CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 4 of 4

Thread: R80 Lab

  1. 2017-05-03 #1
    ppsilva
    ppsilva is offline Junior Member
    Join Date
    2016-11-01
    Posts
    5
    Rep Power
    0

    Default R80 Lab

    Hi


    I believe that someone else has already prepared the R80 and R80.10 labs for the CCSA and CCSE courses.
    I have a doubt on that matter: how have you created the A-Guest machine (Android or Windows 10 mobile) ?
    Thank you
    Reply With Quote Reply With Quote
  2. 2017-05-03 #2
    ShadowPeak.com
    ShadowPeak.com is offline Senior Member
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,252
    Rep Power
    17

    Default Re: R80 Lab

    At Shadow Peak we didn't use the A-Guest VM for CCSA R80/R80.10 at all, mainly due to our experience with past versions of the courses that have called for a BYOD scenario with Android running in VMWare Workstation. The lack of VMWare Tools for Android caused mouse control issues along with frequent lockups that required hard power-cycling the A-Guest VM. In an online class, trying to work with the A-Guest VM via a RDP session with the mouse was much worse and essentially unusable.

    I created the following alternative steps to replace this optional BYOD part of the lab and let the student see everything, page numbers below are for CCSA R80.10:

    p. 365, #1: Skip this step. You are already logged into A-HOST.

    p. 365, #3: When accessing Internet sites from the A-HOST VM in this step, ensure you are not attempting to visit any sites/applications specified in the Marketing Access rule to avoid getting prompted for authentication by the Captive Portal.

    p. 366, #5 & #6: There will be no user name logged yet as shown in the screenshot.

    p. 367-376: Completely replace steps #1-27 on all these pages with the following six steps:

    1. Close all web browser windows on A-HOST.

    2. On A-HOST open a new Firefox or IE web browser window and visit http://www.youtube.com. The Captive Portal appears because this site is only permitted for the Marketing Access Role, and the user is currently unknown to the firewall.

    3. Use Active Directory (LDAP) login User1 and password Chkp!234 to authenticate; this user is a member of LDAP group “Odd” you added to the Access Role object earlier.

    4. Try to visit website http://www.utorrent.com Can you access this site? Why not?

    5. Close all web browser windows on A-HOST.

    6. From the SmartConsole on A-GUI, select the Logs & Monitor tab, clear all filters, then select Top Blades...Identity Awareness in the Tops pane to view the Captive Portal authentication event log.

    *** END OF LAB 7.1 ***
    --
    Third Edition of my "Max Power 2020" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com
    Reply With Quote Reply With Quote
  3. 2017-05-03 #3
    ppsilva
    ppsilva is offline Junior Member
    Join Date
    2016-11-01
    Posts
    5
    Rep Power
    0

    Default Re: R80 Lab

    Thank you very, very much for your prompt answer.

    By the way, I'm a big fan of your book !!
    Reply With Quote Reply With Quote
  4. 2017-05-08 #4
    varera
    varera is offline Senior Member
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,030
    Rep Power
    18

    Default Re: R80 Lab

    Kudos, Tim!
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules