Building a Checkpoint lab

Turgon

Right well I have a couple of old but operational Proliant G1's to play with. I will see if I can get a Windows 2003 server evaluation installed on these, after getting my CD-R to work, after getting the drivers for the G1's and then see if I can get a Checkpoint eval working on them. Should be fun

Turgon

Well Im a R65 man and it looks like the only Checkpoint eval you can download is R70. Less useful for the R65 exams (assuming they are still on).

Turgon

Ordered an R65 media kit today and have the eval licence. Downloaded R70 and have an eval for that. So trying with R70 for now. Got my G1 Windows Server 2003 eval running ok. Then my son yanked a SCSI drive and it just wouldn't rebuild. Fortunately I have a spare so we are up and running again. Will try and get the second Windows Server built now. Im also fighting to try and get the R70 ISO burned on a CD today. Imgburn didnt work so Im trying CDwriter now. I just bought some more writable CDs so lets see if I can get this done now..

Turgon

CDwriter no good. Will buy an external one. 2 x G1's operational now. On KVM this morning. Next job is to configure a 4000 as a bridge, hang the servers off that and the Xyplex TS. Also get VNC running. 1 x management server, 1 x Checkpoint firewall. I may get Solaris 10 installed on my Netras while Im at it..

Turgon

The servers are pinging fine through the 4000 series bridge. Set the NICs to 10 half duplex. Bootp isn't working properly through it so will now try a direct connection from a server to the Xyplex TS.

Turgon

On one server only one of the two onboard NIC ports lights up. Busy trying Proliant drivers now to see if I can light the second one up. Failing that it becomes a single interface management server running all kinds of utlities, snmp, syslog etc. I would like to have a second interface working on this box just for a dedicated microsegment for bootp for the xyplex to be honest, hence the toil to see if I can achieve that. Failing that the other server has 3 NICs lit so that will have to run bootp as well as be the Checkpoint firewall. I will just have to allow bootp through it.

In the absence of a working CD writer Im using the old LAN Manager commands to map drives and shift files around. net use j: \\server\c$ Its been about 6 years since I did that in anger. Amazing what you dont forget.

Turgon

Unable to light up the NIC on the first server but bootp working fine on the second. Now working on syslog and snmp for server 1. Second server is ready for Checkpoint tomorrow. The last Checkpoint server I installed on an OS was 4.1 on NT back in 2001. I recall hardening the server at the time. In 2002 I fielded a BS7799 security audit for a site. Dry stuff I must say. If I can get kiwi, snmp on the management server and remote management of these two boxes in the bag will call it a day. Getting R65 working properly on the second server will be interesting.

dynamik

Did you give up on the CCIE or what?

Turgon

dynamik wrote: »

Did you give up on the CCIE or what?

hehehe..hardly. Try contracting sometimes, you need a wide array of skills

Turgon

Sunday morning. Checkpoint R65 time. Looked at the manual. Seems straight forward these days.

Turgon

Windows 2003 eval licencing is weird. Supposed to be 30 days but the reminder says 14 days left. Checkpoint eval licencing also wierd. I got the 30 day lic file from the CP site but the application doesn't want to take it. Appears to be 15 days eval out of the box anyway. So it's working. Playing with it now

Turgon

Ok the checkpoint gateway is operational. I can use Smartdashboard and Smartview Tracker. This apparatus is a welcome addition to my home lab.