Thursday, May 12, 2016

Check Point 1140 Basic Configuration

I had a great bargain on Ebay for a Check Point 1140 firewall while studying for my CCSA. This helped me put my Check Point knowledge to the test and got my feet wet in an actual deployment. I bought a Cisco ASA 5505 firewall last time, which helped me a lot during my CCNA/CCNP Security days. It also gave me the confidence in real world deployments such as configuring and installing Cisco ASA firewalls in my current job.

There's a great Check Point 1100 appliance guide posted in CPUG forum and here's the actual datasheet and initial guide from Check Point's website. Below is what the front and back panel looks like. It has a built-in switch with eight GigabitEthernet ports, a dedicated DMZ port and a WAN port. It also uses a 12-volt power brick/adapter, two USB (one in front and one at the back) and SD card slot and it got 2 rubber antennas.




My lovely daughter Sophia who just turned 4 this year (2016).


The Check Point appliance work seamlessly with Google Chrome web browser. To start the initial configuration wizard, type https://192.168.1.1:4434 in the web browser.




Create an admin account and set its password, set the country, date/time, hostname, etc.





Select Local management since this is a standalone deployment and there’s no separate appliance for the Security Management Server (for distributed architecture).



I’m using cable modem at home which uses DCHP for its WAN (external) connection.
 


Since this is a small home lab setup, I’ve created a DCHP range to use 50 IP addresses (192.168.1.1 - 192.168.1.50) and excluded the first 9 IPs: 192.168.1.2 – 192.168.1.10. The default gateway IP 192.168.1.1 is automatically excluded.
 

I’ve used the same SSID and password with my existing Cisco Linksys E1000 wifi router at home. Protected network means the wireless network is protected by a password and authentication using WPA/WPA2 PSK.


I’ve allowed management access from the LAN/WLAN which is Any IP address from the 192.168.1.0/24 subnet.
 


If you skip the Active License page, it will cause a 30-day eval license countdown on the selected Software blades. I just activated the Firewall, Remote Access and Site To Site VPN Software Blades since these have no expiration.
 



If you select the Offline option, it will ask you to import the Activation File which is downloaded via the Check Point User Center.




It will show a configuration summary page before committing the changes. Click Finish to complete the setup wizard.
 








This is via SSH/CLI access. The Check Point 1140 had Gaia R77.20.11 version installed.



Although the iPhone Safari web browser says it doesn’t support the WebUI, it can still load it successfully.





No comments:

Post a Comment