Tài liệu High-End Security Product Suite Getting Started Guide Version NGX R65 docx

Check Point, AlertAdvisor, Application Intelligence, Check Point Endpoint Security, Check Point Express, Check Point Express CI, the Check Point logo, ClusterXL, Confidence Indexing, Co

High-End Security Product Suite

Getting Started Guide

Version NGX R65

702024 January 30, 2008

© 2003-2007 Check Point Software Technologies Ltd.

All rights reserved This product and related documentation are protected by copyright and

distributed under licensing restricting their use, copying, distribution, and decompilation No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point While every precaution has been taken in the preparation of

this book, Check Point assumes no responsibility for errors or omissions This publication and

features described herein are subject to change without notice.

RESTRICTED RIGHTS LEGEND:

Use, duplication, or disclosure by the government is subject to restrictions as set forth in

subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS

252.227-7013 and FAR 52.227-19.

TRADEMARKS:

©2003-2008 Check Point Software Technologies Ltd All rights reserved Check Point, AlertAdvisor, Application Intelligence, Check Point Endpoint Security, Check Point Express, Check Point Express

CI, the Check Point logo, ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra

Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoreXL, CoSa,

DefenseNet, Dynamic Shielding Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia

Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Clientless Security, Integrity

SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security Extension, OPSEC,

OSFirewall, Pointsec, Pointsec Mobile, Pointsec PC, Pointsec Protector, Policy Lifecycle

Management, Provider-1, PureAdvantage, PURE Security, the puresecurity logo, Safe@Home,

Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard, Security

Management Portal, Sentivist, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter

Power, SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense,

SmartDefense Advisor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartUpdate,

SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SMP,

SMP On-Demand, SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard,

UAM, UserAuthority, User-to-Address Mapping, UTM-1, UTM-1 Edge, UTM-1 Edge Industrial,

UTM-1 Total Security, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express

CI, VPN-1 Power, VPN-1 Power Multi-core, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient,

VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX, Web

Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus, ZoneAlarm ForceField,

ZoneAlarm Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs,

and the Zone Labs logo are trademarks or registered trademarks of Check Point Software

Technologies Ltd or its affiliates ZoneAlarm is a Check Point Software Technologies, Inc Company All other product names mentioned herein are trademarks or registered trademarks of their

respective owners The products described in this document are protected by U.S Patent No

5,606,668, 5,835,726, 5,987,611, 6,496,935, 6,873,988, 6,850,943, and 7,165,076 and may be protected by other U.S Patents, foreign patents, or pending applications.

For third party notices, see “THIRD PARTY TRADEMARKS AND COPYRIGHTS” on page 61

Contents

Chapter 1

High-End Security Suite

Welcome 8

In This Guide 9

Documentation 9

Endpoint Security Integration 9

Feedback 10

Chapter 2 Introduction Overview 11

For New Check Point Customers 12

What's New in the High-End Security Suite 13

Provider-1/SiteManager-1 13

VPN-1 Power VSX 14

Management Plug-Ins 15

Chapter 3 Getting Started Provider-1 Terminology 18

VSX Terminology 20

High-End System Requirements 21

Compatibility Table 21

Supported Upgrade Paths and Interoperability 24

Upgrading Management Servers 24

Backward Compatibility For Gateways 25

Licensing 27

Licensing Provider-1/SiteManager-1 28

VSX-CMA Bundle Licenses 29

For More Information 30

Upgrading Licenses 30

Chapter 4 Performing a New Installation Overview 31

Installing and Configuring Provider-1/SiteManager-1 32

Overview 32

Building the Basic Provider-1 Network 34

Installing and Configuring the MDS 35

Installing the SmartConsole and MDG Clients 38

Logging in to the MDG for the First Time 39

Provider-1 and SMP Integration 42

Licensing Issues 42

Installation 43

Configuration Fine Tuning 43

Importing VPN-1 UTM Edge Devices to Provider-1 44

The Import Tool: ImportEdgeFromSMP 47

Installing and Configuring VPN-1 Power VSX 51

Installing VPN-1 Power VSX on SecurePlatform 51

First Time Login 56

Initial Configuration 57

Configuration on the Management Server 58

Where To From Here? 59

Welcome

Thank you for choosing the Check Point High-End Security Suite We hope that you will be satisfied with this security solution and the

service that Check Point provides

Check Point delivers Worldwide Technical Services including

educational, professional and support services, through a network of

authorized training centers, certified support partners, and a variety of Check Point resources

