SlideShare une entreprise Scribd logo

Check Point Security gateway R70 Software Blade installation and configuration

D
dzihiro

Play with Check Point firewall R 70

Technologie
1  sur  17
Télécharger pour lire hors ligne
Check Point Security gateway R70 Touch Software Blade psaxf@psaxf.net
Pre-requisite ● Obtain R70 media pack for your platform. Users with valid support contract can download it from Check Point web ● Hardware infrastructure. In this test CP R70 SPLAT run in XEN virtual environment on my Linux notebook (used sources: 1 core, 1.3GB RAM, 20GB HDD) ● MS Win XP (or similar supported) for firewall admin as a security rulebase builder/designer/management
Net infrastructure ● Prepare network, config: 1.segment connected to Internet, 2. isolated segment, cool app. virt-manager can do it.
Install/setup SPLAT ● Boot CP R70 SPLAT CD a follow instruction ● Additional changes should be done by CLI or WEB Gui
Install/setup MS Win XP ● Manual set IP adress ● Run IE -> https://splat_ip:443/ ● Install SmartDashboard (Webgui -> Product configuration -> Download SmartConsole)
Software Blades – new feature A software blade is a logical security building block that is independent, modular and centrally managed. Software Blades can be quickly enabled and configured into a solution based on specific business needs. source www.checkpoint.com
Setup topology info ● Important in real environment, helps to discover connected networks and address spoofing.
Security rule base ● Define basic rules: ⑦implicit drop, ②stealth rule ● Additional rules: ④http with resource, ③dns traffic and etc...
Network Address Translator ● Define Hide NAT for internal network Open object mgmt_net, select chart nat and enable automatic NAT
Install firewall policy
SmartView Tracker - log gui
Firewall log and troubleshoot ● SmartView Tracker detail output fw monitor, fw log - cli command for advance user
NMAPing fresh installed fw Perfect seal
Eventia Analyzer ● Security event correlation ● nmap scan in fw log -> ∼300 records, Eventia analyzer log -> 1 record
Embedded Anti virus ● Enable AV engine, Smart Dashboard -> Anti- virus & URL filtering chart
eicar test ● www.eicar.com Anti-Virus or Anti-Malware test file should trigger av engine ● Try to download eicar in browser
Eventia reporter - detail report ● Accounting, rule base analysis, trends, graphs and more

Recommandé

Cloud HMI - Monitoring, Control and Analyzing from Remote
Cloud HMI - Monitoring, Control and Analyzing from RemoteCloud HMI - Monitoring, Control and Analyzing from Remote
Cloud HMI - Monitoring, Control and Analyzing from RemoteM2M Alliance e.V.
 
proVconnect_IntelligentSystems_DataSheet
proVconnect_IntelligentSystems_DataSheetproVconnect_IntelligentSystems_DataSheet
proVconnect_IntelligentSystems_DataSheetRavi Mark Venkat
 
Mastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installationMastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installationnetworkershome
 
Infrastructure management presented to GPNOG (Updated)
Infrastructure management presented to GPNOG (Updated)Infrastructure management presented to GPNOG (Updated)
Infrastructure management presented to GPNOG (Updated)Ronald Bartels
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
SANGFOR NGAF FIREWALL SG TECHNICAL PVT LTD 03002019693
SANGFOR NGAF FIREWALL SG TECHNICAL PVT LTD 03002019693 SANGFOR NGAF FIREWALL SG TECHNICAL PVT LTD 03002019693
SANGFOR NGAF FIREWALL SG TECHNICAL PVT LTD 03002019693 Muhammad Adeel Kazim⭐⭐⭐⭐⭐
 
Security_Practices_with_CFEngine-cfgcamp_2016
Security_Practices_with_CFEngine-cfgcamp_2016Security_Practices_with_CFEngine-cfgcamp_2016
Security_Practices_with_CFEngine-cfgcamp_2016Nick Anderson
 
Nagios pawan kumar- stpl 30042012
Nagios pawan kumar- stpl 30042012Nagios pawan kumar- stpl 30042012
Nagios pawan kumar- stpl 30042012Pawan Kumar
 

Recommandé

Cloud HMI - Monitoring, Control and Analyzing from Remote
Cloud HMI - Monitoring, Control and Analyzing from RemoteCloud HMI - Monitoring, Control and Analyzing from Remote
Cloud HMI - Monitoring, Control and Analyzing from RemoteM2M Alliance e.V.
 
proVconnect_IntelligentSystems_DataSheet
proVconnect_IntelligentSystems_DataSheetproVconnect_IntelligentSystems_DataSheet
proVconnect_IntelligentSystems_DataSheetRavi Mark Venkat
 
Mastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installationMastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installationnetworkershome
 
Infrastructure management presented to GPNOG (Updated)
Infrastructure management presented to GPNOG (Updated)Infrastructure management presented to GPNOG (Updated)
Infrastructure management presented to GPNOG (Updated)Ronald Bartels
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
SANGFOR NGAF FIREWALL SG TECHNICAL PVT LTD 03002019693
SANGFOR NGAF FIREWALL SG TECHNICAL PVT LTD 03002019693 SANGFOR NGAF FIREWALL SG TECHNICAL PVT LTD 03002019693
SANGFOR NGAF FIREWALL SG TECHNICAL PVT LTD 03002019693 Muhammad Adeel Kazim⭐⭐⭐⭐⭐
 
Security_Practices_with_CFEngine-cfgcamp_2016
Security_Practices_with_CFEngine-cfgcamp_2016Security_Practices_with_CFEngine-cfgcamp_2016
Security_Practices_with_CFEngine-cfgcamp_2016Nick Anderson
 
Nagios pawan kumar- stpl 30042012
Nagios pawan kumar- stpl 30042012Nagios pawan kumar- stpl 30042012
Nagios pawan kumar- stpl 30042012Pawan Kumar
 
Identify and mitigate high risk port vulnerabilities
Identify and mitigate high risk port vulnerabilitiesIdentify and mitigate high risk port vulnerabilities
Identify and mitigate high risk port vulnerabilitiesGENIANS, INC.
 
Firewall intro
Firewall introFirewall intro
Firewall introamar_panchal
 
Shape your remote connection to your GCE instance
Shape your remote connection to your GCE instanceShape your remote connection to your GCE instance
Shape your remote connection to your GCE instanceDevOps Indonesia
 
Fortinet
FortinetFortinet
FortinetABEP123
 
Unpacking Digium's Switchvox
Unpacking Digium's SwitchvoxUnpacking Digium's Switchvox
Unpacking Digium's SwitchvoxClarotech_Events
 
2014 Security Onion Conference
2014 Security Onion Conference2014 Security Onion Conference
2014 Security Onion ConferenceDefensiveDepth
 
Security onion
Security onionSecurity onion
Security onionKaustubh Padwad
 
Palo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyPalo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyMostafa El Lathy
 
Network Design and Security Best Practices
Network Design and Security Best PracticesNetwork Design and Security Best Practices
Network Design and Security Best PracticesMike Sherwood
 
Via TRM Information Security Policy and Disaster Recovery Plan v 022616
Via TRM Information Security Policy and Disaster Recovery Plan v 022616Via TRM Information Security Policy and Disaster Recovery Plan v 022616
Via TRM Information Security Policy and Disaster Recovery Plan v 022616Via TRM
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsPavel Odintsov
 
Virtual Firewall Management
Virtual Firewall ManagementVirtual Firewall Management
Virtual Firewall ManagementRagavan Seetharaman
 
z/OS Authorized Code Scanner
z/OS Authorized Code Scannerz/OS Authorized Code Scanner
z/OS Authorized Code ScannerLuigi Perrone
 
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustProtecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustDan Griffin
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Pavel Odintsov
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonPavel Odintsov
 
Wireless NETGEAR - Soluzioni wireless per il business e demo configurazione W...
Wireless NETGEAR - Soluzioni wireless per il business e demo configurazione W...Wireless NETGEAR - Soluzioni wireless per il business e demo configurazione W...
Wireless NETGEAR - Soluzioni wireless per il business e demo configurazione W...Netgear Italia
 
