CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.

First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E


Results 1 to 4 of 4

Thread: R80 Lab

  1. #1
    Join Date
    Rep Power

    Default R80 Lab


    I believe that someone else has already prepared the R80 and R80.10 labs for the CCSA and CCSE courses.
    I have a doubt on that matter: how have you created the A-Guest machine (Android or Windows 10 mobile) ?
    Thank you

  2. #2
    Join Date
    Colorado, USA
    Rep Power

    Default Re: R80 Lab

    At Shadow Peak we didn't use the A-Guest VM for CCSA R80/R80.10 at all, mainly due to our experience with past versions of the courses that have called for a BYOD scenario with Android running in VMWare Workstation. The lack of VMWare Tools for Android caused mouse control issues along with frequent lockups that required hard power-cycling the A-Guest VM. In an online class, trying to work with the A-Guest VM via a RDP session with the mouse was much worse and essentially unusable.

    I created the following alternative steps to replace this optional BYOD part of the lab and let the student see everything, page numbers below are for CCSA R80.10:

    p. 365, #1: Skip this step. You are already logged into A-HOST.

    p. 365, #3: When accessing Internet sites from the A-HOST VM in this step, ensure you are not attempting to visit any sites/applications specified in the Marketing Access rule to avoid getting prompted for authentication by the Captive Portal.

    p. 366, #5 & #6: There will be no user name logged yet as shown in the screenshot.

    p. 367-376: Completely replace steps #1-27 on all these pages with the following six steps:

    1. Close all web browser windows on A-HOST.

    2. On A-HOST open a new Firefox or IE web browser window and visit http://www.youtube.com. The Captive Portal appears because this site is only permitted for the Marketing Access Role, and the user is currently unknown to the firewall.

    3. Use Active Directory (LDAP) login User1 and password Chkp!234 to authenticate; this user is a member of LDAP group “Odd” you added to the Access Role object earlier.

    4. Try to visit website http://www.utorrent.com Can you access this site? Why not?

    5. Close all web browser windows on A-HOST.

    6. From the SmartConsole on A-GUI, select the Logs & Monitor tab, clear all filters, then select Top Blades...Identity Awareness in the Tops pane to view the Captive Portal authentication event log.

    *** END OF LAB 7.1 ***
    Third Edition of my "Max Power 2020" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

  3. #3
    Join Date
    Rep Power

    Default Re: R80 Lab

    Thank you very, very much for your prompt answer.

    By the way, I'm a big fan of your book !!

  4. #4
    Join Date
    Rep Power

    Default Re: R80 Lab

    Kudos, Tim!

    Valeri Loukine


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts