Connectra Virtual Appliance Evaluation Guide

Similar documents
ITCorporation HOW DO I INSTALL A FRESH INSTANCE OF ANALYZER? DESCRIPTION RESOLUTION. Knowledge Database KNOWLEDGE DATABASE

Security Gateway Virtual Edition

SRA Virtual Appliance Getting Started Guide

Contents. Limitations. Prerequisites. Configuration

Platform Compatibility... 1 Known Issues... 1 Resolved Issues... 2 Deploying the SRA Virtual Appliance... 3 Related Technical Documentation...

VMware ESX ESXi and vsphere. Installation Guide

Proofpoint Threat Response

Basic Configuration Installation Guide

SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6. Getting Started Guide

Installing Cisco WebEx Social

Installing and Upgrading Cisco Network Registrar Virtual Appliance

Threat Response Auto Pull (TRAP) - Installation Guide

Installing and Configuring vcenter Support Assistant

Installing the Cisco Nexus 1000V Software Using ISO or OVA Files

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

RecoverPoint for Virtual Machines

Global Management System (GMS) Virtual Appliance 6.0 Getting Started Guide

UDP Director Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)

Configuring the SMA 500v Virtual Appliance

NexentaStor VVOL

Getting Started with ESXi Embedded

Installing or Upgrading ANM Virtual Appliance

WatchGuard XTMv Setup Guide Fireware XTM v11.8

Check Point vsec for Microsoft Azure

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Basic Configuration Installation Guide

Getting Started with ESX Server 3i Installable Update 2 and later for ESX Server 3i version 3.5 Installable and VirtualCenter 2.5

Stealthwatch Flow Sensor Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)

Cisco Prime Collaboration Deployment

QUICK SETUP GUIDE VIRTUAL APPLIANCE - VMWARE, XEN, HYPERV CommandCenter Secure Gateway

Installing and Configuring vcloud Connector

Configure the Cisco DNA Center Appliance

Gnostice StarDocs On-Premises API Virtual Appliance

WatchGuard XTMv Setup Guide

Configure the Cisco DNA Center Appliance

Preparing Virtual Machines for Cisco APIC-EM

Preparing Virtual Machines for Cisco APIC-EM

Implementing Infoblox Data Connector 2.0

OneSign Virtual Appliance Guide

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline 1.4

Deploying the Cisco ASA 1000V

Getting Started with ESX Server 3i Embedded ESX Server 3i version 3.5 Embedded and VirtualCenter 2.5

MaaS360.com. MaaS360 On-Premises. Database Virtual Appliance Setup Guide

Version 2.3 User Guide

NetScaler Analysis and Reporting. Goliath for NetScaler Installation Guide v4.0 For Deployment on VMware ESX/ESXi

IronKey EMS On-Prem 7.1 Quick Start Guide

VMware vsphere 5.5: Install, Configure, Manage Lab Addendum. Lab 3: Configuring VMware ESXi

UDP Director Virtual Edition

HyTrust Appliance Installation Guide

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline Collector 2.0

Deploying the Cisco Tetration Analytics Virtual

IronKey EMS Quick Start Guide. version 7.2 DataLocker Inc. June, 2018

Deployment of FireSIGHT Management Center on VMware ESXi

Deploying the LANGuardian Virtual Appliance on VMware ESXi 6.5

ACE Live on RSP: Installation Instructions

QUICK START GUIDE Cisco Virtual Network Management Center 2.0 Quick Start Guide


Deploy the ExtraHop Trace Appliance with VMware

VMware vfabric Data Director Installation Guide

Installing and Configuring vcloud Connector

vapp Deployment and Configuration Guide

VMware vfabric Data Director Installation Guide

vsphere Replication for Disaster Recovery to Cloud

Installation of Cisco Business Edition 6000H/M

Creating an IBM API Management Version 2.0 environment

vcenter Server Installation and Setup Update 1 Modified on 30 OCT 2018 VMware vsphere 6.7 vcenter Server 6.7

Deploy the ExtraHop Discover Appliance with VMware

Install and Configure FindIT Network Manager and FindIT Network Probe on a VMware Virtual Machine

vshield Quick Start Guide

Quick Start Guide ViPR Controller & ViPR SolutionPack

Cisco VDS Service Broker Software Installation Guide for UCS Platforms


Installing Cisco MSE in a VMware Virtual Machine

Hands-on Lab Manual. Introduction. Dell Storage Hands-on Lab Instructions. Estimated Completion Time: 30 minutes. Audience. What we will be doing

HiveManager Virtual Appliance QuickStart

vsphere Replication for Disaster Recovery to Cloud vsphere Replication 6.5

Installing Cisco Virtual Switch Update Manager

IBR Virtual Appliance Getting Started Guide

Quick Start Guide ViPR Controller & ViPR SolutionPack

VMware Infrastructure Planner

Cisco ACI Simulator VM Installation Guide

dctrack Quick Setup Guide (Recommended) Obtain a dctrack Support Website Username and Password

SonicWall SMA 8200v. Getting Started Guide

vcenter Server Installation and Setup Modified on 11 MAY 2018 VMware vsphere 6.7 vcenter Server 6.7

HyTrust CloudControl Installation Guide

Cisco VVB Installation

ECDS MDE 100XVB Installation Guide on ISR G2 UCS-E and VMWare vsphere Hypervisor (ESXi)

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Deploying Cisco UCS Central

How to Deploy vcenter on the HX Data Platform

KEMP 360 Central for vsphere. Installation Guide

Read the following information carefully, before you begin an upgrade.

Virtual Appliance User s Guide

All - In - One for Hyper- V

Installing Your System Using Manual Deployment

VPN-1 Power VSX NGX R65 Upgrade Guide

Cisco Business Edition 7000 Installation Guide, Release 10.6

Transcription:

Connectra Virtual Appliance Evaluation Guide This document is intended for users who are new to Check Point products and would like to evaluate and review Connectra Virtual Appliance. We recommend reading the Connectra Virtual Appliance for VMware Getting Started Guide for further information and to understand how Connectra Virtual Appliance can be deployed in your business environment. In This Document What is Connectra Virtual Appliance? page 1 How Do I Get Started? page 2 Creating A Connectra Virtual Appliance Machine page 3 Importing Connectra Virtual Appliance page 3 Configuring Connectra Virtual Appliance page 4 Setting Up Your Remote Access page 7 More Information page 8 Documentation Feedback page 9 What is Connectra Virtual Appliance? Connectra NGX R66 Virtual Appliance is a full, unified remote access solution that makes corporate applications and network resources securely available to mobile and remote users. While identical in its capabilities to its Appliance and Software siblings, offering Clientless and Client-based access, strong authentication, compliance checks, session security, fine grained access controls, and so on, the option of Connectra Virtual Appliance offers some distinct benefits to organizations: Disaster Recovery/Business Continuity: While practically all businesses now need to offer remote access on an on-going basis to a subset of their workers and partners, there is also a growing need to be prepared for disruptions that result in a massive number of workers needing to work remotely. The Connectra Virtual Appliance can be provisioned in minutes for these situations. As a file, it can be transferred electronically from place to place and stored until the need arises, when it is just "played" on the appropriate VMware ESX cluster. The Hardware can be allocated dynamically so investment in cold hardware is minimized, resulting in vast cost savings. Check Point is also offering affordable Business-Continuity licenses that help reduce the overall cost of remote access readiness for such events. Population-specific Remote Access Gateways: For some organizations it is important that specific groups of users access resources through dedicated remote access gateways, offering a different look and feel, with different security requirements, and, perhaps, managed by different administrators. Such specific groups might consist of board members, financial advisors, lawyers, or special customers or partners. Connectra Virtual Appliance is a more cost-effective way to deploy a dedicated remote access gateway for such groups of users. The provisioning of such virtual machines takes minutes and hardware can be allocated dynamically. Copyright 2008 Check Point Software Technologies, Ltd. All rights reserved 1

How Do I Get Started? Connectra Virtual Appliance runs on Check Point s SecurePlatform, a pre-hardened, secure operating system. SecurePlatform is easy to use and manage, from either a WebUI or an industry-standard command line interface (CLI). When you install Connectra Virtual Appliance, SecurePlatform is automatically installed and machines are ready for configuration in just a few steps. Virtualization of hardware resources represents the cutting edge of today s computing technology, providing cost-effective, scalable solutions for dynamic network environments. Virtualization allows you to create multiple virtual computers on a single hardware platform. With Connectra Virtual Appliance for VMware, Check Point brings its state of the art remote access solutions to the virtualized world, ensuring secure remote access for all of your physical and virtualized network resources. How Do I Get Started? Connectra Virtual Appliance enables you to easily deploy Connectra as a virtual machine that is already configured and optimized for a VMware ESX environment. A virtual machine created using Connectra Virtual Appliance runs on Check Point s SecurePlatform and includes the following components: 1 CPU, 512MB of allocated memory, 12GB of disk capacity that can be extended, and one virtual network interface with drivers set to e1000 for optimal network performance. To use Connectra Virtual Appliance, import a file to the ESX server and add it to your virtual machine inventory. Once you log in to the Connectra Virtual Appliance, the configuration wizard guides you through the initial configuration. The configuration continues through the WebUI, where you download the Check Point SmartDashboard, which is the convenient GUI interface for managing Connectra and other Check Point utilities. Deployment Example Figure 1 illustrates a simple locally managed Connectra environment on a VMware ESX host. Many other deployments are also possible, including centrally managed deployments where Connectra is managed by a SmartCenter that can also mange other gateways. Figure 1 Example of a Connectra Virtual Appliance Deployment In this simple example, a locally managed Connectra gateway allows access to the Web Server and Email Server that are located on the ESX Host in addition to allowing clientless access to the File Server residing on the physical network. Connectra Virtual Appliance Evaluation Guide 2

Creating A Connectra Virtual Appliance Machine Administrators manage network access using SmartDashboard from any client having connectivity with the Connectra gateway. Virtual machines and all other VMware objects are managed using the Virtual Infrastructure Client. All virtual machines in this example reside on a single ESX Server host, which is protected by a physical VPN-1 gateway serving as a perimeter firewall. The perimeter firewall is a critical component because it protects the ESX Server host itself from external threats. Creating A Connectra Virtual Appliance Machine In the sections to follow are instructions for setting up a locally managed Connectra deployment, like the deployment depicted in Figure 1 on page 2. The steps are: 1. Importing Connectra Virtual Appliance: Import the Connectra Virtual Appliance machine to the ESX Server. 2. Configuring Connectra Virtual Appliance: Configure Connectra on the Connectra Virtual Appliance machine. 3. Setting Up Your Remote Access: Define users, applications, and access rules for remote access and install the policy. Importing Connectra Virtual Appliance To use Connectra Virtual Appliance, import a file to the ESX server and add it to your virtual machine inventory. Importing the OVF Virtual Appliance If you are running a VMware ESXi 3.5 or ESX 3.5 Server, or using Virtual Center 2.5, import the Connectra Virtual Appliance machine using the Check_Point_Connectra_R66_VA_OVF.zip file, as described below. To import Connectra Virtual Appliance to the ESX Server from the Check_Point_Connectra_R66_VA_OVF.zip file and create a new machine: 1. Download the Check_Point_Connectra_R66_VA_OVF.zip file from the VMware Virtual Appliance Marketplace to the machine where the VMware Virtual Infrastructure Client is installed. 2. Extract the Check_Point_Connectra_R66_VA_OVF.zip file to the new folder using any decompression utility. 3. Open the VMware Virtual Infrastructure client. 4. Connect to the ESX Server where you want to deploy Connectra Virtual Appliance. 5. In the Getting Started tab, in Basic Tasks, choose Import a Virtual Appliance, or select File > Virtual Appliance > Import. 6. Select Import from file, and choose the.ovf file from the folder from where you extracted the.zip file. Click Next. 7. View the Virtual Appliance Details. Click Next. 8. Type a name for the virtual machine. Click Next. 9. Select the datastore where the Connectra Virtual Appliance files will be accumulated in the ESX Server. Click Next. 10. In Network Mapping, select the proper Network port groups according to your topology. Click Next. Connectra Virtual Appliance Evaluation Guide 3

Configuring Connectra Virtual Appliance 11. Click Finish to complete the Virtual Machine Wizard. It may take a few minutes for the new machine to appear in the inventory. 12. Select the machine from the inventory and Power On the machine. When powering on your Connectra Virtual Appliance machine for the first time, you may get a Virtual Machine Message stating that the virtual machine s configuration file has changed. Select Create and then click OK to start the machine. Continue with Configuring Connectra Virtual Appliance on page 4. Importing the Virtual Appliance to Earlier ESX Servers If you are running a VMware ESX 3.0.2 Server or using Virtual Center 2.0, import Connectra Virtual Appliance using the Check_Point_Connectra_R66_VA.tgz file. To import Connectra Virtual Appliance to the ESX Server from the Check_Point_Connectra_R66_VA.tgz file and create a new machine: 1. Connect to the ESX Server using SSH. 2. Within the ESX Server, create a folder under /vmfs/volumes/<storage>/<folder name>/ where <folder name> and <storage> are folders that the administrator chooses. 1. Download the Check_Point_Connectra_R66_VA.tgz file from the VMware Virtual Appliance Marketplace to the machine where the VMware Virtual Infrastructure Client is installed. 2. Extract the.tgz file to the new folder using tar (tar -zxvf Check_Point_Connectra_R66_VA.tgz). 3. Open the VMware Virtual Infrastructure Client and connect to the ESX Server or Virtual Center. 4. Select the desired ESX Server. 5. Click on the Summary tab. Within the Resources pane, under Datastore, double-click the desired storage file, and browse to the location where you extracted the Check_Point_Connectra_R66_VA.tgz file. 6. Right-click on the.vmx file and select Add to Inventory. 7. In the Add to Inventory Wizard, type a name for the new virtual machine. Click Next. 8. Select a Resource Pool to run the virtual machine. Selecting a Resource Pool allows you to determine which resources a virtual machine is using. Click Next. 9. Click Finish to complete the Virtual Machine Wizard. It may take a few minutes for the new machine to appear in the inventory. 10. Select the machine from the inventory and Power On the machine. When powering on your Connectra Virtual Appliance machine for the first time, you may get a Virtual Machine Message stating that the virtual machine s configuration file has changed. Select Create and then click OK to start the machine. Configuring Connectra Virtual Appliance This section describes how to configure a locally managed Connectra Virtual Appliance through the WebUI. You can also follow the same basic process using the cpconfig command in the SecurePlatform command line. Whether running the First Time Configuration Wizard through the WebUI or through the command line, first sign in to the machine through the console to change your IP address and default gateway, if necessary. If you want to configure centrally managed Connectra, you must also install the Connectra NGX R66 Plug-in on a SmartCenter server. See the Connectra NGX R66 Getting Started Guide for detailed information. Connectra Virtual Appliance Evaluation Guide 4

Configuring Connectra Virtual Appliance Logging in to the Connectra Machine 1. In the Console tab, log in to the machine using admin as the username and admin as the password. 2. When prompted, change the default user name and password. Ensure that the new password contains more than six characters and has a combination of upper and lower case letters and numbers. 3. To change the IP address or to run the complete configuration wizard through the command line, run: cpconfig then follow the on-screen instructions. To run the configuration wizard using the WebUI, follow the instructions below in Running the First Time Configuration Wizard. Running the First Time Configuration Wizard 1. Connect to the WebUI by opening a supported Web browser on a machine that has network connectivity to Connectra, and connect to the administrative user interface. By default this interface has an IP address over port 4433 (an SSL port). Unless you have already changed the IP address using cpconfig, the default address is https://192.168.1.1:4433. 2. The End-User License Agreement opens. To accept its terms, click I Accept. 3. When the login window opens, enter the default system administrator username/password (admin/admin) unless you have already changed it, and click Login. 4. Change the administrator password, as prompted unless you have already changed it. The First-Time Configuration Wizard begins to run. Click Next. 5. In the Network Connections page, define the network connections. Click Next. 6. In the Routing Table page configure routing. For centrally managed Connectra, if the machine will be a Connectra cluster member, configure a default gateway on the subnet of the data interface. Click Next. 7. Set the Host Name, and optionally, Domain Name, and DNS Servers and click Next. 8. In the Device Date and Time Setup page, set the date and time. Cluster member clocks must be synchronized to within a few seconds. Time settings may also affect the behavior of certificate validation. For a cluster, select Use a Network Time Protocol (NTP) to synchronize the clock for reliable synchronization using a time synchronization service. Click Next. 9. In the Web/SSH Clients page, any Web or SSH client authorized to access the Connectra WebUI is displayed. Click Add to add a new host. Type any as a hostname to enable access from any Web/SSH client. A hostname can also contain a wildcard or IP address range. 10. When all desired hosts appear in the Web/SSH list, click Next. 11. Select the type of management configuration you want for Connectra and click Next. Locally: To configure locally managed Connectra, where Connectra manages itself. Centrally: To configure Connectra that is managed centrally from a SmartCenter Console. Clusters are only supported in a centrally managed configuration. For more information on these configuration options see the Connectra NGX R66 Getting Started Guide. This procedure continues with instructions for configuring locally managed Connectra. Note - Once you select locally or centrally managed, switching to the other option will require a new installation. Connectra Virtual Appliance Evaluation Guide 5

