UTM-1

Getting Started Guide

R70.1

U-5, U-10, U-15,

U-20, U-30, U-40

703827 July 20, 2009

Safety, Environmental, and Electronic
Emissions Notices
Read the following warnings before setting up or using the appliance.

Warning - Do not block air vents. A minimum 1/2-inch clearance is

required.

Warning - This appliance does not contain any user-serviceable parts.

Do not remove any covers or attempt to gain access to the inside of
the product. Opening the device or modifying it in any way has the
risk of personal injury and will void your warranty. The following
instructions are for trained service personnel only.

To prevent damage to any system board, it is important to handle it with care. The
following measures are generally sufficient to protect your equipment from static
electricity discharge:
• When handling the board, to use a grounded wrist strap designed for static
discharge elimination.
• Touch a grounded metal object before removing the board from the antistatic bag.
• Handle the board by its edges only. Do not touch its components, peripheral chips,
memory modules or gold contacts.
• When handling processor chips or memory modules, avoid touching their pins or
gold edge fingers.
• Restore the communications appliance system board and peripherals back into the
antistatic bag when they are not in use or not installed in the chassis. Some
circuitry on the system board can continue operating even though the power is
switched off.
• Under no circumstances should the lithium battery cell used to power the real-time
clock be allowed to short. The battery cell may heat up under these conditions
and present a burn hazard.

Warning - DANGER OF EXPLOSION IF BATTERY IS INCORRECTLY

REPLACED. REPLACE ONLY WITH SAME OR EQUIVALENT
TYPE RECOMMENDED BY THE MANUFACTURER. DISCARD
USED BATTERIES ACCORDING TO THE MANUFACTURER’S
INSTRUCTIONS.

3
 • Disconnect the system board power supply from its power source before you
connect or disconnect cables or install or remove any system board components.
Failure to do this can result in personnel injury or equipment damage.
• Avoid short-circuiting the lithium battery; this can cause it to superheat and cause
burns if touched.
• Do not operate the processor without a thermal solution. Damage to the processor
can occur in seconds.

For California:
 
Perchlorate Material - special handling may apply. See
http://www.dtsc.ca.gov/hazardouswaste/perchlorate
The foregoing notice is provided in accordance with California Code of Regulations Title 22, Division
4.5, Chapter 33. Best Management Practices for Perchlorate Materials. This product, part, or both
may include a lithium manganese dioxide battery which contains a perchlorate substance. 
 
Proposition 65 Chemical 
Chemicals identified by the State of California, pursuant to the requirements of the California Safe
Drinking Water and Toxic Enforcement Act of 1986, California Health & Safety Code s. 25249.5, et
seq. ("Proposition 65"), that is “known to the State to cause cancer or reproductive toxic- ity” (see
http://www.calepa.ca.gov) 
WARNING: 
Handling the cord on this product will expose you to lead, a chemical known to the State of California
to cause cancer, and birth defects or other reproductive harm.    Wash hands after handling.
Federal Communications Commission (FCC) Statement: 
Note: This equipment has been tested and found to comply with the limits for
a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are
designed to provide reasonable protection against harmful interference when
the equipment is operated in a commercial environment. This equipment
generates, uses, and can radiate radio frequency energy and, if not installed
and used in accordance with the instruction manual, may cause harmful
interference to radio communications. Operation of this equipment in a residential
area is likely to cause harmful interference in which case the user will be required
to correct the interference at his own expense. 
 
Information to user:
The users manual or instruction manual for an intentional or unintentional radiator shall caution the
user that changes or modifications not expressly approved by the party responsible for compliance
could void the user's authority to operate the equipment. In cases where the manual is provided only
in a form other than paper, such as on a computer disk or over the Internet, the information required
by this section may be included in the manual in that alternative form, provided the user can
reasonably be expected to have the capability to access information in that form.
 
Canadian Department Compliance Statement: 
This Class A digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe
A est conforme à la norme NMB-003 du Canada.
 
Japan Class A Compliance Statement:
 

 
European Union (EU) Electromagnetic Compatibility Directive
Is herewith confirmed to comply with the requirements set out in the Council Directive on the
Approximation of the Laws of the Member States relating to Electromagnetic Compatibility Directive
(2004/108/EC). For the evaluation regarding the Electromagnetic Compatibility (2004/108/EC)

The above product is conformity with Low Voltage Directive 2006/95/EC into comply with the
requirements in the Council Directive 2006/95/EC relating to electrical equipment designed for use
within certain voltage limits and the Amendment Directive 93/68/EEC
 This symbol on the product or on its packaging indicates that this product must not be
disposed of with your other household waste. Instead, it is your responsibility to dispose
of your waste equipment by handing it over to a designated collection point for the
recycling of waste electrical and electronic equipment. The separate collection and
recycling of your waste equipment at the time of disposal will help to conserve natural
resources and ensure that it is recycled in a manner that protects human health and the
environment. For more information about where you can drop off your waste equipment
for recycling, please contact your local city office or your household waste disposal
service.

4
© 2003-2009 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and
distributed under licensing restricting their use, copying, distribution, and decompilation. No part of
this product or related documentation may be reproduced in any form or by any means without
prior written authorization of Check Point. While every precaution has been taken in the
preparation of
this book, Check Point assumes no responsibility for errors or omissions. This publication
and features described herein are subject to change without notice.

RESTRICTED RIGHTS LEGEND:

Use, duplication, or disclosure by the government is subject to restrictions as set forth in

subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at
DFARS
252.227-7013 and FAR 52.227-19.

TRADEMARKS:

Please refer to http://www.checkpoint.com/copyright.html for a list of our trademarks.

For third party notices, see http://www.checkpoint.com/3rd_party_copyright.html.

5
6
 Content
s

Chapter 1
Introduction
Welcome................................................................................... 9
UTM-1 Overview ...................................................................... 10
Shipping Carton Contents ......................................................... 12
Terminology ............................................................................ 13

Chapter 2
Installation and Configuration
Configuring UTM-1 .................................................................. 16
The Configuration Workflow ............................................. 16
Step 1: Installing UTM-1 in the Rack ............................... 16
Step 2: Identifying the Default Management Interface ........ 16
Step 3: Connecting the Cables ......................................... 17
Step 4: Advanced Initial Configuration .............................. 18
Step 5: Installing the SmartConsole GUI Clients ................ 26
Step 6: First Time Login to the Security Management Server 26
Step 7: Configure and Install Security Policy ..................... 27
Restoring Factory Defaults ........................................................ 33
Restoring Using the WebUI .............................................. 33
Restoring Using the Console Boot Menu ............................ 34
Restoring Using the LCD Panel ........................................ 36

7
 Advanced Configuration ............................................................38

Chapter 3
UTM-1 Hardware
UTM-1 130 Ports.....................................................................40
LEDs on the UTM-1 130 ..........................................................41
LEDs on all other UTM-1 Models ...............................................42
Managing UTM-1 Using the LCD Panel .....................................43

Chapter 4
Registration and Support
Registration .............................................................................47
Support...................................................................................47
Where To From Here? ...............................................................48

8
Chapter 1
Introduction
In This Chapter

Welcome page 9
UTM-1 Overview page 10
Shipping Carton Contents page 12
Terminology page 13

Welcome
Thank you for choosing Check Point’s Internet Security
Product Suite. We hope that you will be satisfied with this
solution and our support services. Check Point products
provide your business with the most up to date and secure
solutions available today.
Check Point also delivers worldwide technical services
including educational, professional and support services
through a network of Authorized Training Centers, Certified
Support Partners and Check Point technical support personnel
to ensure that you get the most out of your security
investment.
For additional information on the Check Point Internet
Security Product Suite and other security solutions, refer to:
http://www.checkpoint.com or call Check Point at 1(800)
429-4391. For additional technical information, refer to:
http://support.checkpoint.com.

9
UTM-1 Overview

Welcome to the Check Point family. We look forward to meeting all of

your current and future network, application and management
security needs.

UTM-1 Overview
Check Point UTM-1 delivers integrated unified threat management to
protect your organization from today's emerging threats. Based on
proven Check Point security technologies such as Stateful Inspection,
Application Intelligence, and SMART (Security Management
Architecture), UTM-1 provides simplified deployment and
management while delivering uncompromising levels of security.
UTM-1 supports the Check Point Software Blade architecture,
providing independent, modular and centrally managed security
building blocks. Software Blades can be quickly enabled and
configured into a solution based on specific security needs.
The following Software Blades are included in UTM-1:

Security Gateway Software Blades

• Firewall – proven, enterprise-class firewall.
• IPSec VPN – encrypted secure connectivity to corporate
networks, remote users, branch offices and business partners.
• IPS – High performance integrated IPS solution with extensive
threat coverage.
• URL Filtering – Best-of-breed Web filtering covering more than
20 million URLs. Protects users and enterprises by restricting
access to dangerous Web sites.
• Anti-Virus & Anti-Malware – Leading anti-virus protection
including heuristic virus analysis. Stops viruses, worms and
other malware at the gateway.

10
 UTM-1 Overview

• Anti-Spam & Email Security – Multi-dimensional protection for

the messaging infrastructure. Stops spam, protects servers and
eliminates attacks through email.

Security Management Software Blades

• Network Policy Management – Comprehensive network
security policy management for Check Point gateways and
blades, via SmartDashboard, a single, unified console.
• Endpoint Policy Management – Centrally deploy, manage,
monitor and enforce security policy for all endpoint devices
across any sized organization.
• Logging & Status – Comprehensive information in the form
of logs, and a complete visual picture of changes to
gateways, tunnels, remote users and security activities.
Additional software blades are available at
http://www.checkpoint.com/products/softwareblades/architecture/

This document provides:

• A brief overview of essential UTM-1 concepts and features.
• A step by step guide to getting UTM-1 up and running.
The latest version of this guide can be found at
http://supportcontent.checkpoint.com/documentation_download?ID=10236

Note - This guide applies to all UTM-1 models.

However, screen shots may apply only to the highest
model in the range.

Chapter 1 Introduction 11
Shipping Carton Contents

Shipping Carton Contents

This section describes the contents of the shipping carton.

Table 1-1 Contents of the Shipping Carton

Item Description
Appliance A single UTM-1
Rack Mounting Accessories Hardware mounting kit
(Not applicable to UTM-1 130)
Cables • 1 Power cable
• 1 Standard network cable
• 1 Serial console cable
Power Supply Power Supply Unit
(Applicable only to UTM-1 130)
CD Includes the following:
• SmartConsole
management software
• UTM-1 Getting Started Guide
• UTM-1 Administration Guide
• Check Point R70 documentation
Regulations and Documentation • User license agreement.
• UTM-1 Release Notes.

Latest version of the UTM-1 R70.1 Release Notes can be found at

http://supportcontent.checkpoint.com/documentation_download?ID=10266

12
 Terminology

Terminolo
gy
The following UTM-1 terms are used throughout this guide:
• Gateway: The Security Gateway engine that enforces the
organization’s security policy and acts as a security enforcement
point.
• Security Policy: The policy created by the system administrator
that regulates the flow of incoming and outgoing
communication.
• Security Management server: The server used by the system
administrator to manage the security policy. The organization’s
databases and security policies are stored on the Security
Management server and downloaded to the gateway.
• SmartConsole: GUI applications that are used to manage
various aspects of security policy enforcement. For example,
SmartView Tracker is a SmartConsole application that
manages logs.
• SmartDashboard: A SmartConsole GUI application that is
used by the system administrator to create and manage the
security policy.
• Locally managed deployment: When all Check Point components
responsible for both the management and enforcement of the
security policy (the Security Management server and the
gateway) are installed on the same machine.
• Centrally managed deployment: When the gateway and the
Security Management server are installed on separate machines.
• UTM-1 cluster: Refers to two UTM-1 devices with synchronized
Security Management servers and gateways.

Chapter 1 Introduction 13
Terminology

14
Chapter 2
Installation and
Configuration
This chapter explains how to configure UTM-1 using the First
Time Wizard and how to restore factory defaults.

In This Chapter

Configuring UTM-1 page 16

Restoring Factory Defaults page 33
Advanced Configuration page 38
15
Configuring UTM-1

Configuring UTM-1
The Configuration Workflow
To configure UTM-1, perform the following simple steps:
Step 1: Install UTM-1 onto the rack.
Step 2: Identify the default management interface.
Step 3: Connect the cables and power on.
Step 4: Perform advanced initial configuration.
Step 5: Install the SmartConsole GUI clients.
Step 6: Login to SmartDashboard and compare the fingerprint.
Step 7: Configure and install the security policy.

Step 1: Installing UTM-1 in the

Rack

Note - Does not apply to UTM-1 130

Install the system in the rack with the network ports facing the
front of the rack.

Step 2: Identifying the Default

Management Interface
Identify the default management interface marked as Internal.On
UTM-130 it is marked as INT. This interface is preconfigured
with the IP address 192.168.1.1.

16
 Configuring UTM-1

Step 3: Connecting the Cables

For UTM-1 130
1. Connect the power cable to power supply unit.
2. Connect the power supply unit to the power port at the rear
of the appliance.

3. Connect the power cable to an A/C outlet.

UTM-1 turns on immediately.
4. Connect the standard network cable to the internal port
(marked as INT) and to the PC.

Chapter 2 Installation and Configuration 17

Configuring UTM-1

For all other UTM-1 models

1. Connect the power cable.
2. Connect the standard network cable to the internal port
and to the PC.
3. On the back panel, turn on the Power button to start the
appliance.

Step 4: Advanced Initial

Configuration
1. Connect to the administration interface by connecting from
a machine on the same network subnet (e.g., with IP
address 192.168.1.x and netmask 255.255.255.0) to the
administration interface via the LAN cable. This can be
changed later through the administration interface.
2. To access the administration interface, initiate a
connection from Internet Explorer version 6 or higher to
the default administration IP address:
https://192.168.1.1:4434.

Note - Pop-ups must always be allowed on

https://<appliance_ip_address>.

3. The login page appears (Figure 2-1). Log in with the

default system administrator credentials:
• Login name: admin
• Password: admin
Click Login.

18
 Configuring UTM-1

Figure 2-1 The Login page

4. Change the administrator password, as prompted.

The default password is provided to allow to you
access to UTM-1. For security purposes, you must
change it to a more secure password.
In the Password recovery login token section, you can
download a Login Token that can be used in the event a
password is forgotten. It is highly recommended to save
and store the password recovery login token file in a safe
place.

Chapter 2 Installation and Configuration 19

Configuring UTM-1

5. The First-Time Configuration Wizard runs. The Wizard

presents a number of windows, in which you configure the
Date and Time, Network Connections, Routing, DNS
Servers, Host and Domain Name, and Deployment Type
of
UTM-1.

Note - The features configured in the wizard are accessible

after completing the wizard via the WebUI menu. The WebUI
menu can be accessed by navigating to
https://<appliance_ip_address>:4434 using Internet Explorer
version 6 or higher.
Click Next.
6. Configure date and time in the Appliance Date and Time
Setup window. Click Apply.
Click Next.
7. Configure Network Connections in the Network
Connections
page.

20
 Configuring UTM-1

Figure 2-2 Network Connections page

You may modify the Internal IP address and connectivity

will be preserved. A secondary interface is created
automatically to preserve connectivity. This interface can
be removed after the wizard is completed in the Network >
Network Connections page.
Click Next.
8. Configure Routing on the Routing Table page.
Click Next.
9. Set the Host and Domain on the Host and Domain Name
page.
The host name must start with a letter and cannot be
named Com1, Com2, ... , Com9.
Set the DNS servers on the DNS Servers
page. Click Next.
10. Configure the Management type by selecting one of
the options in the Management Type page.

Chapter 2 Installation and Configuration 21

Configuring UTM-1

• Locally Managed is the simplest deployment, where

the UTM-1 appliance includes Security Management
server functionality and is responsible for the
management of the Security Policy.
• Centrally Managed is a more complex deployment
where the UTM-1 appliance is managed by a Security
Management server on a different machine.

Note - In all deployments, SmartConsole can be downloaded

and installed on any machine, unless stated otherwise.
Figure 2-3 Management Type page

Click Next.
11. Follow the procedure below for your deployment:
• Locally Managed Deployment: Skip to step 12
• Centrally Managed Deployment:
a. Configure the Web/SSH and GUI Clients
Configuration
window as described in step 13. Click Next.
b. Set the type of Gateway on the Gateway Type page.

22
 Configuring UTM-1

c. Configure the Secure Internal Communication

window:
enter a SIC Activation Key and remember it, as you
will enter it again when configuring the gateway
object via SmartDashboard.
d. Skip to step 15.
12. Select the cluster type, as shown in Figure 2-4:
Figure 2-4 Cluster type

If you select This appliance is part of a UTM-1 Cluster,

the options are:
• Primary cluster member
• Secondary cluster member
For information about clusters, see the ClusterXL R70.1
Administration Guide
http://supportcontent.checkpoint.com/documentation_down
load?ID=10068
Click Next.

