This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Oskar_Svedman
Participant
‎2019-08-11 12:35 PM

Hardware for home-lab

Hi,
I want to run R80.30 in my home lab and get all R80 features. Management will run on another remote server.
What are you using? I am thinking on running Gaia on a NUC or other small PC and run vmware, or should I get an 1430 firewall?

Any recommentations?

0 Kudos
10 Replies
Danny
Champion
Champion
‎2019-08-11 01:41 PM

R80.30 doesn't run on SMB appliances yet, like the 1430 box you mentioned (sk97766). I'm using 3200 appliances at home. These are very silent and powerful enough for home testing and lab. Depending on what you really want to do (you wrote: ALL R80 features) you might want to consider even more powerful appliances (enterprise grade).

0 Kudos
Oskar_Svedman
Participant
‎2019-08-11 02:58 PM
In response to Danny

Thanks Danny,
3200 would be nice but its too pricey for my home lab... 
This data sheet for 1400-series show R80.10, but is it only for the management?
https://www.checkpoint.com/downloads/products/1400-security-gateway-datasheet.pdf


0 Kudos
Timothy_Hall
Champion
Champion
‎2019-08-11 05:16 PM
In response to Oskar_Svedman

The 3100 is the lowest appliance capable of running a full Gaia deployment with all features.  1400s and lower use embedded Gaia which does not quite have the full feature set.  At one point there was some kind of special "test lab" or "non-production" pricing, perhaps @_Val_  or @PhoneBoy could chime in on this one?

However it is much easier to just use VMWare Workstation or VirtualBox on an old piece of hardware.

 

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Bob_Zimmerman
Advisor
‎2019-08-13 07:07 AM
In response to Timothy_Hall

Minor quibble. The 3100 is the lowest current appliance. The 2200 should also be able to run full GAiA.

The 3100 and 3200 use Intel Avoton (Atom C2000-series) chips. That family has a bug known as AVR54, which affects the Low Pin Count (LPC) bus. This bus is used to connect the processor to the system firmware. Eventually, it degrades to the point the system will no longer boot. Intel fixed this issue in the C0 stepping of the Avoton chips. I don't yet know if the 3100 and 3200 use C0 stepping chips.

 

Of course, throwing a hypervisor on a NUC and running firewall and SmartCenter VMs is my preferred option. I'm currently really enjoying SmartOS. NUC models are listed in the form #i#___, where the first # is the processor generation and the second # is the processor family within the generation. For example, the NUC6i3 has an i3-6100U processor. The three _ characters are letters indicating other capabilities of the device, such as whether it has a 2.5" drive bay or not.

The 6i model NUCs all work with 64 GB of RAM if you can find 32 GB SO-DIMMs. That's enough RAM to run a pretty sizable lab.

0 Kudos
PhoneBoy
Admin
Admin
‎2019-08-11 05:27 PM

I've got a couple of old Dell servers that I run VMware ESXi on (free version) and various VMs on (gateway, management, etc).
I also have a traveling lab on a Skull Canyon NUC that's real easy to slip into my carryon bag.
For licenses, you can just use standard 30-day evals.

I believe partners can also acquire NFR/Demo hardware at a significant discount.
Oskar_Svedman
Participant
‎2019-08-12 01:34 AM
In response to PhoneBoy

Then the best option seems to be a PC/Server with ESX.
If the 1400 doesn't have full Gaia it's too limited. Already have a 700 serie. Got it earlier with the partner discount. Think it was 60-70% off price list.

When using a NUC or similar with one physical network interface. Do you add a secondary USB-ethernet or does it work Ok with a trunk port and setup vlans?

0 Kudos
PhoneBoy
Admin
Admin
‎2019-08-12 08:18 AM
In response to Oskar_Svedman

ESXi allows you to set VLAN trunks on the Ethernet interface.
I haven't tried USB Ethernet interfaces with ESXi.
My NUC also has WiFi, which I've associated with a Windows VM.
I then use Internet Connection Sharing to provide Internet access to all my VMs.
It's also my SmartConsole VM, as I'm usually using a Mac. 😁
0 Kudos
Hugo_vd_Kooij
Advisor
‎2019-08-13 06:12 AM

My "home lab" is in fact not at home. I run it on a ESXi server colocated so I can scratch it if I need to. Check out https://www.soyoustart.com/us/ as they have a few options that your homelab will never have.

I now have 16 public IP addresses to tinker with.

 

 

Miracles happen while you wait. The impossible jobs take just a bit longer.
0 Kudos
nsamsin
Participant
‎2019-12-06 05:20 AM
In response to Hugo_vd_Kooij

Which server are you currently using Hugo? I'm considering the dedicated infra server v2.

0 Kudos
John_Fleming
Advisor
‎2019-08-13 06:56 AM

I prefer GNS3. I like that its all linux based, gives access to just about anything you want in the bios and uses qcow2 images by default. Down side is it require a fat client. I've heard of other people using eve-ng which is pure html based.

 

BTW i'm not using the GNS3 VM. I'm running gns3server on ubuntu and gns3 client on windows/linux.

 

Oh.. btw.. GNS3 also supports multiple uses in a single project meaning we can have multiple people working on the same network drawing configuring stuff. pretty cool. 

0 Kudos