SMART ARCHITECTURE
Smart Console -> Management Server -> Gateway (Firewall)
Policy are created -> Policy are stored -> Policy are pushed/implemented
TRAFFIC CONTROL METHODS
1. Packet Filtering
2. Stateful - remember the ports and IP address in the session (inspect)
- Transport and Network Layer
3. Application Awareness - application layer
- looking at the content
OPERATING SYSTEM HISTORY
1. IPSO
2. Secure Platform
3. GAIA
INSTALLING CHECKPOINT OPTIONS
1. Standalone vs Distributed
2. High Availability
3. Routed vs Bridged
4. Topology / Addressing
Communication Manager and GW(Firewall)
Login via console PC
1. Firewall
- Network management
1. Network Interfaces -> Configure ETHX (0,1,2)
2. IPV4 Static Route -> Add Gateway -> X.X.X.X (ETH0)
- System Management
1. Messages -> Banner Messages -> MABUHAY!
2. Manager Server
- Network Management
1. Network Interfaces (verify)
2. IPV4 Static Route (verify) 10.1.1.111
- System Management
1. Messages -> Banner Messages -> MABUHAY!
- Overview
1. Manage Software Blade using Smart Console -> Download Now -> Install everything
PC Console
1. Launch the smart dashboard
Manager
To verify the fingerprint on smart dashboard
1. Lock Database override
2. cpconfig -> certificate fingerprint -> exit
2. Network Objects
-> Checkpoint
-> Management Server
-> Security Gateway Management
-> Classic
-> Checkpoint Gateway General Properties (fill up)
- Name - FW Name
- IPV4 IP Address
- Comment - FW Comment
-> Network Security
- Tick the feature / license based
- IPS, Monitoring, IPS, IPSec/VPN
-> Platform -verify Hardware OS
-> Trusted Communication
- Authentication -> One time password -> Initialize
- To connect the Manager to the Firewall
- Certificate Status -> Trust Established
- The new Gateway will be seen
-> Topology
- Verify the interfaces
- Interface will be assigned automatic as external if Gateway
is configured
-> Nodes
-> Node
-> Host Object
- Configure Name, IP Address, Comment
-> Network
-> Network
-> General
- Configure Name, Comment, Network Address and Mask
CREATING/INSTALLING POLICIES
Adding rules for security policy
- Mgmt, Stealth, Internal, Cleanup
- Implied Rules
Firewall
-> Policy -> Launch Menu -> Rules -> Add Rule -> Top or Bottom
MANAGEMENT RULE: RULE ID 1
- Name: Allow Traffic Management
- Source: Node PC
-> Creating New Host -> New -> Host
Configure Host Node Properties -> Name, IP Address,
- Service: Go to Dish
- Destination: Firewall HQ
- Action: [Accept] [Reject] [Drop]
- Track: Log
- Install On: Target Firewall
MALICIOUS: RULE ID 2
- Name: Malicious
- Source: Any
- Service: Any
- Destination: Firewall HQ
- Action: [Drop]
- Track: Log
- Install On: Target Firewall
OUR USERS: RULE ID 3
- Name: Our Users
- Source: Internal-HQ
- Service: Any
- Destination: Any
- Action: [Accept]
- Track: Log
- Install On: Target Firewall
CLEAN UP: RULE ID 4
- Name: DENY
- Source: Any
- Service: Any
- Destination: Any
- Action: [Drop]
- Track: Log
- Install On: Target Firewall
SAVING THE POLICY
1. Save Icon
2. Control + S
3. Launch Menu -> File -> Save
IMPLIED RULES
1. Launch Menu -> Policy -> Global Properties
2. Edit Global Properties
- Implied Rules
- Accept control Connections
- Accept remote access control connections
- Accept Smart Update connections
- Accept IPS-1 management connections
- Accept outgoing packet originating from gateway -> Before Last
- Track
- Log Implied Rules
3. To verify
Launch Menu -> View -> Implied Rules
PUSING THE POLICY
1. