Check Point R75 SecurePlatform Part III

We are now at the final part in this installation series. In this tutorial we will be connecting to the SecurePlatform HTTPS web server, downloading the Management tools, installing the management tools and connecting to the gateway.
1. Log into your management station or desktop and browse to the management interface of the Check Point firewall. In this tutorial we will browse to https://192.168.10.50. Click Yes to accept the certificate.
2. Login with your SecurePlatform user credentials. In this case i’ll login with the account cpadmin.

3. On the left hand side browse to Product Configuration – Download SmartConsole and click Download. Either save it to a location or click run.

4. Click Run.

5. The installation wizard begins. Click Next.

6. Click Yes to accept the License Agreement.

7. Click Next to accept the default destination folder.

8. I’m going to install all products. Click Next.

9. I’d like to Add SmartConsole shortcuts to the desktop, so i’ll select that option and click Finish.

10. Start up the Check Point Smart Dashboard program. Enter in your username, password and the management IP address of the Check Point gateway.
11. You will be presented with the Fingerprint. Click Approve.
12. You have now successfully connected to the firewall and ready to further configure your firewall rules, nat, IPS, Application Control, Anti-spam, etc

Check Point install R75 SecurePlatform Part 2

We will now continue on with Part 2 of the Check Point R75 Installation tutorial where we will configure the rest of the gateway settings and install the Check Point products.
1. We have now completed the previous Part 1 of the tutorial and have just changed the admin username from admin to cpadmin and were prompted to run sysconfig for system and product configuration. Type sysconfig and press enter.

2. The wizard begins. Type n and press enter to proceed to the next screen.

3. First up we are presented with some network configuration options.

4. Press 1 for Host Name configuration and set a host name for the Check Point gateway. When you are finished type e and press enter to go back to the previous screen.

5. Press 2 and set a domain name for the Check Point gateway. When you are finished type e and press enter to go back to the previous screen.

6. Press 3 to setup DNS server for name resolution. When you are finished type e and press enter to go back to the previous screen.

7. Press 4 to enter into the Network configuration options. Since we have only configured the internal interface with an ip address, we’ll need to configure our external interface. Type 2 and press enter to configure a connection, select eth0 and configure your external ip address, subnet mask and default gateway. When you are finished type e and press enter to go back to the previous screen.

8. Pressing 5 and entering into the routing configuration menu allows you to either set a new default gateway or show the current default gateway. When you are finished type e and press enter to go back to the previous screen.

9. Type n and press enter to proceed to the next screen. In this screen we can set our time zone, date, local time and display the current time settings. Set this as per your location. When you are finished type n and press enter to proceed to the next screen.

10. As this is a brand new installation we do now have any import configuration files, so we can just press n for next.

11. We have finished with the SecurePlatform side and now we can start installing the Check Point products we will be using. It is important to note that you don’t need to install all the products in this step, you can come back at a later stage, type sysconfig and install the software that you wish to use. Press n for next.

12. Press y to access the License Agreement.

13. Select New Installation and press n for next.

14. In this tutorial we will just be installing Security Gateway, Security Management, SmartEvent and SmartReporter Suite, Management Portal and Mobile Access. Press n for next.

15. As this is the first Gateway we will select Primary Security Management. Press n for next.

16. We will just be installing SmartReporter and SmartEvent Server. Press n for next.

17. You are now displayed a brief summary of what products you have chosen to install. If you are happy press n for next otherwise feel free to go back and make changes.

18. The installation begins.

19. Once the installation is finished there are just a few more settings that are needed before the gateway is ready. If you have a license I would wait to use SmartUpdate later on to install them. I will not be adding any licenses now. Press n.

20. Yes we will want to add an administrator to this Security management server. Press y.

21. Type the new administrators username and password.

22. Yes we will want to define GUI clients to be able to manage this gateway. Press y.

23. I would like to add my internal subnet as a GUI client. I type in 192.168.10.0/255.255.255.0, press enter, then press ctrl-D. Lastly confirm this is correct by pressing y.

24. The Fingerprint of the Security Management Server is displayed. This can be used to verify that you are connecting to the correct server. You have an option to save this to a file. I won’t be saving this so I’ll type n.

25. The installation is now complete. You must reboot to put the settings into effect. Press Enter.

26. Type reboot and Y to confirm. Once your firewall has booted up, you can continue onto Part 3, which will show you how to install the management tools and connect to the firewall.

Check Point R75 Installation PART1

This 3 part tutorial guide will show you how to install Check Point R75 Secure Platform. I’m using this image file for the install – Check_Point_R75.Splat.iso which can be downloaded from the Check Point website and is fully operational for 15 days for you to evaluate. The good thing about the Check Point installations is that they are very similar between versions. So you can also follow this guide for earlier version. Let’s begin!
1. Insert the DVD or boot the ISO image and boot the server. You will be presented with the Check Point SecurePlatform installation.

2. In between the previous step and this step your hardware would of been scanned and either found suitable or unsuitable for Check Point SecurePlatform. You can also add drivers by clicking on Add Driver. Click Ok.

3. Select your keyboard type and click Ok.

4. In this lab I have two network cards connected to my Check Point gateway. eth0 is for outside or untrusted networks and eth1 is for internal or trusted networks. I want to configure the internal network card at this stage. Select your internal network card and click Ok.

5. Enter the IP address and subnet mask. Only enter inthe default gateway information if you are configuring the external interface, as I’m configuring the internal interface I will leave the Default Gateway blank. Click Ok.

6. I want to turn on the HTTPS secure web server and have it run on port 443. This is the default setting. Click Ok.

7. Your hard drives will now be formatted and the SecurePlatform operating system installed. Click Ok.

8. The install is now complete. As you can see you can login to the secure web server by browsing to https://192.168.10.50 which we will use later. Click Ok and the server will be rebooted.

9. When the server has rebooted you are presented with the login prompt at the console. The default username and password is admin and admin. Once you type this in you are prompted to change the password. Enter in a new password.

10. You have the option to change the admin username as well. In this tutorial I will be changing it to cpadmin.

11. The username has now been changed and you are prompted to run sysconfig to further configure the gateway and install Check Point products. Please continue onto Part 2 of this Installation series.

Clearing hung TCP session on a Cisco router

R1#debug ip tcp trans
TCP special event debugging is on
R1#term mon
R1#
messages
connection queue limit

2) Take a look at: 

R1#sh tcp brief
TCB       Local Address   Foreign Address        (state)
6353F5E8 10.10.3.5.1720   10.11.3.24.12871      SYNRCVD
63555A14 10.10.3.5.1720   10.11.3.23.12814      SYNRCVD
6353AEFC 10.10.3.5.1720   10.11.3.24.12872      SYNRCVD
6350B2DC 10.10.3.5.1720   10.11.3.24.12875      SYNRCVD
63488D44  10.10.3.5.23    10.11.3.23.11265      ESTAB
63571718 10.10.3.5.1720   10.11.3.24.12914      SYNRCVD

All of the TCB's associated with TCP port 1720 are 'hung' (SYNRCVD).
The associated TCP Control Block (TCB) are highlighted in a PINKISH colour.

3) To clear them, clear the associated TCB:
R1#clear tcp tcb 6353F5E8
[confirm]y
[OK]
R1#
R1#clear tcp tcb 63555A14
[confirm]y
[OK]
R1#
R1#clear tcp tcb 6353AEFC
[confirm]y
[OK]
R1#
R1#clear tcp tcb 6350B2DC
[confirm]y
[OK]
R1#
R1#clear tcp tcb 63571718
[confirm]y
[OK]
R1#