Tuesday, January 13, 2015

Checkpoint Lab - 6 (Creating Objects) Tutorial

Objects concept - 

Before we run off any start playing with policies and rules there is one important concept I would like you to understand - Objects.

Objects are parameters that you can define and assign for example - a computer, network, services (http, icmp, ftp). The concept of creating Objects is same across multiple firewalls vendors. Creating and defining objects help us to consolidate and arrange different resources in orderly fashion.

For example let me create ClientA computer object. On the smart dashboard, under "Network Objects" select "Nodes", right click nodes, expand "Node" and select "Host" as shown below...
Fill out the name. ip address and comments sample below. You can also colour code it like for example all the internal trusted hosts or networks I use green, DMZ we can use yellow, external like firewall we can use red...again your choice. Hit "Ok"










Hit "Ok" and you should see your client machine under "Nodes". Same can be done for networks (internal and external). Go ahead and delete the "CP_default_Office_Mode_Address_Pool" object under network, we will not be using it. That object is created by default for VPN users. We will be creating the objects from scratch.




















Get comfy with creating objects, using the right naming conventions (just make one up and follow it). I see admins using IP_ what ever but make sure you follow the naming convention and standardize it.
We create objects using Smart Console connected to manager. So initially rules, objects and any thing we create are stored on the manager. Once satisfied that objective has been achieved you need to then push this as a policy to the firewall gateway.

No comments: