Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Shaun E on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CHECKPOINT NG SETUP 1

Status
Not open for further replies.
tonyktone

tonyktone

MIS
Aug 31, 2004
59
Hello,

I'm newbie to checkpoint, but I know the concept. Here's my situation, hope my info is enough.
I purchased Checkpoint NG AI enterprise version with license for management server & Firewall.
I have a Nokia IP330 Router running IPSO3.8 along with NG AI.
I have a windows 2k server.
I guess I want to load the Management server on the windows 2k box, and license this as the management.
I guess I would want the Nokia to be the Enforcement module.
Or is there a better way of setting this up, and how would I set it up.

Question on the Management Server: Could I license this with a Private IP address?
Also on the Management Server do I need two interface card.
Also on the Management Server how would I define the Firewall management Topology, what would the IP address on the topology be? Would it be the Lan interface IP along with the Nokia Wan IP?

Could someone please shed some light and step instruction on how to proceed.
I know this is a lot to ask, but I need to get this up and running like yesterday.

 
Sort by date Sort by votes
Question on the Management Server: Could I license this with a Private IP address?"

Yes, you can licence the firewall to a private IP address.

"Also on the Management Server do I need two interface card."

No, the management server just needs to sit on an internal network as a host with one NIC.

"Also on the Management Server how would I define the Firewall management Topology, what would the IP address on the topology be? Would it be the Lan interface IP along with the Nokia Wan IP?"

The topology of the LAN card on the management server just needs to be "internal(leads to the local network)". On the Nokia you would define your LAN card as internal also and the WAN side as "External (leads out to the internet)".

Chris.

**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
Hey Chris thanks for the input.

How do I go about loading the enforcement module on the Nokia, What module would I need to turn on?
Also I will have a few IP120 routers in a few of our small office, that I'm hoping to manage from here, but if I'm giving the management server a private IP Iddress how will I be able to get to those devices?

Is there anything else I would need to know?

Thank again for any inputs.
 
Upvote 0 Downvote
You will need to install Firewall-1 on the Nokia as an "enforcement module" only. You are given this option when installing the firewall, management only, mangement and module or just a module.

As for your management server, you can create a static NAT on the firewall so that you can manage remote modules.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
Thanks again Chris, I will let you now how it went in a couple of days.
If you think I need to be aware of anything else, please let me know. Cause I don't know if I need to ask any further question.

Last question for now: If I need to create a VPN tunnel with another party, I guess I would give them my Nokia Wan(public) address as the remote endpoint?





 
Upvote 0 Downvote
Correct. You would give them the IP address of the gateway that is actually providing the encryption/decryption for the VPN tunnel.

Good luck.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
Guys,

When I do the install for SmartCenter Server, What modules do I need beside SmartCenter and SmartConsole. Do I need the VPN-1 PRO or SecureCleint Policy Server. The later two comes up as a default during install. Also on The SmartCenter Management device what boxes need to be checked off in the general properties I know Primary Management station is one, Do I need to check off any others?

Thanks again.
 
Upvote 0 Downvote
VPN-1 Pro is for when you are using VPN's. Actually, Firewall-1 and VPN-1 is really one product now.

SecureClient Policy Server is for when you are using SecureClient with a desktop security policy. The clients authenticate against the firewall and then pull the firewall policy from the policy server.

On the management server you need to have selected Primary Management Station, SVN foundation, Log Server.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mattbarkerlfc
  • Locked
  • Question
Checkpoint 2200 subnet overlap problem
Replies
0
Views
218
mattbarkerlfc
mattbarkerlfc
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
374
hairlessupportmonkey
hairlessupportmonkey
J001
  • Locked
  • Question
Checkpoint Upgrade Question
Replies
0
Views
172
J001
J001
basball
  • Locked
  • Question
VLAN Setup
Replies
0
Views
213
basball
basball
rod602
  • Locked
  • Question
Cisco ASA 5512 on demand apple ios setup
Replies
0
Views
208
rod602
rod602

Part and Inventory Search

Sponsor

Back
Top