Configuring Check Point VSX and Virtual Firewalls

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi this video is on how to configure a checkpoint this sets gateway with your management server so looking out in the network diagram which I have covered in the v6 overview video we've got the management side we've got the external side connecting to the physical router from the switch and we've got the VLAN trunk connecting to each particular network on their specified VLANs so this is the topology we'll be following in the video when we are configuring the VX gateway also the IP addressing scheme it will all be on one subnet on the external side because it's a switch if it was a Rooter then we may need to submit them off but we're fine on that as well and that's pretty much it so we can start the VX gateway configuration so the first thing to do is right-click the checkpoint object and go to v6 and go to VX gateway if it was a cluster then you configure it as a cluster if you've got two VX gateway appliances ok it says the current database policies need to be saved before the new v6 configuration from be applied you want to save and apply the new configuration let's go for YES on here and the first thing we do in the VX gateway wizard is give it a name an IP address and a version so give it a name or CP mousex the IP address for my gateway is 10.10 2010 the version will leave as a 37 but here's these supported versions anyway okay so let's click Next and then we come to the creation templates and the creation templates page lets you provision of defaults apology and the route and definition for virtual systems it's basically used so that virtual systems are consistent and makes the process quicker creating them and you can also still override the creation template when you create or change your virtual system however so you don't need to worry about it too much but let's go through each option here so the shared interface is which we're virtual systems share worn external interface but have separate internal interfaces this one here then there's the separate interfaces where virtual systems use their own separate internal and external interfaces and finally there's the custom configuration where you can define the virtual systems virtual rooters virtual switches and interface configurations yourself and ours go for the custom one for the flexibility and click Next so the next page is the activation key to specify the SiC activation key here which will initialize the secure internal communication trust between the vsx gateway in the management server so basically they trust each other and are able to communicate so let's give it a key and I've already done this on the Gateway side of give it a key so if I initialize it should build a sick trust now fail to connect to the Gateway let's try that one more time so it's failed again let's go back check the IP address 10:10 2010 that's the correct IP address and it looks like the fake gateways having a communication problem I may need to reboot the server possibly and it's locked as well by the browser 10.10 2010 so I'll just give this gateway Arriba and I'll start the video again so I've rebooted the Gateway and we can try a seek again so for you click initialize and it's failed to connect to the security gateway again so let's check the six data switches should have really done anyway okay try to reset the seek on the peer and establish the trust so what we can do is reset SiC on here so if we login and if we specify a CP config and let's choose option 5 confirm we'll add to reinitialize communication yep enter that to version key okay that's done and now nine to exit from here and we'll let it restart eight services and then we'll try again it should be Bucky's with us within a few seconds hopefully let's start in the product balance of it we can't let's try it now miniature lives and that's trust established check sick status so sick status for CP v6 a communication for that is absolutely spot-on let's click Next so the next part is the interfaces so from here you can define which interfaces will be v lung trunk interfaces so usually you would do this for the internal interface connection to the physical VLAN aware switch see each separate network reaches a virtual system based on the defined VLANs like we have in the diagram network diagram just here so let's specify one of the interface ports to be VLAN trunk so if we go for Ethernet one and that'll be via LAN trunk and let's click Next here ok so this page is on setting up a virtual device within the VX gateway because I chose the custom configuration option we were able to define a virtual device with an interface shared with the VX gateway you don't have to create a virtual device you can just click Next to continue but we'll create a virtual switch as we have in the network diagram while we are here so if we click on create a virtual network device and the options you have is virtual switch and virtual router the click on virtual router you can see you've got to fill out the IP addressing information as well when it's going to create a virtual switch I select the shared interface so the shared interface this time will be Ethernet 2 and click Next okay so that's done and the next page this these options here are to define policy rules for the VX gateway itself so these are basically management access policy rules so the gateway it's also you can change these or leave them as they are and the security policy consists of the predefined rules here which is SNMP SSH pink and hich TDPS and there's a default block of anything else here because this policy applies only to traffic destined to the VX gateway traffic destined for virtual systems and other virtual devices external networks and internal networks are not affected so you can select to pass traffic on the selected services by these tick boxes or you can clear the option to block traffic on the particular service and by default all services are blocked as you can see here but we can just click them like that HTTP SSH even pings useful and we'll just leave SNMP off so for source of traffic the default is any bit you can specify the source you're coming from and you can create an object from here new source object so you'd only allowing the IP addresses that you want to allow and we can click Next to continue from here so you have allowed services with source set to NHS recommended to use a specific source rather than any a show you want to continue since this is a demo we'll click yes and click finish and that's going away and installing the VX going configuring it so we'll pause the video once alright so that's being completed we've got a v6 gateway now configured so if we click close here and we should be able to see in the network object so here it is CP VX gateway so the next thing we need to do is create a new virtual system so also if we break that down we can see the virtual switch we created the virtual device or we'll have a look at this shortly so if we right click checkpoint go to v6 and create a v6 virtual system so this is an actual virtual system which is a gateway a virtual gateway virtual firewall so checkpoint call it virtual system so let's click that and we come to the wizard so the first thing to do is provide a name so let's call it virtual system and then you specify which visits gateway this virtual system is hosted on so we click there and we've only got one resets gateway so this only got the one option here and click that so it selected that and the next portion is the bridge mode option you'll only select bridge mode if you are creating a virtual system in bridge mode which we are not so we'll leave that on ticked and advanced override creation templates so there here's the option to override it so select your education template to override the creation template that was used for the initial configuration of the VX gateway so we'll leave that on tips as well click Next so now in this portion we do the configure the interfaces and the routing from here so depending on the creation template use you will get different criteria for this area we used the custom configuration templates that we need to manually define the network interfaces here just to note a regular interface would be using a physical interface directly attached to a physical switch or router then there's VLANs faces which would be via regular interface but with VLAN tagging enabled and virtual interfaces which lead to virtual rooters or switches and we need two interfaces one will be a warp interface a virtual interface connecting to our virtual switch on the external side which is here so the the connecting to the external switch sees virtual systems registering one virtual system and the other will be a VLAN interface connecting the outlet to the physical link on the internal side so here so this trunk so will create both of these interfaces now so if we go back to the dashboard the wizard and let's create our internal interface and specify VLAN tag so let's add and there's two options ones regular ones leads to virtual switch there's also leads to virtual route so if we add a virtual user configured but we haven't so we've only got the leads to virtual switch here so because we configuring it as a regular interface will click the regular option and we'll choose the interface from here Ethernet one we'll give it a VLAN of 100 for example and we can give it a happy row so let's just go for something in 172 range let's keep it as the RFC 1918 range and go for 24 subnet mask okay and then you've got you can select propagate route to adjacent virtual devices which advertises the route to neighboring virtual devices and enables ktt between them we'll just leave it contact for now and the here's the IP version 6 address if you're using IP version 6 click OK here we've created that interface there so now let's create a warp link by clicking add and clicking the leads to virtual switch so this is on the external side yeah yeah so this VF system creating this link here so where does it lead to we've only got one virtual switch and it's here so click this option give it an IP address and give it a subnet mask again you've got your standard settings here because it's a switch some of these are grayed out such as the propagate routes adjacent virtual devices and click OK here so we've created that interface as well and then you've got your routes so you can add your routes here as well so if you click add you can add the destination networking at mask IP address netmask and then you could specify the next hop gateway here or you can just choose a virtual route as the next hop gateway we haven't got a virtual user configured so there's nothing in there so just cancel that and click Next and click finish and there you go it's configuring our first virtual system so I'll pause the video since this may take a short while and I'll stop the video straight after ok so it's finished configuring our new virtual system so we can click close here we could optionally view a report from here if we click that so click close and now here we can see within our checkpoint network objects we've created a VX gateway within the VX gateway we created a virtual switch that was done as part of the gateway wizard the VX gateway wizard and we have just created our first virtual assistants they have it all so what you can do is you can double-click these just to check the properties and come further configure them from here as well the main bits take away from the gateways you can see the creation templates from here and you can also have a look at the physical interfaces from here and also optionally enable VLAN trunking or disable them from here if if required so let's cancel that we can have a look at a virtual system from here you can see the general properties and the IP address the virtual system name we call it virtual system what VX gateway appliance it applies to the blades enabled on a virtual system here the topology information in here so the interfaces and the roofs and etc so you could change all this from here and we've got the virtual switch as well which doesn't have as much information and if we go to topology and double click these you can edit these of course it doesn't have any IP addressing on here because it's switch ok this sitting face was create automatically cannot be edited or removed that's fine well if we go to what we can do is if we go to so if we go another bottom with some VX gateway's in here we break this down is a virtual router so via we have a look at this with virtual routers the firewall only protects the routier itself so it's got a firewall built in but the only protects the route itself has got some IPS for that's pretty much it monitoring as well for as far as software blades go anyway and you can look at the topology as well which you can configure interfaces and routes just like the virtual systems from here as well the one bit I've missed out and is the command line so we can have a look at the command line as well which we need for so I've got it on my desktop if we log in with putty you can actually directly log into the VX gateway via SSH and you can run commands from there as well so let's login let's wait for this to come back it's sometimes a little bit slow ok so I specify the password and I'm logged in so you can run various commands from here such as f w v6 staff which gives you some stats on the VX gateway itself so it's telling you virtual systems I'm the active Emily configured virtual route of switches a total connections a number of virtual systems loud by license 25 you can actually actually have a look at the license information so it's very similar to just a standard gateway will a lot of these commands and it gives you some licensing information here your checkpoint this is trial license I've got can do if to leave Gibbs ifs to look at the interfaces so it's just giving us the local horse Ethernet 0 which is our management interface and that's pretty much it so will rather look at how to configure the VX gateway to install a virtual switch as well as a virtual system and the command line for the sex thank you for watching
Info
Channel: Jafer Sabir
Views: 43,324
Rating: undefined out of 5
Keywords: Check Point virtual firewalls, Check Point Firewall Videos, checkpoint virtual firewall, virtual firewalls, configure virtual firewalls, virtual firewalls demo, Check Point Firewall
Id: cdBXSC7KTn4
Channel Id: undefined
Length: 19min 59sec (1199 seconds)
Published: Mon Apr 07 2014
Related Videos
VSX Cluster deployment & configuration - DemoPoint Academy
Check Point Software Technologies, Ltd.
14K
Firewall Comparison, Which Ones We Use and Why We Use Them: Untangle / pfsense / Ubiquiti
Lawrence Systems
528K
VSS Quad SUP SSO
ENG Training
12K
How To Speak by Patrick Winston
MIT OpenCourseWare
5.1M
2020 Getting started with pfsense 2.4 Tutorial: Network Setup, VLANs, Features & Packages
Lawrence Systems
590K
Kubernetes Tutorial for Beginners [FULL COURSE in 4 Hours]
TechWorld with Nana
2.6M
checkpoint firewall in aws
Tendai Musonza
1.6K
How to deploy Check Point CloudGuard Network Security gateway on AWS (CCVSA Training) by Jayden Aung
Jayden Kyaw Htet Aung
1.6K
Special Lecture: F-22 Flight Controls
MIT OpenCourseWare
2.2M
Firepower Management Center Overview
Managing Cisco Advanced Security
31K
I Built This From A 1972 Popular Mechanics Magazine Plan. Does It Work?
Fireball Tool
2.2M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.