Check Point Firewall CCSA R80.40 Training Part1/2

Install Check Point firewall on vmware workstation by downloading Gaia, creating a multi-interface VM (management, internet, LAN) with proper IP settings, and completing the first-time configuration wizard.

Demonstrates uploading the checkpoint firewall ISO to Eve Energy, creating a shared folder, copying and renaming the image, and performing the Gaia installation with the first-time configuration.

Log in to the Gaia portal via HTTPS to configure network, system settings, and blades. Use the search tool, navigation tree, and basic versus advanced modes for efficient management.

Explore smart console GUI client for Windows to manage security gateway and security management server, configure access control, threat prevention, and logs through an integrated policy and monitoring workflow.

Demonstrate a standalone deployment topology for a Check Point firewall, detailing the dmz, lan, and management networks, and concrete interface IP schemes.

Configure and enable four network interfaces—management, LAN, WAN, and DMZ—by assigning IPv4 addresses and verifying connectivity with show interfaces commands in the topology.

Configure hosts in a standalone deployment by assigning IPs to servers and clients in the topology, including DMZ, and set gateway, DNS, and startup config in Docker.

Configure NAT policy in standalone deployment by creating LAN and DMZ network objects (192.168.1.0/24 and 192.168.2.0/24), enable hide NAT, and publish and install the policy.

perform testing and verification of the standalone deployment, validating topology, interfaces, hosts, and relevant policies; verify logs and internet access to google and facebook.

Configure a distributed deployment topology with a security gateway, a security management server, and a smart console across a three-tier LAN, DMZ, and management network, and follow the ip schema.

Configure a security gateway in a distributed deployment, guiding first-time setup, management IP assignment, and activation key entry, with security gateway only installation and browser-based access.

Configure security management in a distributed deployment by changing the sms IP, running the first-time configuration wizard, and accessing the gateway and sms via the smart console.

Implement a distributed deployment by configuring the security gateway’s four interfaces: lan, dmz, internet, and management. Assign static IPs, set the correct gateway, and validate connectivity with ping.

Configure distributed deployments with the smart console for Check Point firewall, install the smart console on Windows, access security management, and configure blades, ACLs, and policies.

Add security gateway to HMS in a distributed deployment, configure via smart console, establish trusted communication, and push the policy from the SMS to the gateway.

In distributed deployment part-7, configure security policy to allow LAN and DMZ traffic to the internet, create net objects, enable logs, and publish to the gateway.

Configure hosts on LAN and BMC by assigning management IPs—1.10 and 1.20 for LAN dockers, 2.10 and 2.20 for DMs—set DNS and gateways, then enable the firewall.

Test and verify distributed deployment in a Check Point firewall lab by validating PCIe one, DMZ, and internet connectivity, gateway reachability, DNS access, and policy logs.

Configure and enable interfaces in Gaia portal, create three vlan interfaces (10, 20, 30) with 192.168.1.1/24, 192.168.2.1/24, 192.168.3.1/24, and leave the physical interface without an IP.

Configure a static default route in the network management portal, set the gateway to 172.29.129.254, enable pings, save, and verify that traffic is routed to site B.

Configure the switch for vlan deployment by creating three vlans, assigning interfaces 0/1, 0/2, and 0/3 to vlans 10, 20, and 30, and enabling trunking; verify with show commands.

Configure a security policy in vlan deployment part 8 to allow traffic by creating an access policy, enabling logs, and installing it to the security gateway, then ping to verify.

configure the nat policy by creating three network objects for vlan 10, 20, and 30 with their subnets, publish and install the policy to enable internet access.

Perform testing and verification in VLAN deployment part-10, inspect gateway logs, validate traffic, and confirm policy and net rules while accessing sites like Facebook and Wikipedia.

Explore bridge mode for checkpoint firewall, configuring two interfaces as a transparent layer 2 bridge within the same subnet, with lab setup, IP planning, and policy deployment.

Explore bond interfaces on Check Point devices, where multiple physical interfaces form a single virtual bond with a shared IP, enabling link aggregation via LCP and dynamic load balancing.

Learn to request a one-month evaluation license for Check Point security management and gateway. Create a user center account, enter the management IP, and download the license file.

Request and import an extended evaluation license in SG using smart console, smart upgrade, and licenses and contracts, then verify the license status in the portal.

Configure banner messages and the message of the day on Gaia Portal and Clia, understanding before login versus after login, default states, and how to enable or disable them.

Learn the Check Point firewall command line interface basics, including four core operations—set, show, delete, and edit—plus saving, rebooting, and navigating command history and tab-completion for efficient management.

Learn the Check Point firewall clish command line interface by using show commands and feature keywords to locate backup, dns, clock, interface, and routing commands with status and logs.

Explore advanced cli commands for backup, snapshot, user creation, export, system shutdown, restart, rollback, and restoring local backups, plus configuring date/time, dhcp server, dns, interface ip, hostname, and timeouts.

Acquire the configuration lock to gain read/write access to the configuration database via Gaia portal or CLI; use log database and unlock database commands to switch access.

Explore automatic NAT versus manual NAT in the Check Point firewall, including hide net and static net configurations with original and translated sources, destinations, and services.

Describe the net lab topology with a dmz and lan, featuring live servers, an ftp server, and docker-based servers, plus a security gateway and smart console for distributed deployment.

Configure automatic static NAT to publish a DMZ server using a public IP, create NAT rules and objects, publish policies, and verify bi-directional reachability.

Learn how hairpin NAT enables internal users to reach internal DMZ servers via public IPs through a security gateway, with the top NAT rule applied first.

Configure a no-net rule to prevent translation between LAN and DMZ when using private ranges, preserving original source and destination and reducing overhead.