. These documents can also be

found at: />To find out about what's new in NGX R65, read the NGX R65 What’s
New document.
For information on upgrading your current Check Point deployment,
refer to the Check Point R65 Upgrade Guide.
For upgrading Endpoint Security, refer to the Endpoint Security
Installation Guide.
Endpoint Security Integration
For in-depth documentation of Provider-1/SiteManager-1 and
SmartCenter Integration with Check Point Endpoint Security products,
refer to:
• Endpoint Security Installation Guide
• R65 SmartCenter Administration Guide
Feedback
Check Point is engaged in a continuous effort to improve its
documentation. Please help us by sending your comments to:
Feedback
12

13
Chapter
2
Introduction
In This Chapter
Overview
NGX is a Check Point product that provides superior usability
and management of your organization’s security environment.
SmartCenter is now integrated with Connectra, InterSpect and
Endpoint Security, enabling centralized management and
monitoring of all security enforcement points.
NGX R65 has expanded its intelligent inspection technologies

in VPN-1 Power and incorporates additional complex
application support into state of the art stateful-inspection
and application intelligence technology.
Overview page 13
Product CD-ROMs page 14
For New Check Point Customers page 19
What’s New in NGX R65 page 20
Product CD-ROMs
14
Product CD-ROMs
The NGX R65 media pack contains the following five CD-ROMs:
On CD1
• In the Linux Directory:
• In the Windows Directory: SmartConsole for Windows
• In the SecurePlatform Directory: SecurePlatform components
Package Contains
CPvpn 1. VPN-1 Power/UTM
2. SmartCenter Power/UTM
CPrt Eventia Reporter
CPportal SmartPortal
CPppack Performance Pack
CPedgecmp UTM-1 Edge compatibility package
CPngcmp R55 compatibility package
CPR55Wcmp R55W compatibility package
CPvsxngxcmp VSX NGX compatibility package
CPdr Advanced Routing
CPuas UserAuthority Server
CPinteg Endpoint Security server
CPacc3 VPN-1 Accelerator Card III
CPacc4 VPN-1 Accelerator Card IV

CPinfo CPinfo Utility
CPconcmp Connectra Compatibility Package
CPconplg Connectra Plug-in package
Product CD-ROMs
Chapter 2 Introduction 15
On CD2
• In the Windows Directory:
• In the Windows/SecureClient Mobile directory: SecureClient
mobile setup files.
• In the Integrity Directory:
i. Endpoint Security On Demand
Package Contains
CPvpn 1. VPN-1 Power/UTM
2. SmartCenter Power/UTM
CPclnt SmartConsole for windows
CPdesktop VPN-1 SecuRemote/SecureClient for
Windows
CPrt Eventia Reporter
CPportal SmartPortal
CPedgecmp UTM-1 Edge Compatibility package
CPngcmp R55 compatibility package
CPR55Wcmp R55W compatibility package
CPvsxngxcmp VSX NGX compatibility package
CPuas UserAuthority Server
CPinteg Endpoint Security server
CPacc2 VPN-1 Accelerator Card II
CPacc3 VPN-1 Accelerator Card III
CPSessionAgt-50 Session Agent
CPinfo CPinfo utility
CPconcmp Connectra compatibility package

CPconplg Connectra Plug-in package
Product CD-ROMs
16
ii. Secure Client Mobile
• In the Docs directory: Documentation files
On CD3
• In the Solaris2 Directory
Package Contains
CPvpn 1. VPN-1 Power/UTM
2. SmartCenter Power/UTM
CPclnt SmartConsole
CPrt Eventia Reporter
CPportal SmartPortal
CPppack Performance Pack
CPedgecmp UTM-1 Edge compatibility package
CPngcmp R55 compatibility package
CPR55Wcmp R55W compatibility package
CPvsxngxcmp VSX NGX compatibility package
CPuas UserAuthority Server
CPacc2 VPN-1 Accelerator Card II
CPacc3 VPN-1 Accelerator Card III
CPacc4 VPN-1 Accelerator Card IV
CPinfo CPinfo utility
CPconcmp Connectra compatibility package
CPconplg Connectra Plug-in package
Product CD-ROMs
Chapter 2 Introduction 17
On CD4
• In the Linux Directory:
i. CPinfo. Contains the CPinfo Utility

ii. CPslpatIS. Contains SecurePlatform components
• In the Packages Directory:
• In the Windows Directory:
i. SmartConsole. Contains SmartConsole for windows.
ii. Prov1Gui. Contains the Multi-Domain GUI (MDG) for
Windows
Package Contains
CPmds Provider-1/SiteManager-1
CPvpn 1. VPN-1 Power/UTM
2. SmartCenter Power/UTM
CPedgecmp UTM-1 Edge compatibility package
CPngcmp R55 compatibility package
CPR55Wcmp R55W compatibility package
CPvsxngxcmp VSX NGX compatibility package
CPconcmp Connectra compatibility package
CPconplg Connectra Plug-in package
Product CD-ROMs
18
On CD5
• In the Solaris2 Directory:
i. CPclnt. Contains SmartConsole
ii. CPinfo. Contains CPinfo utility
iii. MDG. Contains the Multi-Domain GUI
• In the Packages Directory:
• In the Docs directory: Documentation files
Package Contains
CPmds Provider-1/SiteManager-1
CPvpn 1. VPN-1 Power/UTM
2. SmartCenter Power/UTM
CPedgecmp UTM-1 Edge compatibility package

