Scribd
Upload
116 views

Check Point Firewall Configuration in EVE-NG

Uploaded by

Tom Cruise
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
116 views

Check Point Firewall Configuration in EVE-NG

Uploaded by

Tom Cruise
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Check Point Firewall Configuration in EVE-NG

Check Point firewalls are widely used for enterprise-level security and come with powerful
management capabilities. If you're looking to set up a Check Point firewall in EVE-NG, you'll
need to follow these steps for the initial configuration and deployment. Below is a step-by-step
guide to setting up a Check Point firewall in an EVE-NG environment.

1. Prepare the Check Point Image

1.​ Obtain the Check Point Image:


○​ You will need the Check Point Gaia image (which is the OS used by Check
Point appliances).
○​ Check Point’s VMware or KVM images are typically provided in the .qcow2
format (for EVE-NG). If you're using another format (such as .ova or .vmdk), you
may need to convert the image to a qcow2 format.
2.​ Download the Image:
○​ The image for Check Point Firewalls can be obtained from the Check Point User
Center (requires a valid Check Point account).
○​ You can also use the R80.40 or R80.30 versions for initial setup, which are
commonly used in EVE-NG.
3.​ Upload the Image to EVE-NG:

Connect to your EVE-NG server (via SFTP or SCP) and upload the .qcow2 image to the
following directory:​
bash​
Copy code​
/opt/unetlab/addons/qemu/

○​ Create a new folder for the Check Point image (e.g., checkpoint_r80).
○​ You can upload the image using WinSCP, FileZilla, or SCP.

2. Add the Check Point Node in EVE-NG

Once the image is uploaded to EVE-NG, follow these steps to add the Check Point firewall
node:

1.​ Login to EVE-NG Web Interface:


○​ Open your browser and navigate to https://<EVE-NG_IP>:6080.
○​ Log in with your EVE-NG credentials.
2.​ Create a New Lab:
○​ Click on "Add a New Lab".
○​ Give the lab a name (e.g., Check Point Lab) and click Save.
3.​ Add Check Point Firewall Node:
○​ In the lab workspace, click on "Add Node".
○​ Select Check Point from the node types dropdown.
○​ Choose the specific Check Point version/image that you uploaded (e.g., Check
Point R80).
○​ Specify the number of interfaces required (e.g., 2 interfaces for a simple
LAN-WAN test setup).
○​ Click Save to add the node to the topology.
4.​ Connect the Node:
○​ Use the Ethernet links to connect the Check Point firewall to other network
elements (e.g., routers, switches, or end-user devices).
5.​ Start the Node:
○​ Right-click on the node and select Start.
○​ Wait for the node to power on.

3. Initial Configuration of Check Point Firewall (via Console)

Once the Check Point firewall VM has started, you can access the console to begin configuring
it.

1.​ Access the Console:


○​ Right-click on the Check Point node in EVE-NG and select Console.
○​ The Gaia OS login prompt will appear.
2.​ Login to Gaia OS (CLI):
○​ Username: admin
○​ Password: admin (or the default password if you haven't changed it yet).
3.​ Set the Management IP (via CLI):
○​ First, configure the management IP address for the firewall. This will allow you to
manage the device remotely via a web interface or SmartConsole.

Run the following commands to configure the IP:​


bash​
Copy code​
set interface eth0 ipv4-address 192.168.1.1 mask-length 24
set interface eth0 state on
set static-route default gateway 192.168.1.254

○​
■​ Replace 192.168.1.1 with your desired management IP.
■​ Replace 192.168.1.254 with your gateway IP.
4.​ Commit Changes:

Run the following command to apply the changes:​


bash​
Copy code​
commit

○​

4. Configure Check Point Firewall (via Web UI)

Once the firewall management interface is configured, you can access the Gaia Web Interface
to continue configuration.

1.​ Access the Web Interface:


○​ Open a browser and navigate to https://<Firewall_IP>:443 (where
<Firewall_IP> is the management IP address you set earlier).
○​ Login with the admin username and the admin password (or the new password
if you changed it).
2.​ Configure Interfaces:
○​ Navigate to Network > Interfaces and configure the interfaces for internal
(LAN) and external (WAN) connections.
○​ Assign static IPs to these interfaces as needed.
3.​ Configure Security Zones:
○​ Navigate to Network > Zones and create zones for your network interfaces (e.g.,
LAN and WAN zones).
○​ Assign interfaces to the appropriate zones.
4.​ Create Firewall Rules:
○​ Go to Security Policies > Firewall and create rules to control traffic between
your internal and external networks. For example, you might allow internal (LAN)
to external (WAN) traffic while denying external access to internal resources.
5.​ NAT Configuration (if needed):
○​ If you want your internal network to access the internet, configure Source NAT
(SNAT):
■​ Go to Network > NAT.
■​ Create a NAT rule to translate internal IPs to the external IP when
accessing the internet.

5. Verify Connectivity and Test the Setup

After configuration, you should verify that everything is working correctly.

1.​ Ping from the Firewall:

In the CLI, run a ping test to verify connectivity to an external host (e.g., Google's DNS server):​
bash​
Copy code​
ping 8.8.8.8
○​
2.​ Test LAN to WAN Traffic:
○​ From an internal machine (or another node in your EVE-NG topology), try pinging
the firewall’s LAN interface and then an external address (e.g., 8.8.8.8).
3.​ Test Firewall Policy:
○​ Test your firewall policies by trying to access different parts of the network,
ensuring that rules are enforced as expected (e.g., allow LAN-to-WAN, but block
WAN-to-LAN).
4.​ Check Logs:
○​ Check the logs in the SmartConsole or via the Gaia CLI to ensure traffic is
being logged as expected and policies are working.

6. Save and Backup Configuration

Once you're done with the initial configuration, save the configuration to avoid losing changes:

1.​ Save the Configuration:

From the CLI, run the following:​


bash​
Copy code​
save config to <filename>.tgz

○​
2.​ Backup the Configuration:
○​ You can also back up the configuration from the Gaia Web Interface or by using
SmartConsole to export the configuration.

Conclusion

Setting up a Check Point Firewall in EVE-NG involves several key steps: uploading the image,
creating a new node, configuring the firewall interfaces, setting security zones, and creating
firewall rules. Once the basic configuration is done, you can test connectivity, validate your
policies, and fine-tune the setup based on your requirements.

This initial configuration guide will get your Check Point firewall up and running in EVE-NG. If
you want to dive deeper into specific features such as VPNs, advanced security policies, or high
availability, feel free to ask for further guidance!

ChatGPT can make mistakes. Check i

You might also like