Beruflich Dokumente
Kultur Dokumente
In Asymmetric Encryption there is two different key used for encrypt and decrypt to packet.
Means that one key used for Encrypt packet, and second key used to for decrypt packet. Same
key can not encrypt and decrypt.
Secure Internal Communications (SIC) is the Check Point feature that ensures components,
such as Security Gateways, SmartCenter Server, SmartConsole, etc. can communicate with each
other freely and securely using a simple communication initialization process.
In case of SNAT
o Antispoofing
o Session lookup
o Policy lookup
o Routing
o Netting
In case of DNAT
o Antispoofing
o Session lookup
o Policy lookup
o Netting
o Routing
What is Anti-Spoofing?
Anti-Spoofing is the feature of Checkpoint Firewall. which is protect from attacker who generate
IP Packet with Fake or Spoof source address. Its determine that whether traffic is legitimate or not.
If traffic is not legitimate then firewall block that traffic on interface of firewall.
Stealth Rule Protect Checkpoint firewall from direct access any traffic. Its rule should be place
on the top of Security rule base. In this rule administrator denied all traffic to access checkpoint
firewall.
CPD – CPD is a high in the hierarchical chain and helps to execute many services, such as Secure
Internal Communication (SIC), Licensing and status report.
FWM – The FWM process is responsible for the execution of the database activities of the
SmartCenter server. It is; therefore, responsible for Policy installation, Management High
Availability (HA) Synchronization, saving the Policy, Database Read/Write action, Log Display,
etc.
FWD – The FWD process is responsible for logging. It is executed in relation to logging, Security
Servers and communication with OPSEC applications.
1. Central License
2. Local Licenses
Central licenses are the new licensing model for NG and are bound to the SmartCenter server.
Local licenses are the legacy licensing model and are bound to the enforcement module.
Gaia is the latest version of Checkpoint which is a combination of SPLAT and IPSO. Here are
some benefits of Gaia as compare to SPLAT/IPSO.
Check Point has developed a Unified Security Architecture that is implemented throughout all of
its security products. This Unified Security Architecture enables all Check Point products to be
managed and monitored from a single administrative console and provides a consistent level of
security.
The Check Point Unified Security Architecture is comprised of four main components:
1. Core Technologies: Check Point uses a common set of core technologies, such as INSPECT for
security inspection, across multiple layers of security.
2. Central Management: All Check Point products can be managed and monitored from a single
administrative console.
3. Open Architecture: Check Point has built its security architecture to be open and interoperable in
a heterogeneous environment. For example, Check Point products can interoperate with other
network and security equipment from third-party vendors to enable cooperative enforcement of
Security Policies.
4. Universal-update Ability: Check Point has consolidated multiple security-alert and update
functions to ease update procedures and help Administrators ensure that security is always up-
to-date.
Smart Console.
Security Management.
Security Gateway.
What is NAT?
NAT stand for Network Address Translation. It is used to map private IP address with Public IP
Address and Public IP address map with Private IP Address. Mainly it is used for Provide Security
to the Internal Network and Servers from Internet. NAT is also used to connect Internet with
Private IP Address. Because Private IP cant route on Internet.
Source NAT used to initiate traffic from internal network to external network. In source NAT only
source IP will be translated in public IP address.
What is IP Sec?
IP Sec (IP Security) is a set of protocol. which is responsible for make secure communication
between two host machine, or network over public network such as Internet. IPSec Protocol
provide Confidentiality, Integrity, Authenticity and Anti Replay protection.
What are the protocols of IPSec? And what are the Protocol numbers of IPSec Protocols?
IPSec use two Protocols AH (Authentication Header) and ESP (Encapsulated Security Payload).
AH works on Protocol number 51 and ESP works on Protocol number 50.
VPN (Virtual Private Network) is used to create secure connection between two private network
over Internet. Its used Encryption authentication to secure data during transmission. There are two
type of VPN
ESP – ESP Protocol is a part of IPsec suit , Its provide Confidentiality, Integrity and Authenticity.
Its used in two mode Transport mode and Tunnel mode.
AH – Its is also part of a IPsec suit, Its provide only Authentication and Integrity, Its does not
provide Encryption. Its also used to two mode Transport mode and Tunnel mode.
Its a rule in ruse base which is manually created by network security administrator that called
Explicit rule.
Hide NAT used to translate multiple private IP or Network with single public IP address. Means
many to one translation. Its can only be used in source NAT translation. Hide NAT can not be used
in Destination NAT.
When request to translate Destination IP address for connect with Internal Private network from
Public IP address. Only static NAT can be used in Destination NAT.
Can not create “No NAT” rule Can be Create “No NAT” rule
What is SIC.
SIC – SIC stand for “Secure Internal Communication”. Its a checkpoint firewall feature that is
used to make secure communication between Checkpoint firewall component. Its used when
Security Gateway and Security management server installed in Distributed deployment. Its
Authentication and Encryption for secure communication.
Secure Internal Communication (SIC) lets Check Point platforms and products authenticate with
each other. The SIC procedure creates a trusted status between gateways, management servers
and other Check Point components. SIC is required to install polices on gateways and to send
logs between gateways and management servers.
Communication Initialization establishes a trust between the Security Management server and the
CheckPoint gateways. This trust lets Check Point components communicate securely. Trust can
only be established when the gateways and the server have SIC certificates.
Note - For SIC to succeed, the clocks of the gateways and servers must be synchronized.
The Internal Certificate Authority (ICA) is created when the Security Management server is
installed. The ICA issues and delivers a certificate to the Security Management server.
To initialize SIC:
The ICA signs and issues a certificate to the gateway. Trust state is Initialized but not trusted. The
certificate is issued for the gateway, but not yet delivered.
SSL negotiation takes place. The two communicating peers are authenticated with their Activation
Key.
After successful Initialization, the gateway can communicate with any Check Point node that
possesses a SIC certificate, signed by the same ICA. The Activation Key is deleted. The SIC
process no longer requires the Activation Key, only the SIC certificates.
18211 tcp Used by the cpd daemon (on the gateway) to receive Certificates
IPSec works at which OSI layer?
IP Layer (Network Layer and provide security services Network Layer and above).
1. SAM Database.
2. Address Spoofing.
3. Session Lookup.
4. Policy Lookup.
5. Destination NAT.
6. Route Lookup.
7. Source NAT.
8. Layer 7 Inspection.
9. VPN.
10. Routing.
Its tool of smart console. It’s used to Configure Rule, Policy object, Create NAT Policy,
Configure VPN and Cluster.
Question 23. What Is The Main Different Between Cpstop/cpstart And Fwstop/fwstart?
Answer :
Using cpstop and then cpstart will restart all Check Point components, including the SVN
foundation. Using fwstop and then fwstart will only restart VPN-1/FireWall-1.
Which Of The Applications In Check Point Technology Can Be Used To Configure Security
Objects ?
Question 1:What is Checkpoint Firewall Architecture?
Answer: Check Point has developed a Unified Security Architecture that is implemented throughout
all of its security products. This Unified Security Architecture enables all Check Point products to be
managed and monitored from a single administrative console and provides a consistent level of
security.
Question 4: What is the main purpose for the Security management server?
Answer: Security management server is used for administrative management of the security policy,
stores database and objects.
Question 5: What is the difference between standalone and distributed installation?
Answer: A Standalone deployment is the simplest deployment, where the management server
and the gateway are installed on the same machine.
A distributed deployment is a more complex deployment, where the gateway and management
server are deployed on different machines.
SIC
VPN certificates for gateways
Users
Question 8: What is FW unload local?
Answer. Fwunloadlocal is a command used to detach the security policy from the local machine.
Question 12: What are the functions of CPD, FWM, and FWD processes?
Answer: CPD – CPD is a high in the hierarchical chain and helps to execute many services, such as
Secure Internal Communication (SIC), Licensing and status report.
FWM – The FWM process is responsible for the execution of the database activities of the
Management server. It is; therefore, responsible for Policy installation, Management High Availability
(HA) Synchronization, saving the Policy, Database Read/Write action, Log Display, etc.
FWD – The FWD process is responsible for logging. It is executed in relation to logging, Security
Servers and communication with OPSEC applications.
Question 13: What are the major differences between SPLAT and GAIA platforms?
Answer: Gaia is the latest version of Checkpoint which is a combination of SPLAT and IPSO. Here
are some benefits of Gaia as compare to SPLAT/IPSO.
Question19: Why cleanup rule need to add explicitly in Checkpoint Smart dashboard?
Answer: Cleanup rule is required to drop all traffic that did not match any of the other rules (from top
to bottom) However there is an Implied rule in Checkpoint that does the same action of dropping
packets if no rule exists ( as you mentioned) but logging is not enabled for this implied rule.
Question20: What Is the Difference in A Snapshot/Backup/Upgrade Export (Migrate
Export)/Database Revision Control
Answer: Snapshot:
The snapshot utility backs up everything, including the drivers, .Snapshot can be used to backup
both your firewall and management modules.
The disadvantages of this utility are that the generated file is very big, and can only be restored to
the same device and exactly the same state (same OS, same Check Point version, and same patch
level).
Backups:
The backup utility backs up your Check Point configuration and your networking/OS system
parameters (such as routing), the backup utility can be used to backup both your firewall and
management modules. The resulting file will be smaller than the one generated by snapshot. Backup
does not include the drivers, and can be restored to different machine (as opposed to snapshot,
which cannot).
What Is IPSec ?
What Is Destination Nat ?
What Is Explicit Rule In Checkpoint Firewall ?
What Is Smart Dashboard ?
What Is 3 Tier Architecture Component Of Checkpoint Firewall ?
Difference Between Automatic NAT And Manual NAT ?
What Are The Functions Of Cpd, Fwm, And Fwd Processes ?
What Is the main Different Between Cpstop/cpstart And Fwstop/fwstart ?
What Is The Packet Flow Of Checkpoint Firewall ?
What is Stealth Rule in checkpoint firewall ?
What Is SIC ?
What are the major differences between SPLAT and GAIA ?
What is Checkpoint Architecture ?
What is Hide NAT ?
difference between standalone deployment distributed deployment ?
What is Anti-Boat ?
Difference between fwstop and cpstop ?
What is CPinfo? And why it is used ?
What is MDF Database ?
How to configure SMC HA ?
Which protocol use in Checkpoint for Clustering ?
What are Delta and Full Mode in Clustering ?
How to Install Checkpoint Firewall NGX on SecurePlatform ?
What is the Packet Flow of Checkpoint firewall ?
What are major differences between NGFW and NGTP ?
Does Checkpoint NGFW support following Software blades – URL filtering, Antivirus, Anti-
spam? If answer is “No”, then which Checkpoint Appliance supports above blades ?
Which Checkpoint NGFW/NFGT Models are used in Data Center environement ?
40 Gbps (QSFP) support in Checkpoint Security Gateway Appliances starts with which model
?
What is Asymmetric Encryption ?
What is Anti-Spoofing ?
What is VPN ?
What is the difference between standalone deployment distributed deployment ?
Types of NAT in Checkpoint firewall ?
What is use of Database Revision Control ?
Which blade do we investigate when you see high CPU caused by the pdpd process ?
Which command would be best suited for viewing the connections table on a gateway ?
Which command you run to list established VPN tunnels ?
Which command displays compression/decompression statistics ?
Which program you use to analyze Phase I and Phase II packet exchanges ?
Which folder contains the VPN debug files ?
What does a high confidence rating mean in IPS ?
What command you should run to determine if Accept, Drop and NAT templating is enabled ?
What causes the kernel message: kernel: neighbor table overflow ?
How you would determine the value of ‘Maximum concurrent connections’ of the NAT Table
?
What command displays the IPV6 routes ?