We continue the series of articles on working with the new SMB CheckPoint model range, recall that in the first part we described the characteristics and capabilities of the new models, management and administration methods. Today we will consider a deployment scenario for the older model of the series: CheckPoint 1590 NGFW. We attach a summary of this part:
- Unpacking equipment (description of components, physical and network connection).
- Initialization of the device.
- Initial setup.
- Performance assessment.
Unpacking Equipment
Getting to know the equipment begins with removing the equipment from the box, disassembling components and installing parts, click on the spoiler, where the process is briefly presented
Briefly about the accessories:
- NGFW 1590;
- Power adapter;
- 2 Wifi Antennas (2.4HZ & 5HZ)
- 2 LTE antennas;
- Documentation booklets (a short guide to the initial connection, license agreement, etc.)
As for the network ports and interfaces, there are all modern opportunities for traffic transmission and interaction, a separate port for the DMZ zone, USB 3.0 for synchronization with a PC.
Version 1590 received an updated design, modern options for wireless communication and memory expansion: 2 slots for working with Micro / Nano SIM in LTE mode. (we are planning to write about this option in detail in one of our next articles of the cycle devoted to wireless connections); SD card slot.
You can read more about the capabilities of the 1590 NGFW and other new models in part 1 of a series of articles on SMB CheckPoint solutions. We will proceed with the initial initialization of the device.
Initialization
, 1500 SMB 80.20 Embedded, .
:
- .
- LAN -1 .
- , WAN.
- Gaia Embedded: https://192.168.1.1:4434/
, Gaia, , :
, :
, , , .
, NTP- .
.
NGFW, :
- Local Management. - Gaia Portal.
- Central Management. Management CheckPoint, Smart1-Cloud c SMP ( SMB).
Local Management, , . Management Server, CheckPoint Getting Started, TS Solution.
:
- Switch .
- Disable Switch Switch, , .
DHCP , .
, , . , ( 2.4 5 ).
. , :
- VPN
, , . IP- .
, 30- . :
, QOS . , .
, . “HOME” → “License” :
, , “DEVICE” → “System Operations”:
Firmware Upgrade. .
. Access (Firewall, Application Control, URL Filtering) Threat Prevention (IPS, Antivirus, Anti-Bot, Threat Emulation).
Access Policy → Blade Control:
STANDARD, : , , .
APPLICATIONS & URL FILTERING, , (Torrent, File Storage ..). .
“Limit bandwidth consuming applications” / .
Policy, .
NAT Global Hide Nat Automatic . IP-. NAT - .
, , : Active Directory Queries ( AD), Browser-Based-Authentication ( ).
SSL-, HTTPS- . , CheckPoint SMB, SSL-Inspection → Policy:
HTTPS-, .
BYPASS , .
Firewall / Application (Threat Prevention), :
, . , .
“IPS Protections” .
Not so long ago we wrote in our blog about a global vulnerability for Windows Server - SigRed. Let's check its presence in Gaia Embedded 80.20 by entering the query “CVE-2020-1350”
An entry was found for this signature, to which one of the actions can be applied. (the default Prevent for the hazard level is Critical). Accordingly, having an SMB solution, you will not be deprived in terms of updates and support, this is a complete NGFW solution for branch offices up to 200 people from CheckPoint.
Performance assessment
Concluding the article, I would like to note the availability of tools for troubleshooting problems after the initial initialization and configuration of the SMB solution. You can go to “HOME” → “Tools”. Possible options:
- monitoring system resources;
- routing table;
- checking the availability of CheckPoint cloud services;
- generating CPinfo;
: Ping, Traceroute, Traffic Capture.
, NGFW 1590, 1500 SMB Checkpoint. , .
Today, CheckPoint solutions for protecting small offices and branches (up to 200 people) have a wide range of tools and use the latest technologies (cloud management, support for SIM cards, expanding memory using SD cards, etc.). Keep up to date and read articles from TS Solution, we are planning further release of parts about NGFW CheckPoint of the SMB family, see you!
A large selection of materials on Check Point from TS Solution . Stay tuned for updates ( Telegram , Facebook , VK , TS Solution Blog , Yandex.Zen ).