Webinar NETGEAR - Il software NMS300 per la gestione ed il controllo completo...
Webinar NETGEAR - Il software NMS300 per la gestione ed il controllo completo...Webinar NETGEAR - Il software NMS300 per la gestione ed il controllo completo...
Webinar NETGEAR - Il software NMS300 per la gestione ed il controllo completo...Netgear Italia
 
Suricata
SuricataSuricata
Suricatatex_morgan
 
FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolPavel Odintsov
 
The shop
The shopThe shop
The shopmatiseg
 
You give me something
You give me somethingYou give me something
You give me somethingmatiseg
 

Contenu connexe

Tendances

Identify and mitigate high risk port vulnerabilities
Identify and mitigate high risk port vulnerabilitiesIdentify and mitigate high risk port vulnerabilities
Identify and mitigate high risk port vulnerabilitiesGENIANS, INC.
 
Shape your remote connection to your GCE instance
Shape your remote connection to your GCE instanceShape your remote connection to your GCE instance
Shape your remote connection to your GCE instanceDevOps Indonesia
 
Fortinet
FortinetFortinet
FortinetABEP123
 
Unpacking Digium's Switchvox
Unpacking Digium's SwitchvoxUnpacking Digium's Switchvox
Unpacking Digium's SwitchvoxClarotech_Events
 
2014 Security Onion Conference
2014 Security Onion Conference2014 Security Onion Conference
2014 Security Onion ConferenceDefensiveDepth
 
Palo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyPalo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyMostafa El Lathy
 
Network Design and Security Best Practices
Network Design and Security Best PracticesNetwork Design and Security Best Practices
Network Design and Security Best PracticesMike Sherwood
 
Via TRM Information Security Policy and Disaster Recovery Plan v 022616
Via TRM Information Security Policy and Disaster Recovery Plan v 022616Via TRM Information Security Policy and Disaster Recovery Plan v 022616
Via TRM Information Security Policy and Disaster Recovery Plan v 022616Via TRM
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsPavel Odintsov
 
z/OS Authorized Code Scanner
z/OS Authorized Code Scannerz/OS Authorized Code Scanner
z/OS Authorized Code ScannerLuigi Perrone
 
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustProtecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustDan Griffin
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Pavel Odintsov
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonPavel Odintsov
 
Wireless NETGEAR - Soluzioni wireless per il business e demo configurazione W...
Wireless NETGEAR - Soluzioni wireless per il business e demo configurazione W...Wireless NETGEAR - Soluzioni wireless per il business e demo configurazione W...
Wireless NETGEAR - Soluzioni wireless per il business e demo configurazione W...Netgear Italia
 
Webinar NETGEAR - Il software NMS300 per la gestione ed il controllo completo...
Webinar NETGEAR - Il software NMS300 per la gestione ed il controllo completo...Webinar NETGEAR - Il software NMS300 per la gestione ed il controllo completo...
Webinar NETGEAR - Il software NMS300 per la gestione ed il controllo completo...Netgear Italia
 
FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolPavel Odintsov
 

Tendances (20)

Identify and mitigate high risk port vulnerabilities
Identify and mitigate high risk port vulnerabilitiesIdentify and mitigate high risk port vulnerabilities
Identify and mitigate high risk port vulnerabilities
 
Firewall intro
Firewall introFirewall intro
Firewall intro
 
Shape your remote connection to your GCE instance
Shape your remote connection to your GCE instanceShape your remote connection to your GCE instance
Shape your remote connection to your GCE instance
 
Fortinet
FortinetFortinet
Fortinet
 
Unpacking Digium's Switchvox
Unpacking Digium's SwitchvoxUnpacking Digium's Switchvox
Unpacking Digium's Switchvox
 
2014 Security Onion Conference
2014 Security Onion Conference2014 Security Onion Conference
2014 Security Onion Conference
 
Security onion
Security onionSecurity onion
Security onion
 
Palo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyPalo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El Lathy
 
Network Design and Security Best Practices
Network Design and Security Best PracticesNetwork Design and Security Best Practices
Network Design and Security Best Practices
 
Via TRM Information Security Policy and Disaster Recovery Plan v 022616
Via TRM Information Security Policy and Disaster Recovery Plan v 022616Via TRM Information Security Policy and Disaster Recovery Plan v 022616
Via TRM Information Security Policy and Disaster Recovery Plan v 022616
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developments
 
Virtual Firewall Management
Virtual Firewall ManagementVirtual Firewall Management
Virtual Firewall Management
 
z/OS Authorized Code Scanner
z/OS Authorized Code Scannerz/OS Authorized Code Scanner
z/OS Authorized Code Scanner
 
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustProtecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmon
 
Wireless NETGEAR - Soluzioni wireless per il business e demo configurazione W...
Wireless NETGEAR - Soluzioni wireless per il business e demo configurazione W...Wireless NETGEAR - Soluzioni wireless per il business e demo configurazione W...
Wireless NETGEAR - Soluzioni wireless per il business e demo configurazione W...
 
Webinar NETGEAR - Il software NMS300 per la gestione ed il controllo completo...
Webinar NETGEAR - Il software NMS300 per la gestione ed il controllo completo...Webinar NETGEAR - Il software NMS300 per la gestione ed il controllo completo...
Webinar NETGEAR - Il software NMS300 per la gestione ed il controllo completo...
 
Suricata
SuricataSuricata
Suricata
 
FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection tool
 

En vedette

The shop
The shopThe shop
The shopmatiseg
 
You give me something
You give me somethingYou give me something
You give me somethingmatiseg
 
British breakfast
British breakfastBritish breakfast
British breakfastmatiseg
 
Cultural agenda January
Cultural agenda JanuaryCultural agenda January
Cultural agenda Januarymatiseg
 
Countries.
Countries.Countries.
Countries.matiseg
 
Whats the time
Whats the timeWhats the time
Whats the timematiseg
 
Dka Management
Dka ManagementDka Management
Dka ManagementHome~^^
 
Hypoglycemia2
Hypoglycemia2Hypoglycemia2
Hypoglycemia2Home~^^
 
Coma In Diabetic Patient
Coma In Diabetic PatientComa In Diabetic Patient
Coma In Diabetic PatientHome~^^
 
Passive voice
Passive voicePassive voice
Passive voicematiseg
 
chest pain-case 3
chest pain-case 3chest pain-case 3
chest pain-case 3Home~^^
 
ulnar Entrapment Neuropathy and double crush syndrome
ulnar Entrapment Neuropathy and double crush syndromeulnar Entrapment Neuropathy and double crush syndrome
ulnar Entrapment Neuropathy and double crush syndromeHome~^^
 
Hyperosmolar Non Ketotic Dm [Autosaved]
Hyperosmolar Non Ketotic Dm [Autosaved]Hyperosmolar Non Ketotic Dm [Autosaved]
Hyperosmolar Non Ketotic Dm [Autosaved]Home~^^
 
Chest Pain-case 2
Chest Pain-case 2Chest Pain-case 2
Chest Pain-case 2Home~^^
 
Hypoglycemia
HypoglycemiaHypoglycemia
HypoglycemiaHome~^^
 
Dka Vs Hhs Suraya
Dka Vs Hhs SurayaDka Vs Hhs Suraya
Dka Vs Hhs SurayaHome~^^
 

En vedette (18)

The shop
The shopThe shop
The shop
 
You give me something
You give me somethingYou give me something
You give me something
 
Actions
ActionsActions
Actions
 
British breakfast
British breakfastBritish breakfast
British breakfast
 
Cultural agenda January
Cultural agenda JanuaryCultural agenda January
Cultural agenda January
 
Countries.
Countries.Countries.
Countries.
 
