NAT ADDRESS TRANSLATION
Why -> Private IP, Security, Limited IPs
What to translate: Source or Destination
How to Translate: Static or Dynamic
Where translation is done
Mostly for servers
Static - Destination NAT -> Translation happen on the Ingress Interface
Mostly for end-user pc/clients
Source - Dynamic NAT ->
NAT Hide
Firewall Tab
-> NAT
Network Objects -> Network
-> Internal-HQ
-> NAT Tab
-> Add Automatic Address Translation -> Translation method -> Hide
-> Save
-> Install Policy (PUSH)
From internal HQ PC ping public IP
SMART TRACKER
-> go to bottom (down icon)
-> validate the log if ping was translated outside
XlateSrc -> Translated Source Address
NAT Static
Firewall Tab
-> NAT
Network Objects -> Notes
-> Test PC}
-> NAT Tab
-> Add Automatic Address Translation -> Translation method -> Static
-> Check the global address (public IP/routed IP)
-> Save
-> Install Policy (PUSH)
XLateDst -> Translated Destination Address
POLICY PACKAGES AND DATABASE VERSIONS
1. Install and link Gateway to Manager
2. Include new Firewall in Policies
Policy Packages can deploy specific targets of rules for X numbers of firewalls
New Policy Package
- set of policy can be push to one or more gateways
Dashboard
-> File
-> New
-> Blank Screen (need to pollute the policy)
Dashboard
-> File -> Save -> Install Policy
-> SELECT TARGETS
- Only choose the specific firewall for the new policy packahge
-> File -> Save -> Install Policy
-> Advance Option
-> Create Database version - to create snapshots and versions to restore
Database Version Control
-> File -> Database Revision Control
-> Create -> Creating a version
-> Automatically create old version -> Configure
-> Action -> Restore Version
Separation of rules
-> Right Click -> Add a section title -> Below -> Rule Name
SMART VIEW TRACKER
Modes: Log, Active, Audit
Queries: Predefined and Custom
Care and Feeding:
- Global Properties
- $FWDIR/log
- Other event destinations
Smart View Tracker ---> MGR <---logs--- br="" firewall="">
Active Mode
- Realtime activity
- Manual Block
Smart Console
-> Smart View Tracker
3 Modes
-> Network Endpoint
-> Actve
-> Management
Edit Filter
-> Specific (What service)
-> Add
-> Contain or Equal
-> OK
Edit Filter
-> Follow
-> Destination or Source
Save Query As -> Predefined searches to be save
SMART BLOCKER
Launch Menu
-> Tools -> Block Connection
-> Block Intruder
-> Blocking Scope
-> Blocking Timeout
Management Mode
Right Click a Rule in the policy -> View Rule Logs (smart tracker will be open)
Smart Dash Board
-> Global Settings
-> Global Properties
-> Logs and Alert
-> Time Settings
Exessive Log grade period: 62 Seconds
Smart View Tracker Resoliving Timeout: 20 Seconfs
Virtual Link statistics logging interval: 60 seconds
Status Fetching Interval: 60 seconds
-> Alerts
Send email
Send snmp
Network Objects
-> Manager
-> Logs -> Enable Smartlog
-> Log Storage
Configure log file size
Create logfile base on timing
-> Additional Logging
Set to a different logging servers
SMART VIEW MONITOR
Provides statistics of
Gateways, Traffic, Counters, Tunnels, Users
Create and view suspicious activity rules
Set Thresholds and see alerts
SmartConsole
-> SmartView Console
Gateway Status
Traffic
- Top Services
- Top QOS Rules
- Top Destinations
- Top Security Rules
- Packet Size Distribution
- Top VOIP users
- Top Interfaces
- Virtual Link
- Top Tunnels
- Top P2P-Top Sources
- Common Services History
- Top Connections
System Counters-System
-System History
-Firewall
-Firewall History
-VPN
-VPN History
-Content Inspection
-Firewall Security
-Firewall Server
Tunnels
-Tunnel on Community
-Permanent Tunnels
-Down Permanent Tunnels
-Tunnels on Gateway
Gateway Status-> Click Desired Firewall -> Configure Threshold
-> CPU, Free Disk space, Status connection,
Launch Menu
-> Tools
-> Start System Alert Daemon
Software Blade must be enabled (Software License)
Monitoring should be tick on the Gateway Properties
Dynamic Rules via Smart View Monitor
Icon - Suspicious Activity Rules
-> Show on all Checkpoint Gateways
-> Refresh
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment