Video Transcription

00:00
So in the previous demonstration, High created
00:06
two security groups. They were both regular
00:09
security gateway security groups.
00:12
So
00:13
now I'm going to demonstrate
00:15
a little bit
00:17
of a mix. I'm going to create one
00:21
security group
00:22
with, uh, bsx not enabled
00:25
than a 2nd 1 with V Essex selected till have one security gateway
00:31
and one V s ex gateway.
00:34
So
00:35
going through the first time
00:38
wizard,
00:40
adding the sicky and so on,
00:49
populating a couple of appliances into the security group
00:53
management interface and a couple of uplink appliances,
00:57
and I forgot to delete the villain.
01:00
So I'm gonna go ahead, do that real quick.
01:03
I'm really compulsive
01:04
for neatness, I suppose.
01:11
And
01:12
there's
01:14
gotta be a better way to do this.
01:17
Select each one
01:19
individually, but it occurs to me that you can use shift and control,
01:25
select multiple
01:26
and
01:29
try that.
01:30
And
01:32
indeed,
01:34
this is a better way.
01:34
So
01:36
there you go
01:38
and
01:38
select multiple gateways or multiple interfaces
01:42
using the shift or control keys, modify the clicks,
01:49
so populate a couple of uplink interfaces in the security group,
01:57
read a second security group, and
02:00
populate the single management object
02:02
at work.
02:05
And then
02:06
also the first time wizard settings
02:22
so unimaginative
02:23
security group name
02:32
and select installers via ***. So this will be a
02:37
Pius V SX gateways
02:39
security management object
02:40
populated with a couple of
02:44
security gateway modules. And
02:49
I want to get there. We are. Don't want to get
02:51
the same management interface
02:53
and a couple of uplink interfaces.
02:59
Now that
03:00
all that's done,
03:01
go ahead and
03:05
apply. So we're looking at the configuration, making sure it's correct and where
03:10
sending the configuration out to the selected security Gateway modules
03:15
and now
03:16
security Gateway modules
03:19
be restarting
03:21
and I'll pause for a bit
03:24
while waiting for the security gateway modules to to restart.
03:30
So they have restarted and I am connected to the Web user interface of the first security groups. Single management object
03:45
and
03:46
sorry keyboard problem Now
03:51
managed to type the password
03:53
again. It's, ah, the default password because this is a brand new single management objects, So admin admin
04:00
Just make a couple of setting changes here.
04:02
Nice long time out for the command line interface as well as the Web user interface
04:09
in production, you probably wouldn't have a time out this long. Don't forget to apply
04:14
and also
04:15
change the password.
04:16
So from the default admin to a top secret super secret password
04:27
Now configure the network interfaces thes air the up link interfaces that I attached
04:32
to this security group
04:41
And
04:43
for this demonstration,
04:45
Zien
04:47
the one at work
04:53
both interfaces will be configured
05:04
once that's done.
05:06
No,
05:08
Normally, I would open the other security groups Web user interface, but
05:14
it's a V s ex group,
05:15
so Web user interface isn't supported.
05:18
So I'm gonna skip that step
05:20
next
05:23
smart Consul,
05:25
create the objects
05:29
So we have to security groups. One is
05:32
the SX, the other is not V SX. So
05:35
will be creating
05:38
two objects in smart Consul one will be
05:44
usual
05:45
security gateway object and the other will be of bsx gateway object
05:50
creating the security gateway object populating it with an aim that I configured for the service of single management object
05:59
i p address I configured for the single management object
06:02
established sick
06:03
using the activation key that I configured
06:13
and apology
06:15
now be fetched
06:18
and it looks very nice.
06:25
So next, um
06:28
well,
06:30
close the topology will close the the brand new security gateway object
06:34
and create another object in this case Ah V s ex gateway object
06:46
and
06:46
the process
06:48
follows the same lines. But
06:51
it's a little It looks a little bit different.
06:54
Uh,
06:55
but again, use Thea
06:57
the name I configured in the second security group TVs X Security group used the I p address that I configured in that second security group
07:04
and the version is
07:06
already got 20
07:10
scalable platform.
07:12
In this demo environment,
07:15
