Basic configuration of CheckPoint R75.40 Gaia

The information provided in this post describes the basic configuration of CheckPoint R75.40 Gaia. The software was installed in a VMware rather than a CheckPoint appliance. The ISO image file “Check_Point_R75.40_Gaia.iso” was download the CheckPoint usercenter.

Installation

  • Connect to the appliance/VM/server and boot from CD/ISO image
  • Click Ok to proceed with the installation
  • Select the appropriate “Keyboard” language
  • Modify or accept the default “Partitions Configuration”
  • Enter a strong password
  • Select the desired “Management Port”
  • Configure the IP address and default gateway for the “Management Interface”
  • Click Ok to proceed with the installation
  • When prompted reboot the appliance

Configuration

  • In order to complete the configuration you need to open a web browser and connect to the web gui using the IP address previously specified
  • Enter the username “admin” and the password you previously specified

Continue reading Basic configuration of CheckPoint R75.40 Gaia

Advertisements

Configuring Dynamic VLAN assignment on ProCurve switches

Introduction

The information contained in this post describes how to configure an HP ProCurve switch and Windows 2008 R2 NPS RADIUS server to authorise and assign users dynamically into specific VLANs.

The switch used is an HP ProCurve model 2610-48 running firmware version R.11.72

Configure VLANs

Create VLANs, define IP address and IP helper-address

VLAN 30

name “VLAN30”

ip address 192.168.30.1 255.255.255.0

ip helper-address 192.168.20.20

VLAN 40

name “VLAN40”

ip address 192.168.40.1 255.255.255.0

ip helper-address 192.168.20.20

Continue reading Configuring Dynamic VLAN assignment on ProCurve switches

Configuring 802.1x authentication on ProCurve Switches

802.1x is an open standards protocol, used for network clients on a user id basis. This post describes how to configure 802.1x on an HP ProCurve switch and authenticate against a Windows 2008 R2 NPS (RADIUS) server.

Open VLAN mode will be used, this involves creating an “Authorized” and “Un-Authorized” VLAN. Using Open VLAN temporarily ignores the ports static VLAN configuration and places the port in the “Un-Authorized” VLAN at which point the client will attempt authentication, if successful the port will dynamically place the port in the “Authorized” VLAN.

The switch used is an HP ProCurve model 2610-48 running firmware version R.11.72

Configuring the switch

Create the “Authorized” VLAN, define IP address and IP helper-address

VLAN 30

name “Auth”

ip address 192.168.30.1 255.255.255.0

ip helper-address 192.168.20.20

Create the “Un-Authorized” VLAN, define IP address and IP helper-address

VLAN 40

name “Un-Auth”

ip address 192.168.40.1 255.255.255.0

ip helper-address 192.168.20.20


Continue reading Configuring 802.1x authentication on ProCurve Switches

Configuring link aggregation between a Cisco and ProCurve switch

This scenario configures link aggregation between a Cisco Catalyst 3560-8 switch (IOS version 12.2.53) and an HP ProCurve 2610-48 switch (firmware version R.11.22) using the LACP protocol.

Cisco refers to an aggregated link as a “channel-group” whereas HP refers to it as a “Trunk”. To confuse things even more Cisco refers to an 802.1q tag port as “Trunk” where as HP refers to it as “Tagged”.

Cisco switch configuration

Configure the trunk on interfaces fa 0/1 and 0/2, configure as Trunk and create a Channel Group.

Create VLAN 600/601 and define IP addresses

Continue reading Configuring link aggregation between a Cisco and ProCurve switch

Configuring Citrix Web Interface and Load Balancing with Windows NLB

To configure Windows server 2008 R2 to load balance Citrix Web Interface 5.x is very simple procedure. The following procedure describes the basic steps involved.

Configure Citrix Web Interface

Open the Citrix Web Interface Management console

Click “XenApp Web Sites” and click “Create Site”

Modify the IIS site settings if required

Click “Set as the default page for the IIS site”

Specify the point of the authentication as “At Web Interface”

Click “Next” to finish creation of the site

Once the site is successfully created click “Next” to configure the site

Specify the Citrix Farm name, Citrix Servers and the XML port

Continue reading Configuring Citrix Web Interface and Load Balancing with Windows NLB

Configuring Citrix Receiver/Online Plug-in via Group Policy

To automatically configure Citrix Receiver or Online Plug-in with the Web Server Address on client computers you can utilise Group Policy Preferences to create the necessary registry key.

  • Create a new or modify an existing GPO and browse to Computer Configuration > Preferences > Windows Settings > Registry

  • Create “New” > “Registry Item”

Action – Replace

Hive – “HKEY_LOCAL_MACHINE”

Key Path – SOFTWARE\Citrix\PNAgent (32-bit client computers) OR

Key Path – SOFTWARE\Wow6432Node\Citrix\PNAgent (64-bit client computers)

Value Name – ServerURL

Value Type – REG_SZ

Value Data – http://SERVERNAME/Citrix/PNagent/config.xml

  • Click OK to finish
  • Once the Group Policies have been refreshed on the client computers, the registry entries should have been enforced.

  • Running the Citrix Online Plug-in should reveal the setting changes have been applied.

Troubleshooting WSUS

Clients disappearing from WSUS Console

Client computers registered in the WSUS console appeared to disappear / overwrite each other. Research revealed this was related to the fact the OS was imaged and the servers had an identical “SusClientID” registry key entries.

To resolve this issue, perform the following steps

  • Delete the SusClientId registry key

reg delete “HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate” /v SusClientId /f

  • Restart the “Windows Update” service

net stop wuauserv
net start wuauserv

  • Reset the WSUS authorization. From a command line enter the following command

wuauclt /resetauthorization /detectnow

Automatic Update client unable communicate with WSUS Server – Error 80072ee2

Several computers (all running Server 2008) failed to communicate with the internal WSUS server. The servers were not experiencing any networking problems and there was no firewall blocking traffic. Checking the C:\Windows\WindowsUpdate.log revealed the following error message.

WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <192.168.1.254>

Researching the issue revealed that Window Update does NOT rely on Internet Explorer’s Proxy server settings (which in this instance were blank) but rather the WinHTTP service. This service is configured via netsh.

  • Run “netsh winhttp show proxy” to show the whether WinHTTP proxy is configured

  • Run “netsh winhttp reset proxy” to connect to Internet directly without using any kind of proxy server.
  • Force Update detection by running “wuauclt /detectnow” from a command prompt

Checking the WindowsUpdate.log file again, browse to the end of the log file should start logging entries

2012-02-22    14:17:54:295     780    d5c    AU    Triggering AU detection through DetectNow API

2012-02-22    14:17:54:295     780    d5c    AU    Triggering Online detection (non-interactive)

2012-02-22    14:17:54:295     780    1fd4    AU    #############

2012-02-22    14:17:54:295     780    1fd4    AU    ## START ## AU: Search for updates

2012-02-22    14:17:54:295     780    1fd4    AU    #########

Check the WSUS console after a period of time will hopefully reveal the client server is now able to communicate successfully.

The Packet University

What's on your wire[s]?

popravak

Just another WordPress.com site

mrn-cciew

My CCIE Wireless Journey & More.....

CCIE or Null!

My journey to CCIE!

Daniels networking blog

Networking articles by CCIE #37149

DreezSecurityBlog

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

Danielhertzberg's Blog

My name is Daniel Hertzberg CCIE#37401 I blog about all things Network!

Packet6

Network & Wireless Engineering