security gateway cp r70
DESCRIPTION
Play with Check Point firewall R 70TRANSCRIPT
![Page 2: Security Gateway CP R70](https://reader034.vdocuments.net/reader034/viewer/2022042518/54b71b094a7959177f8b45cc/html5/thumbnails/2.jpg)
Pre-requisite
● Obtain R70 media pack for your platform.Users with valid support contract can download it from Check Point web
● Hardware infrastructure.In this test CP R70 SPLAT run in XEN virtual environment on my Linux notebook (used sources: 1 core, 1.3GB RAM, 20GB HDD)
● MS Win XP (or similar supported) for firewall admin as a security rulebase builder/designer/management
![Page 3: Security Gateway CP R70](https://reader034.vdocuments.net/reader034/viewer/2022042518/54b71b094a7959177f8b45cc/html5/thumbnails/3.jpg)
Net infrastructure
● Prepare network, config: 1.segment connected to Internet, 2. isolated segment, cool app.virt-manager can do it.
![Page 4: Security Gateway CP R70](https://reader034.vdocuments.net/reader034/viewer/2022042518/54b71b094a7959177f8b45cc/html5/thumbnails/4.jpg)
Install/setup SPLAT
● Boot CP R70 SPLAT CD a follow instruction● Additional changes should be done by CLI or
WEB Gui
![Page 5: Security Gateway CP R70](https://reader034.vdocuments.net/reader034/viewer/2022042518/54b71b094a7959177f8b45cc/html5/thumbnails/5.jpg)
Install/setup MS Win XP
● Manual set IP adress● Run IE -> https://splat_ip:443/● Install SmartDashboard (Webgui -> Product
configuration -> Download SmartConsole)
![Page 6: Security Gateway CP R70](https://reader034.vdocuments.net/reader034/viewer/2022042518/54b71b094a7959177f8b45cc/html5/thumbnails/6.jpg)
Software Blades – new feature
A software blade is a logical security building block that is independent, modular and centrally managed. Software Blades can be quickly enabled and configured into a solution based on specific business needs. source www.checkpoint.com
![Page 7: Security Gateway CP R70](https://reader034.vdocuments.net/reader034/viewer/2022042518/54b71b094a7959177f8b45cc/html5/thumbnails/7.jpg)
Setup topology info
● Important in real environment, helps to discover connected networks and address spoofing.
![Page 8: Security Gateway CP R70](https://reader034.vdocuments.net/reader034/viewer/2022042518/54b71b094a7959177f8b45cc/html5/thumbnails/8.jpg)
Security rule base
● Define basic rules: implicit drop, stealth rule⑦ ②● Additional rules: http with resource, dns ④ ③
traffic and etc...
![Page 9: Security Gateway CP R70](https://reader034.vdocuments.net/reader034/viewer/2022042518/54b71b094a7959177f8b45cc/html5/thumbnails/9.jpg)
Network Address Translator
● Define Hide NAT for internal network
Open object mgmt_net, select chart nat and
enable automatic NAT
![Page 10: Security Gateway CP R70](https://reader034.vdocuments.net/reader034/viewer/2022042518/54b71b094a7959177f8b45cc/html5/thumbnails/10.jpg)
Install firewall policy
![Page 11: Security Gateway CP R70](https://reader034.vdocuments.net/reader034/viewer/2022042518/54b71b094a7959177f8b45cc/html5/thumbnails/11.jpg)
SmartView Tracker - log gui
![Page 12: Security Gateway CP R70](https://reader034.vdocuments.net/reader034/viewer/2022042518/54b71b094a7959177f8b45cc/html5/thumbnails/12.jpg)
Firewall log and troubleshoot
● SmartView Tracker detail output
fw monitor, fw log - cli command for advance user
![Page 13: Security Gateway CP R70](https://reader034.vdocuments.net/reader034/viewer/2022042518/54b71b094a7959177f8b45cc/html5/thumbnails/13.jpg)
NMAPing fresh installed fw
Perfect seal
![Page 14: Security Gateway CP R70](https://reader034.vdocuments.net/reader034/viewer/2022042518/54b71b094a7959177f8b45cc/html5/thumbnails/14.jpg)
Eventia Analyzer
● Security event correlation● nmap scan in fw log -> 300 records, Eventia ∼
analyzer log -> 1 record
![Page 15: Security Gateway CP R70](https://reader034.vdocuments.net/reader034/viewer/2022042518/54b71b094a7959177f8b45cc/html5/thumbnails/15.jpg)
Embedded Anti virus
● Enable AV engine, Smart Dashboard -> Anti-virus & URL filtering chart
![Page 16: Security Gateway CP R70](https://reader034.vdocuments.net/reader034/viewer/2022042518/54b71b094a7959177f8b45cc/html5/thumbnails/16.jpg)
eicar test
● www.eicar.com Anti-Virus or Anti-Malware test file should trigger av engine
● Try to download eicar in browser
![Page 17: Security Gateway CP R70](https://reader034.vdocuments.net/reader034/viewer/2022042518/54b71b094a7959177f8b45cc/html5/thumbnails/17.jpg)
Eventia reporter - detail report
● Accounting, rule base analysis, trends, graphs and more