This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vladimir
Champion
Champion
‎2023-03-27 11:08 AM

Announcement – Check Point Firewall Administration R81.10+ book update

Check Point Firewall Administration R81.10+Check Point Firewall Administration R81.10+

After six months on the market, with the feedback from the readers two new updates for Check Point Firewall Administration R81.10+  are now released:

  1. Rapid Lab Deployment Guide, replacing chapters 3 and 4 of the book, and
  2. Errata and Notes, to address the few mistakes, provide additional notes and workflows.

Both are available in the book’s GitHub repository.

Tremendous thanks to @Timothy_Hall , who has pointed out some of the pertinent additional information and few mistakes, and to Seth Holcomb (@SecNetEng)  , who has meticulously documented and shared with me his experience and encountered issues with the book and its labs.

#Book #Administration

 

11 Replies
the_rock
Legend
Legend
‎2023-03-27 11:49 AM

Always grateful for all your contributions @Vladimir 💪👍

Vladimir
Champion
Champion
‎2023-03-29 06:00 PM
In response to the_rock

Thanks!

Danny
Champion Champion
Champion
‎2023-03-27 12:22 PM

Link to GitHub
Link to colored images

Vladimir
Champion
Champion
‎2023-03-29 06:02 PM
In response to Danny

Thank you Danny!

FYI: GitHub resources are free for use, so if anyone is simply interested in building the lab using VirtualBox, all the necessary resources are there (with links to ISOs and software).

Timothy_Hall
Legend Legend
Legend
‎2023-03-29 04:56 AM

Welcome to the hamster wheel of keeping your published content updated Vladimir. 😀  But seriously, nice work!

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Vladimir
Champion
Champion
‎2023-03-29 06:04 PM
In response to Timothy_Hall

Thank you Tim!

Yeah, didn't expect to sink this much time into update so soon, but it was needed.

Millo
Explorer
‎2023-04-02 09:01 AM

Hi, after I build the Lab as indicated on book i can't reach the external CPGW Secure Gateway from VM Console to complete FTW regardless of Vyos router and FWs are up and running

from LOG on Smart Console i can see CPCM1 allow https but i receive timeout from browser. 

Ping  from CPGW and CPCM FW to Router interface doesn't work too, seems to be something wrong on router conf i think...can you help me to understand?

 

Thanks

 

0 Kudos
the_rock
Legend
Legend
‎2023-04-02 09:05 AM
In response to Millo

Maybe best if you start new thread on this, as its not really related to this post : - ). Also, if you could send us basic network diagram, it always helps. Some things to check...run fw stat on the fw, as well as ip r g command to see if it shows right path.

example -> ip r g 8.8.8.8

Andy

0 Kudos
Millo
Explorer
‎2023-04-02 12:52 PM
In response to the_rock

Thanks a lot, this is the datagram

 
 

Immagine 2023-04-02 213815.jpg

So i can't connect from 10.0.0.20 to 200.200.0.1 to complete FTW about CPGW, with telnet on 443 i obtain timeout and ping doesn't work too. 

Policy on CPCM is matched and traffic is accepted, on tcpdump i can see only syn, tried to dump on router with this command but i can't see arrive nothing from firewall 

 


vyos@router:~$ monitor traffic interface eth1
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
vyos@router:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 192.168.178.60/24 u/u OUTSIDE
eth1 200.100.0.254/24 u/u Net_200.100.0.0
eth2 200.200.0.254/24 u/u Net_200.200.0.0
lo 127.0.0.1/8 u/u
::1/128
vyos@router:~$ monitor traffic interface eth1
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), snapshot length 262144 bytes

 

this is CPCM side

[Expert@CPCM1:0]# fw stat
HOST POLICY DATE
localhost Standard 2Apr2023 16:20:35 : [>eth0] [<eth0] [>eth2] [<eth2] [>eth3] [<eth4]

[Expert@CPCM1:0]# ip r g 8.8.8.8
8.8.8.8 via 200.100.0.254 dev eth4 src 200.100.0.2

[Expert@CPCM1:0]# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 200.100.0.254 0.0.0.0 UG 0 0 0 eth4
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.20.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
10.30.30.0 0.0.0.0 255.255.255.0 U 0 0 0 eth5
192.168.255.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
200.100.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth4
[Expert@CPCM1:0]#

 

 

0 Kudos
Vladimir
Champion
Champion
‎2023-04-03 08:09 AM
In response to Millo

@Millo , check the presence of the default route on CPCM1 and CPCM2 as well as if your SmartConsole_VM object has NATR hide behind static IP configured.

Also, please check the eth0 and eth1 on CPGW and let me know which IPs you have assigned to each of the interfaces.

Cheers,

Vladimir

0 Kudos
Millo
Explorer
‎2023-04-03 08:44 AM
In response to Vladimir

Hi, problem solved. The issue is that the names of the network adapter of the VM of the Router and VM of the FWs was different (case sensitive)

Thanks to all

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events