Sie sind auf Seite 1von 12

What is Asymmetric Encryption.

In Asymmetric Encryption there is two different key used for encrypt and decrypt to packet.
Means that one key used for Encrypt packet, and second key used to for decrypt packet. Same
key can not encrypt and decrypt.

How Checkpoint Component communicate and Sync with each other?

Secure Internal Communications (SIC) is the Check Point feature that ensures components,
such as Security Gateways, SmartCenter Server, SmartConsole, etc. can communicate with each
other freely and securely using a simple communication initialization process.

Checkpoint Packet flow for SNAT and DNAT?

 In case of SNAT
o Antispoofing
o Session lookup
o Policy lookup
o Routing
o Netting

 In case of DNAT
o Antispoofing
o Session lookup
o Policy lookup
o Netting
o Routing

CheckPoint Anti Spoofing

What is Anti-Spoofing?

Anti-Spoofing is the feature of Checkpoint Firewall. which is protect from attacker who generate
IP Packet with Fake or Spoof source address. Its determine that whether traffic is legitimate or not.
If traffic is not legitimate then firewall block that traffic on interface of firewall.

What is Stealth Rule in checkpoint firewall?

Stealth Rule Protect Checkpoint firewall from direct access any traffic. Its rule should be place
on the top of Security rule base. In this rule administrator denied all traffic to access checkpoint
firewall.

What is Cleanup rule In Checkpoint Firewall?


Cleanup rule place at last of the security rule base, It is used to drop all traffic which not match
with above rule and Logged. Cleanup rule mainly created for log purpose. In this rule
administrator denied all the traffic and enable log.

What are the functions of CPD, FWM, and FWD processes?

CPD – CPD is a high in the hierarchical chain and helps to execute many services, such as Secure
Internal Communication (SIC), Licensing and status report.

FWM – The FWM process is responsible for the execution of the database activities of the
SmartCenter server. It is; therefore, responsible for Policy installation, Management High
Availability (HA) Synchronization, saving the Policy, Database Read/Write action, Log Display,
etc.

FWD – The FWD process is responsible for logging. It is executed in relation to logging, Security
Servers and communication with OPSEC applications.

What are the two types of Check Point NG licenses?

1. Central License
2. Local Licenses

Central licenses are the new licensing model for NG and are bound to the SmartCenter server.
Local licenses are the legacy licensing model and are bound to the enforcement module.

What are the major differences between SPLAT and GAIA?

Gaia is the latest version of Checkpoint which is a combination of SPLAT and IPSO. Here are
some benefits of Gaia as compare to SPLAT/IPSO.

1. Web-Based user interface with Search Navigation


2. Full Software Blade support
3. High connection capacity
4. Role-Based administrative Access
5. Intelligent Software updates
6. Native IPv4 and IPv6 Support
7. ClusterXL or VRRP Clusters
8. Manageable Dynamic Routing Suite
9. Full Compatibility with IPSO and SecurePlatform.

Checkpoint Interview Questions - Architecture


What is Checkpoint Architecture?

Check Point has developed a Unified Security Architecture that is implemented throughout all of
its security products. This Unified Security Architecture enables all Check Point products to be
managed and monitored from a single administrative console and provides a consistent level of
security.

The Check Point Unified Security Architecture is comprised of four main components:

1. Core Technologies: Check Point uses a common set of core technologies, such as INSPECT for
security inspection, across multiple layers of security.
2. Central Management: All Check Point products can be managed and monitored from a single
administrative console.
3. Open Architecture: Check Point has built its security architecture to be open and interoperable in
a heterogeneous environment. For example, Check Point products can interoperate with other
network and security equipment from third-party vendors to enable cooperative enforcement of
Security Policies.
4. Universal-update Ability: Check Point has consolidated multiple security-alert and update
functions to ease update procedures and help Administrators ensure that security is always up-
to-date.

What is 3 tier architecture component of Checkpoint Firewall?

 Smart Console.
 Security Management.
 Security Gateway.

What is NAT?

NAT stand for Network Address Translation. It is used to map private IP address with Public IP
Address and Public IP address map with Private IP Address. Mainly it is used for Provide Security
to the Internal Network and Servers from Internet. NAT is also used to connect Internet with
Private IP Address. Because Private IP cant route on Internet.

What is Source NAT?

Source NAT used to initiate traffic from internal network to external network. In source NAT only
source IP will be translated in public IP address.

What is IP Sec?

IP Sec (IP Security) is a set of protocol. which is responsible for make secure communication
between two host machine, or network over public network such as Internet. IPSec Protocol
provide Confidentiality, Integrity, Authenticity and Anti Replay protection.

There is two IPSec protocol which provides security


1. ESP (Encapsulation Security Payload) and
2. AH (Authentication Header).

What are the protocols of IPSec? And what are the Protocol numbers of IPSec Protocols?

IPSec use two Protocols AH (Authentication Header) and ESP (Encapsulated Security Payload).
AH works on Protocol number 51 and ESP works on Protocol number 50.

What is VPN (Virtual Private Network)

VPN (Virtual Private Network) is used to create secure connection between two private network
over Internet. Its used Encryption authentication to secure data during transmission. There are two
type of VPN

 Site to Site VPN.


 Remote Access VPN.

Checkpoint Firewall Interview Questions

What is Difference between ESP and AH IPSec Protocol.

ESP – ESP Protocol is a part of IPsec suit , Its provide Confidentiality, Integrity and Authenticity.
Its used in two mode Transport mode and Tunnel mode.

AH – Its is also part of a IPsec suit, Its provide only Authentication and Integrity, Its does not
provide Encryption. Its also used to two mode Transport mode and Tunnel mode.

What is Explicit rule In Checkpoint Firewall.

Its a rule in ruse base which is manually created by network security administrator that called
Explicit rule.

What is Hide NAT.

Hide NAT used to translate multiple private IP or Network with single public IP address. Means
many to one translation. Its can only be used in source NAT translation. Hide NAT can not be used
in Destination NAT.

What is Destination NAT.

When request to translate Destination IP address for connect with Internal Private network from
Public IP address. Only static NAT can be used in Destination NAT.

Difference between Automatic NAT and Manual NAT.


Automatic NAT Manual NAT

Automatic created by Firewall Manually Created by Network Security Administrator

Can not modify Can be Modify

Can not create “No NAT” rule Can be Create “No NAT” rule

Can not create Dual NAT Can be Create Dual NAT

Port forwarding not possible Port forwarding possible

Proxy ARP by default enabled Proxy ARP by default not enable

What is the difference between standalone deployment distributed deployment?

Standalone deployment: In standalone deployment, Security Gateway and Security


management server installed on same Machine.

Distributed deployment: In Distributed deployment, Security Gateway and Security


Management Server installed on different machine.

What is SIC.

SIC – SIC stand for “Secure Internal Communication”. Its a checkpoint firewall feature that is
used to make secure communication between Checkpoint firewall component. Its used when
Security Gateway and Security management server installed in Distributed deployment. Its
Authentication and Encryption for secure communication.

How SIC work? What are the different ports of SIC?

Secure Internal Communication (SIC) lets Check Point platforms and products authenticate with
each other. The SIC procedure creates a trusted status between gateways, management servers
and other Check Point components. SIC is required to install polices on gateways and to send
logs between gateways and management servers.

These security measures make sure of the safety of SIC:

1. Certificates for authentication


2. Standards-based SSL for the creation of the secure channel
3. 3DES for encryption

The Internal Certificate Authority (ICA)


The ICA is created during the Security Management server installation process. The ICA is
responsible for issuing certificates for authentication. For example, ICA issues certificates such as
SIC certificates for authentication purposes to administrators and VPN certificates to users and
gateways.

Initializing the Trust Establishment Process

Communication Initialization establishes a trust between the Security Management server and the
CheckPoint gateways. This trust lets Check Point components communicate securely. Trust can
only be established when the gateways and the server have SIC certificates.

Note - For SIC to succeed, the clocks of the gateways and servers must be synchronized.

The Internal Certificate Authority (ICA) is created when the Security Management server is
installed. The ICA issues and delivers a certificate to the Security Management server.

To initialize SIC:

1. Decide on an alphanumeric Activation Key.


2. In SmartDashboard, open the gateway network object. In the General Properties page of the
gateway, click Communication to initialize the SIC procedure.
3. In the Communication window of the object, enter the Activation Key that you created in step 2.
4. Click Initialize.

The ICA signs and issues a certificate to the gateway. Trust state is Initialized but not trusted. The
certificate is issued for the gateway, but not yet delivered.

SSL negotiation takes place. The two communicating peers are authenticated with their Activation
Key.

The certificate is downloaded securely and stored on the gateway.

After successful Initialization, the gateway can communicate with any Check Point node that
possesses a SIC certificate, signed by the same ICA. The Activation Key is deleted. The SIC
process no longer requires the Activation Key, only the SIC certificates.

Checkpoint SIC Ports

PORT TYPE SERVICE DESCRIPTION

18209 tcp NGX Gateways <> ICAs (status, issue, or revoke)

18210 tcp Pulls Certificates from an ICA

18211 tcp Used by the cpd daemon (on the gateway) to receive Certificates
IPSec works at which OSI layer?

IP Layer (Network Layer and provide security services Network Layer and above).

What is the Packet Flow of Checkpoint firewall?

1. SAM Database.
2. Address Spoofing.
3. Session Lookup.
4. Policy Lookup.
5. Destination NAT.
6. Route Lookup.
7. Source NAT.
8. Layer 7 Inspection.
9. VPN.
10. Routing.

What Advantage of NAT.

 Save Public IP to save cost.


 Security with hide Internal Network.
 Avoid Routing.
 Publish Server over Internet.
 Overlapping Network.
 Access Internet from Private IP address.

What is Smart Dashboard?

Its tool of smart console. It’s used to Configure Rule, Policy object, Create NAT Policy,
Configure VPN and Cluster.

Question 23. What Is The Main Different Between Cpstop/cpstart And Fwstop/fwstart?

Answer :

Using cpstop and then cpstart will restart all Check Point components, including the SVN
foundation. Using fwstop and then fwstart will only restart VPN-1/FireWall-1.

 Which Of The Applications In Check Point Technology Can Be Used To Configure Security
Objects ?
Question 1:What is Checkpoint Firewall Architecture?
Answer: Check Point has developed a Unified Security Architecture that is implemented throughout
all of its security products. This Unified Security Architecture enables all Check Point products to be
managed and monitored from a single administrative console and provides a consistent level of
security.

Question2: What is a stateful inspection?


Answer: Stateful inspection was invented by checkpoint, providing accurate and highly efficient
traffic inspection. The inspection engine examines every packet as they are intercepted at the
network layer. The connection state and context information are stored and updated dynamically in
kernel table.

Question 3: What is policy installation process in checkpoint firewall?


Answer:

 a. INITIATION - Policy installation is initiated by the GUI.


 b. VERIFICATION -The information in the database is verified
 c. CONVERSION- The information in the database is converted
 d. CODE GENERATION & COMPILATION- Policy is translated to the INSPECT language
and compiled with the INSPECT compiler.
 e. CPTA- checkpoint policy transfer agent transfers the policy to the firewall gateway using
SIC
 f. COMMIT- The gateway is instructed to load the new policy

Question 4: What is the main purpose for the Security management server?
Answer: Security management server is used for administrative management of the security policy,
stores database and objects.
Question 5: What is the difference between standalone and distributed installation?
Answer: A Standalone deployment is the simplest deployment, where the management server
and the gateway are installed on the same machine.
A distributed deployment is a more complex deployment, where the gateway and management
server are deployed on different machines.

Question 6: what is SIC?


Answer: Secure Internal Communication (SIC) is the checkpoint feature that ensures components,
such as Security Gateways, Security Management servers, etc. can communicate freely and
securely. The following security measures are taken to ensure the safety of SIC

 Certificates for authentication


 Standards-based SSL for the creation of the secure channel
 3DES for encryption

Question 7: what is Internal Certificate Authority (ICA)?


Answer: ICA is created during the management server installation process. It is responsible for
issuing certificates for:

 SIC
 VPN certificates for gateways
 Users
Question 8: What is FW unload local?
Answer. Fwunloadlocal is a command used to detach the security policy from the local machine.

Question 9: What is stealth rule in checkpoint firewall?


Answer: Stealth rule prevents users from connecting directly to the gateway. Stealth rule at the top
of the rule base protects your gateway from port scanning, spoofing and other types of direct
attacks.

Question10: What is FW Monitor command?


Answer: FW Monitor is a packet analyzer tool available on every checkpoint security Gateway.
It provides Kernel level inspection and works for Layers 3 and above in OSI model. There are four
inspection points as a packet passes through the kernel (or virtual Machine)
i ---- Before the Virtual machine, in the inbound direction (Pre-Inbound)
I ---- After the virtual machine, in the inbound direction (Post – inbound)
o ---- Before the virtual machine, in the outbound direction (Pre Outbound)
O --- After the virtual machine, in the outbound direction (Post Outbound)
Question11: What are the two types of Check Point NG licenses?
Answer: Central and Local licenses
Central licenses are the new licensing model and are bound to the Security management server.
Local licenses are the legacy licensing model and are bound to the enforcement module.

Question 12: What are the functions of CPD, FWM, and FWD processes?
Answer: CPD – CPD is a high in the hierarchical chain and helps to execute many services, such as
Secure Internal Communication (SIC), Licensing and status report.
FWM – The FWM process is responsible for the execution of the database activities of the
Management server. It is; therefore, responsible for Policy installation, Management High Availability
(HA) Synchronization, saving the Policy, Database Read/Write action, Log Display, etc.
FWD – The FWD process is responsible for logging. It is executed in relation to logging, Security
Servers and communication with OPSEC applications.

Question 13: What are the major differences between SPLAT and GAIA platforms?
Answer: Gaia is the latest version of Checkpoint which is a combination of SPLAT and IPSO. Here
are some benefits of Gaia as compare to SPLAT/IPSO.

1. Web-Based user interface with Search Navigation


2. Full Software Blade support
3. High connection capacity
4. Role-Based Administrative Access
5. Intelligent Software updates
6. Native IPv4 and IPv6 Support
7. ClusterXL or VRRP Clusters
8. Manageable Dynamic Routing Suite

Question14: what ports are used in SIC?


Answer: 8210 TCP Pulls Certificates from an ICA.
18211 TCP Used by the cod daemon (on the gateway) to receive Certificates.
Question15: What are the different Checkpoint Ports and purpose of these ports?
Answer: PORT TYPE SHORT DESCRIPTION
256 TCP FW1 Checkpoint Security gateway Service
257 TCP FW1_log Protocol Used for delivering logs from FWM
259 TCP FW1_clientauth_telnet ( Client Authentication )
500 UDP IPSEC IKE Protocol (formerly ISAKMP/Oakley)
900 TCP FW1_clntauth_http (Client Authentication))
4433 TCP Management server Portal
4500 UDP NAT-T NAT Traversal,
8116 UDP Check Point Cluster Control protocol (CCP)
18190 TCP CPMI Check Point Management Interface,
Protocol for communication between GUI and Management
Server
18191 TCP CPD Check Point Daemon Protocol
Download of rule base from Management Server to FWM
Fetching rule base from FWM to Management server.
18192 TCP CPD_amon Check Point Internal Application Monitoring
18210 TCP FW1_ica_pull Check Point Internal CA Pull Certificate
Service
18211 TCP FW1_ica_pull Check Point Internal CA Push Certificate
Service

Question16: What’s the difference between tcpdump and fwmonitor?


Answer: Tcpdump displays traffic coming or leaving to/from a firewall interface while fw
monitor would also tell you how the packet is going through the firewall including routing and NAT
decisions.
FW Monitor captures traffic at 4 important points in the firewall namely i, I, o & O. You would see
them in the capture in the same sequence.
TCP Dump captures at position i & O of firewall monitor, and you can be sure the traffic has left the
firewall. This is similar to the way captures work on a Cisco PIX/ASA

Question17: what is bi-directional NAT?


Answer: If Bi-directional NAT is selected, the gateway will check all NAT rules to see if there is a
source match in one rule, and a destination match in another rule. The Gateway will use the first
matches found, and apply both rules concurrently.

Question18: What are the stages of a phase2 IKE exchange?


Answer: Peers exchange more key material, and agree on encryption and integrity methods for
IPsec Key. The DH Key is combined with the key material to produce the symmetrical IP Sec key.

Question19: Why cleanup rule need to add explicitly in Checkpoint Smart dashboard?
Answer: Cleanup rule is required to drop all traffic that did not match any of the other rules (from top
to bottom) However there is an Implied rule in Checkpoint that does the same action of dropping
packets if no rule exists ( as you mentioned) but logging is not enabled for this implied rule.
Question20: What Is the Difference in A Snapshot/Backup/Upgrade Export (Migrate
Export)/Database Revision Control
Answer: Snapshot:
The snapshot utility backs up everything, including the drivers, .Snapshot can be used to backup
both your firewall and management modules.
The disadvantages of this utility are that the generated file is very big, and can only be restored to
the same device and exactly the same state (same OS, same Check Point version, and same patch
level).

Backups:
The backup utility backs up your Check Point configuration and your networking/OS system
parameters (such as routing), the backup utility can be used to backup both your firewall and
management modules. The resulting file will be smaller than the one generated by snapshot. Backup
does not include the drivers, and can be restored to different machine (as opposed to snapshot,
which cannot).

Database Revision Control:


This utility creates a version of your current policies, object database, IPS updates, etc. It is useful
for minor changes or edits that you perform in Smart Dashboard. It cannot be used to restore your
system in case of failure.

Migrate Export (Upgrade Export):


'upgrade export' tool backs up all Check Point configurations, independent of hardware, OS or
Check Point version, but does not include OS information.
You can use this utility to backup Check Point configuration on the management station.
If you change the Check Point version you can only go up, in other words you can upgrade not
downgrade.
This utility can be used only on command line and cannot be scheduled.
Recommended backup schedule:
Snapshot - at least once, or before major change (for example: an upgrade), during a maintenance
window.
Backup - every couple of months, depending how frequently you perform changes in your
network/policy. Also before every major change, during a maintenance window.
Upgrade export - every month or more often, depending on how frequently you perform changes in
your network/policy. Also important before upgrade or migration. Can be run outside a maintenance
window.

 What Is IPSec ?
 What Is Destination Nat ?
 What Is Explicit Rule In Checkpoint Firewall ?
 What Is Smart Dashboard ?
 What Is 3 Tier Architecture Component Of Checkpoint Firewall ?
 Difference Between Automatic NAT And Manual NAT ?
 What Are The Functions Of Cpd, Fwm, And Fwd Processes ?
 What Is the main Different Between Cpstop/cpstart And Fwstop/fwstart ?
 What Is The Packet Flow Of Checkpoint Firewall ?
 What is Stealth Rule in checkpoint firewall ?
 What Is SIC ?
 What are the major differences between SPLAT and GAIA ?
 What is Checkpoint Architecture ?
 What is Hide NAT ?
 difference between standalone deployment distributed deployment ?
 What is Anti-Boat ?
 Difference between fwstop and cpstop ?
 What is CPinfo? And why it is used ?
 What is MDF Database ?
 How to configure SMC HA ?
 Which protocol use in Checkpoint for Clustering ?
 What are Delta and Full Mode in Clustering ?
 How to Install Checkpoint Firewall NGX on SecurePlatform ?
 What is the Packet Flow of Checkpoint firewall ?
 What are major differences between NGFW and NGTP ?
 Does Checkpoint NGFW support following Software blades – URL filtering, Antivirus, Anti-
spam? If answer is “No”, then which Checkpoint Appliance supports above blades ?
 Which Checkpoint NGFW/NFGT Models are used in Data Center environement ?
 40 Gbps (QSFP) support in Checkpoint Security Gateway Appliances starts with which model
?
 What is Asymmetric Encryption ?
 What is Anti-Spoofing ?
 What is VPN ?
 What is the difference between standalone deployment distributed deployment ?
 Types of NAT in Checkpoint firewall ?
 What is use of Database Revision Control ?
 Which blade do we investigate when you see high CPU caused by the pdpd process ?
 Which command would be best suited for viewing the connections table on a gateway ?
 Which command you run to list established VPN tunnels ?
 Which command displays compression/decompression statistics ?
 Which program you use to analyze Phase I and Phase II packet exchanges ?
 Which folder contains the VPN debug files ?
 What does a high confidence rating mean in IPS ?
 What command you should run to determine if Accept, Drop and NAT templating is enabled ?
 What causes the kernel message: kernel: neighbor table overflow ?
 How you would determine the value of ‘Maximum concurrent connections’ of the NAT Table
?
 What command displays the IPV6 routes ?

Das könnte Ihnen auch gefallen