Scribd Logo
Upload

Welcome to Scribd!

  • 40 views

    Check Point Security Master: Lab Setup Procedures

    Uploaded by

    Rakesh Rakee
    This document provides instructions for configuring a virtual lab environment for a Check Point Security Master class. It includes details on configuring virtual machines for Alpha and Bravo sites, including Security Management Servers, Security Gateways, and GUI clients. It also lists required files and outlines the beginning lab topology diagram. Configuration steps are provided for each virtual machine as well as recommendations for security policy objects to configure.

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Check Point Security Master: Lab Setup Procedures

    Uploaded by

    Rakesh Rakee
    40 views20 pages
    This document provides instructions for configuring a virtual lab environment for a Check Point Security Master class. It includes details on configuring virtual machines for Alpha and Bravo sites, including Security Management Servers, Security Gateways, and GUI clients. It also lists required files and outlines the beginning lab topology diagram. Configuration steps are provided for each virtual machine as well as recommendations for security policy objects to configure.

    Original Description:

    Cp

    Original Title

    CCSM_LabSetupGuide

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for configuring a virtual lab environment for a Check Point Security Master class. It includes details on configuring virtual machines for Alpha and Bravo sites, including Security Management Servers, Security Gateways, and GUI clients. It also lists required files and outlines the beginning lab topology diagram. Configuration steps are provided for each virtual machine as well as recommendations for security policy objects to configure.

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as doc, pdf, or txt
    40 views20 pages

    Check Point Security Master: Lab Setup Procedures

    Uploaded by

    Rakesh Rakee
    This document provides instructions for configuring a virtual lab environment for a Check Point Security Master class. It includes details on configuring virtual machines for Alpha and Bravo sites, including Security Management Servers, Security Gateways, and GUI clients. It also lists required files and outlines the beginning lab topology diagram. Configuration steps are provided for each virtual machine as well as recommendations for security policy objects to configure.

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as doc, pdf, or txt
    of 20

    CHECK POINT SOFTWARE TECHNOLOGIES

    Education Services

    Check Point
    Security Master
    Lab Setup Procedures
    E D U C AT I O N S E RV I C E S

    Check Point Security Master


    Lab Setup Procedures

    ã Check Point Software Technologies


    www.CheckPoint.com
    courseware@checkpoint.com
    8333 Ridgepoint Dr., Suite 150, Irving, TX 75063
    C H E C K P O I N T S E C U R I T Y M A S T E R - L A B S E T U P P R O C E D U R E S

    Configuring the Lab Environment


    The Check Point Applied Technology class topology was designed as a “sandbox” environment. All
    virtual machines at the student sites have the same set of IP addresses. No connection to the Internet or
    classroom router is required.

    Follow the steps below to configure the virtual machines for each student site. This configuration was
    tested using VMware Workstation. Additional steps or a different configuration may be required when
    working with VMware ESX.

    Configuring Virtual Machine Settings


    All virtual machines should be configured with the following options:

     Snapshots – Just Power off


     VMware Tools – Installed
     Time Synchronization – Synchronization between Guest and Host should be active.

    Additional Files
    Alpha.zip – Import these objects and rules into A-SMS.
    Bravo.zip – Import these objects and rules into B-SMS
    Check_Point_R77.10_T157_Install_and_Install_and_Upgrade.Gaia.iso – Install on all Virtual
    Machines where a Check Point Security Management Server or Security Gateway system is required.
    DSL.zip – Use this Linux distribution as clients to demonstrate Route based VPNs.

    You will need to deploy an internal router for both the IPv6 and VPN Routing portions of this class. It is
    possible to use a Check Point SecurePlatform image in VMWare and configure it accordingly. If you
    want to use a more real world router, we recommend that you download and deploy a Vyatta router.
    http://www.vyatta.org/
    C H E C K P O I N T S E C U R I T Y M A S T E R - L A B S E T U P P R O C E D U R E S

    Beginning Lab Topology


    Configure each student machine with the following virtual environment:

    Once the setup is complete, you will need to have all of the machines in this diagram running and test the
    configuration by running traffic to and from the Alpha and Bravo sites.

    4
    C H E C K P O I N T S E C U R I T Y M A S T E R - L A B S E T U P P R O C E D U R E S

    Configuring the Virtual Machines


    Configure each of the virtual machines listed below on all student machines.

    Alpha GUI Client


    Use the information below to configure the GUI Client virtual machine:

    Name: A-GUI Check Point Modules Installed:


    OS: Windows 2008 Server R2
    Hard Drive: 40GB  SmartConsole
    RAM: 2GB

    Use the following information to configure the interface for the GUI Client virtual machine:

    IP Address: 10.1.1.201

    Subnet Mask: 255.255.255.0


    Default Gateway: 10.1.1.1
    Interface: eth0
    LAN: LAN 1

    Special instructions for the GUI Client virtual machine:

    1. Install WinSCP.

    2. Configure A-GUI as the DNS, NTP, FTP, and Web Server for the alpha.cp domain.
    C H E C K P O I N T S E C U R I T Y M A S T E R - L A B S E T U P P R O C E D U R E S

    Alpha Management Server


    Use the information below to configure the Alpha Management Server virtual machine:

    Name: A-SMS Check Point Modules Installed:


    OS: R77.10 Gaia
    Hard Drive: 20GB  Security Management Server
    RAM: 2GB

    Use the following information to configure the interface for the A-SMS virtual machine:

    IP Address: 10.1.1.101

    Subnet Mask: 255.255.255.0


    Default Gateway: 10.1.1.1
    Interface: eth0
    LAN: LAN 1

    Special instructions for the Alpha Management Server virtual machine:

    1. Configure the system administrator credentials to be as follows:

    Username: admin

    Password: vpn123

    6
    C H E C K P O I N T S E C U R I T Y M A S T E R - L A B S E T U P P R O C E D U R E S

    Alpha Security Gateway


    Use the information below to configure the Security Gateway virtual machine:

    Name: A-GW Check Point Products Installed:


    OS: Gaia R77.10  Security Gateway
    Hard Drive: 20GB
    RAM: 2GB

    Use the following information to configure the interfaces for the Security Gateway virtual machine:

    IP Address: 172.21.101.1 IP Address: 10.1.1.1


    Subnet Mask: 255.0.0.0 Subnet Mask: 255.255.255.0
    Default Gateway: 172.22.102.1 Interface: eth1
    Interface: eth0 LAN: LAN 1
    LAN: LAN 0

    Special instructions for the Security Gateway virtual machine:

    1. Install the Security Gateway in a distributed configuration.

    2. Confirm policy install and policy enforcement, including VPN.

    3. Configure the system administrator credentials to be as follows:

    Username: admin

    Password: vpn123

    Configure the Alpha Security Policy Objects


    The following objects should be configured prior to beginning the labs:

     A-GW (Check Point Security Gateway)

     A-GUI (Host Node)

     B-GW (Externally Managed VPN Gateway)

     net-alpha (Network)

     net-bravo (Network)

    7
    C H E C K P O I N T S E C U R I T Y M A S T E R - L A B S E T U P P R O C E D U R E S

    Bravo GUI Client


    Use the information below to configure the GUI Client virtual machine:

    Name: B-GUI Check Point Modules Installed:


    OS: Windows 7
    Hard Drive: 20GB  SmartConsole
    RAM: 2GB

    Use the following information to configure the interface for the GUI Client virtual machine:

    IP Address: 10.2.2.201

    Subnet Mask: 255.255.255.0


    Default Gateway: 10.2.2.1
    Interface: eth0
    LAN: LAN 3

    Special instructions for the GUI Client virtual machine:

    1. Install SmartConsole R77.10.

    2. Install and configure the FTP and NTP server for Bravo.

    3. Install WinSCP and Putty.

    8
    C H E C K P O I N T S E C U R I T Y M A S T E R - L A B S E T U P P R O C E D U R E S

    Bravo Management Server


    Use the information below to configure the Bravo Management Server virtual machine:

    Name: B-SMS Check Point Modules Installed:


    OS: R77.10 Gaia
    Hard Drive: 20GB  Security Management Server
    RAM: 2GB

    Use the following information to configure the interface for the B-SMS virtual machine:

    IP Address: 10.2.2.101

    Subnet Mask: 255.255.255.0


    Default Gateway: 10.2.2.1
    Interface: eth0
    LAN: LAN 3

    Special instructions for the Bravo Management Server virtual machine:

    1. Configure the system administrator credentials to be as follows:

    Username: admin

    Password: vpn123

    9
    C H E C K P O I N T S E C U R I T Y M A S T E R - L A B S E T U P P R O C E D U R E S

    First Bravo Security Gateway Cluster Member


    Use the information below to configure the Security Gateway virtual machine:

    Name: B-GW-01 Check Point Products Installed:


    OS: Gaia R77.10  Security Gateway
    Hard Drive: 20GB
    RAM: 2GB

    Use the following information to configure the interfaces for the Security Gateway virtual machine:

    IP Address: 172.22.102.2 IP Address: 10.2.2.2


    Subnet Mask: 255.0.0.0 Subnet Mask: 255.255.255.0
    Default Gateway: 172.21.101.1 Interface: eth1
    Interface: eth0 LAN: LAN 3
    LAN: LAN 0

    IP Address: 192.168.102.2
    Subnet Mask: 255.255.255.0
    Interface: eth2
    LAN: LAN2

    Special instructions for the Bravo Security Gateway Cluster Member virtual machine:

