1100_Box_zps7kgdt4uz.jpg?resize=600%2C712&ssl=11100_Box_zps7kgdt4uz.jpg?resize=600%2C712&ssl=1
Check Point 1100 Appliance

A couple of months ago, I received Check Point 600 Appliance and did a post regarding basic configuration for 600. It is used to replace replaces the [email protected] models and cannot be managed centrally by a Check Point SmartCenter Server. 1100 appliance is an all-in-one security appliance that offers robust, multi-layered protection with branch offices in mind, including flexible network interfaces and a compact, desktop form factor, which is used to replace the SG80 and the UTM-1 Edge.

Both 600 and 1100 appliances support local management. The SG600 can be centrally managed by Check Point’s SMB Management Cloud service. The SG1100 can be managed by standard Check Point management running R75.46 or above. Neither unit can be managed by the old Sofaware SMP product.


Back panel: 8 LAN ports, 1 WAN port, 1 DMZ port, console port.

1100_Back_zps63zvr1fe.jpg?resize=800%2C396&ssl=11100_Back_zps63zvr1fe.jpg?resize=800%2C396&ssl=1

1100_Front_zpsgqs6sbgp.jpg?resize=800%2C373&ssl=11100_Front_zpsgqs6sbgp.jpg?resize=800%2C373&ssl=1

Front Panel: there is one usb slot.

Configuration:
1. Connect One of LAN ports with your computer.
Your computer will get a DHCP ip address from 192.168.1.0/24 network.
In my case, my laptop got 192.168.1.126 ip address and gateway is 192.168.1.1 which is 1100 appliance’s default LAN interface ip.

Type http://192.168.1.1 or https://192.168.1.1 , the browser will automatically re-direct to https://192.168.1.1:4434 , which is default management interface of Check Point 1100 appliance.

1_zps1ihirpos.png?resize=800%2C361&ssl=11_zps1ihirpos.png?resize=800%2C361&ssl=1

2. First Time Configuration Wizard 
It will guide you to complete basic configuration step by step.
3_zpsjkyt1cqi.png?resize=664%2C528&ssl=13_zpsjkyt1cqi.png?resize=664%2C528&ssl=1
4_zpsliqvrfps.png?resize=658%2C521&ssl=14_zpsliqvrfps.png?resize=658%2C521&ssl=1
2_zpsxl2bviqq.png?resize=681%2C605&ssl=12_zpsxl2bviqq.png?resize=681%2C605&ssl=1

  
5_zpstidzhwsn.png?resize=655%2C516&ssl=15_zpstidzhwsn.png?resize=655%2C516&ssl=1



 
6_zpsvaj2losj.png?resize=660%2C518&ssl=16_zpsvaj2losj.png?resize=660%2C518&ssl=1

 

95_zpsgk4obb82.png?resize=800%2C638&ssl=195_zpsgk4obb82.png?resize=800%2C638&ssl=1

8_zpsrspjimpz.png?resize=660%2C523&ssl=18_zpsrspjimpz.png?resize=660%2C523&ssl=1

9_zpssbpvtls7.png?resize=674%2C525&ssl=19_zpssbpvtls7.png?resize=674%2C525&ssl=1



 
91_zpsypbwszez.png?resize=667%2C519&ssl=191_zpsypbwszez.png?resize=667%2C519&ssl=1

 
92_zpsybf6us9a.png?resize=660%2C521&ssl=192_zpsybf6us9a.png?resize=660%2C521&ssl=1

93_zps5fory8ap.png?resize=663%2C522&ssl=193_zps5fory8ap.png?resize=663%2C522&ssl=1

93_zps5fory8ap.png?resize=663%2C522&ssl=193_zps5fory8ap.png?resize=663%2C522&ssl=1

3.  Log in 1100 Appliance
95_zpsgk4obb82.png?resize=800%2C638&ssl=195_zpsgk4obb82.png?resize=800%2C638&ssl=1

 

4. Firewall Access Policy Configuration

4.1 Static NAT Server Configuration

01_zpshnlob2gi.png?resize=796%2C800&ssl=101_zpshnlob2gi.png?resize=796%2C800&ssl=1




02_zpsgnniwj0i.png?resize=564%2C615&ssl=102_zpsgnniwj0i.png?resize=564%2C615&ssl=1




03_zpseccazxwp.png?resize=556%2C608&ssl=103_zpseccazxwp.png?resize=556%2C608&ssl=1

04_zpsfoph8uuj.png?resize=553%2C606&ssl=104_zpsfoph8uuj.png?resize=553%2C606&ssl=1

4.2 Outbound Internet Access Rule

05_zpsludnnrwr.png?resize=800%2C524&ssl=105_zpsludnnrwr.png?resize=800%2C524&ssl=1

4.3 Inbound Access Rule from Internet

In following screenshots, there are three parts:

  • Red rectangle part is Outgoing access to the Internet which is auto-generated rule from 4.2
  • Green rectangle part is Incoming rules and VPN rules
    • Yellow rectangle part is manual rules for inbound traffic
    • Blue rectangle part is those auto-generated rules from 4.1 by static server NAT configuration.
06_zpsafz25aqw.png?resize=800%2C423&ssl=106_zpsafz25aqw.png?resize=800%2C423&ssl=1

Reference: