02 CP Security 101 Gaia Lab CloudShare PDF

OUR LAB TOPOLOGY
R80.10 Training
(revised: September 14, 2018)
©2018
©2015 Check Point Software Technologies Ltd. 1
Gaia Lab
The Check Point Products

Scenario: Your instructor has performed the following steps to
prepare the lab.
The Check Point Security Management and Gateway are installed in
a standalone topology as one Gaia virtual machine (VM) and
SmartConsole is installed on the Win-Victim VM.
Topics:
1. Review and test the lab network topology
2. Review the Check Point product management tools
1. Web UI and CLI (command line interface) for device management
2. SmartConsole apps for security policy management
3. Review and test the firewall security policy

Gateway IP: 192.168.103.1
External Network
IP: 192.168.103.x
Pen Test Tool

Internal Client
Kali
Win-Victim IP: 192.168.103.100
User: root/Cpwins1!
IP: 192.168.101.100
Default Gtwy: 192.168.103.254
User: jroberts/Cpwins1!
Default Gtwy: 192.168.101.254
DNS: 192.168.102.2 Internal Network DMZ Network
DNS: 8.8.8.8 IP: 192.168.101.x IP: 192.168.102.x
Management
&
Gateway
R80
Endpoint Eth0: 192.168.101.254

Management Eth1: 192.168.102.254 Web Server Active Directory
Eth2: 192.168.103.254
User: admin / Cpwins1!
GUI : admin / Cpwins1! Ubuntu Win-DC
EndpointServer
Default Gtwy: 192.168.103.2
IP: 192.168.101.165 DNS: 8.8.8.8 IP: 192.168.102.5 IP: 192.168.102.2
User: admin/Cpwins1! User: admin/Cpwins1! User: Administrator /Cpwins1!
Default Gtwy: 192.168.101.254 Default Gtwy: 192.168.102.254 Domain: LAB.TEST
DNS: 192.168.102.2 Default Gtwy: 192.168.102.254
DNS: 8.8.8.8 DNS: 127.0.1.1
DNS: 192.168.103.2
©2018 Check Point Software Technologies Ltd. DNS: 8.8.8.8 3
Check Point Security 101
Review Questions
1. Which network is external to the firewall? Which network

is internal? Which network leads to the DMZ?
2. What is the IP address of the default gateway leading to
the Internet for the Win-Victim VM?
3. What is the IP address of the default gateway leading to
the Internet for the firewall?
4. What is the password for the lab?
(Hint: find the comment bubble on this page to check your answers)

CLOUDSHARE
©2015 Check Point Software Technologies Ltd.

Gateway IP: 192.168.103.2
 Web UI and CLI (command line interface via putty) for device management
External Network
 SmartConsole apps for security policy management
IP: 192.168.103.x
Pen Test Tool

Internal Client
Kali
Win-Victim IP: 192.168.103.100
User: root/Cpwins1!
IP: 192.168.101.100
Default Gtwy: 192.168.103.254
User: jroberts/Cpwins1!
Default Gtwy: 192.168.101.254
DNS: 192.168.102.2 Internal Network DMZ Network
DNS: 8.8.8.8 IP: 192.168.101.x IP: 192.168.102.x
Management
&
Gateway
R80
Endpoint Eth0: 192.168.101.254

Management Eth1: 192.168.102.254 Web Server Active Directory
Eth2: 192.168.103.254
User: admin / Cpwins1!
GUI : admin / Cpwins1! Ubuntu Win-DC
EndpointServer
Default Gtwy: 192.168.103.2
IP: 192.168.101.165 DNS: 8.8.8.8 IP: 192.168.102.5 IP: 192.168.102.2
User: admin/Cpwins1! User: admin/Cpwins1! User: Administrator /Cpwins1!
Default Gtwy: 192.168.101.254 Default Gtwy: 192.168.102.254 Domain: LAB.TEST
DNS: 192.168.102.2 Default Gtwy: 192.168.102.254
DNS: 8.8.8.8 DNS: 127.0.1.1
DNS: 192.168.103.2
DNS: 8.8.8.8
View VM

Gaia Lab
Click Full Screen to

use win-victim VM

Gaia Lab
lab\jroberts/Cpwins1!

Gaia Lab
RDP over HTML5
Native RDP is not

supported for this
CloudShare
environment

Gaia Lab
• Most used commands
̶ Reconnect
̶ Edit Clipboard
(to transfer text from the host to the CloudShare VM)
̶ Exit
Click to see
controls

Gaia Lab
• Best experience is to have 2 screens

̶ Laptop + monitor with extended displays
̶ Laptop + another device to view Lab Guides
Lab Guides

LAB START
©2015 Check Point Software Technologies Ltd.

Gaia Lab
• Launch Internet Explorer or Chrome and connect to the Gaia VM

̶ For the URL enter https://192.168.101.254
̶ Enter admin/Cpwins1!
• Launch SmartConsole and connect to the Gaia VM

̶ Select Start -> All Programs -> Check Point SmartConsole R80.10 ->
SmartConsole
̶ Enter admin/Cpwins1!

Gaia Lab
Review the Management and Gateway Settings

 In the Web UI Search
enter “network” and
select Network
Interfaces
 Verify the interface

configuration
 In the Search enter

“route” and select
IPv4 Static Routes
 Verify the default

route configuration
 Navigate the interface

as you like
Gaia Lab
• Verify that your interfaces appear as follows:

Gaia Lab
• Verify that the IPv4 Static Routes appears as follows.
Note: The CloudShare default route is different: 192.168.103.1

Gaia Lab
 Return to the
Overview
 Click on the terminal

to begin a console
session from the Web
CLI access UI

Gaia Lab
 Type “show dns”

 Type “show
commands”
 Investigate the CLI as

you like.
 The tab key is used to

autocomplete
commands and show
options.
 Type “exit” to leave

the console session

Review Questions
1. In this lab how many ways are available for console

CLI access to manage a Gaia device? Besides the
Web UI terminal console, can you name one other?
2. Extra Credit: How many administrators can access
the Gaia Web UI at one time?

Gaia Lab
Note: If you just installed the software,
then a notification screen will show
the days left on the 15 day trial period.
• Switch to SmartConsole (Start -> Programs ->

SmartConsole R80.10)
• SmartConsole displays:
– What’s New (first connection)
– Or the GATEWAYS & SERVERS General view (default start)
– Or the last view from the previous session

Gaia Lab
What’s New
• Close and Open the What’s New
Objects
Menu
Explorer
What’s New

Gaia Lab
Close and open What’s New, Find…
• Menu (upper left corner)
̶ Global properties
̶ Manage licenses and packages
̶ Open Object Explorer
• Objects (right side-bar)

̶ New -> More -> Network Object -> Gateways and Servers -> Gateway
̶ Objects -> Object Explorer -> Application Categories
• Security Policy
̶ Policy (Access Control & Threat Prevention)
̶ Updates (lower left)
• Logs
̶ Logs tab -> Queries -> Access -> Blocked
̶ Open a new tab, select Views or Reports
• Manage & Settings

̶ Administrators
̶ Permission Profiles

Gaia Lab
Add Administrator Joe
• With Administrator
selected, click New
• Enter Joe
New
• Set the Permission Profile
to Read/Write All
• Set Auth Method to

Check Point Password
• Click Set Password,

uncheck User must
change on next login
• Click OK twice

Gaia Lab
Publish Changes
• Notice the yellow 1 in the top middle of SmartConsole.
• In R80 each admin works in their own session.
• We Publish changes to the database to share and unlock object/rule

changes to all users simultaneously.
• The Discard option reverts all changes made in the current session.
• In case of a disconnect or logout, the session is saved.

̶ Other administrators with correct permissions can then publish or
discard other users sessions.
• Click Publish.
Gaia Lab
Security Configuration
• Select Gateways and Servers.
 Double click or Right click and select

Edit to open the R80 object.
 Notice that only firewall is enabled in

the Network Security tab.
 Notice that Logging & Status and

SmartEvent are enabled in the
Management tab.
R80 object

Gaia Lab
 Select Logs in the R80 object left

sidebar.
 Your instructor has enabled log

indexing.
Log  This facilitates “google-like” searches

Indexing of the logs.
 Select Network Management in the

left sidebar.

Gaia Lab
• Verify the topology is shown as below. Routing is used to set the
192.168.103.254 interface to External.
• The 192.168.101.254 and 192.168.102.254 interfaces are set as This Network

or Internal. This is used in Anti-Spoofing and to facilitate the management of
other security features like the VPN configuration and content inspection.

Gaia Lab
• Select eth1 and click edit or Double
click eth1 to edit eth1.
• Notice this has been preset to lead to

the DMZ and is in the DMZ Security
Zone.
• Click Modify.
• Notice the default “This Network

(Internal)” has been changed to
Interface leads to DMZ.
• Security Zone objects can be used in

the source/destination columns of our
security policy. Security Zones let us
apply the same policy to different
gateways.
• Click Cancel to exit the R80 object.

Gaia Lab
• In the objects right sidebar of

SmartConsole search for “Net”.
• OR click Network Objects then

Networks.
• Double click the 192.168.101.0

network object to open it.
• Click on NAT and verify that Add

Automatic Translation is checked to
hide this network behind the gateway.
• Also verify the 192.168.103.0 network

object settings.
• Both internal network objects have

Automatic NAT checked.

Gaia Lab
 Search for the object “Win”. Double click to open and verify the Win-DC
192.168.102.2 host object.

Gaia Lab
• In Security Policies locate and click on NAT to show the NAT rulebase.
• Automatically created rules are shown in gray. Also notice the top two NAT
rules which are manually created. These ensure connections between the
internal networks are not translated.
NAT

Gaia Lab
 Locate and click on Policy.

 Verify the security rulebase is the same as the image below.
 Which rule number is the stealth rule?

Gaia Lab
 Select Actions -> Implied Rules.

 Expand All, review, then select Configuration.
 Click Cancel to close.
Actions
Note: Implied Rules are also set in Global Properties. These occur first, last, or before last in the
access rulebase. The administrator can decide whether or not to log implied rules.

Gaia Lab
• Click Menu -> Global Properties
OR
• Click Manage & Settings
• Click Blades -> Global

Properties button
• Click Cancel to close
Global
Properties

Review Questions
1. What firewall rule #(s) allow Internet access?

2. Which firewall rule is most active, i.e. which rule has
the most hits?
right click in blue bar, enable hits

Gaia Lab
Test the Security Policy and Network Connectivity
Click Start -> Run -> cmd to open a DOS prompt.

• Use these commands to test connectivity
̶ ping: sends an ICMP request to see if a host is online
̶ tracert: Windows traceroute tool to display the route path to a destination
̶ nslookup: domain name server lookup for an IP address or name
• Examples
̶ “ping 192.168.102.2” to send an ICMP request to the Win-DC AD server
̶ “tracert –d 8.8.8.8” to see the route path to a Google public DNS server
• Use this command to show the IP configuration

̶ “ipconfig”

Gaia Lab
• Use IE or Crome to test DNS and network connectivity as well.

Gaia Lab
• On the left side bar, select LOGS & MONITOR, select + to open a new
tab.
• Click Open Log View.
New Tab

Gaia Lab

• Click the Auto refresh button.
• In the right side-bar expand Top Actions, select an action.
• Click X in the query window to delete the query.
• Right click in a column to create a filter for that column.
• Double click a log to get more details.
Auto Refresh Query Window
Top Actions

Gaia Lab
• In the blue header row, right click and select Column Profile -> Access
Control. This changes the columns.
• Right click again, select Edit Profile to see the fields included and how
other profiles like Files are defined. Click Close to exit.
Columns Profile

Review Questions
1. Will connections from the WIN-DC server to the

Internet appear in the logs?
2. Will connections from the Kali VM to the Internet
appear in the logs?
3. Are there translation fields in the logs to the
Internet?
4. Extra Credit: Will DNS and ICMP events appear in
the logs? Why not?

Gaia Lab
The Old and the New
• In LOGS & MONITOR, open a

new tab.
• In the lower left, click on Tunnel
& User Monitoring to launch the
SmartView Monitor GUI client.
• Click View Traffic -> Top
Connections and System
Counters -> System History. External Apps
Close when ready.
• Back in SmartConsole, in the
lower left click on SmartView and
login to the browser window that
opens (admin/Cpwins1!).

End of Lab
©2018

02 CP Security 101 Gaia Lab CloudShare PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

02 CP Security 101 Gaia Lab CloudShare PDF

Uploaded by

Copyright:

Available Formats

OUR LAB TOPOLOGY

The Check Point Products

3. Review and test the firewall security policy

©2018 Check Point Software Technologies Ltd. 2

Pen Test Tool

Endpoint Eth0: 192.168.101.254

1. Which network is external to the firewall? Which network

©2018 Check Point Software Technologies Ltd. 4

©2015 Check Point Software Technologies Ltd.

Pen Test Tool

Endpoint Eth0: 192.168.101.254

©2018 Check Point Software Technologies Ltd. 7

Click Full Screen to

©2018 Check Point Software Technologies Ltd. 8

©2018 Check Point Software Technologies Ltd. 9

RDP over HTML5

Native RDP is not

©2018 Check Point Software Technologies Ltd. 10

©2018 Check Point Software Technologies Ltd. 11

• Best experience is to have 2 screens

©2018 Check Point Software Technologies Ltd. 12

©2015 Check Point Software Technologies Ltd.

• Launch Internet Explorer or Chrome and connect to the Gaia VM

• Launch SmartConsole and connect to the Gaia VM

©2018 Check Point Software Technologies Ltd. 14

Review the Management and Gateway Settings

 Verify the interface

 In the Search enter

 Verify the default

 Navigate the interface

Review the Management and Gateway Settings

• Verify that your interfaces appear as follows:

©2018 Check Point Software Technologies Ltd. 16

Review the Management and Gateway Settings

• Verify that the IPv4 Static Routes appears as follows.

Note: The CloudShare default route is different: 192.168.103.1

©2018 Check Point Software Technologies Ltd. 17

Review the Management and Gateway Settings

 Click on the terminal

©2018 Check Point Software Technologies Ltd. 18

Review the Management and Gateway Settings

 Type “show dns”

 Investigate the CLI as

 The tab key is used to

 Type “exit” to leave

©2018 Check Point Software Technologies Ltd. 19

1. In this lab how many ways are available for console

©2018 Check Point Software Technologies Ltd. 20

then a notification screen will show

the days left on the 15 day trial period.

• Switch to SmartConsole (Start -> Programs ->

©2018 Check Point Software Technologies Ltd. 21

©2018 Check Point Software Technologies Ltd. 22

• Objects (right side-bar)

• Manage & Settings

©2018 Check Point Software Technologies Ltd. 23

• Set Auth Method to

• Click Set Password,

©2018 Check Point Software Technologies Ltd. 24

• Notice the yellow 1 in the top middle of SmartConsole.

• In R80 each admin works in their own session.

• We Publish changes to the database to share and unlock object/rule

• In case of a disconnect or logout, the session is saved.