Zero Touch Deployment

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
45 minutes
Difficulty
Beginner
CEU/CPE
3
Video Transcription
00:04
>> Welcome to this lesson on the
00:04
>> Zero Touch Deployment Tool.
00:04
>> By the end of this lesson,
00:04
you will be able to describe
00:04
when should Zero Touch be used,
00:04
describe the process of deploying with Zero Touch
00:04
and use Zero Touch to
00:04
perform a common use case deployment.
00:04
The Zero Touch web portal allows administrators
00:04
to manage the initial configurations of hundreds,
00:04
even thousands of small office and Gaia
00:04
Gateways with settings from
00:04
>> the Zero Touch Cloud service.
00:04
>> These gateway settings include: time zones,
00:04
administrator passwords, network information,
00:04
changing OS version, and SIC configuration.
00:04
To retrieve inventory information about
00:04
the user's account IDs in their purchased gateways,
00:04
Zero Touch connects to the checkpoint user center.
00:04
Ultimately, Zero Touch enables rapid and
00:04
>> mass deployment of settings to remote gateways,
00:04
>> saving administrators valuable time.
00:04
In general terms, deploying with
00:04
Zero Touch involves the following key steps
00:04
from the perspective of
00:04
the Zero Touch administrator.
00:04
Preparing the configuration,
00:04
claiming the gateways to be deployed,
00:04
and finally, monitoring the deployment progress.
00:04
Let's look at the following scenario and
00:04
see how its requirements can be accommodated.
00:04
Jimmy, a network security
00:04
administrator would like to deploy 500 new
00:04
>> Check Point appliances at his company's offices,
00:04
>> which are spread out globally.
00:04
While the new appliances come installed
00:04
with R80.30 out of the box,
00:04
Jimmy would like to upgrade them to
00:04
R80.40 and update them to the latest Jumbo hotfix.
00:04
He would also like to define
00:04
a DNS address for the new gateways,
00:04
as well as set up a mail server
00:04
and a few other minor settings.
00:04
To begin, Jimmy logs onto the Zero Touch
00:04
>> portal using his user centers credentials.
00:04
>> Next, he chooses on which of
00:04
his user centers accounts he wishes to work on.
00:04
Jimmy chooses to create
00:04
a new Gaia gateway template
00:04
and he proceeds to set it up as needed.
00:04
Naming it, defining it as under
00:04
construction so that if
00:04
an appliance connects to the account,
00:04
it won't accidentally download
00:04
the template before he's done configuring everything.
00:04
Since the gateways are not part of a cluster,
00:04
he leaves this checkbox unchecked.
00:04
Now, he goes ahead and
00:04
chooses the product version to be deployed.
00:04
In this case, R80.40 with the latest Jumbo hotfix.
00:04
To achieve enhanced security against spoofing,
00:04
the easiest option is to send
00:04
an activation link for each gateway to be deployed.
00:04
This way, the person on the gateways end can
00:04
ensure there is an alignment between
00:04
the Zero Touch Deployment and the gateway.
00:04
Note that while generating
00:04
an identification keys mandatory,
00:04
it will only be used as a security measure in
00:04
case the validation method via activation link fails.
00:04
Next, he defines the administrator credentials so that
00:04
the gateways can be connected to through SSH.
00:04
Finally, for this section,
00:04
he sets a SIC activation key for
00:04
the gateways to be able to
00:04
connect to the management server.
00:04
Now, he moves on to set up
00:04
network elements for the gateways.
00:04
He input the DNS address through which
00:04
the gateways will receive DNS translation.
00:04
Finally, he adds CLeSH scripts
00:04
to accommodate the mail server through which
00:04
the gateways will send mails and
00:04
an inactivity timeout of SSH connection to the gateway.
00:04
Once done, he applies the settings.
00:04
Now Jimmy goes to the inventory tab to
00:04
associate the irrelevant gateways
00:04
to the previously created template.
00:04
As we can see, the inventory consists of
00:04
all checkpoint appliances associated
00:04
with this specific account.
00:04
Appliances listed as not claimed,
00:04
do not have a template associated with them.
00:04
He chooses the relevant gateways and clicks "Claim".
00:04
This is where he associates the template.
00:04
Once done, he goes back to
00:04
the template and removes the under construction option.
00:04
After applying the changes,
00:04
the administrator on the gateway's end
00:04
receives the activation link.
00:04
Once the link is opened and deployment confirmed
00:04
and once the selected gateways
00:04
are connected to the Internet,
00:04
the template is fetched by the gateways
00:04
and the define deployment procedure takes effect.
00:04
To view the progress and status of deployment,
00:04
Jimmy switches to the claimed gateway stamp.
00:04
After the deployment process is complete,
00:04
Jimmy can connect the gateways to
00:04
the management server via SIC.
00:04
With that, our lesson comes to a close.
00:04
In this short lesson,
00:04
we discussed the essence of deploying with
00:04
Zero Touch and the process of
00:04
>> deploying with Zero Touch.
00:04
>> You should now be able to perform
00:04
a common deployment use case using Zero Touch.
00:04
For further reference, please refer to
00:04
the admin guide and to sk116375.
00:04
Thank you for taking this lesson,
00:04
and I will see you in the next one.
Up Next