Scribd Logo
Upload

Welcome to Scribd!

  • LAB-GuideThe Perfect PoC

    Uploaded by

    khaled
    11 views30 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views30 pages

    LAB-GuideThe Perfect PoC

    Uploaded by

    khaled

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 30

    THE PERFECT POC, LAB GUIDE

    Data Protection | Web Security | CASB | NGFW | Advanced Malware Detection | Behavioral Analytics | Insider Threat | Email Security | Data Guard | Cross Domain
    Scenarios • CLUSTERING
    • RESTORING BACKUP
    • EASY TO USE IPS
    • EASY DEPLOY

    © 2019 Forcepoint | 2
    STOP SMC-2
    STOP ENGINE-EXTRA
    Be sure you
    Stopped SMC-2
    Stopped ENGINE-EXTRA

    You can sto by right click on


    them and stop

    © 2019 Forcepoint | 4
    BASED ON CUSTOMER EXPECTATIONS
    BUILD
    BUILD DOCUMENT

    © 2019 Forcepoint | 5
    • Restoring Backup
    With a system with Windows SMC
    Make backup on SMC1
    Copy file to SMC2
    Power off SMC1
    Restore backup
    Run SMC Client
    Explain what happened and fill document

    Username and password for Windows are:


    Administrator
    Forcepoint1
    Make smc BACKUP

    © 2019 Forcepoint | 7
    Copy backup from Landing machine to SMC-2
    Username and password for Windows are:
    • Stop SMC-1 and start SMC-2
    Administrator
    Forcepoint1
    • Connect eth0 to swich, and delete link from SMC-1, you can
    do that by right click over the link, and delete

    • Open unc from landing machine to SMC-2 by:


    \\192.168.122.10\c$\users\administrator\Downloads
    • Paste backup file there
    • Move to SMC-2 console

    • On SMC-2, copy backup file from Downloads folder to


    c:\forcepoint\smc\backups

    © 2019 Forcepoint | 8
    Stop Forcepoint log and management services
    Stop Log and SMC Servers

    Username and password for SMC:


    Student
    Forcepoint1

    Open CMD with Admin rights and move to c:\forcepoint\smc\bin


    Run sgRestoreMGTsrv.bat

    2.- Do not forgot to review service is running


    3.- Certificate log server by running sgCertifyLogsrv.bat
    4.- Start Log Server
    © 2019 Forcepoint | 9
    Open Again SMC, review everything is working, from
    landing machine

    © 2019 Forcepoint | 10
    • CLUSTERING
    With a cluster configured
    Connect vpn client, using windows machine
    Download a file
    Reboot engine managing the connections
    Explain what happened and fill document
    Connecting VPN client

    Check everything
    is connected

    Open VPN Client from


    Tray Autenticate using
    User1
    Forcepoint1

    © 2019 Forcepoint | 12
    Check for connections on the Cluster

    © 2019 Forcepoint | 13
    Check which node handles the connection

    Check which node handles the connection

    © 2019 Forcepoint | 14
    Initiate unc connection to server From VPN client by
    using \\192.168.122.10\c$ Username and password for Windows are:
    Administrator
    Forcepoint1

    Browse to the designate


    folder, and compress both
    directories, or big file

    © 2019 Forcepoint | 15
    And power-off it

    Check which node handles the connections now

    And how compression is handling it

    © 2019 Forcepoint | 16
    • EASY to Deploy new firewalls
    From the new SMC-2
    Go to single firewall
    Save initial config
    Power on ENGINE EXTRA
    Attach usb
    Explain what happened and fill document
    Go to SMC gui, select Single Firewall on home page

    Select Initial configuration

    © 2019 Forcepoint | 18
    Saving to USB
    Select the initial policy
    Save as to the usb

    © 2019 Forcepoint | 19
    Start ENGINE-EXTRA
    • Move to GNS3
    • Select ENGINE-EXTRA and power on
    • Open console by right click and console
    • Select File -> USB device, and attach usb
    • Wait until you see this

    © 2019 Forcepoint | 20
    Review status is uploading policy, and wait until this finish

    © 2019 Forcepoint | 21
    • EASY to use IPS
    With a system with Windows SMC
    Open Configuration and create a new IPS Policy
    Name your policy
    Develop based on what you think
    Explain what your policy is doing
    Explain what happened and fill the document
    Create IPS policy
    • Go to Configuration
    • Policies
    • Inspection
    • Create a new one Based on
    noPolicy

    © 2019 Forcepoint | 23
    Configure Policy
    • On inspection tab:
    • Set attacks and botnet to terminate
    • Select logging to essential
    • Recording to excerpt

    © 2019 Forcepoint | 24
    Now exceptions
    • On exceptions tab:
    • Add new rule by right click on insert point

    • Start writing 1st, and select the first

    • Do the same with 2nd and 3rd, set others fields


    as showed in picture
    © 2019 Forcepoint | 25
    Create 2 sections, and 2 rules as showed
    • You can drag from Inspection to exceptions any
    situation

    © 2019 Forcepoint | 26
    Copy these two rules, and paste below the second
    section

    © 2019 Forcepoint | 27
    Create a new section at the end
    • Name it Miscelaneous and pretare to use it
    adding an empty rule

    © 2019 Forcepoint | 28
    Move to inspection, expand Traffic Identification, and select

    © 2019 Forcepoint | 29
    Finally, this is how your policy should looks like

    © 2019 Forcepoint | 30

    You might also like