Check Point Firewall USB Installation Step by Step (R77.20 and R77.30) - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Monday, October 24, 2016

Check Point Firewall USB Installation Step by Step (R77.20 and R77.30)

Customer is asking a new fresh installation on their UTM 272 devices and apparently usb stick or usb cd-rom is best solution. Checkpoint sk65205 explains very detail for all steps. I did follow the Check Point instruction but still got a problem while using USB stick. Here are all my steps I worked on.

1. Preparing USB Stick

I am using a Kingston Traveller G3 8G USB stick which shows supported from Check Point sk92423 (Which USB flash keys work with ISOmorphic Tool).

2. Use ISOMorphic to make a R77.20 bootable USB Stick.



3. Start your Device with USB Stick Plugged in

Insert USB Stick into one of two Check Point Appliance UTM 272 USB ports. Powered on device:

4. BIOS Configuration

Press TAB or DEL to enter into BIOS setup the booking devices. USB-HDD and USB-CDROM has been picked for boot devices.

5. USB Stick Does Not Work

Unfortunately the system did not start with the USB device but still with internal hard disk drive. I did find following error messages from the booting screen:

usb 1-2: device not accepting address 2, error 071

 6. USB CDROM Worked

No Matter how I did the configurations on appliance, usb still did not work. I gave up and tried another UTM272, but same result. Finally I got a USB CD-ROM, burned same image into a DVD, it was able to get me into SYSLINUX page.

 7. With those options, the only works is Smart-1 option. 

 8. Installing

After you entered Smart-1 option, the installation is completely automatic.

9. Complete Installation

Wait probably 15-30 minutes, the whole installation will be done and your console window will show your appliance can be safely rebooted with new image. Also Appliance LCD Screen will show ***Installed*** R77.20 124. Powers Cycle your device, you will get your a new fresh installed R77.20. By the way, first time installation wizard will be used to configure your device with LAN port ip set to 192.168.1.1. User name is admin and password is admin.


Notes:

I tested the stick with my laptop, and it is able to booted from USB stick and I did get SYSLINUX prompt on my laptop. It bothered me a couple of day why it is not working on UTM 272s.

Since USB CD-ROM is working, I decided to wipe USB Stick out and tried ISOMorphic again on another laptop. This time, USB Stick works. I am guessing when ISOMorphic is making a bootable USB Stick, your computer is going to affect the final image on the stick.

More notes on Oct 2016;
Tried it again on Check Point 2012 4200 appliance to install R77.30. I were using same usb memory stick as my previous post. Added some more screenshots and words here:

once you plugged in your usb key, if it has been recognized, you will get a chance to run setup or boot it from network.
You may get a error message to say usb 3-1: device descriptor read/all, error -71

If all goes well, you should get SYSLINUX 4.06 booting screen and choose serial as output:

starting installation process


Reference:



No comments:

Post a Comment