Beruflich Dokumente
Kultur Dokumente
2013 Edition
2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved.
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties
Preface
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 2
Training Blades and Certification
1.
Take and pass
any 2 Training
Blades OR
+
AppControl Introduction to Gaia
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 3
Certification Renewal Examples
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 4
Check Point Security Administration
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 5
Course Chapters
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 6
Lab Topology
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 7
Introduction to Check Point Technology
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 8
Introduction to Check Point Technology
Learning Objectives
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 9
Introduction to Check Point Technology
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 10
Introduction to Check Point Technology
Core Systems
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 11
Introduction to Check Point Technology
SMART
SmartConsole:
The SmartCenter GUI, SmartConsole is comprised of several
clients, used to manage the Check Point security environment.
Security Gateway:
The Security Gateway is the firewalled machine on which the
firewall software is installed, and is based on Stateful
Inspection.
10
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 12
Introduction to Check Point Technology
11
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 13
Introduction to Check Point Technology
Packet Filtering
Stateful Inspection
Application Intelligence
12
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 14
Introduction to Check Point Technology
Packet Filtering
Packet Filtering is a
firewall in its most basic
form
13
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 15
Introduction to Check Point Technology
Stateful Inspection
Stateful Inspection
examinees the context
of a packet to
monitoring the state of
the connection:
14
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 16
Introduction to Check Point Technology
Application Intelligence
Application
Intelligence works
with application-
layer defense:
15
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 17
Introduction to Check Point Technology
15
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 18
Introduction to Check Point Technology
16-17
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 19
Introduction to Check Point Technology
Deployment Considerations
18
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 20
Introduction to Check Point Technology
Standalone Deployment
19
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 21
Introduction to Check Point Technology
Distributed Deployment
19
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 22
Introduction to Check Point Technology
20
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 23
Introduction to Check Point Technology
Bridge Mode
20
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 24
Introduction to Check Point Technology
SmartConsole is
comprised of
several clients,
used to manage
the security
environment.
21
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 25
Introduction to Check Point Technology
SmartDashboard
Tabs:
Firewall
App Control &
URl Filtering
DLP
IPS
Anti Bot & Anti-
Virus
Anti Spam and
Mail
Mobile Access
IPSec VPN
QoS
Desktop
21
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 26
Introduction to Check Point Technology
SmartConsole
components can be
accessed from
SmartDashboard.
22
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 27
Introduction to Check Point Technology
SmartView Tracker
SmartView Tracker
is used for
managing and
tracking logs and
alerts.
23
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 28
Introduction to Check Point Technology
SmartLog
SmartLog enables
enterprises to
centrally track log
records.
24
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 29
Introduction to Check Point Technology
SmartEvent
Event correlation
for firewall, IPS,
DLP, endpoints via
a single console.
24-25
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 30
Introduction to Check Point Technology
SmartView Monitor
SmartView Monitor
centrally monitors Check
Point and OPSEC
devices, presenting a
complete visual picture of
changes to gateways,
tunnels, remote users
and security activities.
26-27
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 31
Introduction to Check Point Technology
SmartReporter
SmartReporter
centralizes network
security reporting.
27
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 32
Introduction to Check Point Technology
SmartUpdate
SmartUpdate
delivers automated
software and license
to distributed
security gateways
from a single
management
console.
28
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 33
Introduction to Check Point Technology
SmartProvisioning
SmartProvisioning
provides centralized
administration and
provisioning of
Check Point security
devices via a single
management
console.
29
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 34
Introduction to Check Point Technology
SmartEndpoint
SmartEndpoint is
the management
console for endpoint
clients and their
features.
31
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 35
Introduction to Check Point Technology
32
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 36
Introduction to Check Point Technology
32
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 37
Introduction to Check Point Technology
34
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 38
Introduction to Check Point Technology
SIC among
Security
Management
Servers and
components
36-37
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 39
Introduction to Check Point Technology
Lab Practice
38
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 40
Introduction to Check Point Technology
Review Questions
38
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 41
Introduction to Check Point Technology
Review Questions
38
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 42
Introduction to Check Point Technology
Review Questions
38
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 43
Introduction to Check Point Technology
Review Questions
38
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 44
Introduction to Check Point Technology
Review Questions
38
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 45
Introduction to Check Point Technology
Review Questions
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 46
Deployment Platforms
39
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 47
Deployment Platforms
Learning Objectives
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 48
Introduction to Check Point Technology
Security Appliances
41
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 49
Introduction to Check Point Technology
Security Appliances
Data Center:
61000 Security System - fastest
security appliance, offering scalable
performance for data centers and
telecommunication companies.
21000 Appliance - industry's best
security performance in their class and
offer unmatched scalability, serviceability
and port density.
IAS Bladed Hardware - provides
organizations with the ultimate choice in
carrier-grade chassis. 41
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 50
Introduction to Check Point Technology
Security Appliances
Large Enterprise:
12000 Appliance - multi-core security
technology and high port density, are ideally
suited for perimeter security.
IP Appliance - offer turnkey and modular
security functionality with integrated firewall,
VPN, IPS, Application Control, Identity
Awareness and more.
IAS-D, M, and R Appliance Powered by
HP, the IAS -Series of appliances provide
integrated software and hardware bundles
and direct support that are customized to
organizations' exact specifications. 42
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 51
Introduction to Check Point Technology
Security Appliances
Medium-Sized Business:
4000 Appliance - offer complete and
integrated security solutions in a
compact 1U form factor.
42
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 52
Introduction to Check Point Technology
Security Appliances
43
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 53
Introduction to Check Point Technology
Security Appliances
Virtualized
Virtual Systems Taps the power of
virtualization to consolidate and simplify
security for private clouds.
Security Gateway Virtual Edition
Protects virtualized environments and
external networks.
Virtual Appliance for Amazon Web
Services Security Gateway for virtual
environments in the Amazon Cloud.
.
44
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 54
Introduction to Check Point Technology
Security Appliances
Dedicated Appliances
Secure Web Gateway Appliance
Real-time protection against web-borne
malware.
Threat Prevention Appliance
Prevents advanced threats and malware
attacks.
DDOS Protector Blocks Denial of
Service attacks within seconds.
.
44-45
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 55
Introduction to Check Point Technology
45
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 56
Introduction to Check Point Technology
Threat Prevention
Threat Cloud Feeds security gateway software blades real-
time security intelligence.
46
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 57
Introduction to Check Point Technology
46
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 58
Introduction to Check Point Technology
46-47
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 59
Introduction to Check Point Technology
47
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 60
Introduction to Check Point Technology
47-48
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 61
Introduction to Check Point Technology
48-49
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 62
Introduction to Check Point Technology
50
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 63
Introduction to Check Point Technology
IPSO
Developed by Ipsilon Networks
Based on FreeBSD
Hardened secure operating system
Kernel statistics
Purchased from Nokia 2009
50
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 64
Introduction to Check Point Technology
SecurePlatform
Developed by Check Point
Based on Red Hat
Hardened secure operating system
Management performed through a restricted shell
Supports SecureXL
51
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 65
Introduction to Check Point Technology
Gaia
52
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 66
Introduction to Check Point Technology
Gaia Architecture
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 67
Introduction to Check Point Technology
Gaia Architecture
55
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 68
Introduction to Check Point Technology
58
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 69
Introduction to Check Point Technology
Gaia Architecture
Gaia Widgets
System Overview
Network Configuration
Memory Monitor
CPU Monitor
Security Configuration
59
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 70
Introduction to Check Point Technology
Lab Practice
60
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 71
Introduction to Check Point Technology
Review Questions
60
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 72
Introduction to Check Point Technology
Review Questions
60
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 73
Introduction to Check Point Technology
Review Questions
60
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 74
Introduction to Check Point Technology
Review Questions
60
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 75
Introduction to Check Point Technology
Review Questions
60
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 76
Introduction to Check Point Technology
Review Questions
60
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 77
Introduction to Check Point Technology
Review Questions
60
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 78
Introduction to Check Point Technology
Review Questions
60
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 79
Introduction to the Security Policy
61
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 80
Introduction to the Security Policy
Learning Objectives
Given the network topology, create and configure network, host and gateway
objects.
Verify SIC establishment between the Security Management Server and the
Gateway using SmartDashboard.
Evaluate existing policies and optimize the rules based on current corporate
requirements.
