Scribd
Upload
143 views14 pages

Deployment of Checkpoint Firewall

Uploaded by

Shiv Om Shiv Om
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
143 views14 pages

Deployment of Checkpoint Firewall

Uploaded by

Shiv Om Shiv Om
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

Deployment of checkpoint

Firewall

TUSHAR KUMAR
----IPST
1

Firstly, You have to understand your network topology and security


requirements.
Now we have to select the hardware (Checkpoint hardware, DELL & IBM
servers) or virtual machine (AWS & AZURE) as per the requirement of Check
Point Firewall.
Suppose we create such kind of topology-

We deploy firewall after


network edge router (ISP
connected router) so that it
can provide security to our
LAN network
Smart console
Standalone Firewall is security device it
monitors and filter the
traffic on the bases of set of
rules, which You have
LAN configured on firewall. It
provides security to our
LAN Network.

Before setting up the firewall, we need to install the operating system.


Checkpoint provides the Gaia operating system for Checkpoint-Firewall that
can be installed and run on any hardware or virtual machine.

Installation process of Gaia operating system

 Download the Gaia operating system for hardware (open server) Make
sure your system meets all the dependencies required by GIAI.
 Take access of open server and deploy Gaia image on open server, now
boot with that image.
 It will show this type of interface, then select- Install Gaia on this system
2

 This requires confirmation to proceed. So click on ok

 Select your keyboard type then click ok


3

 It automatically adjusts it, if you want to change something here you can, if
not then click OK.

 Now enter your password for CLI access then click OK

 Now enter your password for GUI access then click OK


4

 Select which port you want to make the management port then click OK

 Now enter you IP add, subnet and gateway then click OK

 Now it going to format all hard drives, so it need confirmation click ok


5

 Now the installation has started, it will take sometime

 After completing the installation it will show this interface just press Enter

 Now select start in normal mode then press enter


6

 Now our installation has completed successfully, so it shows CLI

Now our hardware (open server) ready to setup as a security gateway,


security management server or both –
Security Gateway (SG) - the network point where traffic is inspected and
controlled according to the defined security policies they are deployed at
network boundaries to protect against unauthorised access, malicious traffic,
and other security threats.
Security Management Server (SMS) - Centralized platform to manage
security policies, configurations, and monitoring across multiple devices
such as firewalls.
Smart console –Smart console is a GUI tool to connect to SMS. Through this
tool a security administrator is able to prepare and apply security policies to
the SG.(A software which is easily installed in laptop)

Smart console
SMS SG

 Smart console provide GUI of SMS to create and manage policies via
smart console and also publish the policies SMS to SG.
 SMS is the actual location where we do management and create policies.
 The policies are applied on SG. Now SG inspect the traffic and control
according to the define security policies.
7

Deployment type
Standalone-In this, Security Gateway and Security management server is
deploy on the same hardware.

Work as SG & SMS both

Distributed-In this, Security Gateway and Security management server is


deploy on the different hardware.

Work as SG

Work as SMS

Installation process of SG & SMS (Standalone Type)


Let setup hardware as Standalone type, we need to use laptop so connect
your laptop with management port of hardware & VM-
 In laptop we need to provide same network as on management port then
try to ping !!!!!
 If you are reachable then, open any web and search-
https://(IP add of management port)
 Now click on Advanced option
8

 Now click on proceed to 192.168.1.10 (unsafe)

 Now enter username admin and password (password of GUI)

 It will show this interface, click Next>


9

 Select continue with R81.20 configuration then click on Next

 If you want to any changes here you can do if not then click on next>

 Again click on Next>


10

 Here you can provide host name then click on next>

 Here you can select time and also NTP then click on Next>

 Here you select security gateway/security management then click Next>


11

 Here we both are selected auto so we don’t need to change anything click
Next>

 Here we use same as Giai administrator. If want to define a new


administrator so you can if not then click Next>

 Here we just provide IP add of GUI clients (smart console pc IP) then next>
12

 It will take some time-

 Just click on Finish

 Now just click OK, now your installation is completed.


13

Some troubleshooting command for CLI

 Set interface (interface no) ipv4-addressing (ip add) subnet-mask


(subnet) --- To assign IP add
 Set interface (interface no) state on ---To enable interface
 Set interface (interface no) state off ---To disable interface
 Set static-route (Network/CIDR) next hop gateway address
(next hop) off ---To remove static route
 Set static-route (Network/CIDR) next hop gateway address
(next hop) on ---To add static route
 Cpstart --- To start all Checkpoint Services
 cpstop ---To stop all Checkpoint Services
 cprestart --- To restart all Checkpoint Services
 cpstat ---To show the status of the firewall
 cp_conf sic ---SIC stuff

You might also like