Welcome to Check Point Jump Start training series. In this training series, we'll be looking at different Check Point CloudGuard product lines. Check Point CloudGuard is a suited for products and solutions that can secure your data and virtual networks in the Cloud. My name is Manuel Joaquim. I will be your technical trainer for this training module. I would like now to show you a demonstration of CloudGuard and how to deploy it in a Cloud environment. In this lab, we are going to deploy a Microsoft Azure Cloud environment, but I'm gonna make some basic assumptions. I'm going to assume that you have some basic knowledge of Check Point products and know how to configure standard management station and a traditional Check Point gateway. That you're here to learn how to deploy it in the Cloud. Also, I'm going to assume that you are new to the Cloud and so I'm going to primarily focus on what is new or different with a Cloud deployment. What is different between regular gateway and the Cloud gateway. But first, let me give you a big picture overview of the lab. In this lab, we're going to deploy one VNet, three subnets, a management station, a gateway, and a web server. We're going to launch and interconnect all the components and create a firewall policy and rules to make it all function and connect to the Internet. We're going to break down this lab into small steps. These steps will be broken down into five separate exercises. I'm going to walk you through step-by-step on how to deploy a CloudGuard Gateway into the Cloud and you can also come back and reference these separate exercises as needed during your own CloudGuard deployment journey. Let's get started with the first exercise. Exercise 1, how to build an Azure private Cloud environment. In this first exercise, we're going to deploy a VNet, the Virtual network in Microsoft Azure, which will be automatically connected to the Internet. After building a virtual network, you cannot just add virtual machines to the virtual network. You must first configure your subnets and then within your subnets, you can then add your virtual machines. In total in this lab, we're going to configure three separate subnets, but at the minimum, when deploying a CloudGuard, you need to have two subnets. This is by design for optimal CloudGuard deployment and I will explain why as we progress. Once we have created VNet, we will then create our first subnet. We will call it the frontend subnet. The second subnet, we will call it the backend subnet. This is going to be our first lab. Let me show you how to do this. Connect to your Azure account, go to the main launch menu, and then go to your virtual networks. We're going to create our first virtual network, our first virtual private Cloud. Let's select create virtual network. We need to fill into fields as follows. The subscription, I only have one subscription in my account, so we'll leave it as is. The resource group, in my account I have a few resources already created for me. I'm going to select the first one, but depending on your subscription in your account, you might need to create a new resource group. My account permissions did not allow me to create a new resource group. I will need to select one of these pre-built in ones. Now for the name, what do you want to call your virtual network? You can be as creative as you like. I'm going to call mine myVNET to keep it simple. I will keep the region as the default that works for me, but you can select whichever region you're in or better yet, what region your customer base is in. Let's go to the next screen. You just need to click on the next field, IP addressing. Here we're going to define the network address range for the virtual network. You can select whatever address range that you like. This is going to be a private range. It should not be accessible from the Internet, at least not now. Again, I'm going to keep the defaults 10.0.0.0/16, which is a class B network. This will give me a really big wide range to create my subnets in. Now I need to create a subnet so I can place my VMs in it. The default is fine, but I want to change the name. I will change the name to frontend, you'll see why later. I will keep the default subnet, which is a 10.0.0.0/24 is a subnet of my VPC range of /16. Let's select Save. Now I want to create a second subnet. So let's select Add Subnet. This second subnet, I'm going to call it the backend subnet to differentiate it from the frontend subnet. I will again use a /24, which is within my /16 VPC range 10.0.1.0/24. Again, we select Save. Let's move forward to the next screen. Select Security. We'll keep the security settings the same, no changes are required here. Let's move to the next screen. Select tags. I'm not going to put any tags right now, but I could if I wanted to, the tags can be used to search for this resource later during the rule-based creation and deployment. But for now, let's just select Next, review and create. The Azure software will verify that all my selections are copacetic and that nothing is wrong. If there was any mistakes, I will need to correct them now. If everything is fine, I just need to select Create. The Azure server will now create my virtual network, my two subnets, under my account and subscription in my region of choice. Let's select the deployment icon. It tells me that the deployment is in progress and I just have to wait for it to complete. In this case, it is fast and the deployment is completed quickly. Let's select Go to Resource to see what we have created. We created a VPC called myVNET. Then if you go to the subnet tab, we will see the two subnets that I have created inside myVNET VPC. We have the frontend subnet and the backend subnet. The frontend subnet is 10.0.0.0/24, and the backend subnet is 10.0.1.0/24. To recap, we created a VNet, 10.0.0.0/16 in the Azure Environment. We then created inside this VNet two subnets. The first subnet, we called it the frontend with a network of 10.0.0/24. We created a backend subnet with a range of 10.0.1.0/24. That completes the end of Exercise 1. In the next exercises, we will populate the subnets with virtual machines. I'll see you there.
