Setup Check point in distributed environment (2 sites)
Distributed environment is where we make a design decision to install the checkpoint blades separately and connect them like security management server (SMS), security gateway ETC. I would recommend folks to google and gain insight on what is a distributed & Standalone deployments are? What are pros and cons? What checkpoint recommends?
Lab setup VMware workstation 9 – The lab set up would look something like this –
Hardware - 2 client machine, One VM for manager, 2 VM’s for gateway (firewall – 2 sites main office and branch office) , 2 servers/machines capable of supporting ftp, ssh, web site (very minimal HW requirement, this is just to test )
Network – The client and the manager @ Main Office (Net2), DMZ 1-Main Office (Net2), DMZ 2-Branch Office (Net4), Branch Office (Net3), client @ Branch office(Net5), external routing ISP we can use our existing internet home connection (Net0).
I used Gaia R76 the iso can be downloaded from checkpoint website. Usually checkpoint provides 15 day evaluation with all features. But if your company has checkpoint firewall you can reach out to your rep and they would help you to get an extended license for 30 days or so.
Lab setup VMware workstation 9 – The lab set up would look something like this –
Hardware - 2 client machine, One VM for manager, 2 VM’s for gateway (firewall – 2 sites main office and branch office) , 2 servers/machines capable of supporting ftp, ssh, web site (very minimal HW requirement, this is just to test )
Network – The client and the manager @ Main Office (Net2), DMZ 1-Main Office (Net2), DMZ 2-Branch Office (Net4), Branch Office (Net3), client @ Branch office(Net5), external routing ISP we can use our existing internet home connection (Net0).
I used Gaia R76 the iso can be downloaded from checkpoint website. Usually checkpoint provides 15 day evaluation with all features. But if your company has checkpoint firewall you can reach out to your rep and they would help you to get an extended license for 30 days or so.
VM Build –
- Both the client machine I am using is a win7 machine, 2 GB RAM, 1 Processor, HD-40 GB, Net2
- SMS will be installed via ISO downloaded previously, 2 GB RAM, 1Processor, HD-40GB, Net2
- Main office Security Gateway is installed via ISO as well, 2 GB RAM, 1Processor, HD-40GB, Net2, Net5 & Net0.
- Branch office Security Gateway is installed via ISO as well, 2 GB RAM, 1Processor, HD-40GB, Net3, Net4 & Net0.
- First server I am using is a Win 2012 evaluation machine, 2 GB RAM, 1 Processor, HD-40 GB, Net4 (FTP, SSH and IIS).
- Second server I am using is a Win 2012 evaluation machine, 2 GB RAM, 1 Processor, HD-40 GB, Net5 (FTP, SSH and IIS).
- Net0 – ISP public access – 10.100.100.0/24
- Net2 – 10.1.1.0/24
- Net3 – 172.16.1.0/24
- Net4 – 172.16.2.0/24
- Net5 – 10.2.2.0/24
Note – since these are actually VM’s in virtual environment you can use one server and flip the Net4 and Net5 to test scenarios from the client machine and below is the summery of networks I created for this lab scenario on the VM.
No comments:
Post a Comment