Beruflich Dokumente
Kultur Dokumente
10
http://tiny.cc/amadorit
http://tiny.cc/r80videos http://tiny.cc/top3cli
©2017 Check Point Software Technologies Ltd. 2
Engage CheckMates on Mobile as well –
Download “Jive Daily” today
https://community.checkpoint.com
• Hardware Requirements
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 5
What Is R80.10 About?
©2017 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval 6
Security Policies Expressing Your Business Needs
©2017 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval 7
Security Policies Expressing Your Needs
Ordered Layers and Inline Layers
• Enforcing security using an ordered layered structure
̶ The upper most policy layer will be matched first 1
̶ In case a rule is matched, this traffic will be matched against 2
subsequent layers
• Enforcing security using an inline layered structure
̶ A rule (called “parent rule”) defers matching to a subsequent layer of
specific rules
̶ Only traffic that matches the “parent rule” will be matched against the
rules of the Inline Layer
©2017 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval 9
Introduction to Content Awareness
File Types, Content Types and Direction used in multiple rules
Direction
• Controlling File Types, Content Types and Direction up-/download/both
• In the above example extract of a larger rule base you see: File Type objects
̶ The download of spreadsheets that contain credit card numbers is allowed
̶ The upload or download of credit card numbers is blocked
̶ The upload of documents and the download of spreadsheets is allowed
• The order of the rules is important as the upper most rule will match first
©2017 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval 10
Introduction To Content Awareness
Combining File Types and Content Types to a Data Type group object
• When using a Data Type Group object both File
Types and Content Types need to match in order for
the group object to match Data Type Group
object name
©2017 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval 11
Introduction to Content Awareness
Predefined Data Types
• Using the Object Explorer you
can browse the predefined Data
Types
• You can edit properties
©2017 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval 12
Content Awareness & DLP – When To Use Which
DLP has more advanced engines and dedicated rule base but works only for HTTP POST, SMTP and FTP
Content Awareness works for all directions and is integrated into the Unified Rule Base. Support of more
advanced engines is on roadmap.
• DLP have a dedicated multi- • Support VSX and IPV6. • Support advanced Data
match rulebase. • Part of unified rulebase
Types, as templates and
• Content Awareness is part with Application Control, fingerprint for data-at-rest.
of the first-match unified URLF and other unified • Have full mail Quarantine
rulebase. rulebase objects. support.
• Content Awareness can also • Scan both incoming and • Has an Exchange Agent to
be used as a dedicated layer outgoing traffic. scan internal Exchange
• Have direction granularity
communication.
in each rule.
©2017 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval 13
Connections and Sessions
Multiple connections are forming a session
Session
Connections
©2017 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval 14
Accessible from
any device
Report customization
©2017 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval 15
Efficient Operation and
Automation with APIs
Efficiency Cost Savings Agility
©2017 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval 16
Recap Architecture
R80.10 Unified
SmartConsole
Upon Login the userCPM
creates a Session
Unified Console is a
true Client, i.e. can’t
operate without the
CPM Server.
Integrated workflow
©2017 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval 17
Why You Shouldn’t Upgrade (Yet)
©2017 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval 20
Hardware Requirements
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 21
Migration Tools
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 22
MIGRATE EXPORT AND
IMPORT
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 24
Migrate Export
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 25
Migrate Import
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 26
Migrate Import Continues
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 27
Migrate Import Still Going…
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 28
And… It’s Done!
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 29
Remember To Get A New License!
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 30
And now…
IT’S UPGRADE TIME!
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams
Verifier
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 38
Verifier Result
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 39
Verifier: Obsolete Check Point Objects
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 40
Service Name Conflicts with New Default Objects
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 41
IPS Protections by Type Changes in R80
Profiles name:
HomeProfile
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 42
Deprecated Application Control Categories in R80
* Description: Rulebase contains Application Control categories or group
of categories that were deprecated.
For deprecated categories list and recommended substitutes please refer
to sk106783.
The following categories are deprecated:
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 43
Threat Prevention Permission Profiles
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 44
LTE Services
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 45
THE FINISHED PRODUCT
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams
Firewall Policy Layer
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 50
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 51
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 52
©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams 53
THANK YOU