In order to extend your security infrastructure as your network and

application security requirements grow, Check Point recommends

using OPSEC (Open Platform for Security), the industry leader in

open, multi-vendor security frameworks OPSEC has over 350

partners and guarantees the widest range of best-of-breed integrated applications and deployment platforms

To obtain more information about this and other security solutions,

refer to: http://www.checkpoint.com or call us at 1(800) 429-4391

For additional technical information, refer to:

http://support.checkpoint.com

Welcome to the Check Point family We look forward to meeting all of your current and future network and application security and

management needs

In This Guide

Chapter 1 High-End Security Suite 9

In This Guide

This guide provides:

• A brief overview of the High-End Security Suite applications

To see what is new in version NGX R65 and for the latest technical

information, refer to the R65 What’s New

For information on upgrading your current Check Point deployment,

refer to the Check Point R65 Upgrade Guide.

Endpoint Security Integration

For in-depth documentation of Provider-1/SiteManager-1 and

SmartCenter Integration with Check Point Endpoint Security products, refer to:

• Endpoint Security Server Installation Guide

• R65 SmartCenter Administration Guide

Feedback

Check Point is engaged in a continuous effort to improve its

documentation Please help us by sending your comments to:

cp_techpub_feedback@checkpoint.com

The current Check Point release focuses on usability and

smarter management SmartCenter is now integrated with

Connectra, InterSpect and Endpoint Security, which allows for

centralized management and monitoring of all security

enforcement points This enhanced functionality provides IT

organizations and executive management with full visibility

over their entire security environment

The current version includes expanded intelligent inspection

technologies in VPN-1 Power, which incorporate additional

application support into state-of-the-art Stateful-Inspection

and Application Intelligence technologies

What's New in the High-End Security Suite page 13

For New Check Point Customers

For New Check Point Customers

For new Check Point customers, the Check Point User Center can

help you:

• Manage Users & Accounts

• Activate Products

• Get Support Offers

• Open Service Requests

• Search the Technical Knowledge Base

To access the Check Point User Center, go to:

https://usercenter.checkpoint.com/pub/usercenter/get_started.html

What's New in the High-End Security Suite

• Management Plug-ins View This new View indicates whether a

plug-in is activated per Customer, and displays a Needs Attention

notification for any plug-in that has not been activated properly

• Install on Dynamic Objects Installs a security policy on dynamic

objects

• Gateway Function Oriented Global Policy Global security rules

can now be installed on specific gateways or groups of gateways for a Customer CMA, allowing gateways with different functions

to receive different global security rules When installing global

policy to a number of similarly configured CMAs, the relevant

global rules are installed to all of the relevant gateways on each CMA

This feature is particularly useful for enterprise deployments of

Provider-1, where Customer CMAs typically represent geographic subdivisions of an enterprise For example, an enterprise

deployment may have Customer CMAs for business units in New York, Boston, and London, and each CMA will be similarly

configured, with a gateway (or gateways) to protect a DMZ, and

others to protect the perimeter This new capability allows an

VPN-1 Power VSX

administrator to configure the global policy so that certain global

security rules are installed to DMZ gateways, wherever they

exist, and different rules are installed to the perimeter gateways

• Global Manager Global Manager is a new type of administrator

account in the MDG With access to Global SmartDashboard, a

Global Manager is capable of managing global policies and

global objects For a Global Manager to have additional access

to CMA policies, read-write or partial access rights must be

specifically assigned

VPN-1 Power VSX

VPN-1 Power VSX provides the ability to:

• Distribute Virtual Systems on different members of a cluster,

effectively spreading the Virtual System traffic load within the

cluster, with Cluster XL Virtual System Load Sharing.

• Manage the processing power of a VSX machine, with Resource

Control.

• Control the network quality of service in the VSX network

environment, with Check Point Lightweight QoS Enforcement.