    1. Configure the system administrator credentials to be as follows:

    Username: admin

    Password: vpn123

    10
    C H E C K P O I N T S E C U R I T Y M A S T E R - L A B S E T U P P R O C E D U R E S

    Second Bravo Security Gateway Cluster Member


    Use the information below to configure the Security Gateway virtual machine:

    Name: B-GW-02 Check Point Products Installed:


    OS: Gaia R77.10  Security Gateway
    Hard Drive: 20GB
    RAM: 2GB

    Use the following information to configure the interfaces for the Security Gateway virtual machine:

    IP Address: 172.22.102.3 IP Address: 10.2.2.3


    Subnet Mask: 255.0.0.0 Subnet Mask: 255.255.255.0
    Default Gateway: 172.21.101.1 Interface: eth1
    Interface: eth0 LAN: LAN 3
    LAN: LAN 0

    IP Address: 192.168.102.3
    Subnet Mask: 255.255.255.0
    Interface: eth2
    LAN: LAN 2

    Special instructions for the Bravo Security Gateway Cluster Member virtual machine:

    1. Configure the system administrator credentials to be as follows:

    Username: admin

    Password: vpn123

    11
    C H E C K P O I N T S E C U R I T Y M A S T E R - L A B S E T U P P R O C E D U R E S

    Configure the Bravo Security Policy Objects


    The following objects should be configured prior to beginning the labs:

     A-GW (Externally Managed VPN Gateway)

     A-GUI (Host Node)

     B-GUI (Host Node)

     B-GW (Check Point Security Gateway Cluster)

     B-GW-01 (Check Point Security Gateway)

     B-GW-02 (Check Point Security Gateway)

     net-alpha (Network)

     net-bravo (Network)

    12
    C H E C K P O I N T S E C U R I T Y M A S T E R - L A B S E T U P P R O C E D U R E S

    Configure the Alpha/Bravo VPN


    Configure a Meshed VPN between Alpha and Bravo for all traffic on the management networks:

    1. At each site, edit the MyIntranet object and select both site’s gateways as participants:

    13
    C H E C K P O I N T S E C U R I T Y M A S T E R - L A B S E T U P P R O C E D U R E S

    2. Define the Encryption settings as follows:

     Encryption Method: IKEv1 only

     Encryption Suite: VPN B

    14
    C H E C K P O I N T S E C U R I T Y M A S T E R - L A B S E T U P P R O C E D U R E S

    3. Select the option Use only Shared Secret for all External members.

    4. Define the peer name and set the Shared Secret as follows:

    vpn123

    15
    C H E C K P O I N T S E C U R I T Y M A S T E R - L A B S E T U P P R O C E D U R E S

    Configure the Alpha Rule Base


    Configure the following rules in the Alpha Rule Base:

     NetBIOS: Any | Any | Any Traffic |udp-high-ports, bootp, NBT, rip | drop | None

     Management: net-alpha | A-GW | Any Traffic | https, ssh | accept | Log

     Stealth: Any | A-GW | Any Traffic | Any | drop | Log

     VPN: net-alpha, net-bravo | net-bravo, net-alpha | MyIntranet | Any | accept | Log

     Outbound: net-alpha | Any | Any Traffic | ftp | accept | Log

     Incoming: Any | net-alpha | Any Traffic | http | accept | Log

     Cleanup: Any | Any | Any Traffic | Any | drop | Log

    16
    C H E C K P O I N T S E C U R I T Y M A S T E R - L A B S E T U P P R O C E D U R E S

    Configure the Bravo Rule Base


    Configure the following rules in the Bravo Rule Base:

     NetBIOS: Any | Any | Any Traffic |udp-high-ports, bootp NBT, rip | drop | None

     Management: net-bravo | B-GW | Any Traffic | https, ssh | accept | Log

     Stealth: Any | B-GW | Any Traffic | Any | drop | Log

     VPN: net-bravo, net-alpha | net-alpha, net-bravo | MyIntranet | Any | accept | Log

     Incoming: Any | net-bravo | Any Traffic | ftp | accept | Log

     Outbound: net-bravo | Any | Any Traffic | http | accept | Log

     Cleanup: Any | Any | Any Traffic | Any | drop | Log

    17
    C H E C K P O I N T S E C U R I T Y M A S T E R - L A B S E T U P P R O C E D U R E S

    1. In both Security Policies, configure the Global Properties to allow ICPM Before Last and log
    implied rules.

    2. Install the Security Policy at both sites.

    Configure the Bravo Rule Base


    1. From B-GUI, use HTTP to connect to A-WIN (10.1.1.201). The connection should succeed and
    be encrypted.
    2. From A-GUI, use FTP to connect to B-GUI (10.2.2.201). The connection should succeed and be
    encrypted.

    18
    C H E C K P O I N T S E C U R I T Y M A S T E R - L A B S E T U P P R O C E D U R E S

    19

    You might also like