Saturday, January 10, 2015

Checkpoint Lab - 3 (Installing Gaia R 76, Manager) Tutorial

Management server install and setup

In a distributed check point deployment scenario the management server blade is installed as separate entity which will be then configured to connect to the firewalls using secure communication. Management server as name suggests is used to manage the firewalls centrally. We can set up rules, create users, NAT’s ECT on the management firewall, save it as a policy and push them to the firewalls. Other tasks like backups and restores can be performed as well.
Installation – Once you boot of from the ISO image downloaded (mentioned in earlier post), with a new vm (Memory 2GB, Processor1, HD – 40 GB, Network – Net2) follow the below steps

Once you boot off the ISO we can see the below splash screen…Choose Install Gaia on this system. Use TAB key to navigate options.
 It’s going to load the drivers…


 Hit ok to proceed with the installation… and follow the screenshots below...

Since this is Management blade and it’s connected to Net2 (10.1.1.0/24) input the ip in that range my case I choose 10.1.1.150 and the Gateway for the management blade will be the firewall’s eth1 interface which is 10.1.1.222. Refer to the example lab diagram @ Checkpoint – 1 Lab setup 
 And Reboot after completing the 6 steps.


Initial Configuration

We can access the Manager via browser from Client A (10.1.1.100) or this can be done via command line interface which I will cover as alternate initial config section later. Since we used 10.1.1.150 as our manager ip access this via - https://10.1.1.150. As soon as you login you will be presented with “First time configuration wizard” as below.


Set date and time, this is very important in production live environments and best practice is to use the companies NTP server. Policy sync’s, backups and many more checkpoint functions depends on having correct time across all the devices, checkpoint clusters.


Input host name, domain and DNS server info…I am using google and verizon public dns.



























STOP---IMPORTANT---CHECK

The below options will configure the device as manager or the gateway/firewall.




























Select – Security manager. I will cover clustering at a later date.





















































The below options will let you configure which device can connect to the manager. Std. security practice is one would restrict access to the manager to certain set of devices/jump boxes for better security. You have an option to select Client A 10.1.1.50 only, Any machine in Net2 network or certain range.

Finally verify and confirm that the right option – Security Manager is indeed selected and finish the initial config of manager. Again we use the manager to connect to firewall/Gateway devices at multiple locations for ease of management.
This concludes the installation and initial configuration of security manager in the lab environment.

No comments: