45-Bridge Mode Lab
45-Bridge Mode Lab
45-Bridge Mode Lab
If your Deployment having complex routing or You don’t want to change the existing network
ip/routing system. Then you can deploy checkpoint as a bridge mode for security. Bridges
operate at layer 2 of the OSI model, therefore adding a bridge to an existing network is
completely transparent and does not require any changes to the network's structure or IP
Network. Just you need place it before your gateway device and it will act as a transparent
firewall. Bridge interfaces connect two different interfaces (bridge ports). Bridging two
interfaces causes every Ethernet frame that is received on one bridge port to be transmitted to
the other port. Thus, the two bridge ports participate in the same Broadcast domain. Only two
interfaces can be connected by a single Bridge interface. These two interfaces can then be
thought of as a two-ports switch. Each port can be a physical, VLAN, or bond device. Bridge
interfaces can be configured on Check Point Security Gateway, and can be used for different
deployments. The Firewall inspects every Ethernet frame that passes through the bridge.
Using Checkpoint in Layer 2 can be used when you need a Checkpoint firewall that intercept
traffic between two sides of the same network. You configure two ports that acts as a switch in
the gateway itself and all traffic that traverses these two ports in both directions are inspected
by the Checkpoint Security Gateway firewall.
Some features, Software Blades and deployments are not supported in Bridge Mode:
Mobile Access Software Blade
IPsec VPN Software Blade
Full High Availability deployment
NAT on Gateways
Access to Portals from bridged networks, if the bridge does not have an assigned IP address
Anti-Virus Traditional Mode
Identity Awareness authentication other than AD Query
Now it will prompt you, First-time configuration wizard. Click on the Next to start your
configuration.
Now configure Network Connection of eth0 (Management Interface), and then Click on Next.
Choose the installation type, Select the Security gateway or Security management option here.
Put User name and password for your Security management. Then click on Next.
Click on Finish button. Then you will see installation process going on wait until completion.
Now again Access Checkpoint firewall from your browser with Management IP Address
(https://192.168.114.50). Then put User name and password then Login. Now we successfully
Install and Configured Checkpoint Firewall Security Gateway. Now we are on Security Gateway
Dashboard.
SmartConsole:
Now, let’s download SmartConsole from Gaia Portal to manage software Blades and other
security settings. Click on main overview page Download Now.
Click Next… Next to install SmartConsole on Windows 10 Management PC, open SmartConsole
type username and password click LOGIN.
To verify the Certificate Fingerprints login to Security Gateway or Security Management Server
type command cpconfig type option 8.
Security Policy:
In SmartConsole, go to Security Policies > Access Control > Policy and then configure the
required policies. In this case let’s modify the default cleanup rule change the action to Accept
and enable the logs click on track.
When you select Install Policy, you are prompted to publish all unpublished changes. You
cannot install a policy if the included changes are not published.