SSL VPN

Learning outcome

The learning outcome of this lab is to be able to remotely and securely connect to the VPN client from Local PC through Checkpoint.

Diagram of your network

Table of IP addresses

Device Name

IP Addresses

Wordpress-WebServer

10.0.0.53/24

VPN Client

INTERNET/DHCP

Management PC

192.168.1.224/24

Introduction

We have been tasked with configuring an SSL VPN to reach the local PC. We confirm that the SSL VPN works by having a successful ping after establishing the VPN connection. We minimally require a Local Machine, Checkpoint Firewall and internet connection. A secure socket layer VPN (SSL VPN), is mainly used to provide authentication, ensuring privacy and maintaining data integrity over the internet.

Steps

Connecting to the physical firewall (cabling)

Type the IP https://192.168.1.1:4434 into an internet browser to reach the Checkpoint 1500 Appliance GUI

Authentication Details

  • Administrator Name = admin

  • Password = admin

Management-PC IP Configuration

  • Change IP of management PC to 192.168.1.224/24 and Gateway to 192.168.1.1/24

  • Right Click Management-PC and click configure

  • Click on edit network configuration

Add the following configuration under static configuration:

Save the configuration, and launch the Management-PC webterm.

Checkpoint First-Time Setup

  • Change the Appliance Name to SSLVPN-Group

Internet Connection

  • Select Configure connection later and press next

Administrator Access

  • Sources from which to allow administrator access

    • Select LAN and VPN

  • Access from the above sources is allowed from

    • Any IP address

  • Press next

Software Blades Activation

  • Just accept defaults and press next

After First Time Configuration has been completed.

  • Click Finish

  • Let the checkpoint device reboot

  • Make sure you are able to see the GUI “Home Page”

Interface and Internet Setup

  • Go to Device → Local Connection

  • Double-Click LAN3 Interface

  • Edit the LAN3 Interface (Configuration)

    • Interface Configuration

    • Assigned to: Separate Network

    • Local IPv4 address: 10.0.0.1

    • Subnet mask: 255.255.255.0

  • DHCPv4 Server

    • Enabled

    • IP Address Range:

      • 10.0.0.50 - 10.0.0.100

  • Go to DHCPv4 Settings

    • DNS Server Setting

      • Select Auto - use the DNS configuration of the device

    • Default Gateway

      • Use the following IP address 10.0.0.1

  • Go to Device → Internet

    • After Internet is Connected

Creating Users

  • Click New

  • Remote Access

  • Configure Username and Password

  • Click Remote Access permissions

  • Press Apply

Enable SSL-VPN

  • Go to VPN → Blade Control

  • Remote Access On

  • Check SSL VPN

  • CLICK MANAGE SSL VPN Bookmarks

  • Click New

  • Add the IP of WordPress machine (in this case it is http://10.0.0.53)

  • Click Apply

  • Go back to VPN -> Blade Control

  • Click “How to connect…”

  1. Connecting to SSLVPN

    • Open your Windows 8.1 VPN Client

  • Go to the IP that the Checkpoint prompts you with (In this case: https://142.232.197.153) in Internet Explorer (Take Screenshot)

  • At the bottom of the page, click allow prompts and reload the page

  • You should see a login prompt

  • Login with your user created earlier

  • When you login, it will prompt you with the message, “This website wants to install the following…”. Click Install

  • Press Yes

  • Wait a few seconds.

  • Click “Trust Server”

  • Click Yes

  • Click on Allow Access

  • Now on your SSL Network Extender, the status now should be Connected

  • Now on your VPN Client, ping 10.0.0.53

Team: Karan Saggu, Kawal Kalirai, Adrian Tanase, Daniel Lemke, Win g Cheong Chu (Antonio)

PreviousL2TP VPNNextSite-to-Site Checkpoint to Checkpoint

Last updated