62
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 81
Introduction to the Security Policy
63
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 82
Introduction to the Security Policy
64
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 83
Introduction to the Security Policy
Object Types
Network
Services
Resources
Servers and OPSEC Applications
Users and Administrators
VPN Communities
65
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 84
Introduction to the Security Policy
Managing Objects
66
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 85
Introduction to the Security Policy
Creating Objects
66
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 86
Introduction to the Security Policy
68
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 87
Introduction to the Security Policy
Default Rule
69
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 88
Introduction to the Security Policy
Basic Rules
70
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 89
Introduction to the Security Policy
Implicit/Explicit Rules
71
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 90
Introduction to the Security Policy
Control Connections
71-72
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 91
Introduction to the Security Policy
Detecting IP Spoofing
72
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 92
Introduction to the Security Policy
74
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 93
Introduction to the Security Policy
1. IP spoofing/IP options
2. First
3. Explicit
4. Before Last
5. Last
6. Implicit Drop
75
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 94
Introduction to the Security Policy
77-78
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 95
Introduction to the Security Policy
Multicasting
80
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 96
Introduction to the Security Policy
Lab Practice
82
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 97
Introduction to Check Point Technology
Review Questions
82
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 98
Introduction to Check Point Technology
Review Questions
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 99
Introduction to Check Point Technology
Review Questions
82
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 100
Introduction to Check Point Technology
Review Questions
82
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 101
Monitoring Traffic and Connections
83
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 102
Monitoring Traffic and Connections
Learning Objectives
SmartView Tracker
85
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 104
Monitoring Traffic and Connections
Predefined
Custom
85-86
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 105
Monitoring Traffic and Connections
87
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 106
Monitoring Traffic and Connections
88
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 107
Monitoring Traffic and Connections
89
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 108
Monitoring Traffic and Connections
Administrator Auditing
90
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 109
Monitoring Traffic and Connections
90-91
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 110
Monitoring Traffic and Connections
Time Settings
92
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 111
Monitoring Traffic and Connections
Blocking Connections
93
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 112
Monitoring Traffic and Connections
SmartView Monitor
94
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 113
Monitoring Traffic and Connections
95
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 114
Monitoring Traffic and Connections
Tunnel View
96
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 115
Monitoring Traffic and Connections
97
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 116
Monitoring Traffic and Connections
Verify host
connections
with Integrity
Server
98
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 117
Monitoring Traffic and Connections
Suspicious-activity
monitoring is used to
modify access
privileges, upon
detection of any
suspicious network
activity.
99
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 118
Monitoring Traffic and Connections
Monitoring Alerts
100
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 119
Monitoring Traffic and Connections
Gateway Status
Status Information:
Check Point Gateways
OPSEC Gateways
Check Point Software Blades
102
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 120
Monitoring Traffic and Connections
OK Working properly
Problem - Malfunction
Disconnected no communication
103
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 121
Monitoring Traffic and Connections
105
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 122
Monitoring Traffic and Connections
Lab Practice
106
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 123
Monitoring Traffic and Connections
Review Questions
106
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 124
Monitoring Traffic and Connections
Review Questions
106
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 125
Monitoring Traffic and Connections
Review Questions
106
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 126
Monitoring Traffic and Connections
Review Questions
106
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 127
Network Address Translation
107
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 128
Network Address Translation
Learning Objectives
146
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 129
Network Address Translation
Introduction to NAT
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 130
Network Address Translation
Types of NAT
Static NAT
One-to-one relationship
Each host translated to unique IP address
Connections initiated internally and externally
109
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 131
Network Address Translation
IP Addressing
110
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 132
Network Address Translation
Hide NAT
Hide NAT
110
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 133
Network Address Translation
Static NAT
Static NAT
85.10.1.4 10.1.1.101
111
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 134
Network Address Translation
113
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 135
Network Address Translation
114
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 136
Network Address Translation
115
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 137
Network Address Translation
116
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 138
Network Address Translation
Static NAT
117
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 139
Network Address Translation
Manual NAT
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 140
Network Address Translation
ARP
If Manual NAT rule creation is used, Gateway ARP table must be edited:
Hide NAT, Security Gateway in Translated Packet, Source field No additional
ARP table entries are required.
Hide NAT, hiding behind an IP address not assigned to the Security Gateway
Add an ARP table entry to the Security Gateway for the hiding address.
Static NAT Add ARP table entries to the Security Gateway for all hiding
addresses.
119
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 141
Network Address Translation
Lab Practice
120
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 142
Network Address Translation
Review Questions
120
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 143
Network Address Translation
Review Questions
120
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 144
Network Address Translation
Review Questions
120
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 145
Network Address Translation
Review Questions
120
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 146
Using SmartUpdate
121
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 147
Using SmartUpdate
Learning Objectives
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 148
Using SmartUpdate
123
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 149
Using SmartUpdate
SmartUpdate Architecture
124
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 150
Using SmartUpdate
SmartUpdate Introduction
126
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 151
Using SmartUpdate
127
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 152
Using SmartUpdate
License Terminology
129
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 153
Using SmartUpdate
License State
Attached
Unattached
Requires Upgrade
Assigned
130
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 154
Using SmartUpdate
Upgrading Licenses
131
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 155
Using SmartUpdate
Service Contracts
135
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 156
Using SmartUpdate
Service Contracts
136
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 157
Using SmartUpdate
ReviewQuestions
137
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 158
Using SmartUpdate
ReviewQuestions
137
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 159
Using SmartUpdate
ReviewQuestions
137
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 160
Using SmartUpdate
ReviewQuestions
137
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 161
Using SmartUpdate
ReviewQuestions
137
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 162
Using SmartUpdate
ReviewQuestions
137
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 163
User Management and Authentication
139
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 164
User Management and Authentication
Learning Objectives
140
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 165
User Management and Authentication
141
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 166
User Management and Authentication
User Types
141
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 167
User Management and Authentication
Types of Authentication
User Authentication
Session Authentication
Client Authentication
142
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 168
User Management and Authentication
Authentication Types
143
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 169
User Management and Authentication
Authentication Schemes
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 170
User Management and Authentication
Authentication Schemes
145
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 171
User Management and Authentication
Authentication Types
146
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 172
User Management and Authentication
148
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 173
User Management and Authentication
149
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 174
User Management and Authentication
152
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 175
User Management and Authentication
153
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 176
User Management and Authentication
156
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 177
User Management and Authentication
Distinguished Name
157
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 178
User Management and Authentication
158
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 179
User Management and Authentication
159
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 180
User Management and Authentication
160
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 181
User Management and Authentication
Managing Users
161
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 182
User Management and Authentication
UserDirectory Group
162
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 183
User Management and Authentication
Lab Practice
163
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 184
User Management and Authentication
Review Questions
163
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 185
User Management and Authentication
Review Questions
163
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 186
User Management and Authentication
Review Questions
163
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 187
User Management and Authentication
Review Questions
163
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 188
User Management and Authentication
Review Questions
163
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 189
User Management and Authentication
Review Questions
163
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 190
User Management and Authentication
Review Questions
163
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 191
User Management and Authentication
Review Questions
163
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 192
Identity Awareness
165
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 193
Identity Awareness
Deployment Platforms
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 194
Identity Awareness
Identity Awareness
configure network access
and auditing based on
network location, identity
of user, identity of
machine
167
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 195
Identity Awareness
Identity Awareness
shows user activity in
SmartView Tracker and
SmartEvent based on
user and machine name,
not just IP address.
168
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 196
Identity Awareness
AD Query
Recommended for
Identity based auditing and logging
Leveraging identity in Internet application control
Basic identity enforcement in the internal network
168
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 197
Identity Awareness
169
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 198
Identity Awareness
170
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 199
Identity Awareness
170
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 200
Identity Awareness
171
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 201
Identity Awareness
172
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 202
Identity Awareness
173
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 203
Identity Awareness
173
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 204
Identity Awareness
173
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 205
Identity Awareness
174
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 206
Identity Awareness
Transparent Kerberos:
User wants to access Internal Data Center
Identity Awareness does not recognize user, redirects browser to
Transparent Authentication page
Transparent Authentication page asks browser to authenticate itself
Browser gets Kerberos ticket from Active Directory, and gives to
Transparent Authentication page
Transparent Authentication page sends ticket to Security Gateway,
which authenticates user, redirects to original URL
If Kerberos authentication fails, Identity Awareness redirects browser
to Captive Portal
175
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 207
Identity Awareness
175
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 208
Identity Awareness
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 209
Identity Awareness
176
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 210
Identity Awareness
Jennifer:
Browses to Finance server from iPad
Enters her system credentials in Captive Portal
Is successfully directed to Finance server
176
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 211
Identity Awareness
Log entry
177
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 212
Identity Awareness
178
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 213
Identity Awareness
Create a rule that identified users can access the Internet from
the organization
From the Source of the rule, right-click to create an Access Role
Enter a Name for the Access Role
In the Users tab, select All identified users
Click OK
178
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 214
Identity Awareness
179
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 215
Identity Awareness
The Guests:
Browse to an Internet site from their laptop
The Captive Portal opens (they are not identified so cannot
access the Internet)
The enter identifying data in the Captive Portal, and read
through and accept a network access agreement
A welcome window opens
The can successfully browse to the Internet for a specified
period of time
179
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 216
Identity Awareness
The SmartView
Tracker log shows
how the system
recognizes a guest
180
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 217
Identity Awareness
Identity Agents
Two types of
Identity Agents
Endpoint Identity
Agents
Terminal Servers
Identity Agents
180-181
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 218
Identity Awareness
Identity Agents
181
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 219
Identity Awareness
Identity Agents
181
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 220
Identity Awareness
Identity Agents
178
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 221
Identity Awareness
Identity Agents
182
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 222
Identity Awareness
183
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 223
Identity Awareness
184
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 224
Identity Awareness
Create a rule in the Firewall Rule Base that lets only Finance
Department users access the Finance Web server, and install
policy.
From the Source of the rule, right-click to create an Access Role
Enter a Name for the Access Role
In the Networks tab, select Specific users and add the Active
Directory Finance users group
In the Users tab, select All identified users
In the Machines tab, select All identified machines and select IP
spoofing protection, and click OK
184
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 225
Identity Awareness
185
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 226
Identity Awareness
185
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 227
Identity Awareness
186
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 228
Identity Awareness
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 229
Identity Awareness
Deployment
186
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 230
Identity Awareness
Deployment
186-187
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 231
Identity Awareness
Deployment
187
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 232
Identity Awareness
Deployment
Network segregation
Control access between network segments with identity-
based policy
Deploy gateway close to access network to avoid malware
and unauthorized access in global network
187
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 233
Identity Awareness
Deployment
187
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 234
Identity Awareness
Deployment
Wireless campus
Deploy Identity Awareness enabled gateway inline in front of
wireless switch
Provide an identity awareness policy and inspect traffic that
comes form WLAN users
Guest access can be given by authenticating with Captive
Portal
187
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 235
Identity Awareness
Lab Practice
188
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 236
Identity Awareness
Review Questions
188
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 237
Identity Awareness
Review Questions
188
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 238
Identity Awareness
Review Questions
188
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 239
Identity Awareness
Review Questions
188
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 240
Identity Awareness
Review Questions
188
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 241
Identity Awareness
Review Questions
188
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 242
Introduction to Check Point VPNs
189
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 243
Introduction to Check Point VPNs
Learning Objectives
190
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 244
Introduction to Check Point VPNs
191
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 245
Introduction to Check Point VPNs
The VPN
191-192
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 246
Introduction to Check Point VPNs
Site-to-Site VPN
Strong encryption
Reliable
Scalable
192
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 247
Introduction to Check Point VPNs
Remote-Access VPN
Strong
authentication
Centralized
Management
Scalable
193
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 248
Introduction to Check Point VPNs
VPN Implementation
194
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 249
Introduction to Check Point VPNs
195
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 250
Introduction to Check Point VPNs
VPN Communities
VPN Community
member VPN
VPN Site
Domain
VPN Domain
VPN site VPN
Community
VPN
VPN Community Members
VPN Tunnel
Domain-based VPN
Route-based VPN
195-196
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 251
Introduction to Check Point VPNs
197
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 252
Introduction to Check Point VPNs
198
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 253
Introduction to Check Point VPNs
199
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 254
Introduction to Check Point VPNs
Choosing A Topology
199-200
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 255
Introduction to Check Point VPNs
Combination VPN
200
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 256
Introduction Check Point VPNs
201
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 257
Introduction Check Point VPNs
202
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 258
Introduction Check Point VPNs
203
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 259
Introduction to Check Point VPNs
203
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 260
Introduction to Check Point VPNs
204
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 261
Introduction to Check Point VPNs
205
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 262
Introduction to Check Point VPNs
Using the VPN column of the Rule Base, you can create access
control rules that apply only to members of a VPN community:
205
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 263
Introduction to Check Point VPNs
You can also create rules that are relevant for both VPN Communities
and host machines not in the Community:
205
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 264
Introduction to Check Point VPNs
205
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 265
Introduction to Check Point VPNs
206
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 266
Introduction to Check Point VPNs
207
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 267
Introduction to Check Point VPNs
208
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 268
Introduction to Check Point VPNs
209
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 269
Introduction to Check Point VPNs
VPN Tunnel
Authenticity
Privacy
Integrity
209
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 270
Introduction to Check Point VPNs
Permanent Tunnels
210-211
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 271
Introduction to Check Point VPNs
210
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 272
Introduction to Check Point VPNs
211
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 273
Introduction to Check Point VPNs
SecuRemote
SecureClient
SecureClient Mobile
L2TP
213
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 274
Introduction to Check Point VPNs
214
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 275
Introduction to Check Point VPNs
214-215
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 276
Introduction to Check Point VPNs
Lab Practice
216
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 277
Introduction to Check Point VPNs
Review Questions
216
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 278
Introduction to Check Point VPNs
Review Questions
216
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 279
Introduction to Check Point VPNs
Review Questions
216
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 280
Introduction to Check Point VPNs
Review Questions
216
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 281
Introduction to Check Point VPNs
Review Questions
216
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 282
Introduction to Check Point VPNs
Review Questions
216
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 283
Introduction to Check Point VPNs
Review Questions
216
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 284
Introduction to Check Point VPNs
Review Questions
216
2013 Check Point Software Technologies Ltd. [Confidential] For Check Point users and approved third parties | 285