It also initiates support for a range of network interface cards and

servers

For complete details on what’s new in this version, and for the latest

technical information, refer to the VPN-1 Power VSX NGX Scalability

Pack Release Notes, available at:

http://www.checkpoint.com/support/technical/documents/index.html

Management Plug-Ins

Chapter 2 Introduction 15

Management Plug-Ins

NGX R65 introduces an additional infrastructure that enables the use

of management plug-ins The new plug-ins architecture introduces the ability to dynamically add new features and support for new products Management plug-ins offer central management of gateways and

features not supported by your current NGX R65 SmartCenter or

Provider-1/SiteManager-1 Management plug-ins supply new and

separate packages that consist only of those components necessary

for managing new gateway products or specific features, thus avoiding

a full upgrade to the next release Each plug-in:

• Is supplied with relevant documentation

• Is installed on SmartCenter Server or Gateway

• Requires a specific version of SmartDashboard

Management Plug-Ins

Getting Started

In This Chapter:

This chapter describes terminology used throughout this

manual, installation requirements, and licensing information

Supported Upgrade Paths and Interoperability page 24

Provider-1 Terminology

Provider-1 Terminology

Provider-1 refers to the complete Provider-1/SiteManager-1 product

functionality The following Provider-1 terms are used throughout this

manual:

• Customer: A business entity or subdivision of a business entity

whose networks are protected by VPN-1 gateways, VPN-1 UTM

Edge appliances or other Check Point compatible firewalls

Customer security policies and network access are managed

using Provider-1/SiteManager-1

• Customer Log Module (CLM): A log server for a single customer.

• Customer Management Add-On (CMA): The Provider-1

equivalent of the SmartCenter server for a single customer

Through the CMA, an administrator creates security policies and

manages the customer gateways

• GUI Client: A computer running one or more of the

SmartConsole applications, for example, the Provider-1 MDG

• Internal Certificate Authority (ICA): The component that creates

and manages X.509 compliant certificates for Secure Internal

Communication (SIC), site-to-site VPN communication (between

VPN-1 gateways), and the authentication of administrators and

• Multi-Domain Server (MDS): The MDS houses Provider-1 system

information including details of the Provider-1 deployment, its

administrators and customer management datum There are two

types of MDSes: the Manager, which runs the Provider-1

deployment, and the Container, which holds the Customer

Provider-1 Terminology

Chapter 3 Getting Started 19

Management Add-Ons (CMA) The Manager is the

administrator’s entry point into the Provider-1 environment An

MDS can be a Manager, a Container, or both

• Multi-Domain Log Module (MLM): A special MDS container that

collects and stores logs It contains multiple Customer Log

Modules (CLMs)

• Provider-1 Administrator: A security administrator that is

assigned with granular permissions to manage specific parts of

the Provider-1 system The following four permission levels can

be assigned:

• Provider-1 Superuser: Manages the entire Provider-1

system, which includes the management of all MDS

servers, all administrators (with all permission levels), all

customers, and all customer networks

• Customer Superuser: Manages all administrators (with

lower permission levels), all customers, and all customer

networks

• Global Manager: A new type of administrator account in

the MDG With access to Global SmartDashboard, a Global Manager is capable of managing global policies and global objects For a Global Manager to have additional access to CMA policies, read-write or partial access rights must be

specifically assigned

• Customer Manager: Manages customer networks for

specific customers Administrators with this permission

level can also use the MDG application, however, they can view and manage only those customers that have been

specifically assigned to them

• None: Manages customer networks for specific customers,

but cannot access the MDG application

VSX Terminology

VSX Terminology

The following VPN-1 Power VSX (VPN-1 Power VSX NGX Scalability

Pack) terms are used throughout this manual:

• Virtual Router: An independent routing domain within a VSX

gateway that functions like a physical router It is used to direct

packets arriving at the VSX gateway through a shared interface

to the relevant Virtual System or to direct traffic arriving from

Virtual Systems to a shared interface or other Virtual Systems

• Virtual Switch: A virtual entity that provides layer-2 connectivity

between Virtual Systems and connectivity to a shared interface

As with a physical switch, each Virtual Switch maintains a

forwarding table with a list of MAC addresses and their

associated ports

• Virtual System: A routing and security domain featuring firewall

and VPN capabilities Multiple Virtual Systems can run

concurrently on a single VSX gateway, isolated from one another

by their use of separate system resources and data storage

High-End System Requirements

Chapter 3 Getting Started 21

High-End System Requirements

For Provider-1/SiteManager-1 and VPN-1 Power VSX NGX hardware

and software system requirements, see the R65 Release notes at:

http://www.checkpoint.com/support/technical/documents/index.html

Compatibility Table

If the existing Check Point implementation contains products that are not supported by NGX, the NGX installation process terminates

Table 3-1 and Table 3-2 list the NGX R65 supported Check Point

products and clients by platform

Compatibility Table

Table 3-1 NGX R65 Supported Products, By Platform

Compatibility Table Notes

1 Anti Virus and URL Filtering are included on SecurePlatform

2 Anti Virus and URL Filtering are supported on Nokia IPSO 4.2

only

3 VPN-1 UTM Edge devices cannot be managed from a

SmartCenter server running on a Nokia IPSO platform

4 Provider-1/SiteManager-1 supported on both RHEL 3.0 AS and

ES

Check Point Product

Solaris

RHEL 3.0

Check Point Nokia Ultra-

2000 Advanced Server (SP1-4)

2000 Server (SP1-4)

2000 Profes- sional (SP1-4)

XP Home

& sional

Profes-kernel 2.4.21

Secure Platform IPSO 4.1 - 4.2

Compatibility Table

Chapter 3 Getting Started 23

5 VPN-1 Power VSX gateways are also supported on Crossbeam

Systems X-Series Security Services Switches

6 Eventia Suite includes Eventia Reporter Server, Eventia Analyzer Server, and the Eventia Analyzer Correlation Unit

7 UserAuthority is not supported on Nokia flash-based platforms

8 The following SmartConsole clients are not supported on Solaris UltraSPARC platforms: SmartView Monitor, SmartLSM, Eventia

Reporter Client, Eventia Analyzer Client, and the SecureClient

Packaging Tool

9 Enabled ROBO Gateways are not supported on Solaris platforms

10 HA Legacy mode is not supported on Windows Server 2003

11 ClusterXL is supported only in third party mode with VRRP or IP Clustering

12 VPN-1 Accelerator Driver II is supported on Solaris 8 only

13 Nokia provides Advanced Routing as part of IPSO

14 Nokia provides SecureXL as part of IPSO

15 NGX-compatible Turbocard driver is available at

http://www.checkpoint.com/downloads/quicklinks/downloads_tc.h

tml

Table 3-2 NGX R65 Supported Clients, By Platform

Check Point Product

Mac Linux

Server

2003 (SP1)

2000 Server / Advanced Server (SP1-4)

2000 sional (SP1-4) / XP Home &

Profes-Professional

Mobile

2003 2003SE 5.0

Supported Upgrade Paths and Interoperability

Supported Upgrade Paths and

Interoperability

Management servers and gateways exist in a wide variety of

deployments Consult Table 3-3 and Table 3-4 to determine which

versions of your management server and gateways can be upgraded to

NGX R65

Upgrading Management Servers

Table 3-3 The following MDS versions can be upgraded to NGX R65:

VPN-1 Pro/Express NG With Application Intelligence R55

VPN-1 Pro/Express NG With Application Intelligence R54

NGX

NG

Backward Compatibility For Gateways

Chapter 3 Getting Started 25

Backward Compatibility For Gateways

NGX R65 management supports backward compatibility for the

following gateway versions:

Table 3-4 Backward Compatibility for gateways

Note - NGX R65 cannot manage gateway versions NG, NG

VPN-1 Pro/Express NG With Application Intelligence R55

VPN-1 Pro/Express NG With Application Intelligence R54

Backward Compatibility For Gateways

Upgrading versions 4.0 and 4.1

Upgrading from versions prior to NG (4.0-4.1) is not supported To

upgrade FireWall-1 versions 4.0-4.1, upgrade the installed version to

VPN-1 NG R55 (refer to the NG with Application Intelligence R55

Upgrade Guide) Once the VPN-1 NG R55 upgrade is complete,

perform an upgrade to NGX R65

For more information on upgrading your current Check Point

deployment, refer to the Check Point R65 Upgrade Guide.

For more information on upgrading Endpoint Security, refer to the

Endpoint Security Installation Guide.

Upgrading from Check Point versions prior to NG (4.0-4.1) is not

supported In order to upgrade FireWall-1 versions 4.0-4.1, first

upgrade the installed version to VPN-1 NG R55 (refer to the NG with

Application Intelligence R55 Upgrade Guide) Once the VPN-1 NG R55

upgrade is complete, perform an upgrade to NGX

Chapter 3 Getting Started 27

Licensing

In This Section

Check Point software is activated with a license key To obtain a

license key, register the certificate key (that appears on the back of

the software media pack) with the Check Point User Center The

certificate key is used to generate a license key for the products that you are either evaluating or purchasing

To purchase the required Check Point products, contact your reseller Check Point software that has not yet been purchased functions for

15 days only

Licensing Provider-1/SiteManager-1 page 28

Licensing Provider-1/SiteManager-1

Licensing Provider-1/SiteManager-1

Provider-1/SiteManager-1 licenses are associated with the IP address

of the licensed entity The Provider-1 Multi-Domain Server (MDS)

license is based on the server type:

• Manager: A license for the administrator’s entry point into the

Provider-1/SiteManager-1 environment The Multi-Domain GUI

(MDG) and the Global SmartDashboard tools can connect only to

MDS servers with this license

• Container: A license that defines the maximum number of CMAs

running on the MDS machine With the exception of Provider-1

Enterprise Edition licenses, multiple container licenses can be

added together on one container to enable it to hold more CMAs,

up to a maximum of 250 CMAs In addition, each CMA requires

its own CMA license CMA Pro Add-on licenses, which enable

additional management features at the CMA level, can be

purchased in bulk and are called Pro Add-ons for MDS

• Combined Manager and Container: These licenses combine a

Manager and a Container license for a certain number of CMAs

In the case of SiteManager-1 licenses, there are no separate

Manager and Container versions available, only the Combined

Manager and Container license

• Multi-Domain Log Manager (MLM): A comprehensive license

that includes the Customer Log Modules (CLMs) it hosts There

is no need for a separate CLM license if they are hosted on an

MLM A CLM hosted on an MDS server requires its own CLM

license

• Gateway: Each gateway requires its own license Licenses are

determined according to the number of computing devices

(nodes) protected by the gateway

Provider-1 licenses can be imported using the Check Point command

line licensing tool or Provider-1's MDG For additional information,

refer to the R65 Provider-1/SiteManager-1 Administration Guide.

VSX-CMA Bundle Licenses

Chapter 3 Getting Started 29

VSX-CMA Bundle Licenses

Provider-1 can manage Virtual Systems with the addition of a

VSX-CMA bundle license Bundle licenses are cumulative and come

in packs of 10, 25, 50, 100 and 250 The number of Virtual Systems the MDS can manage is set by the total number of VSX-CMA licenses installed

Each VSX-CMA license allows for the creation of a CMA that can host any number of Virtual Systems There is no limit to the number of

Virtual Systems managed by a single CMA, except that it may not

exceed the total number of VSX-CMA licenses purchased Each of

these CMAs is only able to manage Virtual Systems and does not

require a separate CMA license

If you want to manage other devices on a CMA created with a

VSX-CMA license, you must add a regular CMA license as well as a

regular MDS Container license (in order to host a regular CMA on the MDS machine) Each MDS machine can contain a mixture of

