Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Oskar_Svedman
Participant

Hardware for home-lab

Hi,
I want to run R80.30 in my home lab and get all R80 features. Management will run on another remote server.
What are you using? I am thinking on running Gaia on a NUC or other small PC and run vmware, or should I get an 1430 firewall?

Any recommentations?

0 Kudos
10 Replies
Danny
Champion Champion
Champion

R80.30 doesn't run on SMB appliances yet, like the 1430 box you mentioned (sk97766). I'm using 3200 appliances at home. These are very silent and powerful enough for home testing and lab. Depending on what you really want to do (you wrote: ALL R80 features) you might want to consider even more powerful appliances (enterprise grade).

0 Kudos
Oskar_Svedman
Participant

Thanks Danny,
3200 would be nice but its too pricey for my home lab... 
This data sheet for 1400-series show R80.10, but is it only for the management?
https://www.checkpoint.com/downloads/products/1400-security-gateway-datasheet.pdf


0 Kudos
Timothy_Hall
Champion
Champion

The 3100 is the lowest appliance capable of running a full Gaia deployment with all features.  1400s and lower use embedded Gaia which does not quite have the full feature set.  At one point there was some kind of special "test lab" or "non-production" pricing, perhaps @_Val_  or @PhoneBoy could chime in on this one?

However it is much easier to just use VMWare Workstation or VirtualBox on an old piece of hardware.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Bob_Zimmerman
Authority
Authority

Minor quibble. The 3100 is the lowest current appliance. The 2200 should also be able to run full GAiA.

The 3100 and 3200 use Intel Avoton (Atom C2000-series) chips. That family has a bug known as AVR54, which affects the Low Pin Count (LPC) bus. This bus is used to connect the processor to the system firmware. Eventually, it degrades to the point the system will no longer boot. Intel fixed this issue in the C0 stepping of the Avoton chips. I don't yet know if the 3100 and 3200 use C0 stepping chips.

 

Of course, throwing a hypervisor on a NUC and running firewall and SmartCenter VMs is my preferred option. I'm currently really enjoying SmartOS. NUC models are listed in the form #i#___, where the first # is the processor generation and the second # is the processor family within the generation. For example, the NUC6i3 has an i3-6100U processor. The three _ characters are letters indicating other capabilities of the device, such as whether it has a 2.5" drive bay or not.

The 6i model NUCs all work with 64 GB of RAM if you can find 32 GB SO-DIMMs. That's enough RAM to run a pretty sizable lab.

0 Kudos
PhoneBoy
Admin
Admin

I've got a couple of old Dell servers that I run VMware ESXi on (free version) and various VMs on (gateway, management, etc).
I also have a traveling lab on a Skull Canyon NUC that's real easy to slip into my carryon bag.
For licenses, you can just use standard 30-day evals.

I believe partners can also acquire NFR/Demo hardware at a significant discount.
Oskar_Svedman
Participant

Then the best option seems to be a PC/Server with ESX.
If the 1400 doesn't have full Gaia it's too limited. Already have a 700 serie. Got it earlier with the partner discount. Think it was 60-70% off price list.

When using a NUC or similar with one physical network interface. Do you add a secondary USB-ethernet or does it work Ok with a trunk port and setup vlans?

0 Kudos
PhoneBoy
Admin
Admin

ESXi allows you to set VLAN trunks on the Ethernet interface.
I haven't tried USB Ethernet interfaces with ESXi.
My NUC also has WiFi, which I've associated with a Windows VM.
I then use Internet Connection Sharing to provide Internet access to all my VMs.
It's also my SmartConsole VM, as I'm usually using a Mac. 😁
0 Kudos
Hugo_vd_Kooij
Advisor

My "home lab" is in fact not at home. I run it on a ESXi server colocated so I can scratch it if I need to. Check out https://www.soyoustart.com/us/ as they have a few options that your homelab will never have.

I now have 16 public IP addresses to tinker with.

 

 

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
nsamsin
Participant

Which server are you currently using Hugo? I'm considering the dedicated infra server v2.

0 Kudos
John_Fleming
Advisor

I prefer GNS3. I like that its all linux based, gives access to just about anything you want in the bios and uses qcow2 images by default. Down side is it require a fat client. I've heard of other people using eve-ng which is pure html based.

 

BTW i'm not using the GNS3 VM. I'm running gns3server on ubuntu and gns3 client on windows/linux.

 

Oh.. btw.. GNS3 also supports multiple uses in a single project meaning we can have multiple people working on the same network drawing configuring stuff. pretty cool. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events