Chapter 2 Installation and Configuration 23

Configuring UTM-1

13. Configure the Web/SSH and GUI Clients Configuration

window. Define which IP addresses will be allowed to
connect using Web or SSH Clients. These clients will be
able to manage the appliance using SmartConsole
applications. Enter a comma-separated list of IP addresses
from which you will manage UTM-1 using SmartConsole
Applications. Type Any to manage UTM-1 from anywhere.
These and other advanced configuration options are
available via the WebUI menu.
Click Next.
14. Configuring a security policy requires you to install
SmartConsole applications.
If you do not already have SmartDashboard
downloaded, click the Download Check Point
SmartConsole applications package link to download
and install SmartDashboard to configure a Security
Policy.
Click Next.
15. The Summary page appears:

24
 Configuring UTM-1

Figure 2-5 Summary page

Click Finish to complete the First-Time Configuration

Wizard. The machine will automatically restart (this may
take several minutes).

Note - It is recommended to backup the system configuration

for system recovery purposes. The backup menu can
be accessed via the WebUI interface under the
Appliance > Backup menu. For details, refer to the
UTM-1 R70
Administration Guide included on the CD or found at
http://supportcontent.checkpoint.com/documentation_downlo
ad?ID=8952

Chapter 2 Installation and Configuration 25

Configuring UTM-1

Step 5: Installing the

SmartConsole GUI
Clients
If SmartDashboard was downloaded during the First Time
Configuration Wizard, skip to “Step 6: First Time Login to the
Security Management Server” on page 26.
1. The WebUI menu can be accessed by navigating to
https://<appliance_ip_address>:4434 using
Internet Explorer version 6 or higher.
2. Login using the administrator username and password
configured in step 4 on page 19.
3. Download the SmartConsole Installation package Product
Configuration > Download SmartConsole > Download.

Step 6: First Time Login to the

Security
Management Server
Login Process
In a Locally Managed deployment, the Security Management
server is included in UTM-1.
In a Centrally Managed deployment, a Security Management
server to manage the UTM-1 gateway has already been installed.
Administrators connect to the Security Management server
through SmartDashboard using a process that is common to all
SmartConsole clients. In this process, the administrator and the
Security Management server are authenticated, and a secure
channel of communication is negotiated.

Authenticating and Fingerprint

Comparison
1. Launch SmartDashboard.

26
 Configuring UTM-1

2. Enter the administrator username, password, and IP

address of the Security Management server.
Locally Managed deployment only: If a UTM-1 Cluster
was configured, connect to the Security Management
server on the primary cluster member.
3. Locally Managed deployment only: Manually authenticate
the Security Management server with the Fingerprint
presented. This step only takes place during first-time
login, since when the Security Management server is
authenticated, the Fingerprint is saved on the
SmartConsole machine.
Compare the Fingerprint with the fingerprint which is
located in the WebUI in Product Configuration >
Certificate Authority.
4. Locally Managed deployment only: If a UTM-1 Cluster
option was selected during step 12 on page 23, the
first-time UTM-1 Cluster wizard opens. Follow the wizard to
complete the cluster configuration before installing a
security policy.

Step 7: Configure and Install

Security
Policy
The security policy is implemented by defining an ordered set of
rules in the Firewall Rule Base. A well-defined security policy is
essential in order for UTM-1 to be an effective security solution.
A sample Firewall rule base is shown in Table 2-1.

Chapter 2 Installation and Configuration 27

Configuring UTM-1

Table 2-1 Sample Firewall Rules

Source Destination Service Action Track

Network Object Any http Accept Log
https
Network Object Any dns Accept Log
Host Object Any ftp Accept Log
Host Object Any telnet Accept Log
Any Any Any Drop Log
The last rule in the rule base, known as the Cleanup Rule, is to
drop all traffic that is not permitted by the previous rules. There
is an implied rule that does this, but the Cleanup Rule allows
you to log any access attempts.
Create a security policy as follows:

Create a New Policy Package

1. In SmartDashboard, click File > New. The Save
window appears.
2. Click Save and continue. The New Policy Package
window appears.
3. Enter a name for the new policy, select a policy type and
click OK.

Define a Host
Define the hosts to be used in the Firewall Rule Base.
To define a host:
1. Click Manage > Network Objects > New > Node > Host.
The
Host Node window appears.
2. Enter a Name and IP Address (for example, 10.10.10.51).

28
 Configuring UTM-1

3. In the NAT page, select Add Automatic Address

Translation
rules.
Figure 2-6 NAT page of Host Node

4. From the Translation Method drop down menu, select

Hide, and the option Hide behind Gateway, and click OK.

Define a Network
Define the networks to be used in the Firewall Rule Base.
To define a network:
1. Click Manage > Network Objects > New > Network.
2. Enter the Name and Network Address (for example,
10.10.10.0) and Net Mask.
3. On the NAT tab, select Add Automatic Address
Translation rules.
4. From the Translation Method drop down menu, select
Hide, and the option Hide behind Gateway, and click OK.

Create the Firewall Rules

Define the Firewall rules. To define a rule:

Chapter 2 Installation and Configuration 29

Configuring UTM-1

1. From the menu, select Rules > Add Rule and choose one
of
Bottom, Top, Below, Above.
2. In the Source column, right click and select Add..., choose
an object and click OK.
3. In the Service column, right click, select Add..., choose a
service and click OK.
4. In the Action column, right click and select Accept. The
last rule in the rule base should be drop.
5. In the Track column, right click, select Add... and choose
Log.
6. To view all activity that is being logged, click Window >
SmartView Tracker.

Configuring Content Inspection

When content inspection is configured on the UTM-1 gateway,
traffic for the appropriate protocols is forwarded to the security
server. The security server forwards the data stream to the
inspection engine — an Anti-Virus server, for example. The data
is allowed or blocked based on the response of the inspection
engine.
Content inspection is performed only on traffic that has been
allowed by the Security Policy.
To enable content inspection on the gateway, in the General
Properties page of the gateway, select one or more of the
following Network Security Blades:
• URL Filtering
• Anti-Virus & Anti-Malware
• Anti-Spam & Email Security.

30
 Configuring UTM-1

For more information about content inspection, see the

“Anti-Virus and URL filtering” chapter and the “Anti-Spam and
Mail” chapter in the Firewall R70 Administration Guide at
http://supportcontent.checkpoint.com/documentation_download?ID=8738

Install a Policy Package

To install a Policy Package:
1. Create a policy using the security rule base.
2. Click Policy > Install from the menu.
3. Choose the installation components:
a. Installation Targets — the Security Gateways on
which the policy is installed.
By default, all gateways that are managed by the
Security Management server are available for
selection. Alternatively, define specific gateways per
Policy Package through the Select Installation
Targets window (accessed by clicking Select
Targets).
b. For each installation target, choose the policy
components (Advanced Security, QoS or
Desktop Security) to be installed.
c. The installation Mode — what to do if the installation is
not successful for all targets (so different targets
enforce different policies):
• Install on each gateway independently, or
• Install on all gateway, or on none of the
gateways.
4. Click OK.
The Installation Process window is displayed, allowing you
to monitor the progress of the verification, compilation and
installation.

Chapter 2 Installation and Configuration 31

Configuring UTM-1

If the verification is completed with no errors and the

Security Management server is able to connect to the
gateway securely, the Policy installation succeeds.
If there are verification or installation errors, the
installation fails (in which case you can view the errors to
find the source of the problem).
If there are verification warnings, the installation succeeds
with the exception of the component specified in the
warning.

32
Restoring Factory Defaults

Restoring Factory Defaults

The UTM-1 appliance contains two default factory images:
• NGX R65 with Messaging Security
• R70.1
When the appliance is turned on for the first time, it loads with
the NGX R65 with Messaging Security default image.
As part of the troubleshooting process, it may be necessary to
restore the UTM-1 appliance to its factory default settings.
A UTM-1 appliance can be restored to the factory default image:
• Using the WebUI
• Through the console boot menu
• Using the LCD panel (not applicable to UTM-1 130)

Warning - Restoring factory defaults deletes all information on

the appliance.

Restoring Using the WebUI

To restore the UTM-1 appliance to its default factory
configuration using the WebUI:
1. In the UTM-1 WebUI, click Appliance > Image
Management.
The Image Management window opens:

34
 Restoring Factory Defaults

Figure 2-7 Image Management

2. Select the image you wish to revert to.

3. Click Revert.

Restoring Using the Console

Boot Menu
To restore the UTM-1 appliance to its default factory
configuration using the console boot menu:
1. Connect the supplied DB9 serial cable to the console port
on the front of the appliance.
2. Connect to UTM-1 using a terminal emulation program
such as Microsoft HyperTerminal, the program used
here.
3. In the HyperTerminal Connect To window, select a port from
the Connect using list. Define the port settings: 9600 BPS,
8 bits, no parity, 1 stop bit.
4. From the Flow control list, select Hardware.
5. Click, Call > Call to connect to the appliance.
6. Switch on UTM-1. The appliance begins the boot process
and status messages appear in HyperTerminal.
Chapter 2 Installation and Configuration 35
Restoring Factory Defaults

7. During the UTM-1 boot process, text similar to that shown

below appears:
Figure 2-8 Activating the Boot menu in HyperTerminal

At this point, you have approximately four seconds to hit

any key to activate the Boot menu.
8. The Boot menu opens. Scroll to the desired Reset to
factory defaults image and press Enter.
Figure 2-9 Boot menu in HyperTerminal

36
 Restoring Factory Defaults

Restoring Using the LCD Panel

Note - This section is not applicable to UTM-1 130 which

does not have an LCD panel.

To restore the appliance its default factory configuration using

the LCD panel at the front of the appliance:
1. Reboot or power on the appliance.
2. When the countdown begins, press any of the four buttons
to the right of the LCD panel:

The boot menu appears.

3. Using the arrow buttons, select the Reset to R65 FCD or
the
Reset to R70 FCD option, and press ENTER

4. Confirm the reset by pressing the Arrow Up button

Pressing any other button causes the Action Canceled

message to display:

Chapter 2 Installation and Configuration 37

Restoring Factory Defaults

At this point, pressing any key returns you to the boot

menu.
5. If you confirmed the reset by pressing the Arrow Up
button in step 4 on page 36, wait for the appliance to
restore the factory image.
As the appliance is restored to the NGX R65 with
Messaging Security default image, a Loading
message displays continuously:

When the appliance has been restored to its default factory

configuration, the appliance reboots and the initializing
message is displayed:

38
Advanced Configuration

Advanced Configuration
Advanced configuration can be done using the sysconfig
menu which can be accessed using the command line interface
only. For example, configuring the appliance to be a DHCP
server.

Note - The sysconfig menu is only available after running

the First Time Configuration Wizard in the WebUI

Command line access can be obtained by console connection or

through SSH.

Chapter 2 Installation and Configuration 39

Chapter 3
UTM-1 Hardware
This chapter contains information relating to the UTM-1
appliance LEDs, ports and LCD panel.

In This Chapter

UTM-1 130 Ports page 40

LEDs on the UTM-1 130 page 41
LEDs on all other UTM-1 Models page 42
Managing UTM-1 Using the LCD Panel page 43

39
UTM-1 130 Ports

UTM-1 130 Ports

At the front of the appliance, UTM-1 130 has the following
ports:
INT SYNC/LAN1 LAN2 DMZ EXT CONSOLE

1 2 3 4 5

1Gbit
100Mbit 100Mbit Console Port
10Mbit 10Mbit
• 1 Gigabit Ethernet ports
The INT, SYNC/LAN1,LAN2 and DMZ ports support:
• 1Gbit, 100Mbit and 10Mbit speeds.
• Auto MDI-X, to automatically detect the required
cable connection type (straight-through or crossover)
and configure the connection appropriately.
• 100 Megabit Ethernet port
• The EXT port supports 100Mbit and 10Mbit speed,
but does not support the Auto MDI-X standard.
• When connecting this port, use the appropriate cable
type: straight-through or crossover.
• Console port – for managing the appliance using RS-232
serial communication. Use the supplied serial cable.
The UTM-1 appliance has a single power port at the rear:

Power Port

Connect the power supply unit to this port.

40
 LEDs on the UTM-1 130

LEDs on the UTM-1

130
The front of the UTM-1 130 appliance has multiple LEDs, as
shown in Figure 3-2.
Figure 3-1 LED Indicators on the UTM-1 Appliance
HDD Operation
Indicator
INT SYNC/LAN1 LAN2 DMZ EXT CONSOLE

1 2 3 4 5

Power On/Off
Indicator

Activity Speed
Indicator Indicator

Port
Indicators
The purpose and meaning of the various LEDs are as follows:
• Power On/Off Indicator: This green light is lit when the
machine is ON. When the machine is OFF, the light is off.
• HDD Operation Indicator: An amber light that blinks when
the hard drive is accessed.
• Port Indicators: There are two lights at the bottom of each
LAN port. When the port is inactive, both are off.
• Activity Indicator: This light is solid green when
connected, and blinking green when encountering
traffic.
• Speed Indicator: When this light is yellow or orange,
the port speed is 1000 Mbps. When it is green, the
port speed is 100 Mbps.

Chapter 3 UTM-1 Hardware 41

LEDs on all other UTM-1 Models

LEDs on all other UTM-1 Models

Note - This section does not apply to UTM-1 130

The front of the UTM-1 appliance has multiple LEDs, as shown

in Figure 3-2.
Figure 3-2 LEDs on the UTM-1 Appliance

CONSOLE INT EX T DMZ LAN4 LAN5 LAN6

SYNC/LA N1 LAN2 LAN3
LAN7

RESE T

1 2 3 4 5 6 7 8 9 10

LAN3

Power On/Off
Indicator RESET
Activity Speed
Indicator 6 Indicator
HDD Operation
Indicator Reset Port
Function (hole) Indicators

The purpose and meaning of the various LEDs are as follows:

• Power On/Off Indicator: This green light is lit when the
machine is ON. When the machine is OFF, the light is off.
• HDD Operation Indicator: When this green light is steady,
the machine is ON and ready for login. When it is blinking,
the machine is booting and it is not possible to login.
• Reset Function: This button forcibly reboots the appliance.
The button is recessed into the appliance chassis to
prevent accidental reboot. This button does not light up.
• Port Indicators: There are two lights at the bottom of each
LAN port. When the port is inactive, both are off.
• Activity Indicator: This light is solid green when
connected, and blinking green when encountering
traffic.

42
 Managing UTM-1 Using the LCD Panel

• Speed Indicator: When this light is yellow or orange,

the port speed is 1000 Mbps. When it is green, the
port speed is 100 Mbps.

Managing UTM-1 Using the LCD

Panel
Note - This section does not apply to UTM-1 130 , which
does not have an LCD panel

Check Point appliances have an LCD panel that can be

used to perform basic management operations. The
management IP address, netmask, and default gateway
of the appliance can be configured. The appliance can
also be rebooted.

Menu options

Menu Sub-menu Purpose

Network
DHCP Enable or disable IP address allocation
using DHCP
Set Internal IP Set the management interface IP address
or (cannot be edited when DHCP is enabled)
Set Mgmt IP
Set Netmask Set the management interface network
mask
(cannot be edited when DHCP is enabled)

Chapter 3 UTM-1 Hardware 43

Managing UTM-1 Using the LCD Panel

Menu Sub-menu Purpose

Set Default GW Set the management interface default
gateway
(cannot be edited when DHCP is enabled)
System
Reboot Reboot the appliance

LCD Panel Keys

To Press
Enter the main menu

Navigate the menu or

Select a menu option

Go back to previous menu

When Entering an IP Address

To Press
Move to the next digit

Move back to
the previous digit

44
 Managing UTM-1 Using the LCD Panel

To Press
Approve the change when cursor is located on
the last digit
Cancel the IP change when cursor is located on
the first digit
Change current digit or

Chapter 3 UTM-1 Hardware 45

Managing UTM-1 Using the LCD Panel

46
Chapter 4
Registration and Support
In This Chapter

Registration page 47
Support page 47
Where To From Here? page 48

Registration
UTM-1 requires a specific license to operate. Obtain a license
and register at:
https://usercenter.checkpoint.com/usercenter/reg/utm
The serial number required to obtain a license is found on the
Information > Appliance Status page of the WebUI.

Support
For additional technical information about Check Point
products, consult the Check Point Support Center at:
http://support.checkpoint.com

47
Where To From Here?

Where To From Here?

You have now learned the basics that you need to get started. The
next step is to obtain more advanced knowledge of your Check Point
software.
See the Check Point UTM-1 R70 Administration Guide on the CD, or
at
http://supportcontent.checkpoint.com/documentation_download?ID=8952
Check Point documentation elaborates on this information and
is available in PDF format on the Check Point CD as well as on
the Technical Support download site at:
http://support.checkpoint.com
Be sure to also use the F1 Help when you are working with the Check
Point SmartConsole clients.

48