Deploy a Web Server Part 1
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:07
>> Welcome to the Check Point Jumpstart training.
00:07
How to deploy a CloudGuard network security
00:07
and threat prevention product lab.
00:07
Exercise 4 part 1,
00:07
how to deploy a web server.
00:07
In the previous exercise,
00:07
we deployed a CloudGuard gateway,
00:07
and we attached it in between the frontend subnet,
00:07
and the backend subnet.
00:07
In this fourth exercise,
00:07
we're going to deploy a third subnet,
00:07
and install, and deploy a web server on this subnet.
00:07
Then we'll configure a firewall policy and
00:07
net rule base to be able to
00:07
communicate to this web server from the Internet.
00:07
Also, we're going to need to
00:07
configure routes on the virtual network,
00:07
routes that will forward
00:07
all traffic to and from the web server,
00:07
to pass through and be
00:07
inspected by the CloudGuard gateway.
00:07
Let me show you how to do this.
00:07
Let's get started. Let's first create the third subnet.
00:07
Go to the Launch menu,
00:07
and then scroll down to the Virtual network.
00:07
Let's click on that.
00:07
I only have one virtual network in my deployment,
00:07
myVNET virtual network that we created in exercise 1.
00:07
Let's open that.
00:07
Then go to the subnet subtab.
00:07
Here, we see two subnets that we created before.
00:07
We have the frontend subnet and the backend subnet.
00:07
Remember, the management station is
00:07
attached to the frontend subnet,
00:07
and the firewall is attached to
00:07
both the frontend and the backend subnet.
00:07
I want to create an additional subnet.
00:07
Let's click on Add a subnet.
00:07
Now, we need to add details about this subnet.
00:07
The name, let's call it the Web-net.
00:07
The address range,
00:07
notice that automatically,
00:07
it added to next available address range
00:07
in the /24 subnet.
00:07
We'll keep the suggestion of 10.0.2.0/24.
00:07
Let's select "Okay."
00:07
The deployment is now in progress.
00:07
The deployment is completed; that was fast.
00:07
Let's hit the refresh button.
00:07
There we go, the web-net is created.
00:07
Next, I want to create a routing table,
00:07
and then add routes to it.
00:07
First, let's create a routing table.
00:07
Go to your Home menu and select Create a resource,
00:07
which takes us to the marketplace.
00:07
Let's search for route.
00:07
We want the route table.
00:07
Let's select Create route table.
00:07
Let's add the details.
00:07
The subscription is the same.
00:07
Resource group, I will pick the first one.
00:07
Region? We'll keep the same US East region.
00:07
But in your case,
00:07
you might need to change it to your region.
00:07
Name? What do I want to call the route table?
00:07
Let's call it myVNETroutes.
00:07
Select "Next," we get the Tabs menu.
00:07
Not going to tag anything now,
00:07
but you could, if you like.
00:07
Let's hit "Review and Create."
00:07
Validation is complete.
00:07
Let's select "Create."
00:07
This will go fast.
00:07
Deployment is in progress.
00:07
The deployment has completed.
00:07
Let's Go to resource.
00:07
We have the route table,
00:07
but notice that there is no routes.
00:07
All we did was create a route table.
00:07
Now, let's add some routes.
00:07
Let's go to the route submenu,
00:07
hit "Enter," select "Add," to add routes.
00:07
We need to give our first route a name.
00:07
Intra_VNET. This route is
00:07
for all the machines that are part
00:07
of myVNET virtual network.
00:07
We need to add the route prefix,10.0.0.0/16.
00:07
All routes that are going to myVNET,
00:07
where do I wanted to send them to?
00:07
Next top type.
00:07
We need to select the Virtual appliance.
00:07
The virtual appliance is our CloudGuard gateway.
00:07
Let's add the CloudGuard gateway IP address, 10.0.1.4.
00:07
Remember, this is the IP that
00:07
the gateway received from the backend subnet.
