need to get some checkpoint experience...

atomiser

atomiser

atomiser

Associate
Joined
28 May 2003
Posts
1,852
hi there,

ok so as far as firewall experience goes i'm a juniper netscreen guy... but i'm now looking for new employment and there isn't a huge amount of work around here. i've been taught by way of principles, so believe that picking up and running with pix and checkpoint ought to be fairly straightforward.

i've managed to snag a pix 515e running v6.x code with an extra fast ethernet card installed, which whilst not exactly the newest piece of kit available, it still seems to support a decent amount of stuff, and i think it is worth learning... plus it hasn't cost me anything either, so result!

so, onto checkpoint... been checking out the bay and there are some 'nokia ip330 firewall checkpoint ipso' available for much cheapness. they are advertised as 'returned to factory defaults'. i've contacted the guy to find out a bit more about them...

...but thought someone on here may be able to offer some advice too.

many thanks.
 
ok, so i probably should have added that i have no way of getting hold of any hardware + os + checkpoint unless i buy it all together... and i dont have a huge amount of cash to chuck at this, trying to do it as cheaply as possible... hence being interested in this item which seemed to offer it all...
 
Be advised that if you get a Nokia that has been returned to factory defaults there is NO Check Point license, as such you will only get a 15 day run or 30 days if you get an eval from Check Point user center.

Lesson 1: Unlike Juniper and PIX where you get a Firewall license with the box, you need a separate Check Point license with a Nokia. If you do learn Check Point and work at a reseller/distributor you will never forget this lesson.

All that you get with the Nokia is Check Point is installed, there is no license to run it.

Better bet is just go to Check Point and ask to eval pack

https://getsecure.checkpoint.com/GetSecure/productSelect.do

fill in new customer details and select a Media Pack for VPN-1 power.

Run up a Virtual Software system, Virtual Server(tested), Virtual Box are all free and install as a Red Hat Enterprise Linux 3.0 machine and use the SecurePlatform CD from the pack and will install on 512Mb RAM and 12Gb Disk. Reset the date every 14 days as it comes with a 15 day license built in and away you go.

Also comes with full docs on CD.

Not going to get cheaper then that. I guarantee it.

If coming from Juniper be prepared for a different way of working altogether. No zones, no concept of internal/external. You have to have a Management Server. I have been a Check Point CCSA, CCSE for 7 years so can probably answer most questions you will find yourself asking. You will just need to wait for me to check the forum.
 
hi there,

thanks for the *very* informative response! :) :)

what do i need to do in terms of setting up a management server? or is this info in the doc cd?

in terms of netscreen i've used nsm before - so firewall > nsm > client running on my workstation. is checkpoint similar?

many thanks.
 
Very similar

You can run the SMARTCenter, (NSM) on the same box as the Gateway software or on seperate. Most people do seperate in a corporate environment.
But unlike Juniper where the NSM is optional with Check Point you must have a SMARTCenter installed.
You can use the same CD for both.

The SMARTConsole (GUI Client) then on an XP machine.

The docs are pretty clear on how to install.

SecurePlatform is Red Hat but stripped down. If used NSM then you will know enough Linux to use SPLAT without a problem.
 
nsm was installed a consultant...i am, for the time being, a linux noob! one of the guys in the office is rhce though, so i'm sure i'll manage to muddle through!
 
Check Point provide a cpshell that is limited and ? gives you the list of commands.

You only need to goto expert mode which is basically a super user and plain red hat linux occaisonally. When you do Check Point basically provide a cut and paste experience.

I have worked with Nokia appliances for 7 years which run a BSD variant and SecurePlatform since it came out and I still consider myself a linux noob as they hide the linux from you.
 
You must log in or register to reply here.
Back
Top Bottom