Category Archives: VBox

Check Point on VBox

Following up on the last post, I reinstalled Check Point SPLAT as planned.   The installation again worked without any issues.    This time I installed 1G of RAM and 64G of disk from the start.  I used the basic RedHat profile offered by VBox.  So far everything seems to be working fine.  I have installed policies a couple of times and the firewall is generating log entries as expected.  I only have the management interface active since I wanted to install pure IPv6 on the others…  I expect that shouldn’t make a difference.

Finally, I left the firewall running overnight to see what happens when the PC goes into standby mode and VBox pauses the firewall system.  In the morning I woke the PC (moved the mouse) and then connected with SmartDashbord to the firewall.  Everything is working as if nothing happened, Tracker still active logging away.

Next step…  get Check Point to give me a FW-1/IPv6 license!

Check Point with IPv6

Just finished trying to get Check Point R71 running with IPv6.  Funny thing about Check Point licensing, you can’t install the IPv6 Advanced feature pack unless you have a Firewall-1/VPN-1 license in your user center.   I had downloaded the standard blade and security gateway evaluation licenses and these were not recognized as valid for the IPv6 pack.

Some interesting things that did work (at least for a while).  Check Point SPLAT installed without any problems on VBox 3.2.8 r64453.  During the installation process I selected RedHat Linux as the OS since SPLAT runs on a hardened version of RedHat.  Otherwise I selcted the following options: 8G disk, 1M RAM *double check*.  I also added three network interface, Intranet, DMZ and a bridged interface to the WLAN, which I defined as the management interface and gave a static address from the WLAN range.  Once complete I was able to access the Mgmt interface with a browser and complete the configuration steps.  I then downloaded the GUI and connected to the local SmartCenter.  I also generated licenses and installed them via the web browser with cut/paste.  Finally I added a basic rule entry to allow my Windows workstaion to access the firewall. Everything worked as planned, with one execption.  I tried to open SmartTracker and the only entry I saw was that the disk for the log was too small.  Could have something to do with the 8G disk I selected (although the installation didn’t complain).  I then shut down the system and tried to add another disk under VBox to give the system an additional 32G.  Unfortunately once I brought the firewall back up, I got the error message that it could not load the data base when I tried to access it with the management GUI.  I tried to fix the problem by resetting the applications.C file but that did not help, since I got same error message after starting the firewall again.

Next steps… I need to reinstall the firewall, this time with 32G disk to start and see if that helps.  I also need to get in touch with Check Point and see if I can’t get the test licensing worked out so that I can download the IPv6 feature pack.  According to the release notes, IPv6 should have full support on R71, so I would be interesed in seeing it work.

Test Environment

My test environment consists primarily of a single generic Compaq PC with a Intel dual core processor with 4G of memory.  It came with 64bit Windows7 installed.

Other than the Windows7 OS running on the PC, I am using exclusively OpenSource software.  I considered replacing Windows with a Linux desktop, but I decided against it since I am also interested in seeing how Windows7 works.  Instead, I downloaded OracleVirtualBox so that I can also install various Linux systems and still keep my Windows desktop.  VBox installed without any problems and I was able to install virtual hosts immediately.  The first host I installed was an Ubuntu desktop.  VBox comes with several networking methods (NAT, bridged, internal network, and host-only network).  Each has its own benefits which are explained very well in the documentation.

Of course being into networks, I have also downloaded and installed GNS3.  GNS3 is a network simulation tool which allows you to build virtual networks.  The virtual devices actually boot images in a similar way that VBox and VMWare install and boot virtual machines.  Thanks to a colleague of mine, I was able to obtain a couple of Cisco IOS images as well as an ASA image.

Once both tools are installed, the two virtual environments work very well together.  GNS3 can see both the VBox host-only network and the Microsoft Loopback adapter, which is bridged to the external LAN (my WLAN in this case).    By doing this you can build an internal network with a number of routers and Vbox end systems all reachable from your normal home devices.

Finally, I have installed Ubuntu virtual server which I use for testing server features.  The Ubuntu server is currently running Apache, MySQL, and PHP so that I could learn about b2evolution (the blogging engine I am using) before integrating it into the web site.

That’s what I have put together so far.  Next step is to add some configuration details of how each piece is configured since it did take some research to get things working and I need to get them documented.