CheckPoint - Configure LAN PC and CP Firewall to reach Internet

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
welcome everyone in this video we are going to configure the LAN PC LAN PC is over test PC and IP that we are going to configure is 10.12 dot 12.6 then we will check the connectivity between test pc and checkpoint gateway so we will once we configure this pc then we will see the connectivity we ping the gateway address 10.12 dot 12.10 so gate primary gateway is that one interface we have already configured in the first or second video now we are going to login in the test pc and configure this IP and check are they able to ping or not this is the first task then we are going to login the smart console and I'll show you about the rules by the default rule that is a clean up rule and then then our task will be to then our task will be to reach to the internet so we want to ping the public server 8.8.8.8 s pc so for that we need to create some rules in the smart console that will do it in a later part the first part is to configure the test pc so i click here and click open ultra wrapper then enter the password test one two three okay so i'll open the command prompt and go to my adapter settings using a shortcut NCPA dot CPL okay now right click on it and go to the properties click the ipv4 properties click the manual use the following IP address and enter the IP 10.12 ah 12.6 the subnet is class c 24 to 5 5 to 5 5 to 5 5 0 and the Gateway will be our checkpoint gateway interface one address 10.12 not 12.10 click ok close and wait for few seconds once everything is finished you will get this message okay cancel it let's close this and ping the Gateway ping 10.12 dot 12.10 ok this is not work because of the default rule now what this means default rule ok to understand this let's go to our admin pc where we have the smart console we will login to the smart console and see what is the clean up rule is doing ok so let's go to admin pc so this is our smart console you know we have already installed in the last last videos now username is admin password is test 1 2 3 what is the security management server IP that is 1 0 4.00 dot hundred click login now wait for few seconds this will initialize load and launching the application will take few seconds it will not take much time so you will see in front of you there is a smart console there is loading depends on how much RAM you have given to this machine ok so I'm talking about less cleanup rule you know this rule is saying any source any destination any VPN any service or application the action is drop this one track is set to none so we don't have any log for this so let's do a little bit chain and see what will be the change happen if we select if we change the action to accept and we want to log okay so let me install this policy publish and install so I will select the access control feature so now the current problem is there is no gateway okay so it means that we need to add the gateway also before doing any changes let's go here this is our gateway no this is not a bucket with this server checkpoint SMI server we need to add the new gateway we will need to go to the gateway we select the classic mode and this will take a little bit of time okay so now let me give the Gateway name my gateway name is this is my gateway what I'm talking about so let me enter the name CP underscore primary gateway what is the IP address this is the iPad rs10 for dot 0 dot 0.25 for Ethernet 0 address 1 0 4.00 2 5 4 there is no IP cv6 in training command okay so we need to create a trust remember the si si I'm talking about the secure in internal communication the password we have configured in the first in the primary when we configure the primary gateway pin 1 2 3 we need to enter that so we need to create a trust establishment between these two devices I'm talking about primary gateway and security management server so let's click here and enter the authentication password the password is admin 1 2 3 it been 1 2 3 and click on the initialize so this is the trust communication initiations when you click it scan it and here you can see the certificate status trust established so click OK and it will automatically show the topology details of the interfaces of the primary gateway here you can see Ethernet 2 is our DMZ DMZ IP address Ethernet 3 is our van IP address it Annette 3 1.49 Ethernet 0 is 2 5 4 and internet one is 10 12 12 10 ok so this is done we added the Gateway this is the options the blade's option currently only firewall is selected this is the management plates let me click OK no interfaces are defined the policy information must be configured in order to use and dispose you just click yes currently ok and ok ok so here is our primary gateway so let's go to the policies and let's go we have done some changes remember in the policy we want to accept we have selected the log now this section is asking where you want to install your policy so once I click it it will show me the primary gateway earlier it was not trying now it is selecting the primary gateway now we need to I thought you click here install policy and publish and install or you can click on the session details enter the details and click on publish let me this time go with the install policy you can enter the details description session names and click on publish and install and it shows the access control and here now it is showing the primary gateway so I'll click on install this is then stall mode options click install now it will take few seconds to install between 20 to 30 seconds maybe let me pause the video once it is completed I'll resume back so this is all ready so this is installed on primary gateway but it's showing some error that entice popping is not configured for some of the interfacing gateways we will check it later currently our changes has been deployed over the Gateway let me close it and let's go to test PC again so this is my test PC and Tecna ping the Gateway see now I am able to ping the Gateway why because of the clean up rule earlier it was saying any source any destination action will be drawn earlier but now once we selected accept it allows to ping and I hope there will be some logs generated for this here it is so now you can see the logs this is all time Lord let me lick lost our log okay there are a lot of things are going on the back but we want to check ICMP source my source will be 10.12 dot 12.6 let me check is there any rule yes there is one log generated this is the source this is the destination and the ICMP and the rule is okay now we have a bigger picture so the origin is gateway where the log is inverted action is accepted policy management is CP SMS standard the rule which is responsible to showing this log is clean up rule if we click here okay it is showing something at the back here is the rule where it is highlighted now the traffic source and the source zone is internal the destination is our checkpoint think it way this one and the interface where it is detected as a thern 8-1 let's click on a match rule the rule number one which is in the clean up rule rule image scanner pro okay let me close this now I hope you have an idea that what exactly this cleanup rule is doing and that our first rule in the inner in a rule base or in our security policies so let's change it again let's make a drop and lock and now okay now just add one more rule above the clean up rule and give the name management interface now what this rule about we want a separate rule to access to allow on this network one zero four zero zero zero to access these the primary gateway now we need to create a object for the source to allow this now to create object click here new network and give the name to the object suppose I'm trickin as MGMT network and IP that I'm going to assign is this 1 1 0 4 0 0 0 1 0 4 0 dot 0 dot 0 and the Class C subnet to 5 5 to 5 5 to 5 5 and 0 I okay now the destination my destination is the management IP this is the IP address I'll add one host object let me add name of the object management IP and the IP address for this is one zero four not zero zero to 50 right click okay is okay let's leave the VPN services application now okay actions I want to accept so if any traffic is coming from my management interface means this network suppose admin PC wants to access the primary gateway the private primary gateway is defined under under this object the management IP now if this is going to happen then my admin PC will be allowed so this is what I'm going what this is what I am defining in this rule and I also want this log this rule should be long so I select the log option here and where I want to deploy my policy on my primary gateway so this is done okay now let's deploy it and see what happened publish and install okay now we need to install it this will take few seconds let me pause the video once this is done I'll resume back ok the policy is deployed if we click here on the details see the policy is deployed again the anti-spoofing issues is coming I'll definitely resolve this in the further part let me close this till now ok now let's go to the primary gateway so let me clear all this I'm paying 10 12 . 12.6 and you will see there is no IP because there is no rule defined for land 1 so if we have not defined any rule it means we cannot communicate now to allow the traffic from land to van we need to create a new rule let's define that then I will just press the ctrl C button to finish the scan ok now I'm going to smart consoles and create a new rule in between of the management and cleanup rule I'm saying from line 2 1 the source object is my I need to create a new object lands I'm giving the name is LAN underscore subnet and IP that I'm going to define is 10.12 12.0 my LAN network you can see here this is the network and the subnet mask is 255.255.255.0 okay now this is the LAN subnet and the destination will be in so I leave it like this and I want any traffic to be accepted if any traffic is coming from lambda1 and it should be log and I want to deploy this policy on checkpoint primary gateway okay now we have done with this let me install the policy on the Gateway okay there is some validation issues name uniqueness okay remember is coming this is because we already defined the destiny the land subnet okay let me do one thing let me go to the object and this is a good thing that the issues are coming because the more problems will come the more we are going to learn so I'll object open the object Explorer and search for land subject underscore subnet okay no objects are coming okay let me pause the video once I found the subject I'll show it to you okay here I found the subnets LAN subnet so when we go inside the object Explorer when we click on the network and these are the two subnets that we have actually defined here so we need to remove it let me remove it and I'll show you one more time how we create the object in the rule okay now another thing is if your object is used in the policy you cannot delete that object just before that I'm deleting delete one subnet you can one host object you can delete but another object which is in use you cannot delete it okay just leave it leave it as it is I will go here and let me click install policy publish and install now there will be no problem now we need to click install and our phone is pushed to our gateway so this will take a little bit of time till then I'll just pause the video ok our policy is installed now let's see do we have connectivity from LAN 2 1 let me see first that do we have can be able to reach to my test PC 192 10.12 12.6 yes now we have a connectivity now let's go to the test pc and we'll connect to primary gateway IP first and then we are going to pin the 8.8.8.8 IP ok this is my test pc let me paint the gateway dress 10.12 dot 12.10 yes we are able to reach now let's ping to reach because the reason is indignant so our packet is dropped by the firewall and the interface 1 ok let's add the nut the dynamic path to add a dynamic part we need to click on the LAN submit we need to go double click on it select the nut check this option a daughter with automatic address translation rules select the height height and click OK once you are done with this click on install policy population install and click on install we wait for few seconds once this is done we will get the message and I will resume back so you can see our policy is installed let's close this and let's go to the PC test PC and see that is that our packet reach to the internet or not so let me close this clean this and ping to iterate it few packets will be dropped but let's check do we have internet yes we have internet connections but lot of packets are dropped make me ping again okay so it means that we have a connectivity now from the LAN network to the van the Internet so this is how we can reach from Land's on to Internet by just adding one rule here and apply a knot to reach out to the network to the Internet so thank you for watching this
Info
Channel: gully networkers
Views: 2,684
Rating: undefined out of 5
Keywords:
Id: KmLvA9WlyLk
Channel Id: undefined
Length: 25min 34sec (1534 seconds)
Published: Sat Sep 21 2019
Related Videos
Check Point CloudGuard for AWS Deep Dive - TechTalk
Shay Levin
2.2K
WEB 3.0 & TELECOMMUNICATIONS!!!!
Safemoon Tim
8.3K
PaloAlto Firewall - Configuration Audit using Nipper Studio
gully networkers
2.4K
PaloAlto - Start and Configure PaloA lto Network Topology
gully networkers
6.2K
I Built This From A 1972 Popular Mechanics Magazine Plan. Does It Work?
Fireball Tool
2.2M
Check Point Firewall - fw monitor
Magnus Holmberg
6.2K
How To Speak by Patrick Winston
MIT OpenCourseWare
5.1M
Remote Access VPN on Checkpoint R80
Cloud Guard
13K
Sending Logs to a Syslog Server | Network Fundamentals Part 23
Network Direction
32K
CheckPoint Firewall Tutorials | Create Policy Rule and Route Configuration in Checkpoint
TechNet Guide
18K
Wireshark Tutorial for Beginners
Anson Alexander
1.6M
RDP into Ubuntu 18.04.2 LTS from Windows 10
attackquack
88K
How to access office files and folders from home/ Access your files remotely by using FTP
Prasad. A.P
29K
Understanding Check Point FireWall Part 1
Check Point Training Bytes
73K
Special Lecture: F-22 Flight Controls
MIT OpenCourseWare
2.2M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.