Wednesday, September 26, 2012

Checkpoint Firewall lab with VMware

I am new to Checkpoint Firewall and just want to share my experience on setting up a Checkpoint Firewall lab with VMware workstation. This lab will have two management stations and three firewalls. you can configure the two management station and the first two firewall as HA later.
  1. First, download Check_Point_R75.20.Splat.iso from Checkpoint site.
  2. Second, create one VM in WMware Workstation and call it MGMT1. This is a Red Hat Linux 5 VM. You just need one virtual NIC for now.
  3. Boot the VM with the iso file you downloaded and install the Security Platform. The detailed instruction can be found here: http://www.sysadmintutorials.com/installing-check-point-r75-secureplatform-tutorials/ and you will need to stop at step 11 of the second
  4. Turn off the VM and use VMware to clone this VM as MGMT2, FW1, FW2, and FW3.
  5. You will need to add two more virtual NICs (in different VMNet) to FW1 and FW2, and one more virtual NIC to FW2.
  6. Here is the tricky or annonying part: all your VMs first NIC will have same MAC address. To change that, turn on each VM, login as admin with default password (admin). Enter "expert" at the prompt, and enter "admin" as initial password again. Using VI to open "/etc/sysconfig/netconf.C" and "/etc/sysconfig/netconf.C.keep" and modify the MAC address of the first NIC.
  7. After the change, reboot the VM, log in as admin, and enter "ifconfig" to verify each NIC has unique MAC address. (I have spent some time to change the MAC address using VMware KB 507: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=507, but that did not work. My colleague Larry helped me out on step 6 & 7 here.)
  8. On MGMT1, enter "sysconfig" to install Security Management - continue the steps in the above tutorial. This will be the primary management station.
  9. On MGMT2, follow the same step to install Security Management, except this will be the secondary management station.
  10. One the rest of the VMs, use sysconfig to install Security Gateway - those will be the actual firewall.
Now you have a few raw machines to start learning Checkpoint FW. Have fun and good luck!
Posted by at
Labels:

2 comments:

  1. UnknownJune 23, 2013 at 4:20 AM

    in step 2 when i creat VM in workstation how it will be Red Hat Linux 5 VM???

    ReplyDelete
  2. NetenGuJune 23, 2013 at 1:55 PM

    What do you mean? When you create a VM in VMware Workstation (I am using ver. 7.00), there is a step asking "select a guest Operating System" - you will select Linux. On the same page, there is drop down menu for different Linux...

    ReplyDelete

Subscribe to: Post Comments (Atom)