Tài liệu Endpoint Security doc
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (876.4 KB, 71 trang )
Endpoint Security
January 16, 2008
Installation Guide
Version NGX 7.0 GA
© 2008 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their
use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by
any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book,
Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change
without notice.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check
Point Endpoint Security, Check Point Express, Check Point Express CI, the Check Point logo, ClusterXL, Confidence Indexing,
ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoreXL, CoSa,
DefenseNet, Dynamic Shielding Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX,
FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity
Clientless Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security Extension, OPSEC,
OSFirewall, Pointsec, Pointsec Mobile, Pointsec PC, Pointsec Protector, Policy Lifecycle Management, Provider-1, PureAdvantage,
PURE Security, the puresecurity logo, Safe@Home, Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge,
SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard, Security
Management Portal, Sentivist, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, SmartCenter
UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advisor, Smarter Security, SmartLSM, SmartMap, SmartPortal,
SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SMP, SMP On-Demand,
SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM, UserAuthority, User-to-Address Mapping, UTM-1,
UTM-1 Edge, UTM-1 Edge Industrial, UTM-1 Total Security, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1
Express CI, VPN-1 Power, VPN-1 Power Multi-core, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1
SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX, Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm
Antivirus, ZoneAlarm ForceField, ZoneAlarm Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs,
and the Zone Labs logo are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. ZoneAlarm
is a Check Point Software Technologies, Inc. Company. All other product names mentioned herein are trademarks or registered
trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668,
5,835,726, 5,987,611, 6,496,935, 6,873,988, 6,850,943, and 7,165,076 and may be protected by other U.S. Patents, foreign
patents, or pending applications.
Endpoint Security Installation Guide 4
Contents
Preface
About this Guide ...................................................................... 7
Available Formats ........................................................................7
Obtaining the Correct Version .......................................................7
Obtaining New Issues of this Guide ...............................................7
About the Endpoint Security Documentation Set ......................... 8
Documentation for Administrators .................................................8
Documentation for Endpoint Users ................................................8
Feedback ............................................................................... 10
Chapter 1 Endpoint Security Overview
Endpoint Security System Components ..................................... 12
System Requirements ................................................................12
Architecture ..............................................................................12
Endpoint Security Communications .......................................... 14
The Endpoint Security Sync ........................................................14
Other Endpoint Security Communications ....................................14
Endpoint Security Services .........................................................15
Chapter 2 Installation Overview
Master Installer ...................................................................... 18
Supported Installations ........................................................... 18
Upgrading and Migration ......................................................... 19
Gateway Integration ................................................................ 20
Chapter 3 Upgrading and Migration
Introduction to Upgrading ....................................................... 21
Supported Upgrades ..................................................................21
Migration ..................................................................................22
Upgrade Workflow .................................................................. 22
Backing Up Data .................................................................... 23
SPLAT Upgrade Instructions .................................................... 23
Clustered Upgrade Instructions ................................................ 24
Chapter 4 Installing on a Dedicated Host
Windows ................................................................................ 26
Linux .................................................................................... 27
Check Point SecurePlatform (Command Line Version) ................ 28
Check Point SecurePlatform (GUI Version) ................................ 30
Chapter 5 Installing with SmartCenter on the Same Host
Windows ................................................................................ 33
Linux .................................................................................... 35
Check Point SecurePlatform (Command line Version) ................. 36
Check Point SecurePlatform (GUI Version) ................................ 38
Installing Endpoint Security with an Existing SmartCenter .......... 40
Connecting Endpoint Security and SmartCenter ............................40
Chapter 6 Installing with SmartCenter on Separate Hosts
Workflow ............................................................................... 43
Installing SmartCenter in a Distributed Installation .................... 44
Windows ...................................................................................44
Linux .......................................................................................45
Check Point SecurePlatform (Command Line Version) ...................46
Check Point SecurePlatform (GUI Version) ...................................47
Connecting Endpoint Security and SmartCenter ......................... 49
Chapter 7 Installing Endpoint Security and Provider-1
Provider-1 Overview ................................................................ 51
Workflow ............................................................................... 52
Installing Endpoint Security on the Same Host as Provider-1 ...... 53
Connecting Endpoint Security and Provider-1 ............................ 54
Chapter 8 Endpoint Security Installation Wizard Reference
Completing the Endpoint Security Installation Wizard ................ 56
Completing the Installation ..................................................... 57
Chapter 9 Check Point Configuration Tool
Starting the Configuration Tool ................................................ 59
Configuration Tool Options ...................................................... 60
Chapter 10 Remote Logging
Connecting the Log Server and SmartCenter .............................. 63
Connecting the Log Server and Endpoint Security ...................... 64
Chapter 11 High Availability
Overview of High Availability .................................................... 65
Architecture ........................................................................... 66
Configuring High Availability ................................................... 67
Forcing Replication ................................................................. 68
Changing an Active Server to a Standby Server .......................... 69
Changing a Standby Server to an Active Server .......................... 69
Endpoint Security Installation Guide 6
Preface
In This Preface
About this Guide page 7
About the Endpoint Security Documentation Set page 8
Feedback page 10
Endpoint Security Installation Guide 7
About this Guide
The Endpoint Security Installation Guide provides detailed instructions for installing,
configuring, and maintaining Endpoint Security. This document is intended for global
administrators. Please make sure you have the most up-to-date version available for
the version of Endpoint Security that you are using.
Before using this document to install Endpoint Security, you should read and
understand the information in the Endpoint Security Implementation Guide in order to
familiarize yourself with the basic features and principles.
Available Formats
This guide is available as a PDF. This document is available from the Check Point CD.
Updated editions of the document may be available on the Check Point Website after
the release of Endpoint Security. The version of this document on the Check Point
Website may be more up-to-date than the version on the CD.
Obtaining the Correct Version
Make sure that this document has the Version Number that corresponds to the version
of your Endpoint Security. The Version Number is printed on the cover page of this
document.
Obtaining New Issues of this Guide
New issues of this guide are occasionally available in PDF format from the Check Point
Website. When using the PDF version of this document, make sure you have the most
up-to-date issue available. The issue date is on the cover page of this document.
When obtaining updated PDF editions from the Check Point Website, make sure
they are for the same server version as your Endpoint Security. Do not attempt to
administer Endpoint Security using documentation that is for another version.
When obtaining the most up-to-date issue of the documentation, make sure that you
are obtaining the issue that is for the appropriate server.
Endpoint Security Installation Guide 8
About the Endpoint Security Documentation Set
A comprehensive set of documentation is available for Endpoint Security, including the
documentation for the Endpoint Security clients. This includes:
“Documentation for Administrators,” on page 8
“Documentation for Endpoint Users,” on page 8
Documentation for Administrators
The following documentation is intended for use by Endpoint Security administrators.
Documentation for Endpoint Users
Although this documentation is written for endpoint users, Administrators should be
familiar with it to help them to understand the Endpoint Security clients and how the
policies they create impact the user experience.
Table 1-1: Server Documentation for Administrators
Title Description
Endpoint Security Installation
Guide
Contains detailed instructions for installing,
configuring, and maintaining Endpoint
Security. This document is intended for global
administrators.
Endpoint Security Administrator
Guide
Provides background and task-oriented
information about using Endpoint Security. It is
available in both a Multi and Single Domain
version.
Endpoint Security Administrator
Online Help
Contains descriptions of user interface
elements for each Endpoint Security
Administrator Console page, with cross-
references to the associated tasks in the
Endpoint Security Administrator Guide.
Endpoint Security System
Requirements
Contains information on client and server
requirements and supported third party devices
and applications.
Endpoint Security Gateway
Integration Guide
Contains information on integrating your
gateway device with Endpoint Security.
Endpoint Security Client
Management Guide
Contains detailed information on the use of
third party distribution methods and command
line parameters.
Endpoint Security Agent for Linux
Installation and Configuration
Guide
Contains information on how to install and
configure Endpoint Security Agent for Linux.
Endpoint Security Installation Guide 9
Table 1-2: Client documentation for endpoint users
Title Description
User Guide for Endpoint Security
Client Software
Provides task-oriented information about the
Endpoint Security clients (Agent and Flex) as
well as information about the user interface.
Introduction to Endpoint Security
Flex
Provides basic information to familiarize new
users with Flex. This document is intended to
be customized by an Administrator before
distribution. See the Endpoint Security
Implementation Guide for more information.
Introduction to Endpoint Security
Agent
Provides basic information to familiarize new
users with Endpoint Security Agent. This
document is intended to be customized by an
Administrator before distribution. See the
Endpoint Security Implementation Guide for
more information.
Endpoint Security Installation Guide 10
Feedback
Check Point is engaged in a continuous effort to improve its documentation. Please
help us by sending your comments to:
Chapter
Endpoint Security Installation Guide 11
1
Endpoint Security Overview
In This Chapter
Endpoint Security System Components page 12
Endpoint Security Communications page 14
Endpoint Security Installation Guide Integrity Advanced Server Installation Guide 12
Endpoint Security System Components
This section provides an overview of the Endpoint Security system components.
System Requirements
For information about Endpoint Security system requirements, see the Endpoint
Security System Requirements Document on the Check Point Web site.
Architecture
Figure 1-1 shows a typical installation. In this illustration, the Endpoint Security
system components are installed on a single host. There are several other
configurations options available, some involving distributing one or more components
across multiple servers. Figure 1-1 illustrates the relationships and communications
between the components, which is the same for all installations.
Figure 1-1: Typical Endpoint Security Configuration
A typical Endpoint Security configuration includes the following components:
Endpoint Security Server-Allows you to centrally configure your Endpoint Security
enterprise policies.
Endpoint Security Installation Guide Integrity Advanced Server Installation Guide 13
Endpoint Security Clients-Monitor your endpoints and enforce your security
policies. These clients are installed on your endpoint computers. There are two
types of Endpoint Security clients that work with Endpoint Security server:
Flex-has a full user interface that allows the user to control security settings
under some conditions.
Agent-Has a limited interface and does not allow the user to control his or her
security settings.
Apache HTTP Server-Provides secure HTTPS communication between the
Endpoint Security server and Endpoint Security clients. It also provides secure
communication with the Endpoint Security server for Administrators logging onto
the Endpoint Security Administrator Console. The Apache HTTP server also
improves performance by serving your security data to Endpoint Security clients
using a high speed cache.
Administrator Workstation-Administrators can use a workstation to access Endpoint
Security through the Endpoint Security Administrator Console, a Web-based
Graphical User Interface that allows Administrators to create security policies, view
reports, and perform other administrative tasks.
Other Check Point Components-When you install the Endpoint Security server, you
are also automatically installing some Check Point SmartCenter components to
create an integrated security solution. These components are installed in the
background even if you choose an ‘Endpoint Security only’ installation. Integration
points include:
Smart Portal
SmartCenter Server
SmartView Tracker
Eventia Reporter
SmartDashboard
SmartView Monitor
Logging
For more information about these integration points, see “Integrations With Other
Check Point Products,” on page 12.
Endpoint Security also integrates with a variety of gateways, such as VPN or wireless
devices, to provide client enforcement capabilities at the gateway level. for more
information about these sorts of configurations, see the Endpoint Security
Administrator Guide and the chapter of the Endpoint Security Gateway Integration
Guide appropriate to your gateway device. The Endpoint Security System
Requirements document lists all supported gateways. These documents are
available on the Check Point Web site.
Endpoint Security Installation Guide Integrity Advanced Server Installation Guide 14
Endpoint Security Communications
This section explains the internal and external communication protocols and ports
used by the Endpoint Security system.
When an Endpoint Security client is initialized it performs a sync with the Endpoint
Security. This allows the Endpoint Security client to get the security policy that is
assigned to it. Other communications take place either by the request of administrators
or as determined by your security policies.
The Endpoint Security Sync
1. The Endpoint Security client requests the policy location from the Endpoint
Security server.
2. The server returns a sync response to the Endpoint Security client with the location
of the policy.
3. The client then downloads the policy assigned to it. This is done over HTTP on port
80. The policy is encrypted before it is sent. The Web server transmits the request
to the Endpoint Security server over an internal channel of communication, using
AJP13 on ports 8009 and 8010. The policy contains both your security policy
information as well as the location of the remediation sandbox and log upload
server.
Once the Endpoint Security client receives the policy, it immediately enforces it.
Other Endpoint Security Communications
Once the sync has been established between the Endpoint Security server and the
Endpoint Security client, the following types of communication may occur, depending
on circumstances and the security policy you configure.
Heartbeats-Once the sync request has completed successfully, a heartbeat
regularly occurs according to the interval specified by the Administrator.
Heartbeats occur over UDP on port 6054. Heartbeats contain various pieces of
information concerning the status and compliance state of the endpoint computer.
This information is stored in the Endpoint Security datastore and is used for the
Endpoint Monitor report.
