Dear United Way Campaign Volunteer_

					CHECK POINT SOFTWARE TECHNOLOGIES
Education Services




      Application Control
 Lab Setup Procedures
                 EDUCATION SERVICES


Application Control Lab Setup Procedures




               Check Point Software Technologies
                    www.CheckPoint.com
                 courseware@checkpoint.com
             8333 Ridgepoint Dr., Suite 150, Irving, TX 75063
                                       A P P L I C A T I O N   C O N T R O L   L A B   S E T U P   P R O C E D U R E S




Configuring the Lab Environment
The Application Control class topology was designed as a “sandbox” environment. With the exception of the
external interfaces of the Gateways, all virtual machines at the student sites have the same set of IP addresses.
Each student’s network will connect to the Internet through bridged interfaces that connect to a router. The
private networks will be hidden behind the gateway’s external.

Follow the steps below to configure the four virtual machines per site needed for the students to perform all
Application Control labs. Virtual Machines may be created in either a VMware Workstation or ESX
environment. This configuration was tested using VMware Workstation. Additional steps or a different
configuration may be required when working with ESX.



Configuring Virtual Machine Settings
All virtual machines should be configured with the following options:

           Snapshots – Just Power off
           VMware Tools – Installed
           Time Synchronization – Synchronization between Guest and Host should be active.



DNS Configuration
Configure the ADSever machine to point to the DNS server used by the classroom router.

Domain Information
Each student site must be configured with an Active Directory sever managing access to the
atlantiscorp.cp domain. When having the students log into AT_GUI and ADServer, make sure they are
logging into the atlantiscorp.cp domain. This is vital to the success of one of the later labs.




                                                       1
                                     A P P L I C A T I O N   C O N T R O L   L A B   S E T U P   P R O C E D U R E S



Lab Topology
Configure each student machine with one of the following virtual environments:
                                       A P P L I C A T I O N   C O N T R O L   L A B   S E T U P   P R O C E D U R E S




Configuring the Virtual Machines
Configure each of the virtual machines listed below on all student machines.

Atlantis GUI Client
Use the information below to configure the Atlantis GUI Client virtual machine:

 Name: Atlantis_GUI                  Check Point Modules Installed:
 OS: Windows 2003 Server
 SP2/SP3                                     SmartConsole
 Hard Drive: 10GB
 RAM: 768MB

Use the following information to configure the interface for the Atlantis GUI Client virtual machine:

 IP Address: 10.1.1.201
 Subnet Mask: 255.255.255.0
 Default Gateway: 10.1.1.1
 Interface: eth0
 LAN: LAN 1

Special instructions for the Atlantis GUI Client virtual machine:

1. Install TimeTools NTP Server. Under Options, enable “Serve NTP to Clients” and set the NTP
   stratum and NTP Polling frequency to 1.

2. Add TimeTools NTP Server to the startup group so that it starts when the virtual machine is
   powered on.

3. Install SmartConsole R75.




                                                        3
                                      A P P L I C A T I O N   C O N T R O L   L A B   S E T U P   P R O C E D U R E S



Atlantis Security Management Server
Use the information below to configure the Security Management Server virtual machine:

 Name: AT_MGMT                       Check Point Products Installed:
 OS: SecurePlatform R71.20                  Security Management
 Hard Drive: 15GB
 RAM: 1GB                                   SmartEvent and SmartReporter Suite

Use the following information to configure the interface for the Security Management Server
virtual machine:

 IP Address: 10.1.1.101
 Subnet Mask: 255.255.255.0
 Default Gateway: 10.1.1.1
 Interface: eth0
 LAN: LAN 1

Special instructions for the first Security Management Server virtual machine:

1. Configure NTP to act as a Client with Atlantis_GUI (10.1.1.201) acting as the NTP Server.




                                                       4
                                        A P P L I C A T I O N   C O N T R O L   L A B   S E T U P   P R O C E D U R E S




Atlantis Security Gateway
Use the information below to configure the Security Gateway virtual machine:

 Name: AT_GWY_1                      Check Point Products Installed:
 OS: SecurePlatform R71.20                    Security Gateway
 Hard Drive: 15GB
 RAM: 512MB

Use the following information to configure the interfaces for the Security Gateway virtual machine:

 IP Address: 172.n.n.1                  IP Address: 10.1.1.1
 Subnet Mask: 255.0.0.0                 Subnet Mask: 255.255.255.0
 Default Gateway: 172.n.n.2             Interface: eth1
 Interface: eth0                        LAN: LAN 1
 LAN: Bridged to Host

Use the chart below to determine the site’s external IP:

   Classroom             External          Default Gateway
  Site Number           IP Address           IP Address
        Site 1           172.21.101.1           172.21.101.2

        Site 2           172.22.102.1           172.22.102.2

        Site 3           172.23.103.1           172.23.103.2

        Site 4           172.24.104.1           172.24.104.2

        Site 5           172.25.105.1           172.25.105.2

        Site 6           172.26.106.1           172.26.106.2

        Site 7           172.27.107.1           172.27.107.2

        Site 8           172.28.108.1           172.28.108.2



Special instructions for the Security Gateway virtual machine:

1. Configure NTP to act as a Client with Atlantis_GUI (10.1.1.201) acting as the NTP Server.
                                       A P P L I C A T I O N    C O N T R O L   L A B   S E T U P   P R O C E D U R E S



Active Directory Server
Use the information below to configure the Active Directory Server virtual machine:

 Name: ADServer
 OS: Windows 2003 Server
 SP2/SP3
 Hard Drive: 15GB
 RAM: 512MB

Use the following information to configure the interface for the Active Directory Server virtual machine:

 IP Address: 10.1.1.125
 Subnet Mask: 255.255.255.0
 Interface: eth0
 LAN: LAN 1

Special instructions for the Active Directory Server virtual machine:

1. Configure the following rules in the Manage Your Server applet:

       Active Directory Server

2. Create the OUs and add the users for Atlantis Corp’s Active Directory implementation using the scripts
   in AD_Setup_Scripts.zip.

3. The Active Directory must be configured with the following two users:

    Username: Administrator                                    Username: joeroberts
    Password: P@ssword1                                        Password: vpn123

    Note: In the labs when instructed to log into a virtual machine, verify that the user is logging into the
    domain and not just logging in locally. SmartEvent uses this domain information to populate some of
    the logs.




                                                        6
                                     A P P L I C A T I O N   C O N T R O L   L A B   S E T U P   P R O C E D U R E S




Configure the Security Policy
The following objects should be configured prior to beginning the Application Control labs:

       AT_GWY (Gateway)

       AT_MGMT (Management Server)

       atlantis_net (Network)

Configure the following rules:

       NBT Rule > Any > Any > Any Traffic > NBT > drop > None > Policy Targets

       Stealth Rule > Any > AT_GWY > Any Traffic > Any > drop > drop > Log > Policy Targets

       Web Traffic Rule > Any > Any > Any Traffic > http, dns > accept > Log > Policy Targets

       Cleanup Rule > Any > Any > Any Traffic > Any > drop > Log




Configure the AT_GWY to perform Hide NAT, hiding the internal network behind the external interface of
the gateway.
                                   A P P L I C A T I O N   C O N T R O L   L A B   S E T U P   P R O C E D U R E S




Configuring Active Directory Server in SmartDashboard
  1. From SmartDashboard, open the Security Gateway object and select the Identity Awareness
     branch.

  2. Uncheck and then check again the Enable Identity Awareness option. The system displays a
     wizard.

  3. Select the AD Query option.

  4. Choose the option Create new domain.

  5. Use the following information to configure the Identity Awareness Configuration screen:

     Domain Name:            atlantiscorp.cp

     Username:               Administrator

     Password:               P@ssword1

     Domain Controller:      10.1.1.125

     Note: The username and password must match the Administrator of the Active Directory server.

  6. Click Connect and close the wizard.

  7. From Users & Administrators, double-click the new LDAP account unit to verify receives a list of
     users from the AD.

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:29
posted:10/9/2011
language:English
pages:10