3 Check Point VNF Applicance Service Chaining

Check Point Firewall can be deployed as a guest VM on the E100 appliance. This section covers how to install the VM, as well as configure it.

Check Point VNF Applicance Service Chaining

Before installing Check Point VNF, make sure you do the following:
  • Checkpoint VM should be installed on the WAN side for example port4 (wbp1).
  • The port used to bridge with Checkpoint should not be part of a bypass pair.
  • VLANs cannot be configured on the port connecting the Check Point VM.
  • You can find the XML file in this release's software zip file for the Oracle Talari E100 platform. Then, download the Check Point Cloudguard VNF qcow2 image file by going to the Check Point customer support center and searching for article "sk171497."
To install:
  1. Disable Service on SD-WAN Edge E100.
  2. Navigate to the Configure, Service Chaining page.
  3. Stop any running VMs, and then uninstall them.
  4. Click on the Restore Interfaces option.

    If the previous install failed due to unsupported installs, you may need to clean up using the factory default option.

  5. On the Service Chaining page, select Check Point.
  6. Select WAN.
  7. Select a port.
  8. Upload the checkpoint.xml file by doing the following:
    1. Select the checkpoint.xml file from the file browser
    2. Click on OK.
    3. Click on Upload.
  9. Upload the Check Point VNF image file in qcow2 format with a qcow2 file extension by doing the following:
    1. Select the file from the file browser.
    2. Click on OK.
    3. Click on Upload.


    Only use the most current checkpoint image from Oradocs.
  10. Click on Install.
The Check Point VM should be running.

Access Check Point VM

After installing, follow these steps to set up and configure the Check Point VM using vncviewer.

  1. Wait for the boot to complete.
  2. Log into the system using admin / admin as the username and password.
  3. Enter the following command to ensure you do not lose your configuration once you get to the Web interface:
    set property first-time-wizard off
  4. Use the following example to set the management interface:
    1. set admin-access interfaces any access allow
    2. set admin-access allowed-ipv4-addresses any
    3. set security-management mode locally-managed
    4. add internet-connection interface WAN type static ipv4-address subnet-mask default-gw conn-test-timeout 0 name Management
  5. Once the management interface is configured, the rest of the configuration can be performed through the web interface.