Home > Checkpoint > CCSA Home Lab

CCSA Home Lab

As most of you may already know by now, I recently relocated to the beautiful Island of Bermuda and started a new gig. Part of my job role will be to deploy and support Checkpoint firewalls. This means that I would need to get up to speed on how these firewalls work pretty quickly. Given this, I figured it would be a good idea to blog about my experiences with these devices as a way to both understand and store my thoughts for future references.

Building a home lab for my studies turned out to be a whole lot easier than I had first  anticipated. Everything I needed to be able to study for the exams and also practice deploying the devices could be virtualized. Below you can find my home lab blue print.

  • Lenovo ThinkPad with 8GB of RAM and lots of disk space.
  • VMware Workstation 7
  • Two Windows Server 2003 VMs
  • One Windows 7 (host install on my laptop)
  • Two Security Gateways
  • One Security Management Server
  • Checkpoint SecurePlatform R75.20

One of the 2K3 VMs was configured with the RRAS role to act as a router while the other was used just as a general client sitting behind the firewall. Any client OS such as Windows XP/Vista/7 can work but  I was too lazy to install another OS, so I copied the VM for the server 2K3 🙂 . I also used my windows 7 host OS as a client sitting behind one of the gateways; this way I was able to do ping tests to the remote site when testing my VPN configurations.

As you can see, it’s a very basic setup, but should allow me to test most of the stuff relevant to the exams.

  1. March 20, 2012 at 5:50 PM

    Congrats on the new gig! To the dark-side huh? 🙂 Have fun!

  2. March 20, 2012 at 9:08 PM

    Jason Harry is my personal hero!

    keep up the good work brother

  3. BurnedCheckPointUser
    April 15, 2012 at 1:12 AM

    Best of luck, but we warned. I am a 4 year customer of checkpoint, and never again will I ever recommend their products. Their hardware appliances are absolute shit, the software is a bug riddled shitheap that has a never ending cascade of bugs and workarounds. Code is not linear so every time you move versions, you will find yourself running back into problems. Software blades using proxy daemons such as antivirus/antimalware/IPS can and will crash and blackhole your traffic. Other features like Identity Awareness cause a cavalcade of memory leaks which will bring your system to its knees. Also the support is inept at best. The architecture of CheckPoint is its undoing. General CPU has to handle not only the packets but also policy. You’ll be lucky to ever achieve 1/4 of the stated maximum bandwidth because the CPU’s for the interfaces will give out. Maybe they had a good thing with nokia and R65, but I can tell you from personal experience, run away from anything Power-1, UTM-1 or any of the newer “numbered” appliances like 12400 and 21400. They are low grade crap hardware.

    So um.. Yeah. Have fun with that.

  4. conor
    April 26, 2012 at 5:21 AM

    Hi Harry

    What are you using for your gateways in your diagram above?

    Thanks for you time


  5. April 26, 2012 at 8:16 AM

    Hi Conor,

    I’m actually using a Windows 2003 VM with the RRAS role configured.

  6. Krishna
    August 10, 2012 at 11:14 PM

    Hi Harry,

    I tried to do the same thing, I have setup Gateway on VM and the management server is on my host OS, but I am unable to ping from my Host machine to the VM, can you please help me out ,

    Thank in advance

  7. sam
    November 27, 2012 at 6:53 AM

    I have only one nic card on my laptop how did u configured inside and outside interfaces of the security gateway

  8. eric
    February 18, 2015 at 1:23 PM

    Hello , Iam Eric in the philly and I am seeking assisting with trying to setup checkpoint in a lab at my home. IF anyone can help please reach out..


  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: