Professional Documents
Culture Documents
02 CP Security 101 Gaia Lab CloudShare PDF
02 CP Security 101 Gaia Lab CloudShare PDF
R80.10 Training
(revised: September 14, 2018)
©2018
©2015 Check Point Software Technologies Ltd. 1
Gaia Lab
External Network
IP: 192.168.103.x
Kali
Win-Victim IP: 192.168.103.100
User: root/Cpwins1!
IP: 192.168.101.100
Default Gtwy: 192.168.103.254
User: jroberts/Cpwins1!
Default Gtwy: 192.168.101.254
DNS: 192.168.102.2 Internal Network DMZ Network
DNS: 8.8.8.8 IP: 192.168.101.x IP: 192.168.102.x
Management
&
Gateway
R80
Review Questions
Kali
Win-Victim IP: 192.168.103.100
User: root/Cpwins1!
IP: 192.168.101.100
Default Gtwy: 192.168.103.254
User: jroberts/Cpwins1!
Default Gtwy: 192.168.101.254
DNS: 192.168.102.2 Internal Network DMZ Network
DNS: 8.8.8.8 IP: 192.168.101.x IP: 192.168.102.x
Management
&
Gateway
R80
lab\jroberts/Cpwins1!
Click to see
controls
Lab Guides
Return to the
Overview
Review Questions
Objects
Menu
Explorer
What’s New
• Security Policy
̶ Policy (Access Control & Threat Prevention)
̶ Updates (lower left)
• Logs
̶ Logs tab -> Queries -> Access -> Blocked
̶ Open a new tab, select Views or Reports
• Enter Joe
New
• Set the Permission Profile
to Read/Write All
• Click OK twice
• The Discard option reverts all changes made in the current session.
• Click Publish.
©2018 Check Point Software Technologies Ltd. 25
Gaia Lab
Security Configuration
Security Configuration
Security Configuration
• Verify the topology is shown as below. Routing is used to set the
192.168.103.254 interface to External.
Security Configuration
• Select eth1 and click edit or Double
click eth1 to edit eth1.
• Click Modify.
Security Configuration
Security Configuration
Search for the object “Win”. Double click to open and verify the Win-DC
192.168.102.2 host object.
Security Configuration
• In Security Policies locate and click on NAT to show the NAT rulebase.
• Automatically created rules are shown in gray. Also notice the top two NAT
rules which are manually created. These ensure connections between the
internal networks are not translated.
NAT
Security Configuration
Security Configuration
Actions
Note: Implied Rules are also set in Global Properties. These occur first, last, or before last in the
access rulebase. The administrator can decide whether or not to log implied rules.
OR
Global
Properties
Review Questions
• Examples
̶ “ping 192.168.102.2” to send an ICMP request to the Win-DC AD server
̶ “tracert –d 8.8.8.8” to see the route path to a Google public DNS server
• On the left side bar, select LOGS & MONITOR, select + to open a new
tab.
• Click Open Log View.
New Tab
Top Actions
• In the blue header row, right click and select Column Profile -> Access
Control. This changes the columns.
• Right click again, select Edit Profile to see the fields included and how
other profiles like Files are defined. Click Close to exit.
Columns Profile
Review Questions
©2018
©2015 Check Point Software Technologies Ltd. 44