By Manny Fernandez

November 14, 2019

Initial Config for a Stand Alone Checkpoint 1450 Appliance

I have many firewalls from many vendors.  I have Palo Alto, Cisco, Juniper, SonicWall, Barracuda, and now a Checkpoint.  Since I do not have a Central Manager, I am setting this one up as a stand-alone device or managed locally.

2019-11-14_21-46-07.png

Connect your PC to port1 of the firewall and set your computer for DHCP.  Open your web browser and browse to https://192.168.1.1:4434

2019-11-14_21-34-57.png

You will need to set and administrator  name and password.  Optionally, you can Enforce Password Complexity and hit Next

2019-11-14_21-35-29.png

Next, we will set the Date, Time and  Time Zone

And click Next

2019-11-14_21-36-18.png

Next we will assign a host name and the corresponding domain name.

2019-11-14_21-36-37.png

As I stated before, I do not have a Central Manager so I will choose Local management

2019-11-14_21-37-11.png

Since I am not putting this on the REAL Internet, I am going to choose the Configure Internet connection later

2019-11-14_21-37-53.png

Next, I am going to disable the local switch since I only want to use port1 as the management interface and the others may be connected to other devices in my lab.  Since I have other devices on my management port, I am disabling the DHCP server on this LAN.

2019-11-14_21-38-25.png

Here we can define what interfaces I want to allow management from.  In my case, I am choosing the default which is LAN and VPN. We can also configure trusted hosts where we can permit access from certain IPs and/or subnets.

2019-11-14_21-39-36.png

Since I do not have lics for this device, I am just going to hit Next

2019-11-14_21-39-53.png

You will of course get an error telling you that by skipping this step, you are going to use the trial license.

2019-11-14_21-40-18.png

Now we will enable the various BLADES which is analogous to features you want to enable.

2019-11-14_21-40-41.png Lastly, we have the final validation where you need validate your configuration and hit Finish

2019-11-14_21-40-58.png

You will see the device rebooting.

2019-11-14_21-45-53.png

Now you can log in with the IP address you set,

 

 

 

Recent posts

  • If you've spent any time configuring user authentication on... Full Story

  • DNS is one of those technologies that quietly underpins... Full Story

  • BGP issues on FortiGate firewalls usually trace back to... Full Story

  • Every time your laptop talks to your router, a... Full Story

  • If you've spent any time configuring NAT on a... Full Story

  • If you have spent any time configuring firewall policies... Full Story

  • High availability on FortiGate is one of those features... Full Story

  • If you've configured SD-WAN on a FortiGate, you've almost... Full Story

  • FortiLink is the management protocol that turns a FortiSwitch... Full Story

  • FortiSwitches are pretty rock solid from Mean Time Between... Full Story

  • This is a quicky tip.  Have you ever gone... Full Story

  • DNS is one of those quiet pieces of internet... Full Story

  • This article is an updated version of the previous... Full Story

  • You will add ns2 as a secondary (slave) BIND9... Full Story

  • In the process of deploying my lab, I needed... Full Story

  • RFC 8805, used to be known as Self-Correcting IP... Full Story

  • Years back, I wrote an article about certificate pinning. ... Full Story

  • FortiGates have the ability to send alerts to Microsoft... Full Story

  • In this post, I am going to walk through... Full Story

  • Troubleshooting VoIP on a FortiGate can feel like trying... Full Story

  • Prior to FortiOS 7.0, there were three commands to... Full Story

  • In this post, I am going to go over... Full Story

  • What we are going to do:  We are going... Full Story

  • Choosing between FGCP (FortiGate Clustering Protocol) and FGSP (FortiGate... Full Story

  • Creating a VLAN on macOS (The "Pro" Move) A... Full Story

  • This blog post explores the logic behind how macOS... Full Story

  • Pretty Fly for a Wi-Fi Tell My Wi-Fi Love... Full Story

  • Part of my daily gig is creating BoMs (Bill-of-Materials)... Full Story

  • ICMP introduces several security risks, but careful filtering, rate... Full Story

  • The command diag debug application dhcps -1 enables full... Full Story

  • In the world of FortiOS, execute tac report is... Full Story

  • LLDP; What is it The Link Layer Discovery Protocol... Full Story

  • What it actually does When you run diagnose fdsm... Full Story

  • Monkey Bites are bite-sized, high-impact security insights designed for... Full Story

  • I have run macOS in macOS with Parallels but... Full Story

  • Don't be confused with my other FortiNAC posts where... Full Story

  • This is the third session in a multi-part article... Full Story

  • Today I was configuring key-based authentication on a FortiGate... Full Story

  • Netcat, often called the "Swiss Army knife" of networking,... Full Story

  • At its core, IEEE 802.1X is a network layer... Full Story

  • In case you did not see the previous FortiNAC... Full Story

  • This is our 5th session where we are going... Full Story

  • Now that we have Wireshark installed and somewhat configured,... Full Story

  • The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story

  • Overview FortiOS 8.0 introduces custom tags as a first-class... Full Story

  • These are two distinct mechanisms on FortiOS, and conflating... Full Story

  • Replacement messages are the pages and text blocks that... Full Story