Check Point Advanced Firewall Installation Part 2 :How to Install R81.10 GAIA OS #Security Gateways!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

firewall again so this video is continuation video for advanced firewalling of checkman firewall uh in previous video we have seen uh we have installed our 81.10 gaia os into management so in this video we'll be going to install uh the same os uh not the same os uh r80.30 uh guy os into the gateway because we wanted to test our 81.10 management part of it and the gateway it's okay we will have below versions so i have basic i have done the basic installation so i have just you know started with the gateway and i have just installed a basic uh os now the web ui is pending so let me go to the google chrome and from here let me type the ip address for the gateway 192.168.1.11 okay all right accept the default things give the password okay checkpoint first time configuration wizard next continue with the r80.30 configuration next i have the default things i will configure eth1 letter give the name so this is my gateway 1 which is 80.30 domain name is firewall gann.com [Music] dns server will be the google dns next default time setting this will be the security gateway so i've been selecting the security management server next yeah one more thing this will be the part of the cluster excel so if in case uh we need to have this cluster excel in place uh will be giving this option right next does this gateway have dynamically assigned ip addresses no when you have something like uh you know your isp is providing the eyepiece to your gateway for example your gateway is on external side world and next hope is your isp gateway from there they have the dhcp services enabled and your gateway is giving the ipad addresses from there in that case you need to select this option yes otherwise in a normal scenario it should be new this is the important step you need to give the activation key the activation key will be useful when you're going to establish sick secure internal communication between your management server and the gateway and if you want to learn more on this just read this thing what is sick all right capture the screenshot and go to these things next and finish and one more thing if you see there is something called improved product experience by sending data checkpoint always check this box start the process so i believe it will take a minute or two to finish let me see if i have our 81.10 yeah i got a smart console for the same in last video we have completed our uh sms or management server installation i have given up a bit more memory space here so let's see how it reacts uh let me see where we are now okay so [Music] meanwhile let's or let's start this uh sms i hope my pc will not gets on because of the huge ram but however we need to start this machine okay this guy is also finished let the system get rebooted it will take a minute or two to get rebooted meanwhile let's see the sms it's starting let's get ready with the ip address 192 168 1 254 okay it's still rebooting it will show you yeah it's still rebooting what about the sms okay it's also starting the system also guys keep in mind whenever you install the gateway and if you want that gateway to be communicated with the smart management server always you need to have at least a two interface to be configured one as your internal and one as your external because if you don't have those interfaces in a place when you establish a secure internal communication between the gateway and the management server it will ask you to face the topology and if it not see there is only one interface and there is no another interface for the internal xml side it will throw you an error so always keep in mind so we just need to give the ip address to the second interface which may be the internal ip address okay let's see sms okay sms is started and how about this okay the gateway is also rebooted let me log into the gateway meanwhile let's log into the sms as well so here when you go to the next work interface if you want to add new ip address i mean the interface ip address you always need to go to the network interfaces now here you have to just do the edit always check box and you need to enable this ipv4 currently we have so i'm just giving the ip from that it's a 10.1.1.1 for now i'm just giving anything for testing purpose and your subnet mask this thing will be okay okay it'll look good let me see if we able to login to the sms always remember when the sms started it takes some time to you know uh initialize internally so always remember you will get little bit delay when you log into your sms from smart console earlier with the oldest version it was no not the process was not like that we usually get early logins but here it takes time to initialize because it's a huge database and you know too many services need to be run in a background so we have to wait couple of minutes to sms to get started and if you want to look more into that you just have to come here this is my sms login to the sms okay login as admin give it a password and from here let's see if i can run cp wd underscore admin list use that command so here you will see what is the status of the services you are running uh so everything looks good everything is established e stand for establish and if you see something like w it's like a waiting state so for now everything looks good let's see uptime okay uh let's set top so if you see the processes are also running well so i believe we should able to log into the sms without any issue enable let's try if we are able to ping i hope we will ping 192 168 1.255 yeah we are able to ping so let's try one more time log into our 81.10 now it's loading the data once we are in we'll be doing the secure internal communication with the gateways give it a minute so guys this is all new our 81.10 console smart dashboard so first thing what you need to do i'll just walk you through the options here so if you see here first thing is your security and gateways in the server this gives you or you what gateways you have installed what sms you have installed what vsx or virtual systems you have installed so it will give you all the overviews and the status uh what is the hardware you have used what cpu is using you have any recommended updates and much more things at the bottom you are able to see there all details whichever the product version you have installed what is the license status what are the policies and blades you have activated and everything right then second tab there is we call it a security policy in security policy it will give you what are the security policies or the rules uh you have configured so in security policies it will help you with the configurational part so if you wanted to do some sort of a package configuration for example right now uh i am saying i am in a standard package you can change the package you can you know configure the policies by default we get come up with the cleanup rule so what this rule means whatever hitting to uh this gateway bit any source any destination the policy will be dropped okay so once you install the policy uh your gateway if you not allow anything you get away by default drop anything then you have the night policies then you have http inspection policies and a lot of things we will see all those stuff one by one but for now uh we will only restrict to this video to have this secure internal communication between uh your firewall your gateway and your management server right so let me go to the gateway and do the secure internal communication with your management server now let me show you a few options from where you can do this all options right so from if you see here there is something called like uh you know a start this option if you click here you will see your what you need to configure newly first thing is your gateway then cluster vsx whatever you want to configure for this video i'll be just configuring the gateway so just click to that then you have a wizard option so basic wizard option which you can go ahead and you know configure your