3. Check Point Getting Started R80.20. Layout preparation
Greetings friends! Welcome to the third lesson. Today we will prepare a layout on which we will train. An important point!
Do you need a layout or can you do just viewing the course?Personally, I believe that without practice, this course will be completely useless. You just don’t remember anything. Therefore, before moving on to the next lessons, be sure to complete this one!
Laboratory bench topology
And so, I already showed you the layout topology. It looks like this:
It consists of:
- Server Management ( SMS ), which is located on the local network;
- Security gateway ( Security Gateway ), which is located on an imaginary network perimeter. The gateway has three interfaces. External, Internal and DMZ;
- The user's computer is User PC . He will go online through SG;
- Computer with SmartConsol . From it we will manage the settings;
- Windows Server in the DMZ, which acts as a Domain Controller and a Web server (i.e., IIS is running).
Where are we going to deploy all this? In general, there are three options:
- VMware Workstation
Personally, I will use VMware Workstation, as it is a little more convenient and accessible to everyone.
Then we need two images:
- Check Point Gaia R80.20 for management server ;
- Check Point Gaia R80.20 for the gateway .
Yes, unlike 80.10, these two images are different. Download iso files here .
According to system requirements. There is a document Check Point R80.20 Release notes. There you can find a table on the minimum system requirements for the OpenServer version:
As you can see, for the gateway we need at least 2 cores, 4GB of RAM and 15GB of hard drive . For management requirements are much higher. These are 2 cores, 6GB of RAM and a 500GB hard drive. We will naturally use less because we do not need a large storage under the Logs. We just have a layout.
Below are the parameters of the “virtual machines” that we will create:
- SMS: 6GB RAM, 2 vCPU Cores, 50GB HDD;
- SG: 4GB RAM, 2 vCPU Cores, 50GB HDD;
- 3 virtual adapters.
If you recall our layout, then there are just three interfaces at the gateway.
My computer, on which the layout will be deployed, will also be virtual. With the following characteristics - CPU - 4 vCPU Cores, RAM - 16GB, HDD - 200GB
Why is it virtual? Just because my laptop "will not pull" such a scheme. Therefore, I created a “virtual machine” on ESXi with Windows 10, inside of which I will raise the layout to VMware Workstation. Why am I not creating the whole layout on ESXi? A reasonable question, perhaps it would be more convenient. But, I'm afraid that many students of the course do not have a virtualization server at hand, but you can always install VMware Workstation.
If we return to our scheme, the computer is PC with VMware Workstationand there is my virtual workstation. I will connect to it via RDP and deploy the layout there.
Of course, you can deploy the layout directly on your computer if it meets the specified requirements. If your computer is weaker and there is no virtualization server at hand, then again, you can contact the NTC training center and request access to the layout . The following is a video tutorial where we will look at the layout and show how to create a virtual adapter.
In the next lesson, we will already install and initialize the devices. The lesson, as usual, first appears on our YouTube channel .