CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 4 of 4

Thread: R80 Lab

  1. #1
    Join Date
    2016-11-01
    Posts
    5
    Rep Power
    0

    Default R80 Lab

    Hi


    I believe that someone else has already prepared the R80 and R80.10 labs for the CCSA and CCSE courses.
    I have a doubt on that matter: how have you created the A-Guest machine (Android or Windows 10 mobile) ?
    Thank you

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,231
    Rep Power
    13

    Default Re: R80 Lab

    At Shadow Peak we didn't use the A-Guest VM for CCSA R80/R80.10 at all, mainly due to our experience with past versions of the courses that have called for a BYOD scenario with Android running in VMWare Workstation. The lack of VMWare Tools for Android caused mouse control issues along with frequent lockups that required hard power-cycling the A-Guest VM. In an online class, trying to work with the A-Guest VM via a RDP session with the mouse was much worse and essentially unusable.

    I created the following alternative steps to replace this optional BYOD part of the lab and let the student see everything, page numbers below are for CCSA R80.10:

    p. 365, #1: Skip this step. You are already logged into A-HOST.

    p. 365, #3: When accessing Internet sites from the A-HOST VM in this step, ensure you are not attempting to visit any sites/applications specified in the Marketing Access rule to avoid getting prompted for authentication by the Captive Portal.

    p. 366, #5 & #6: There will be no user name logged yet as shown in the screenshot.

    p. 367-376: Completely replace steps #1-27 on all these pages with the following six steps:

    1. Close all web browser windows on A-HOST.

    2. On A-HOST open a new Firefox or IE web browser window and visit http://www.youtube.com. The Captive Portal appears because this site is only permitted for the Marketing Access Role, and the user is currently unknown to the firewall.

    3. Use Active Directory (LDAP) login User1 and password Chkp!234 to authenticate; this user is a member of LDAP group “Odd” you added to the Access Role object earlier.

    4. Try to visit website http://www.utorrent.com Can you access this site? Why not?

    5. Close all web browser windows on A-HOST.

    6. From the SmartConsole on A-GUI, select the Logs & Monitor tab, clear all filters, then select Top Blades...Identity Awareness in the Tops pane to view the Captive Portal authentication event log.

    *** END OF LAB 7.1 ***
    --
    Second Edition of my "Max Power" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

  3. #3
    Join Date
    2016-11-01
    Posts
    5
    Rep Power
    0

    Default Re: R80 Lab

    Thank you very, very much for your prompt answer.

    By the way, I'm a big fan of your book !!

  4. #4
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,028
    Rep Power
    14

    Default Re: R80 Lab

    Kudos, Tim!
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •