Product Review: Corrent S3500 TurboCard
4. Installation:
I did a complete install from scratch.
Corrent packaged my TurboCard in an IBM 1U rack-mount server, with dual
Xeon 2.8 GHz processors, 1024 MB of RAM and a 36 GB hard drive. The card
itself sells as an individual unit; the server was sent along simply to provide
a test platform.
Step 1: Getting Ready: Acquiring A Bootable SecurePlatform CD-ROM
I acquired a fresh SecurePlatform ISO and burned it to a
bootable CD-ROM. Corrent includes one in the box, or you can get one
from your reseller or just call Check Point and ask for the URL and password
for their support FTP site.
Step 2: Getting Ready: Acquiring The Current Version Of The Corrent NIC
Driver On CD-ROM
The TurboCard requires a special NIC driver from Corrent. An early
version of the NIC driver is actually included in SecurePlatform and loads
automatically during install, but it's best
to get a fresh update from Corrent. I did and burned it to a CD-ROM.
Step 3: Getting Ready: Acquiring The Current Check Point Hot Fix
Accumulator On CD-ROM
At the time of this writing, the newest NG AI R55 Hot Fix
Accumulator is version 12. I downloaded the SecurePlatform version from
CheckPoint. It's a 38 MB
file named SHF_HFA_R55_12.linux.22.tgz.
I untarred it (using PKZIP on my Windows box) into a 38 MB file named
SHF_HFA_R55_12.linux.22.tar. I then
opened the tar file with PKZIP and extracted two scripts and three tgz files.
I burned these to a CD-ROM, preserving the directory structure.
With my three CD-ROM's, I was ready to start the SecurePlatform
installation.
Step 4: Installing SecurePlatform
I used my fresh SecurePlatform bootable CD-ROM and booted
and completed the initial installation process. Since the TurboCard runs
on SecurePlatform there are no worries about using a special version of Linux.
It was the usual SecurePlatform success story; it formats the drive and just a
few minutes later you're ready to go with a specially-hardened version of Red
Hat Linux.
Since the IBM server had two built-in NIC's, and the TurboCard
added three more, it was important to figure out which was which. The
TurboCard NIC's came after the motherboard NIC's in the sorted order presented
in the SecurePlatform installation.
Step 5: Updating The TurboCard NIC Driver
With the initial installation done, I wanted to get the current
NIC driver loaded before I proceeded to the sysconfig part of the install.
From the command line, I followed these steps (I'm providing detailed
Linux command line instructions here so non-Linux administrators can install this
themselves):
mount /mnt/cdrom
This mounted the CD-ROM so that Linux could see it.
ls /mnt/cdrom
This listed the contents of the CD-ROM. I wrote down
the long file name of the NIC driver package. In this case it was
s3500-R55-2.1.0-25.i386.rpm.
cp /mnt/cdrom/s3500-R55-2.1.0-25.i386.rpm
.
This copied the package from the CD-ROM to my current
working directory. Don't forget the "." at the end which specifies the
target directory. The "." is a shorthand for "my current
working directory", or "here".
umount /mnt/cdrom
Now that I've copied the package off the
CD-ROM, I can unmount it and remove the disk.
rpm -Uvh s3500-R55-2.1.0-25.i386.rpm
This loaded the package into the operating system.
reboot
When it was done, I needed to reboot for Linux to load the new driver.
When it came back up, I was ready to complete the SecurePlatform
configuration.
Step 6: Running SYSCONFIG
Now it was time to run the sysconfig
command and configure all the details about Firewall-1/VPN-1.
Since the Windows-based Management Clients don't run on Linux,
I needed to ensure I specified the IP address of the host from where I'd be
connecting using the clients.
This process was again the usual smooth SecurePlatform
installation. You don't need to specify any additional features to be
installed other than the enforcement module.
Step 7: Updating Firewall-1/VPN-1 With The Latest Hot Fix
Accumulator
I put the CD-ROM containing the latest HFA into the CD-ROM
drive.
mount /mnt/cdrom
This mounted the CD-ROM so that Linux could see it.
ls /mnt/cdrom
This listed the contents of the CD-ROM. I wrote down
the name of the HFA install script. For me it was
install_hfa.
cp -rv /mnt/cdrom/* .
This copied everything on the CD-ROM, including subdirectories
and their files, to my current working directory.
umount /mnt/cdrom
Now that I've copied the files off the
CD-ROM, I can unmount it and remove the disk.
./install_hfa
This executed the update script and I watched as the hotfixes
were applied.
reboot
When it was done, I needed to reboot to reload the updated
version of Firewall-1/VPN-1.
Step 8: Connecting With SmartDashboard:
After the SecurePlatform configuration was complete, I was done.
In fact, with the only exception being the need to load the special NIC driver,
installing the TurboCard is really nothing more than simply loading SecurePlatform in the
normal way. It's only tricky for Windows people who don't have experience
with Linux.
One thing that I stumbled on was that the accelerated NIC's are
Gigabit only, and don't autonegotiate down to 100 Mb/s. I've never needed
Gigabit Ethernet before and it stumped me for a few minutes why I couldn't get
a link light on those connections (tried straight-through, then crossover, then tried a
different cable, then tried one of the other NIC's; you know the drill). A quick trip to the store for a
Gigabit
Ethernet switch
solved the problem. In the field, if you need one of these cards,
you definitely aren't going to be connecting it to anything as slow as 100 Mb/s.
Since I had configured SecurePlatform to include both the Enforcement Module and the
SmartCenter Server, all I had to do was fire up SmartDashboard and connect to
the new SmartCenter Server and everything worked perfectly. I edited my
firewall object and configured the interfaces for anti-spoof checking, created a
simple Security Policy and I was
up and running.
<< 3. Licensing
5. Putting It To Work >> |