00:07
This route says that anything
00:07
>> that is going to a destination network
00:07
>> that falls within the 10.0.0.0/16,
00:07
>> range, send the packet
00:07
to the virtual appliance with IP of
00:07
10.0.1.4, let's accept that and select "Okay."
00:07
I want to add two other routes.
00:07
Select "Add," one more time.
00:07
For a second route,
00:07
again, I need to give it a name.
00:07
Let's call it a default GW.
00:07
This will be the route for
00:07
the default path of last resort.
00:07
Address prefix will be 0.0.0.0/0.
00:07
If you go to any IP period,
00:07
where do we send it to?
00:07
Again, we need to select the Virtual appliance.
00:07
This is our CloudGuard gateway with
00:07
the IP address of 10.0.1.4.
00:07
This route basically says,
00:07
send all traffic to the gateway.
00:07
Unless you have a specific route,
00:07
which are what the other routes are for,
00:07
again, select "Okay" to continue.
00:07
The route is being added in the background.
00:07
The route is complete.
00:07
Now, we have two routes in this routing table.
00:07
We will add a third route.
00:07
Again, select "Add."
00:07
This route is for microsegmentation
00:07
>> for the web network.
00:07
>> Let's call it that,
00:07
>> Microsegmentation-subnet-10.0.2.0.
00:07
>> The address prefix is 10.0.2.0/24.
00:07
The next hop is the gateway, once again,
00:07
>> which is what Azure calls
00:07
>> the Virtual appliance.
00:07
>> The next hop address,
00:07
and I think you get the hang of this, is 10.0.1.4.
00:07
This route says,
00:07
there might be multiple hosts in
00:07
the same subnet, the web-net subnet.
00:07
These hosts do not talk directly to each other.
00:07
All traffic must first go to
00:07
the CloudGuard gateway for
00:07
access, permission and inspection.
00:07
If it is accepted,
00:07
then the traffic is routed to its destination.
00:07
Even though the destination
00:07
>> might be on the same network,
00:07
>> it still needs to go to the CloudGuard gateway.
00:07
Microsegmentation is a very powerful security weapon,
00:07
by taking advantage of
00:07
some very creative routing Cloud capabilities.
00:07
Select "Okay," to continue.
00:07
Deploying, route successfully at it.
00:07
Now, I have added three routes to myVNET routing table.
00:07
But this routing table is not attached to any subnets,
00:07
and so it's not being enforced by any network.
00:07
That is what we're going to do next.
00:07
Select "Subnets."
00:07
Notice that this route table is
00:07
not associated to any subnets;
00:07
it is blank. Let's select "Associate."
00:07
What subnet should we associate to this routing table?
00:07
Remember, the microsegmentation route is
00:07
for the network of 10.0.2.0.
00:07
Let's select the myVNET virtual network.
00:07
Now, let's select the web-net subnet.
00:07
It's saving a route.
00:07
Route is saved.
00:07
Now, this route table is
00:07
associated to the web-net subnet.
00:07
Let's now go to the Overview tab.
00:07
Notice that we have three routes and one subnet.
00:07
Before exiting, let's recap once again.
00:07
We created that third subnet called web-net,
00:07
with a range of 10.0.2.0/24,
00:07
which falls within myVNET, VPC range.
00:07
We created a routing table called MyRoutetable.
00:07
We added three routes to this route table,
00:07
which all point to the CloudGuard gateway,
00:07
the virtual appliance,
00:07
default 0.0.0.0.0/0 with the next hop of 10.0.1.4.
00:07
Enter VNET of 10.0.0.0/16 via next hop of 10.0.1.4.
00:07
Microsegmentation route,
00:07
10.0.2.0/24 via next hop of 10.0.1.4.
00:07
We then associated this route table to the VNet subnet.
00:07
This completes the end of exercise 4, part 1.
00:07
In part 2 of exercise 4,
00:07
we're going to create a web virtual machine
00:07
and then add it to
00:07
the web-net subnet. I'll see you there.
Up Next
Instructed By
Similar Content