Provider-1 Manager and Container licenses and VSX-CMA bundle

licenses

Provider-1 also supports a High Availability solution for Virtual

Systems By installing a High Availability VSX-CMA bundle license on

a second MDS machine, a set number of Virtual Systems can be

hosted by secondary CMAs The capabilities and limitations of this

license are similar to those of the regular VSX-CMA bundle

For More Information

For More Information

For more information regarding licensing, refer to the User Center at:

http://usercenter.checkpoint.com

Upgrading Licenses

The license upgrade procedure can be performed if you have

purchased any of the Enterprise Software Subscription services

License upgrade fails for products and accounts for which you do not

have software subscriptions To manage your accounts, licenses, and

Enterprise Support Programs coverage (under Support Programs), log

in to: http://usercenter.checkpoint.com License upgrade is performed

by means of a tool that automatically upgrades both locally and

centrally managed licenses

Using the tool, you can upgrade all licenses in the entire managed

system License upgrade can also be performed manually, per license,

in the User Center For instructions, refer to the guide in the User

Center at:

https://usercenter.checkpoint.com/pub/usercenter/faq_us.html

For the latest information and downloads regarding NGX license

upgrades, refer to:

Check Point software is designed to work across multiple

platforms and preconfigured appliances The look and feel of

each software installation differs depending on the platform in

use This chapter describes the installation and configuration

procedures for the following software:

• Provider-1/SiteManager-1

• Provider-1 and SMP integration

• VPN-1 Power VSX NGX Scalability Pack

Installing and Configuring Provider-1/SiteManager-1 page 32

Provider-1 and SMP Integration page 42

Installing and Configuring VPN-1 Power VSX page 51

Installing and Configuring Provider-1/SiteManager-1

Installing and Configuring

Provider-1/SiteManager-1

In This Section

Overview

A typical Management Service Provider (MSP) handles many different

customer systems Provider-1/SiteManager-1’s flexibility ensures

compatibility with a wide range of customer security schemes and

product deployments

Building the Basic Provider-1 Network page 34

Installing and Configuring the MDS page 35

Installing the SmartConsole and MDG Clients page 38

Logging in to the MDG for the First Time page 39

Chapter 4 Performing a New Installation 33

Figure 4-1 Sample Provider-1 Deployment

The components of a basic Provider-1 deployment are:

• MDS: Each Provider-1 network must have at least one Manager

and one Container They can be installed on the same server or

separately

• MDG and SmartConsole Applications: Installed on a GUI client

(a computer running Check Point GUI) and support centralized

system management

• CMAs: Installed on a Container MDS Each CMA manages the

network of a single customer domain

• Customer Gateways: Protect the customer’s networks.

Building the Basic Provider-1 Network

• NOC Gateways: Protect the MSP headquarters and

network/security operations centers

Building the Basic Provider-1 Network

This section describes how to build your first Provider-1 operations

center The following is a typical workflow:

Figure 4-2

Set Up Networking

The MDS server host and VPN-1 gateways should be TCP/IP ready

The MDS server machine should include at least one interface with an

IP address and should be able to query a DNS server in order to

resolve the IP addresses of other machine names

As applicable, ensure that routing is properly configured to allow IP

communication between:

• The CMA/CLM and its managed gateways

• An MDS and other MDSs in the system

• A CMA and CLMs of the same customer

Note - Depending on your system specifications, you must

decide whether to manage NOC gateways with a standalone

SmartCenter or with your Provider-1 system For Provider-1

systems, a Provider-1 customer is typically dedicated to serve

as the NOC customer

Installing and Configuring the MDS

Chapter 4 Performing a New Installation 35

• A CMA and its high availability CMA peer

• A GUI client and MDS managers

• A GUI client and CMAs/CLMs

Install the Gateways

Install the Network Operation Center (NOC) gateway and the customer gateway This installation is performed using CD1 of the High-End

Security Product Suite For each gateway, record the activation key

you used for the initialization of SIC with the gateway's SmartCenter

server

Installing and Configuring the MDS

All MDS types, whether Manager, Container or MLM, are created

using the same installation process

To create a primary manager:

1 Verify that you have superuser permissions

2 From the mounted directory, navigate to the subdirectory that

matches the operating system of your MDS server - solaris2 or

linux

3 For Solaris and Linux, run the mds_setup script

4 Select whether the MDS is:

• A Manager

Note - When installing the MDS on SecurePlatform, the

installation is performed using the SecurePlatform installer

on the CD Do not execute mds_setup script directly

Note - Any information that you enter at this stage can be

modified later by rerunning the mdsconfig utility