CPngcmp R55 compatibility package
CPR55Wcmp R55W compatibility package
CPvsxngxcmp VSX NGX compatibility package
CPconcmp Connectra compatibility package
CPconplg Connectra Plug-in package
For New Check Point Customers
Chapter 2 Introduction 19
For New Check Point Customers
New Check Point customers can access the Check Point User Center
in order to:
• Manage users and accounts
• Activate products
• Get support offers
• Open service requests
• Search the Technical Knowledge Base
To access the Check Point User Center, go to:
/>What’s New in NGX R65
20
What’s New in NGX R65
The following sections offer a brief overview of the advancements
offered by NGX R65.
In This Section:
SmartCenter
NGX R65 introduces an additional infrastructure that enables the use
of management plug-ins. The new plug-ins architecture introduces the
ability to dynamically add new features and support for new products.
Management plug-ins offer central management of gateways and
features not supported by your current NGX R65 SmartCenter or
Provider-1/SiteManager-1. Management plug-ins supply new and
separate packages that consist only of those components necessary

for managing new gateway products or specific features, thus avoiding
a full upgrade to the next release. Each plug-in:
• Is supplied with relevant documentation
• Is installed on SmartCenter Server or Gateway.
• Requires a specific version of SmartDashboard
SmartCenter page 20
Connectra Central Management page 21
VPN page 21
ClusterXL page 22
Eventia Analyzer page 22
Eventia Reporter page 22
SecureClient Mobile page 23
UTM-1 Edge page 23
Provider-1/SiteManager-1 page 23
What’s New in NGX R65
Chapter 2 Introduction 21
For more information, refer to:
• CheckPoint_R65_SmartCenter_AdminGuide.pdf
• CheckPoint_R65_Provider1_AdminGuide.pdf
or visit:
/>FireWall and SmartDefense
• AMT Support for Linux and SecurePlatform gateways
• Aggressive Aging
• EPS Enforcement
• Web (URL) Filtering
• Layer-2 Firewall deployment
• SIP enhancements for VoIP
• SYN cookies
Connectra Central Management
• New Connectra tab

• New tab for SmartDefense and Web Intelligence updates
• Support for Provider-1/SiteManager-1
• Support for SmartView Monitor counters
VPN
• Same local IP and Cluster IP address for VTIs
• Anti-spoofing for unnumbered interfaces on IPSO
• Dynamic routing support for remote VTIs in clusters
What’s New in NGX R65
22
• Configurable metrics for dial-up routes
• Increased interoperability between SecurePlatform and IPSO
• Route-based VPN Improvements
• Customer defined scripts for VPN peers
• Route-based VPN and IP Clustering support
• RIM performance improvements on IPSO
ClusterXL
• Interface bonding for creation of a fully meshed redundant
topology in High Availability configurations
• Support for multicast routing failover
Eventia Analyzer
Eventia Analyzer, for collecting, correlating, and consolidating network
events in a central repository, is now included in the R65 product
suite.
Eventia Reporter
• IPv6 Reporting
• DNS implementation
• Remote license management
• Installation options
• Support for multiple SmartCenter Servers from R54 onwards
• Integration with Eventia Analyzer

• Support for multiple Eventia Reporters in deployment
• Report limitation
What’s New in NGX R65
Chapter 2 Introduction 23
SecureClient Mobile
SecureClient Mobile is a new client for mobile devices that includes a
VPN and firewall functionality and will be the future platform for
additional features, including various security and compliance
features. SecureClient Mobile replaces SecureClient for PocketPC.
Designed to work on multiple platforms, SecureClient Mobile allows
for easy deployment and upgrade.
For more information, the “What’s New” documentation is available
online at />UTM-1 Edge
With UTM-1 Edge you can now select a destination for the log files.
The destination can be the SmartCenter Server or Syslog (a standard
logging mechanism in Unix based machines).
Provider-1/SiteManager-1
• Management Plug-ins View.
• Install on Dynamic Objects.
• Gateway Function Oriented Global Policy.
• Global Manager.
What’s New in NGX R65
24
25
Chapter
3
Getting Started
In This Chapter:
This chapter contains information and terminology related to
installing NGX R65.

VPN-1 Power/UTM Terminology page 26
Provider-1/SiteManager-1 Terminology page 27
Hardware and Software Requirements page 29
Compatibility Table page 29
Supported Upgrade Paths and Interoperability page 33
Licensing NGX R65 page 35