Security Gateway CP R70

Check PointSecurity gateway R70Touch Software Blade

psaxf@psaxf.net

Pre-requisite

● Obtain R70 media pack for your platform.Users with valid support contract can download it from Check Point web

● Hardware infrastructure.In this test CP R70 SPLAT run in XEN virtual environment on my Linux notebook (used sources: 1 core, 1.3GB RAM, 20GB HDD)

● MS Win XP (or similar supported) for firewall admin as a security rulebase builder/designer/management

Net infrastructure

● Prepare network, config: 1.segment connected to Internet, 2. isolated segment, cool app.virt-manager can do it.

Install/setup SPLAT

● Boot CP R70 SPLAT CD a follow instruction● Additional changes should be done by CLI or

WEB Gui

Install/setup MS Win XP

● Manual set IP adress● Run IE -> https://splat_ip:443/● Install SmartDashboard (Webgui -> Product

configuration -> Download SmartConsole)

Software Blades – new feature

A software blade is a logical security building block that is independent, modular and centrally managed. Software Blades can be quickly enabled and configured into a solution based on specific business needs. source www.checkpoint.com

Setup topology info

● Important in real environment, helps to discover connected networks and address spoofing.

Security rule base

● Define basic rules: implicit drop, stealth rule⑦ ②● Additional rules: http with resource, dns ④ ③

traffic and etc...

Network Address Translator

● Define Hide NAT for internal network

Open object mgmt_net, select chart nat and

enable automatic NAT

Install firewall policy

SmartView Tracker - log gui

Firewall log and troubleshoot

● SmartView Tracker detail output

fw monitor, fw log - cli command for advance user

NMAPing fresh installed fw

Perfect seal

Eventia Analyzer

● Security event correlation● nmap scan in fw log -> 300 records, Eventia ∼

analyzer log -> 1 record

Embedded Anti virus

● Enable AV engine, Smart Dashboard -> Anti-virus & URL filtering chart

eicar test

● www.eicar.com Anti-Virus or Anti-Malware test file should trigger av engine

● Try to download eicar in browser

Eventia reporter - detail report

● Accounting, rule base analysis, trends, graphs and more