Remediation Requests-The Endpoint Security client may request remediation
resources from the Endpoint Security sandbox.
For example, if the client is out of compliance with the policy’s enforcement rules,
the policy might specify that the client should restrict the endpoint computer’s
access to your network and attempt to download a remediation file from the
sandbox remediation area. The initial Endpoint Security client connection to the
sandbox is done over HTTPS on port 2100, while the download is done on port 80
because the Endpoint Security client verifies the sandbox files after download by
checking the MD5 hash.
Endpoint Security Installation Guide Integrity Advanced Server Installation Guide 15
Program Permission Requests-Depending on your policy settings, as programs are
run on the endpoint computer, Endpoint Security clients may request program
permission information from the Endpoint Security server. These real-time,
encrypted requests are performed over HTTP on port 80.
Log Upload-Periodically, the Endpoint Security client uploads logs to the Endpoint
Security server. These logs are stored in SmartCenter’s log data files using the ELA
API. You can configure the frequency of the log upload using the Endpoint Security
Administrator console.
Administrator Workstation Access-Administrators can use a workstation to access
the Endpoint Security Administrator console to make changes to configure security
policies, view reports and perform other administration tasks. The administrator
workstation contacts the Endpoint Security via HTTPS on port 443. Some reports
are viewed on SmartPortal via HTTPS on port 4433 by drilling down in the
Endpoint Security Administrator console.
Endpoint Security Services
Endpoint Security operations are implemented by separate Endpoint Security services.
The services are divided into two types:
Client services allow an Endpoint Security client to get policies and configuration
information, and to communicate session state information.
Administration services allow administrators to create groups and users; manage
policies; manage system configuration; and perform other administrative tasks.
Ports and Protocols
The Endpoint Security server uses the ports and protocols listed below to communicate
with Endpoint Security clients. Make sure all these ports and protocols are available on
the Endpoint Security server:
80 HTTP
443 HTTPS
6054 UDP
8009 AJP13 (Internal)
8010 AJP13 (Internal)
“Endpoint Security services and ports,” on page 16 represents the services that make
up Endpoint Security and shows which ports the services use.
Endpoint Security Installation Guide Integrity Advanced Server Installation Guide 16
Service Details
The table below lists the individual services that make up Endpoint Security. The
configuration name is the parameter name of the service in the Endpoint Security
server and Apache HTTPS server configuration files. The URL is the service location
information embedded in the request from the Endpoint Security client that allows the
Apache HTTPS server to proxy requests.
Figure 1-2: Endpoint Security services and ports
Endpoint Security Installation Guide Integrity Advanced Server Installation Guide 17
Table 1-1: Description of Endpoint Security Services
Service name Configuration Name URL Description
Connection
Manager
service.enable.con
nectionManager
/cm/* Sychronizes with the server.
The Connection Manager service allows the
endpoint to establish a session, verify endpoint
state information, and get information needed
to download the current policy and
configuration. It can also end a previously
synchronized session with the endpoint. this
service also sends heartbeats to communicate
policy or state changes
Policy
download
service.enable.poli
cy
/policy/* Policy download service.
Log upload service.enable.logU
pload
/logupload/* Provides the mechanism endpoint computers
use to upload client log files.
Program
permission
service.enable.logU
pload
/ask/* Provides the mechanism endpoint computers
use to upload client log files.
Sandbox server service.enable.sand
Box
/sandbox/* Serves remediation Web pages to non-
compliant, authenticated endpoint users.
Package
Manager
service.enable.pack
age
/package/* Serves the client installer packages that install
an Endpoint Security client on an endpoint
computer.
Administrator
Console
service.enable.adm
inConsole
/ Serves the user interface that allows
administrators to manage the Endpoint
Security.
Chapter
Endpoint Security Installation Guide 18
2
Installation Overview
In This Chapter
You can install the Endpoint Security server as a standalone product or with other Check
Point products, such as SmartCenter or VPN-1. Use this guide to perform these installations.
This guide provides the workflows you need to perform installations with other Check Point
products and the details of the Endpoint Security server installation steps. For details of
general installation steps for other Check Point products, see the appropriate Check Point
documentation.
Master Installer
For all installation options, you use a master installer that lets you select which products to
install. Note that all Endpoint Security installations (standalone or integrated) include Check
Point SmartPortal, which provides some of Endpoint Security’s reporting functionality. If you
choose standalone mode, the installer also silently installs some necessary components of
Check Point SmartCenter, which remain invisible.