Future
FutureFuture
Future
 
Whats the time
Whats the timeWhats the time
Whats the time
 
Dka Management
Dka ManagementDka Management
Dka Management
 
Hypoglycemia2
Hypoglycemia2Hypoglycemia2
Hypoglycemia2
 
Coma In Diabetic Patient
Coma In Diabetic PatientComa In Diabetic Patient
Coma In Diabetic Patient
 
Passive voice
Passive voicePassive voice
Passive voice
 
chest pain-case 3
chest pain-case 3chest pain-case 3
chest pain-case 3
 
ulnar Entrapment Neuropathy and double crush syndrome
ulnar Entrapment Neuropathy and double crush syndromeulnar Entrapment Neuropathy and double crush syndrome
ulnar Entrapment Neuropathy and double crush syndrome
 
Hyperosmolar Non Ketotic Dm [Autosaved]
Hyperosmolar Non Ketotic Dm [Autosaved]Hyperosmolar Non Ketotic Dm [Autosaved]
Hyperosmolar Non Ketotic Dm [Autosaved]
 
Chest Pain-case 2
Chest Pain-case 2Chest Pain-case 2
Chest Pain-case 2
 
Hypoglycemia
HypoglycemiaHypoglycemia
Hypoglycemia
 
Dka Vs Hhs Suraya
Dka Vs Hhs SurayaDka Vs Hhs Suraya
Dka Vs Hhs Suraya
 

Similaire à Check Point Security gateway R70 Software Blade installation and configuration

26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
Known basic of NFV Features
Known basic of NFV FeaturesKnown basic of NFV Features
Known basic of NFV FeaturesRaul Leite
 
Nagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To Use
Nagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To UseNagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To Use
Nagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To UseNagios
 
Nagios Conference 2014 - Shamas Demoret - An Overview of Nagios Solutions
Nagios Conference 2014 - Shamas Demoret - An Overview of Nagios SolutionsNagios Conference 2014 - Shamas Demoret - An Overview of Nagios Solutions
Nagios Conference 2014 - Shamas Demoret - An Overview of Nagios SolutionsNagios
 
Check Point CCSA NGX R71 Course Overview
Check Point CCSA NGX R71 Course OverviewCheck Point CCSA NGX R71 Course Overview
Check Point CCSA NGX R71 Course Overviewdaisuke_tanabe
 
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESCENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESNazmul Hossain Rakib
 
BAS004-1_伺服器硬體基礎_v181026
BAS004-1_伺服器硬體基礎_v181026BAS004-1_伺服器硬體基礎_v181026
BAS004-1_伺服器硬體基礎_v181026rwp99346
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days
 
BAS004-1_伺服器硬體基礎_v181026 (View online)
BAS004-1_伺服器硬體基礎_v181026 (View online)BAS004-1_伺服器硬體基礎_v181026 (View online)
BAS004-1_伺服器硬體基礎_v181026 (View online)rwp99346
 
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi SubsystemTutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi SubsystemDheryta Jaisinghani
 
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?Tom Paseka
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Puppet
 
Event log analyzer by me
Event log analyzer by me Event log analyzer by me
Event log analyzer by me ER Swapnil Raut
 
AFW: Dynamic Firewalls with Chef and Netfilter
AFW: Dynamic Firewalls with Chef and NetfilterAFW: Dynamic Firewalls with Chef and Netfilter
AFW: Dynamic Firewalls with Chef and Netfilterjvehent
 
What's New in NGINX Plus R10?
What's New in NGINX Plus R10?What's New in NGINX Plus R10?
What's New in NGINX Plus R10?NGINX, Inc.
 

Similaire à Check Point Security gateway R70 Software Blade installation and configuration (20)

26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
Known basic of NFV Features
Known basic of NFV FeaturesKnown basic of NFV Features
Known basic of NFV Features
 
Nagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To Use
Nagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To UseNagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To Use
Nagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To Use
 
Nagios Conference 2014 - Shamas Demoret - An Overview of Nagios Solutions
Nagios Conference 2014 - Shamas Demoret - An Overview of Nagios SolutionsNagios Conference 2014 - Shamas Demoret - An Overview of Nagios Solutions
Nagios Conference 2014 - Shamas Demoret - An Overview of Nagios Solutions
 
Check Point CCSA NGX R71 Course Overview
Check Point CCSA NGX R71 Course OverviewCheck Point CCSA NGX R71 Course Overview
Check Point CCSA NGX R71 Course Overview
 
Nagios En
Nagios EnNagios En
Nagios En
 
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESCENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
 
BAS004-1_伺服器硬體基礎_v181026
BAS004-1_伺服器硬體基礎_v181026BAS004-1_伺服器硬體基礎_v181026
BAS004-1_伺服器硬體基礎_v181026
 
Zabbix Monitoring Platform
Zabbix Monitoring Platform Zabbix Monitoring Platform
Zabbix Monitoring Platform
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
 
BAS004-1_伺服器硬體基礎_v181026 (View online)
BAS004-1_伺服器硬體基礎_v181026 (View online)BAS004-1_伺服器硬體基礎_v181026 (View online)
BAS004-1_伺服器硬體基礎_v181026 (View online)
 
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi SubsystemTutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
 
PRTG
PRTGPRTG
PRTG
 
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
 
Event log analyzer by me
Event log analyzer by me Event log analyzer by me
Event log analyzer by me
 
AFW: Dynamic Firewalls with Chef and Netfilter
AFW: Dynamic Firewalls with Chef and NetfilterAFW: Dynamic Firewalls with Chef and Netfilter
AFW: Dynamic Firewalls with Chef and Netfilter
 
IBM Programmable Network Controller
IBM Programmable Network ControllerIBM Programmable Network Controller
IBM Programmable Network Controller
 
System monitoring
System monitoringSystem monitoring
System monitoring
 
What's New in NGINX Plus R10?
What's New in NGINX Plus R10?What's New in NGINX Plus R10?
What's New in NGINX Plus R10?
 

Dernier

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Dernier (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Check Point Security gateway R70 Software Blade installation and configuration

  • 1. Check Point Security gateway R70 Touch Software Blade psaxf@psaxf.net
  • 2. Pre-requisite ● Obtain R70 media pack for your platform. Users with valid support contract can download it from Check Point web ● Hardware infrastructure. In this test CP R70 SPLAT run in XEN virtual environment on my Linux notebook (used sources: 1 core, 1.3GB RAM, 20GB HDD) ● MS Win XP (or similar supported) for firewall admin as a security rulebase builder/designer/management
  • 3. Net infrastructure ● Prepare network, config: 1.segment connected to Internet, 2. isolated segment, cool app. virt-manager can do it.
  • 4. Install/setup SPLAT ● Boot CP R70 SPLAT CD a follow instruction ● Additional changes should be done by CLI or WEB Gui
  • 5. Install/setup MS Win XP ● Manual set IP adress ● Run IE -> https://splat_ip:443/ ● Install SmartDashboard (Webgui -> Product configuration -> Download SmartConsole)
  • 6. Software Blades – new feature A software blade is a logical security building block that is independent, modular and centrally managed. Software Blades can be quickly enabled and configured into a solution based on specific business needs. source www.checkpoint.com
  • 7. Setup topology info ● Important in real environment, helps to discover connected networks and address spoofing.
  • 8. Security rule base ● Define basic rules: ⑦implicit drop, ②stealth rule ● Additional rules: ④http with resource, ③dns traffic and etc...
  • 9. Network Address Translator ● Define Hide NAT for internal network Open object mgmt_net, select chart nat and enable automatic NAT
  • 12. Firewall log and troubleshoot ● SmartView Tracker detail output fw monitor, fw log - cli command for advance user
  • 13. NMAPing fresh installed fw Perfect seal
  • 14. Eventia Analyzer ● Security event correlation ● nmap scan in fw log -> ∼300 records, Eventia analyzer log -> 1 record
  • 15. Embedded Anti virus ● Enable AV engine, Smart Dashboard -> Anti- virus & URL filtering chart
  • 16. eicar test ● www.eicar.com Anti-Virus or Anti-Malware test file should trigger av engine ● Try to download eicar in browser
  • 17. Eventia reporter - detail report ● Accounting, rule base analysis, trends, graphs and more