Configuring the Check Point firewall policy with Sectional Titles
In this video the Sectional Titles are added to the firewall policy for easier rulebase management.
The API commands used were:
add access-section layer Network position 1 name Management add access-section layer Network position 4 name "Network Traffic" add access-section layer Network position 7 name Cleanup
In this video the Check Point SmartConsole is used to build a new Security Gateway cluster object.
During the video a new interface is configured for the first time with an IP address (in the Gaia Portal) and then the topology is updated again during the cluster build.
In this video you can watch the configuration of the Check Point Gaia idle/inactivity timeout for the Gaia Portal (WebUI) and the CLI.
The commands used are:
show inactivity-timeout
set inactivity-timeout 720
This command would be required if the configuration was done on the CLI and should survive a reboot:
save config
The Security Management Server (SMS) is rebooted and the R80.40 ISO is used to rebuild the VM and then create a Multi-Domain Server (MDS) for the creation of Domain and Domain Management Servers (DMS) to manage a VSX gateway and Virtual Systems (VS) and virtual switches and virtual routers in the Check Point VSX cluster.
In this video you will be shown how you can easily configure your Check Point lab with the keyboard and time zone that will work for you when you use the lab.
To make the change to the lab you need to run one script on one Virtual Machine named RDP-HOST.
The script will prompt you to choose the setting that you need.
In this video you can watch the default Check Point Policy Package, named Standard, being configured with a new set of rules.
Before that is done new objects must be created.
The objects will be used in the rules and they represent the internal networks/subnets and hosts that will be explicitly allowed access through the firewall.
The rules should be easy to read and self-explanatory.
The API commands should also be easy to interpret.
The API commands used during this demonstration were:
add host name A-GUI ip-address 10.1.1.201 color brown
add host name A-LDAP ip-address 192.168.11.101 color "violet red"
add host name A-DMZ ip-address 192.168.12.101 color orange
add network name "A-MGMT-NET" subnet "10.1.1.0" subnet-mask "255.255.255.0" color brown
add network name "A-INT-NET" subnet "192.168.11.0" subnet-mask "255.255.255.0" color "violet red"
add network name "A-DMZ-NET" subnet "192.168.12.0" subnet-mask "255.255.255.0" color orange
add-group name Alpha-Net members.1 A-MGMT-NET members.2 A-INT-NET members.3 A-DMZ-NET
set access-rule layer "Network" name "Cleanup rule" track "Log" install-on A-GW-Cluster
add access-rule layer "Network" position 1 name "LDAP" source.1 Alpha-Net destination.1 "A-LDAP" service.1 "ldap" service.2 "ldap-ssl" action "Accept" track "Log" install-on A-GW-Cluster
add access-rule layer "Network" position 1 name "Outgoing" source.1 "A-INT-NET" source.2 "A-MGMT-NET" service.1 "http" service.2 "https" service.3 "ftp" action "Accept" track "Log" install-on A-GW-Cluster
add access-rule layer "Network" position 1 name "DMZ" destination.1 A-DMZ action "Accept" track "Log" install-on A-GW-Cluster
add access-rule layer "Network" position 1 name "DNS" source.1 Alpha-Net service.1 DNS action "Accept" track "Log" install-on A-GW-Cluster
add access-rule layer "Network" position 1 name "Stealth" destination.1 "A-GW-Cluster" track "Log" install-on A-GW-Cluster
add access-rule layer "Network" position 1 name "Management" source.1 "A-GUI" destination.1 "A-SMS" destination.2 "A-GW-Cluster" service.1 "https" service.2 "ssh_version_2" action "Accept" track "Log" install-on A-GW-Cluster
add access-rule layer "Network" position 1 name "Do Not Log" service.1 "bootp" service.2 "NBT" action "drop" install-on A-GW-Cluster
add access-section layer Network position 1 name Management
add access-section layer Network position 4 name "Network Traffic"
add access-section layer Network position 8 name Cleanup
Good References:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk163814
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Installation_and_Upgrade_Guide/Front-Matter/Front-Matter-Important-Information-IUG.htm