Collection of NotesFirewallEVENG – Add Check Point Image
Collection of NotesFirewallEVENG – Add Check Point Image
Firewall

EVENG – Add Check Point Image

pan

1. Register Account for Check Point

1.1 Register Account on Check Point Website

This is only the account to log in Check Point website.

1.2 Register Account under User Center

I can register my personal and company info here and choose the product for evaluation. Download Check_Point_R80.10_T479_Gaia.iso.

2. Create EVENG Image from ISO

2.1 Upload the ISO file to EVENG

Bash
root@eve-ng: mkdir /opt/unetlab/addons/qemu/cpsg-R80-10GW
root@eve-ng: cd /opt/unetlab/addons/qemu/cpsg-R80-10GW
root@eve-ng: mv Check_Point_R80.10_T479_Gaia.iso cdrom.iso

# create HDD drive for new checkpoint image
root@eve-ng: /opt/qemu/bin/qemu-img create -f qcow2 hda.qcow2 80G
Formatting 'hda.qcow2', fmt=qcow2 size=85899345920 encryption=off cluster_size=65536 lazy_refcounts=off refcount_bits=16

2.2 Install Check Point in EVENG Lab

Add a new lab and add the Check Point device. Select VNC for console connection or it won’t load the iso file.

After all the setting, it installs the system. It asks to reboot the system after the installation. Then shut the system down.

2.3 Set up Check Point

Start the Check Point node and open the Web Gui from https://{ IP}.

For Check Point Management, create a differenet folder like cpsg-R80-10MG. Do all the steps for CPMG but choose security management as the product.

SIC activation key is like a password set manually.

2.4 Commit the Change to HDD Drive

Obtain the lab and node details.

Bash
root@eve-ng: cd /opt/unetlab/tmp/0/23ec22b6-b677-46ad-aed6-24f0967a34b4/4/
root@eve-ng:/opt/unetlab/tmp/0/23ec22b6-b677-46ad-aed6-24f0967a34b4/4# ls
dev  hda.qcow2  jail  lib  lib64  opt  usr  wrapper.txt

# Commit the change to be used as default for further use in EVENG
root@eve-ng:/opt/unetlab/tmp/0/23ec22b6-b677-46ad-aed6-24f0967a34b4/4# /opt/qemu/bin/qemu-img commit hda.qcow2

3. Add Node in New Lab

Since the IP was set during the system setup, each new node will use the same IP. Therefore the IP needs to be changed.

Bash
expert
set expert-password

# Enter expert mode
vim /etc/sysconfig/network-scripts/ifcfg-eth0

# Add the custom config
DEVICE=eth0
BOOTPROTO=static
IPADDR=10.0.0.2
NETMASK=255.255.255.0
GATEWAY=10.0.0.254
ONBOOT=yes

# Restart network service
service network restart

# Check interface config
ifconfig eth0

Leave a Reply

Your email address will not be published. Required fields are marked *