Supported Installations
This guide explains how to install Endpoint Security in the following supported
configurations:
Master Installer page 18
Supported Installations page 18
Upgrading and Migration page 19
Gateway Integration page 20
NT Domain catalogs are not available in SPLAT installations. If you plan on using NT
Domain catalogs, you must install on Windows or Linux.
Endpoint Security Installation Guide 19
Endpoint Security alone
You can install just Endpoint Security and the necessary supporting components.
(Endpoint Security installations always include Check Point SmartPortal and some
Check Point SmartCenter components.)
To install Endpoint Security alone, follow the instructions for installing Endpoint
Security on its own host. See
“Installing on a Dedicated Host,” on page 25.
Endpoint Security with other Check Point products
You can install Endpoint Security with the following Check Point products:
SmartCenter
The SmartCenter components that come with Endpoint Security are invisible.
If you want to have the full range of SmartCenter functionality, you can choose
to install SmartCenter in one of the following configurations:
Same Host
You can install Endpoint Security on the same host as SmartCenter. You
can install Endpoint Security either at the same time as you install
SmartCenter, or you can install it on a server with an existing SmartCenter
installation. See “Installing with SmartCenter on the Same Host,” on page
32.
Distributed
You can install Endpoint Security and SmartCenter on different servers and
then configure them to communicate. See“Installing with SmartCenter on
Separate Hosts,” on page 42.
Provider-1
You can install Endpoint Security with Provider-1 in the following
configurations:
Same Host
You can install Endpoint Security with Provider-1 on the same server. See
“Installing Endpoint Security and Provider-1,” on page 50.
Distributed
You can install Endpoint Security and Provider-1 on different servers and
then configure them to connect. See “Installing Endpoint Security and
Provider-1,” on page 50.
Upgrading and Migration
For information about changing from an earlier version of Endpoint Security to this
one, see “Upgrading and Migration,” on page 21.
Endpoint Security Installation Guide 20
Gateway Integration
This guide does not include information about configuring Endpoint Security to work
with gateways, including Check Point gateways. Gateway integration and Cooperative
Enforcement is achieved through post-installation steps described in the Endpoint
Security Administrator Guide and the Endpoint Security Gateway Integration Guide.
Chapter
Endpoint Security Installation Guide 21
3
Upgrading and Migration
In This Chapter
Use the information in this chapter to upgrade your Endpoint Security server from a previous
version.
Introduction to Upgrading
Use the information in this section to plan your upgrade.
Supported Upgrades
Endpoint Security supports upgrading from previous installations which:
Are version 6.5 or higher.
For versions prior to 6.0, see “Migration,” on page 22.
Use only the embedded database.
You cannot upgrade if you are using a third-party database.
Use Windows, Linux or the SPLAT command line interface.
Upgrading using the SPLAT GUI is not supported.
Introduction to Upgrading page 21
Upgrade Workflow page 22
Backing Up Data page 23
SPLAT Upgrade Instructions page 23
Clustered Upgrade Instructions page 24
Endpoint Security Installation Guide 22
Migration
If you are using a version of Endpoint Security prior to 6.0 you cannot upgrade directly
to this version.
To Migrate data from a pre-6.0 version:
1 Back up your data.
See “Backing Up Data,” on page 23.
2 Migrate your data to the 6.5 version of Endpoint Security.
For instructions, see the 6.5 version of the Endpoint Security Installation Guide.
3 Upgrade from version 6.5 to this version.
See “Upgrade Workflow,” on page 22.
Upgrade Workflow
Use the following instructions to upgrade from a 6.x version of Endpoint Security to
this one.
To upgrade:
1 Back up your data.
It is highly recommended that you back up your information before upgrading. See
“Backing Up Data,” on page 23.
2 Perform your installation.
Perform your installation according to the instructions for your installation option.
See “Installation Overview,” on page 18. When the Endpoint Security Installation
Wizard runs it will detect the previous version. Choose the Upgrade option.
If you are upgrading a SPLAT installation, incorporate the steps in the “SPLAT
Upgrade Instructions,” on page 23.
This version of Endpoint Security does not support client packages from previous
installations. All the client packages from your previous installation will be deleted.
You will need to create new client packages in your new installation.
When you choose the upgrade option in the Endpoint Security Installation Wizard,
the Wizard will skip many of the other installation screens. This is because it will
install the Endpoint Security using the same location, domain option, host
information, and password, as the previous version.
Endpoint Security Installation Guide 23
If you are upgrading from a clustered environment, incorporate the steps in
“Clustered Upgrade Instructions,” on page 24.
3 Complete your installation.
Complete your installation by logging in and setting your password. See “Completing
the Installation,” on page 57.
4 Redeploy client packages
Since upgrading deletes all your previous installation’s client packages, you will
need to recreate these. Redeploy your clients to update your endpoint computers to
the new version. You may want to use a client enforcement rule with automatic
remediation to more easily upgrade your endpoint computers. For more information
about client enforcement rules, see the Administrator guide.
Backing Up Data
Before you upgrade or migrate, it is recommended that you back up your data. These
are the instructions for backing up data for previous versions of Endpoint Security. For
information about backing up data for this version of Endpoint Security, see the
Endpoint Security Administrator Guide.
To back up data from a previous installation
1. Make a copy of the entire home directory and save it to a safe location.
The default locations are:
C:\Program Files\Zone Labs\Integrity for migrating from 5.x versions
C:\Program Files\CheckPoint\Integrity for upgrading from 6.x and later versions
C:\Program Files\CheckPoint\EndpointSecurityServer for upgrading from 7.0 and
later installations
SPLAT Upgrade Instructions
Use these instructions if you are upgrading your Endpoint Security server on SPLAT.
You can only upgrade using the command line interface.
For best results, use the version of the client included with your server, unless
otherwise instructed by your Check Point representative. This will ensure that the
server settings are supported by the client.
5.x clients are not supported.
Using newer clients with older servers is not supported.
Endpoint Security Installation Guide 24
To upgrade on SPLAT:
1. Log into the SPLAT command line interface.
2. Log in with expert privilege using the “expert” command and appropriate
password.
3. Place the upgrade files on the SPLAT server.
Depending on your situation, you can do this by inserting the CD, by loading the
.iso image, or by copying the .bin file.
4. Copy the upgrade file,
<filename.bin>
, to a local directory on the SPLAT server.
5. Navigate to the local directory used in the previous step and ensure the file
permissions on the upgrade file allow execution.
6. Being the installation process by executing the
./<filename.bin>
command.
7. Follow the prompts throughout the upgrade to agree to licensing and upgrade your
Endpoint Security server.
Clustered Upgrade Instructions
Use these instructions if you are upgrading from a clustered environment.
To upgrade a clustered environment:
1. Take on of your clustered Endpoint Security servers offline.
Be sure that the remaining are able to handle the client load without this server. If
they cannot, you may need to temporarily add another server to the cluster before
taking this one offline.
2. Install the new Endpoint Security server on the offline server.
When installing, choose the Upgrade option from the installation wizard.
3. Start and configure your new Endpoint Security server.
4. Redeploy your client packages.
5. Shut down the remaining clustered Endpoint Security servers.
Once you are sure that all your endpoint computers are using the new server, you
may shut down the remaining clustered Endpoint Security servers.
If you want to mirror the Endpoint Security server to provide High Availability, you
can install one or more Standby Servers on those servers. See the High Availability
White Paper for more information.
Chapter
Endpoint Security Installation Guide 25
4
Installing on a Dedicated Host
In This Chapter
This chapter explains how to install Endpoint Security on a dedicated server. These
instructions apply to Endpoint Security standalone installations as well as to the Endpoint
Security portion of distributed installations (in which Endpoint Security and either
SmartCenter or Provider-1 are installed on separate hosts). Follow the instructions
appropriate for your operating system. Where necessary, the instructions refer you to more
detailed explanations in subsequent sections.
The Endpoint Security installer is contained in a master installer that includes options for
installing other Check Point products with which you can integrate Endpoint Security. When
installing Endpoint Security without any other Check Point products, ignore the options for
installing other products. Note, however, that Endpoint Security installations always include
Check Point SmartPortal, which provides some of Endpoint Security’s reporting functionality.
The installer also silently installs some necessary Check Point SmartCenter components.
If you are installing Endpoint Security in standalone mode, the log server is installed on the
same host as the Endpoint Security server. If you prefer to install the log server on a remote
host, see “Remote Logging,” on page 62.
Windows page 26
Linux page 27
Check Point SecurePlatform (Command Line Version) page 28
Check Point SecurePlatform (GUI Version) page 30