Configuring Connectra Virtual Appliance 12. The Connectra GUI Clients page opens: a. Hosts authorized to connect to Connectra are displayed. Click Add to add a new host. b. Type any as a hostname to enable a connection from any GUI client. A hostname can also contain a wildcard or IP address range. c. When all desired hosts appear in the GUI Client list, click Next. 13. Type a user name and password of the Connectra Administrator and click Next. 14. In the Download SmartConsole Applications page, click Download to download the SmartConsole. When prompted, click Run. The Check Point Installation Wizard opens. Installing Check Point SmartConsole To install the Check Point SmartConsole on the GUI client: 1. Click Next to proceed with the Check Point Installation Wizard 2. Follow the on-screen instructions to download the SmartConsole. 3. Wait while the software is installed. 4. Click Next to proceed from the Download SmartConsole Applications page. Completing the First Time Configuration To complete the Connectra First Time configuration: 1. Click Finish to complete the First Time Configuration Wizard. When prompted, click Yes to start the configuration process. Wait for the Connectra configuration to be complete. A dialog box opens stating that the Connectra initial device configuration process is complete. 2. Click OK. The Device Status page opens, displaying information about your device. 3. Click Close to exit the WebUI. 4. If you downloaded SmartConsole Applications, dialog boxes may open telling you that SmartConsole is installing. Follow the on-screen instructions to continue. Logging in for the First Time To log in to the SmartDashboard: 1. Open SmartDashboard by selecting Start > Programs > Check Point SmartConsole NGX R65 > SmartDashboard. 2. Log in using the User Name and Password defined in the Configuration Tool s Administrators page during Connectra configuration. 3. Type the name or IP address of the SmartCenter server and click OK. 4. Manually authenticate the SmartCenter server using the Fingerprint provided during the configuration process. You can see this Fingerprint by connecting to your SmartCenter via SSH and clicking on Product Configuration > Certificate Authority. When you have confirmed that the two fingerprints match, click Approve. 5. The SmartDashboard opens. Connectra Virtual Appliance Evaluation Guide 6

Setting Up Your Remote Access Setting Up Your Remote Access All of the locally managed Connectra Virtual Appliance features and access rules are managed through the SmartConsole, the main window of which is SmartDashboard. The steps needed to establish remote access are: Define Users and User Groups Define Applications Create Access Rules Install the Access Policy on the network objects. All of these steps can be modified, and repeated at any time. Defining a User Group and User Users with common needs are gathered into user groups. Access control policies are assigned to groups rather than individual users. To define a User Group: 1. In the Connectra tab of the SmartDashboard, in the navigation tree, select Users and Authentication > Internal Users > User Groups. 2. In the User groups page, click New. 3. In the Group Properties window, type the Group Name, and click OK. To define a User: 1. In the navigation tree, select Users. 2. In the Users page, click New User and select Default. 3. In the User Properties window, in the General tab, type the user s Login Name. 4. In the Groups tab of the User Properties window, assign the User to the user Group. Select the group you created from the Available Groups column. Click Add to move the group to the Belongs to Groups column. 5. Click OK to exit the User Properties window. Defining Applications Define the various types of applications to which you want to allow remote access. To define an application: 1. In the navigation tree, select an application from the Applications list. 2. In the page of the selected application, click New. 3. In the General Properties page of the selected application window, type the application s Name. 4. Select Authorized Locations from the navigation tree and fill in the relevant information, then click OK. Creating Access Rules You must create access rules to establish which user groups have access to which applications, when connecting through a Connectra gateway. Below is an sample rule base that you can create. Connectra Virtual Appliance Evaluation Guide 7

Users Accessing Connectra Figure 2 Sample Rule Base Creating Access Rules To add an access rules: 1. Select Access to Applications from the navigation tree. 2. Click Add. 3. From the User Groups tab of the Access to Applications window, select Add to add the User Groups that you want to include in the rule. Then select the group or groups from the Select User Groups window and click OK. 4. From the Applications tab of the Access to Applications window, select Add. 5. Select Manage > New to create new applications that you can add to the rule. Select OK when you are finished adding applications. Installing the Access Policy After you have defined objects and Access Rules, SmartCenter Management makes it easy to install the policy. 1. Select Policy > Install. 2. Click Yes when prompted, to confirm that you want to replace the current policy. The Policy installs on each target. 3. Click Close to exit the Installation Process window. Users Accessing Connectra Once access rules have been established, users access the Connectra gateway by typing the URL of the gateway into a web browser. After signing in, users can safely access the permitted applications. More Information To learn more about Connectra Virtual Appliance, see the Connectra Local Management Administration Guide or the Connectra Central Management Administration Guide. To learn more about Check Point products and remote access options, visit the Check Point website at www.checkpoint.com. Connectra Virtual Appliance Evaluation Guide 8

Documentation Feedback Documentation Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments to: cp_techpub_feedback@checkpoint.com Connectra Virtual Appliance Evaluation Guide 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback