Beruflich Dokumente
Kultur Dokumente
Controls traffic between trusted and untrusted networks, and provides network
partitioning
Restricts the entrance and exit of traffic based on acceptability
A wall is a bad analogy
Your firewall may have more than two sides
You may install enforcement points throughout your network
more like a honeycomb?
Even when we allow traffic through, we watch it carefully
We dont just punch holes in the firewall
VPN-1/Firewall-1 NGX
VPN-1/Firewall-1 NGX
Enforces security
policy, reports status
and log data to
management server.
Management
Server
(SmartCenter
Server)
Management Clients
(SmartConsole)/SMART clients
FWM
FWD*
Databases
Windows
Solaris
SVN** Foundation
Nokia IPSO
Solaris
Linux
Windows
2000
Windows
2003
HP-UX
CP secure
* FWD: Firewall Daemon
platform
FWD Security
servers
SNMP Inspecti
on
Module
SVN
Foundation
Nokia IPSO
Solaris
Linux
Windows 2000
Windows 2003
HP-UX
AIX
CP secure
platform
StandAlone
GUI
Distributed, Single
Management,
Redundant
FEPs (VRRP)
GUI
Distributed, Redundant
Management, Redundant
FEPs (VRRP)
Management Server
Manageme
nt Server
The
The boot
boot manager
manager includes
includes a
a
small
small subset
subset IPSO
IPSO OS
OS on
on a
a
separate
separate partition
partition or
or disk
disk
You
You can
can reinstall
reinstall a
a corrupt
corrupt IPSO
IPSO
from
boot
manager
from boot manager
You
You can
can reinstall
reinstall a
a corrupt
corrupt boot
boot
manager
manager from
from IPSO
IPSO
We will have three interfaces in this class. The third one is configured using
clish
Internet
team1-Net
team3-Net
10.1.1.0/16
10.1.3.0/16
Lab router
team1fw1 172.21.101.
2 /16
team1pc1
10.1.1.101
10.1.1.1
192.168.22.1
01
172.23.103.
2 /16
10.1.3.103
172.21.101.
1/16
team3fw1
172.23.103.1
team1pc2
10.1.1.10
team3pc1
192.168.22.0 /24
10.1.3.1
192.168.22.1
03
team3pc2
10.1.3.10
Network Testing
Ping !..!!!..!!!!!!!!!...........!!!!!!!!!!!!!!!!!!!
Distributed installation
Final Steps
On the desktop, or
Start/Program/
Check Point Smart Clients
SmartView Monitor
DEMO