Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
VICTOR_OGHIFOBI
Participant

How to simulate & virtualize Real life deployments

Hi everyone, I'm new to checkpoint & checkmate. How can we simulate real world deployments based on customer requirements in a lab... Or let me rephrase what examples of requirements do customers really want? I've seen a lot of tutorials on how to do this or that... But I would like to have a taste of the real world. For example real client requirements (in their own terminology). If I work for a company who supports company networks, what are the kind of tasks we would engage in.. Are there places I can search to see real world secanrio requirements from companies? Do we have such communities here on checkmate? Where real world-like projects are published to get a feel of real world company requirements and deployments. Thanks 

25 Replies
Mark_Mitchell
Advisor

Hi Victor,

I'm not exactly sure what you are asking for? 

However, I'm terms of virtualizing and creating a lab. You can download the Check Point iso's and delay these in various virtualization platforms. Hyper-V, VMware, etc. 

I often use VMware workstation for sending.basic scenario testing. But there are limitations with VMware workstation. 

You can also run SmartConsole in demo mode to demonstrate the console to a new client. 

There was been various posts of specific deployments, but these are generally issue based to ask the community to aid with issue resolution.

If you are completely new to Check Point and would recommend running through the below resources initially. There is also a wealth of information in the admin guides.

https://community.checkpoint.com/thread/9695-welcome-to-check-point-for-beginners 

I guess if you have your own scenario that you would like us to assist with we can certainly advise. 

Regards

Mark

HeikoAnkenbrand
Champion Champion
Champion

- Use VMWare ESX or Workstation for GAIA installation.

- Generate eval licenses in the user center

Tip:

- use min. 6GB for management server

- use 4 GB for gateways

➜ CCSM Elite, CCME, CCTE
HeikoAnkenbrand
Champion Champion
Champion

Look here for typical beginnen config mistakes:

https://community.checkpoint.com/docs/DOC-3762-check-point-for-beginners-typical-config-mistakes 

➜ CCSM Elite, CCME, CCTE
VICTOR_OGHIFOBI
Participant

Yes this is good. I'm going through it man. Thank you

VICTOR_OGHIFOBI
Participant

Hi Heiko, 

I'm using vmware workstation 12. Is that config above for r80.10? Because I noticed mine is terribly slow, and I have 8gb ram laptop. I'm also running r77.30 too which works ok but I dunno if something bad will happen in the future since I installed only 4 gb on my manager. Do I need to reinstall? Is there a way to expand the memory after installation? Or can I manage that for my lab? 

HeikoAnkenbrand
Champion Champion
Champion

Hi VICTOR,

You need a notebook with 16 GB. Otherwise the environment is not really usable and very slow.
- 4 GB minimum for managemen server (I'd recommend 6GB)

- 4 GB recommended for gateway (If you activate more than one blade) 

➜ CCSM Elite, CCME, CCTE
HeikoAnkenbrand
Champion Champion
Champion

Because you want to use the management api you need 8 GB on the management server.

➜ CCSM Elite, CCME, CCTE
VICTOR_OGHIFOBI
Participant

Thank you very much. My bad I'm still learning the terminologies lol. I shouldn't have said virtualize.. I guess simulate is the word. 

I have a very strong Cisco background so I've been using vmware for a while now. So what I meant was about that question u asked me... If I had a particular problem I needed help with as regards deployment. The answer is no. But I want one. So I can feel what it's really like to manage a firewall for real.. That is beyond the videos and documents I've read which says " to configure this, do that". Instead I'm looking for lab projects with requirements that mirror what I would face in the real world. So that when I go for an interview I don't sound like a total newbie...there is a huge gap between using vmware in my pc and interfacing with real projects, real requirements, real companies, real networks and demands.. So basically I just want a lab or video tutorials that would make me feel that way. Don't know where to go in search of those

PhoneBoy
Admin
Admin

More than 20 years ago when I started doing Check Point support in my house, I had my share of servers and clients to do basic functionality simulation. These days, all you need one or maybe two beefy VMWare servers and you can build most any environment virtually, if you have the time Smiley Happy

Today, I answer a significant number of questions that come in on CheckMates using VMs I in VMWare and/or Demo Mode in SmartConsole.

Granted there are always going to be things where you might need physical hardware or some non-standard piece of software for testing. Having some sort of lab where you can experiment and learn definitely helps.

Vladimir
Champion
Champion

I personally, prefer using ESXi for modeling and simulation as it does not have the limitations of VMware workstation (i.e. in Workstation, the networks are virtual hubs, so your layer 2 part is really off).

On the road, I am using ESXi nested in VMware workstation, to build anything decent, but it does require high-specks laptop to pull it off.

This is the approximation of the demo lab I am often using with clients to simulate their environments:

Regards,

Vladimir

HeikoAnkenbrand
Champion Champion
Champion

I use it very similarly under VMware workstation.

➜ CCSM Elite, CCME, CCTE
HeikoAnkenbrand
Champion Champion
Champion

TIP:

If you use VMWare snapshot's you can switch fastly between different versions. 

I'm using all versions of R77.30, R80.10, R80.20 and R80.30EA here. 

➜ CCSM Elite, CCME, CCTE
HeikoAnkenbrand
Champion Champion
Champion

Install base LAB once and then switch between versions.

➜ CCSM Elite, CCME, CCTE
VICTOR_OGHIFOBI
Participant

Wow looking complex and sweet like what should be in the real world... Any list of requirements attached to the diagram? So I can attempt to implement this? 

I'm not too strong on the vmware part though. I just use vmware workstation 12 and install the machines on there. I don't know about esxi

Vladimir
Champion
Champion

Another benefit in running nested ESXi under VMware Workstation is the ability to clone the entire environment(s), not only Check Point component VMs. Sometimes my builds include bunch of other VMs, such as servers, routers, etc..

This way, you have the ability to switch between differently configured and behaving infrastructures wile preserving baseline versions.

In a stationary lab, I am using vSphere server to achieve same results.

Some of the builds I am involved in require pre-staging the actual physical appliances for shipping and deployment in multiple geographic locations.

In such cases, I am relying on a combination of a pair of Cisco switches configured to simulate MPLS routing for the intranets, Check Point 1430 emulating the Internet and providing access to external resources, such as CPUSE and occasionally, trunking to ESXi with additional virtual routers for dynamic routing scenarios, accurate WAN emulation with bandwidth limiters and packet loss simulation. 

HeikoAnkenbrand
Champion Champion
Champion

That reminds me of something else. We should get checkmates licenses after the CPX.

➜ CCSM Elite, CCME, CCTE
Vladimir
Champion
Champion

Dameon Welch-Abernathy mentioned that he'll look into it after CheckMates is migrated to a new platform.

HeikoAnkenbrand
Champion Champion
Champion

THX for this info.

➜ CCSM Elite, CCME, CCTE
VICTOR_OGHIFOBI
Participant

I wish there were more videos detailing these. I'm not too solid on the vmware part of all these. But like that complex diagram you posted, is it possible to attach the specified requirements by the companies followed by a step-by-step break down on how it can be achieved? So that I can be mentored by you and from there I can learn industry tips and tricks

Vladimir
Champion
Champion

This post is the actual PoC describing modification of production environment. Client was concerned about possible downtime and wanted to have all the steps and outcome documented:

https://community.checkpoint.com/docs/DOC-3538-vsx-vsls-cluster-modification-step-by-step 

It could benefit from diagrams being included, but if you'll read it, it is pretty self explanatory.

0 Kudos
VICTOR_OGHIFOBI
Participant

Great you already posted here... Don't mind my previous question.. Thanks Vladimir... You've been most helpful. I will review this document and try to learn about this mysterious clustering. Additionally, do you think I can achieve this using my computer spec of 8gigs? Is it possible to expand the space alloted to an already installed manager in vmware or do I need to u install and install it again using the bigger memory (I used only 4gig,buy now I've been advice to used a minimum of 6)

VICTOR_OGHIFOBI
Participant

Wow Vladimir, seems I need to know a whole lot more... Jut went through the document. Looks really really advanced. Think I can tackle that with only ccsa knowledge? 

Vladimir
Champion
Champion

I suggest starting small, with simple, non-VSX cluster.

For acquiring preliminary familiarity with the product and given your constraints of 8gb, stick with R77.30 version of the product.

Moving to a more complex scenarios, you may consider investing into used Dell R610 server with 64gb of RAM and some storage. those could be had for a few hundred bucks and are great for a small lab.

With R80.20++ and a more complex builds, you really going to need more horse power than what you now  have.

I'll try to find time to post a lab builds instructions in coming months. For now, "for the beginners" series is a good start.

Actual CP guides are a great source of data, but without getting your hands on the running environment, it is hard to cement that knowledge.

Cheers,

Vladimir

VICTOR_OGHIFOBI
Participant

Thanks my man. I appreciate. 

I have one more question now that has kept me up all night. Firstly I'd say I'm not proficient with vmware so pardon me. I will attach pictures. I'm trying to recreate this network: 

content://media/external/file/16081

Bcos I don't have the physical machines, I'm using iso images to create them and then using vmware virtual network adapter editor to create virtual adapters  with IP in different subnets to use on my host pc to get connectivity to the various subnets (I dunno if thats the right way to go about it). Here's the picture of my config showing the different subnets;

content://media/external/file/16082

But then I'm frustrated because I can't get the devices to ping each other  via gateway routing, or to ping my host... I only have connectivity to one virtual xp pc OR my firewall manager (because I put them in vmnet 1 and the IP addresses are on same subnet as my host pc, there's no connectivity to my other servers or firewalls. Please what am I doing wrong? Or is what i aim to achieve impossible? I'm trying to follow Keith barker cbt Nuggets checkpoint videos.

Thanks,

Victor. 

_Val_
Admin
Admin

As you already have link to our CP4B resources, take a look at the lectures. We do describe some simple labs there, based on vmware

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events