gateway using you know simple wizard option or you can use classic option so wizard option is the old one we will go with the classic one let me see let's wait for a minute because the system is bit slow let the wizard option oh sorry uh classic option pop up so if you see these are the properties uh checkpoint gateway properties appears here you have to give your gateway name you can give whatever you like i'm going to get a one and i pay address 192 161 1.11 if you like to give any sort of colors you can give that we don't have to do this dynamic address things right now here this is your open server r81.10 gaia and what blades you want for example if you want ipsec you just say select that as well and if you're looking for any other things like your filtering identity awareness for now uh we're good with uh ipsec and remember these guys will come by default advanced networking clustering will secure excellent dynamic routing will configure now you have to come here and to establish sick this is the important thing secure internal communication which we call sick and then the status right now you are saying it's an in initialize to do all this initialization you have to come here and click communication let me see okay now here it's your open appliance this is a one-time password which we gave to the gateway like a sick password when we installing the first time wizard the gateway and giving the same password here and i'm clicking initialize okay look like the trust is got established without any issue and if you want to test your status of the sic you have to click this option right so i'm just saying what is the status of my thing okay seek of the gateway is communicating and everything has got established if you click ok it by default download your topology what you have and keep in mind if you don't have this thing like two interface at least it will give an error so here close this thing come to the network management the next tab uh next option and from here you need to define basic things like what is the topology for your current configuration click to the edit and here you have to tell okay so this is your internal or action network okay so if you see [Music] eth0 i'm considering this is my external network for now so here if you see there is a something called anti-spoofing this is very important step guys uh you have to select your anti-spoofing option well so always remember if you are your firewall is external facing and you want to protect your firewalls from spoofing then you have to come here and select this option as a prevent and if you have some external servers which are legitimate and you don't want to do anti-spoofing check for that you can come here and give those options like you don't check packets from this thing right so i this it's it's the external interface so i'm just putting like override this network is not internal this network will be external that what i wanted to tell so here if you see there's option called internet external or sorry internet external so this is external network and i just want to say okay and then again okay here right and the other guy eth1 i wanted to tell this is my internal network so i think by default every setting is there for that guy so this is internal network and usually internal network we don't do the ids profi to you know prevent communication issues so i am putting it in the detect mode so whatever the thing happened with the anti-spoofing i'll be able to log see spoofing dragon so okay finish yeah so this is what you can log in as a web ui portal that is fine and now important step as i said the sick is got established now you only have one rule there which is your cleanup rule so to allow your communication happen with your firewall you need to have a style tool right so what i'm going to do i'm going to right click to this rule and i'll say okay new ruler above and from here i'll be adding one role which i'm calling as admin access so at least for now i should able to access my gateway uh with my uh whatever the system i have configured configuration i have with my systems so for now i'm giving it as a let's see let me show you one more thing which is important here right so i wanted to create one object which uh denotes my internal network so if you click this top thing let me show you uh this guy uh the king crown what it's showing here right if you click that uh you will get a lot of options so here just first do that open object explorer and here create new object always remember guys do this method what usually we do we for a simplicity we do it from here but i will recommend always do it from this option object explorer it will give you more visibility so here what you want to do you want to configure a new object network objects so click ok network object and give your network so i'm giving a large range of my network 192 168 node 0.0 is my network and i will say this is my network and the mask i will use is say 16. so i'll give it like 16 for my betterment so 192 168 1. not one dot 190 160.0 and subnet mask will be 255 255 0.0 all right that for now i'm okay i don't want to take this thing to the network i'll be showing that part in a network netting video so i'm just clicking okay now the network object is added let me close let's add that guy here so let me say click this add button and here let me click again here let's search that option okay it's here now that is added now the destination will be your for now i'll be putting like any right i want anything to be get access so if i say in here action should be accept server application i want any for now and it should be locked whatever the traffic i am hitting with that here also remember with the cleanup rule whatever things is coming up you need to log so if you notice the things what they have changed here they have give you an option whatever you want to configure so if you configure switch to defaults i'm just showing you what happens if you go to that switch to defaults so you will give they will give you what source destinations and service application you can you know give it from policy setting we'll talk on this later but for now just install this policy so let me come here and say install policy keep in one thing guys when you say install policy by default whatever the sessions we have performed whatever the activity we've performed if you see here the 19 changes we have made those got published you don't have to come and you know push publish button here separately because it's automatically get published in case if you don't want to install the policy right away you can use that option like publish now and install policy later right now i'm saying okay install this policy to this gateway and it will take a minute or two depending on your configuration the policy will get installed if you see status here what is happening with your policy so let's wait for a minute the policy get installed so if you want to see what happens in background when you install the policy you come to the sms and run the top command i hope it's still installing the policy while i'm running the top command so all these things you need to observe what are the processes are coming into the picture while you're installing the policies so see there is something called init and it is getting initiated a lot of things in a bagger so this is how you need to think when you work on a checkpoint firewall guys now let's see the policy status wow it's got install if you see the status is got installed and if i have access it then i believe i am not logged out because this policy right so i am marking this video or i am ending this video uh here if you like my video please subscribe my channel and press bell icon so whatever the latest upload will come to you as soon as i'll upload it thanks for watching this video guys and i have a wonderful day

Info

Channel: Firewall Gyaan

Views: 47

Rating: undefined out of 5

Keywords: r81.10 GAIA, Check Point Firewall, Smart Console, Gateway Installations

Id: S-YoDSMLkk8

Channel Id: undefined

Length: 30min 53sec (1853 seconds)

Published: Tue Nov 16 2021