I'll just take the default shared interface,
07:18
provide the activation key that was specified when I created the second Security group
07:32
and select
07:34
one interface to be villain trunk
07:39
and maybe both.
07:40
How about both interfaces, Beeville and trucks?
07:45
I really don't want toe configure the management interface to be a villain trunk in this demo environment.
07:50
No,
07:53
in a production environment that that might make sense.
07:59
So
07:59
ah, the villain trunks can be used by virtual switches
08:05
to
08:05
to provide
08:07
multiple virtual systems with their own connective ity. Out. You've seen one physical in this case, virtual physical interface
08:22
issues with my mouse selecting
08:24
Oh, I I want toe reserve one interface. That's not a V SX. Sorry. Not a feel an interface.
08:31
I forgot. I only had to a plane. Jenner faces here.
08:37
So we'll set one of them not to be a villain, Trump,
08:41
and enable some
08:43
policy some some simple policy on the V s ex gateway itself.
08:50
Though you may want to just check all of the options
08:54
for the security rules to add,
08:58
except for the last
09:01
any any, any drop.
09:03
And
09:05
when you
09:07
click next, it automatically starts the process of we publisher changes. We start creating the V Essex's Gateway object.
09:18
We push policy to the V s ex gateway object
09:24
and and recall the V s ex gateway. That's the outer shell that that represents the physical server
09:30
that will be running the virtual systems.
09:35
So now
09:37
I wanna create
09:39
virtual system to run inside of that bsx gateway.
09:43
First, I'm gonna install policy to the other security gateway
09:50
one that is just a regular security gateway.
09:58
Don't let that run
10:01
and
10:03
create ah via a virtual system
10:05
on that bsx gateway.
10:22
Very imaginative
10:24
name for that virtual system.
10:26
And there's only one choice for the
10:28
bsx, gateway
10:35
and figure. Internal and external interfaces
10:41
and periods are important,
10:46
as is the brake sub net mask
10:50
or going
10:52
default gateway at this point
10:58
or internal will use ah V Land
11:07
and
11:07
I p address.
11:09
Imaginative
11:11
but
11:13
that mask complete with periods.
11:15
Next,
11:16
the virtual system will be created on the ts X gateway. And again, this automatically publishes any changes,
11:24
starts the process of creating that virtual system
11:28
in configuration on the management server
11:31
and then
11:33
on the V Essex's gateway itself.
11:35
And this will take a while. So
11:39
we will, uh,
11:41
pause.
11:43
Until this is done.
11:50
The virtual system has has been created.
12:00
I expand that virtual gateway of es XK when I mean object. See the virtual system.
12:07
But install policy is the same policy that has been installed on my security. Gateway will be installed on this virtual system
12:22
then,
12:24
but that just install it on both the security gateway and the
12:30
virtual system.
12:39
Yeah,
12:41
so
12:43
this is a
12:45
virtual system
12:46
running
12:48
on all of the
12:50
security gateway modules that are plugged in or that are attached to this service group
12:58
outside this security group, the, um,
13:01
policy successfully installed array. That's always good.
13:07
If you're planning to deploy
13:09
bsx in a maestro environment,
13:11
there's some limitations that you should know. This is the list of
13:16
already got 20 scalable platform known limitations,
13:20
and the first
13:22
is that
13:31
virtual switch is not supported
13:33
without
13:35
a jumble. Hot fix
13:37
and
13:39
second, is that
13:43
virtual routers are not supported.
13:46
There's not a fix for that available,
13:48
so
13:50
it requires a jumble hot fix and already got 20
13:54
in order to use virtual switches correctly.
13:58
Virtual routers are not supported
14:05
and
14:07
same thing in our 80.30 scalable platform. There's a hot fix required
14:11
or virtual switches.
14:13
Virtual routers are not yet supported at the time of this video.

Up Next

Check Point Jump Start: Maestro Hyperscale Network Security

In this course brought to you by industry leader Check Point, they will cover the Maestro Orchestrator initial installation, creation and configuration of security group via the web user interface and SmartConsole features. This course provides a demonstration of the Maestro product. Course will prepare you for their exam, #156-412, at Pearson VUE.

Instructed By

Instructor Profile Image
CheckPoint
Instructor