Greetings, friends! Welcome to the third lesson. Today we will prepare the layout on which we will train. An important point!
Do you need a mockup or can you get by just watching the course?
Personally, I think that without practice, this course will be absolutely useless. You just do not remember anything. Therefore, before proceeding to the next lessons, be sure to complete this!
Laboratory Stand Topology
And so, I already showed you the layout topology. It looks like this:
It consists of:
- Server Management (SMS), which is located in the local network;
- Security Gateway (Security gateway), which is located on the imaginary perimeter of the network. The gateway has three interfaces. External, Internal and DMZ;
- User's computer – User PC. He will go online via SG;
- Computer with SmartConsol. With it, we will manage the settings;
- Windows server in the DMZ, which performs the roles of a Domain Controller and a Web Server (i.e., the IIS service is running).
Where are we going to deploy all this? In general, there are three options:
- VMware Workstation;
Personally, I will use VMware Workstation, because It is a little more convenient and accessible to everyone.
Then we need two images:
- Check Point Gaia R80.20 for server management;
- Check Point Gaia R80.20 for gateway.
Yes, unlike 80.10, these two images are different. Download iso files here..
According to system requirements. There is a document Check Point R80.20 Release notes. There is a table showing the minimum system requirements for the OpenServer option:
As you can see, for the gateway we need a minimum 2 cores, 4GB RAM and 15GB hard drive. For management requirements are much higher. it 2 cores, 6GB of RAM and 500GB hard drive. We will naturally use less, because we do not need a large repository under Logs. We only have a layout.
Below are the parameters of "virtualok" that we will create:
- SMS: 6GB RAM, 2 vCPU Cores, 50GB HDD;
- SG: 4GB RAM; 2 vCPU Cores; 50GB HDD;
- 3 virtual adapters.
If you remember our layout, there are just three interfaces in the gateway.
My computer, on which the layout will be deployed, will also be virtual. With the following characteristics – CPU – 4 vCPU Cores, RAM – 16GB, HDD – 200GB
Why is he virtual? Just because my laptop "does not pull" such a scheme. Therefore, I created a “virtual machine” with Windows 10 on ESXi, within which I will be raising the layout on VMware Workstation. Why am I not creating the whole layout on ESXi? A reasonable question, maybe it would be more convenient. But, I'm afraid that many students of the course do not have a virtualization server at hand, but you can always install VMware Workstation.
If you go back to our scheme, the computer – PC with VMware Workstation and there is my virtual workstation. I will connect to it via RDP and deploy a layout there.
Of course, you can deploy the layout directly on your computer if it meets the specified requirements. If your computer is weaker and you do not have a virtualization server at hand, then again, you can contact the NTC Training Center and request access to the layout. The following is a video tutorial, where we look at the layout and show how to create a virtual adapter.