Saturday, July 16, 2016

Check Point 1100 Appliance Configuration Step by Step

 photo 1100 Box_zps7kgdt4uz.jpg
Check Point 1100
A couple of months ago, I received Check Point 600 Appliance and did a post regarding basic configuration for 600. It is used to replace replaces the Save@Office models and cannot be managed centrally by a Check Point SmartCenter Server. 1100 appliance is an all-in-one security appliance that offers robust, multi-layered protection with branch offices in mind, including flexible network interfaces and a compact, desktop form factor, which is used to replace the SG80 and the UTM-1 Edge.

Both 600 and 1100 appliances support local management. The SG600 can be centrally managed by Check Point's SMB Management Cloud service. The SG1100 can be managed by standard Check Point management running R75.46 or above. Neither unit can be managed by the old Sofaware SMP product.





Back panel: 8 LAN ports, 1 WAN port, 1 DMZ port, console port.

Front Panel: there is one usb slot.


Configuration:
1. Connect One of LAN ports with your computer.
Your computer will get a DHCP ip address from 192.168.1.0/24 network.
In my case, my laptop got 192.168.1.126 ip address and gateway is 192.168.1.1 which is 1100 appliance's default LAN interface ip.

Type http://192.168.1.1 or https://192.168.1.1 , the browser will automatically re-direct to https://192.168.1.1:4434 , which is default management interface of Check Point 1100 appliance.
 photo 1_zps1ihirpos.png
2. First Time Configuration Wizard 
It will guide you to complete basic configuration step by step.
 photo 2_zpsxl2bviqq.png
Authentication Details
 photo 3_zpsjkyt1cqi.png
Appliance Date and Time Settings
  
 photo 4_zpsliqvrfps.png
Appliance Name


 photo 5_zpstidzhwsn.png
Security Policy Management
 
 photo 6_zpsvaj2losj.png
Internet Connection
 
 photo 7_zps8jbdacls.png
Local Network
 photo 8_zpsrspjimpz.png
Administrator Access

 photo 9_zpssbpvtls7.png
Appliance Activation
 
 photo 91_zpsypbwszez.png
Skip Appliance license Activation 
 
 photo 92_zpsybf6us9a.png
Software Blades Activation
 photo 93_zps5fory8ap.png
Configuration Summary
 photo 94_zpst8zzpj77.png
Configuring the system for the first time
3.  Log in 1100 Appliance
 photo 95_zpsgk4obb82.png 


4. Firewall Access Policy Configuration



4.1 Static NAT Server Configuration


 photo 01_zpshnlob2gi.png
\ photo 02_zpsgnniwj0i.png
 photo 03_zpseccazxwp.png
 photo 04_zpsfoph8uuj.png


4.2 Outbound Internet Access Rule




4.3 Inbound Access Rule from Internet

In following screenshots, there are three parts:

  • Red rectangle part is Outgoing access to the Internet which is auto-generated rule from 4.2
  • Green rectangle part is Incoming rules and VPN rules
    • Yellow rectangle part is manual rules for inbound traffic
    • Blue rectangle part is those auto-generated rules from 4.1 by static server NAT configuration.






Reference:

Check Point 1100 Appliance - FAQ

No comments:

Post a Comment