I've been configuring, troubleshooting and blogging Cisco ASA firewall for quite some now and I'm still learning as the ASA continues to evolve. I had the desire to learn another firewall skill so I decided to take up Check Point Certified Security Administrator (CCSA) since they're a market leader in network firewall according to a report from Gartner (a tech research company). Also, an opportunity came up at work where I was asked to "size" our client's network and order the right Check Point firewall platform to run their site-to-site IPsec VPNs. In this case we're getting Check Point 2200 firewall.
I created this "wannabe" blog to help me get motivated (kinda like a mantra) in pursuing my certification. Blogging also helps me reinforce the concepts I've read and practised in my lab. Most of the time, my blog serves as a refresher notes when I'm in the middle of a troubleshooting or configuration scenario.
These are some of the resources to help me prepare such as the Check Point Secrity Administration Student Manual R77 Edition, Keith Barker's CCSA Gaia CBT Nugget videos, Check Point Gaia R77 ISO files and built my own virtual lab using the topology below (using free Check Point stencil). You'll also need to create a UserCenter profile in Check Point's website since this is one of the prerequisites in getting your CCSA.
I've used Virtual Box in my virtual lab since it works seamlessly with GNS3. I had some quirky experience with VMware Workstation and its VMnet interfaces. I'll be sharing my notes to better understand the Check Point three-tier architecture and will post the Gaia R77 installation process on my next blog.
The Check Point core system consists three inter-connected components:
* SmartConsole
* Security Management Server
* Security Gateway
SmartConsole
The SmartCenter GUI, SmartConsole is comprised of several clients, used to manage the Check Point security environment.
One of these SmartConsole client is SmartDashboard, which provides a single GUI interface for defining and managing multiple elements of a Secure Virtual Network: firewall security, VPNs, Network Address Translation, Quality of Service and VPN client security. All object defintions (users, hosts, networks, services, and so on) are shared among all applications, for efficient Policy creation and security management.
Security Management Server
The Security Management Server stores and distributes Security Policies to multiple Security Gateways. Policies are defined using SmartDashboard, and saved on the Security Management Server. The Security Management Server maintains the Check Point databases, which include network-object definitions, user definitions, Security Policies, and log files for firewalled gateways.
Once policies are created or modified, they are distributed to Security Gateways. Centralized Policy management increases efficiency, when compared to solutions that require either multiple management interfaces or per-device policy installation. Security is strengthened, because the Security Policy is always up-to-date on all networked Security Gateways.
Security Gateway
The Security Gateway is the firewalled machine on which the firewall software is installed, and is based on Stateful Inspection. SmartConsole and Security Management Server may be deployed on the same or separate machines, in a client/server configuration.
The Security Gateway is deployed on an Internet gateway and other network access points. Security Policies are defined using SmartDashboard, and saved to a Security Management Server. An Inspection Script is generated from Policies. Inspection Code is complied from the Inspection Script, and is installed on the Security Gateway, which protects the network.
I created this "wannabe" blog to help me get motivated (kinda like a mantra) in pursuing my certification. Blogging also helps me reinforce the concepts I've read and practised in my lab. Most of the time, my blog serves as a refresher notes when I'm in the middle of a troubleshooting or configuration scenario.
These are some of the resources to help me prepare such as the Check Point Secrity Administration Student Manual R77 Edition, Keith Barker's CCSA Gaia CBT Nugget videos, Check Point Gaia R77 ISO files and built my own virtual lab using the topology below (using free Check Point stencil). You'll also need to create a UserCenter profile in Check Point's website since this is one of the prerequisites in getting your CCSA.
I've used Virtual Box in my virtual lab since it works seamlessly with GNS3. I had some quirky experience with VMware Workstation and its VMnet interfaces. I'll be sharing my notes to better understand the Check Point three-tier architecture and will post the Gaia R77 installation process on my next blog.
The Check Point core system consists three inter-connected components:
* SmartConsole
* Security Management Server
* Security Gateway
SmartConsole
The SmartCenter GUI, SmartConsole is comprised of several clients, used to manage the Check Point security environment.
One of these SmartConsole client is SmartDashboard, which provides a single GUI interface for defining and managing multiple elements of a Secure Virtual Network: firewall security, VPNs, Network Address Translation, Quality of Service and VPN client security. All object defintions (users, hosts, networks, services, and so on) are shared among all applications, for efficient Policy creation and security management.
Security Management Server
The Security Management Server stores and distributes Security Policies to multiple Security Gateways. Policies are defined using SmartDashboard, and saved on the Security Management Server. The Security Management Server maintains the Check Point databases, which include network-object definitions, user definitions, Security Policies, and log files for firewalled gateways.
Once policies are created or modified, they are distributed to Security Gateways. Centralized Policy management increases efficiency, when compared to solutions that require either multiple management interfaces or per-device policy installation. Security is strengthened, because the Security Policy is always up-to-date on all networked Security Gateways.
Security Gateway
The Security Gateway is the firewalled machine on which the firewall software is installed, and is based on Stateful Inspection. SmartConsole and Security Management Server may be deployed on the same or separate machines, in a client/server configuration.
The Security Gateway is deployed on an Internet gateway and other network access points. Security Policies are defined using SmartDashboard, and saved to a Security Management Server. An Inspection Script is generated from Policies. Inspection Code is complied from the Inspection Script, and is installed on the Security Gateway, which protects the network.
Hi there, nice blog! If I may ask few questions about your setup. I also use similar topology in VBox but i start having issues with NAT. What type of your interface do you use for the outside interfaces on the firewall? Also where exactly do you use GNS3 in that topology? Is R1 your physical router or thats where you incorporate GNS3 - R1 and SW1?
ReplyDeleteHi,
ReplyDeleteThanks for your kind words! My lab setup is found here:
http://ccsawannabe.blogspot.com/2016/02/check-point-gaia-r77-installation.html
I used eth0 for my Check Point Security Gateway (CP GW) outside interface. My R1 is a GNS3 router that's "bridged" to a PC LAN adapter. The GNS3 R1 setup is found here.
http://wannabelab.blogspot.com/2015/11/connecting-gns3-device-to-internet.html
I used GNS3 switch and used default VLAN. Nothing really special on the switch setup.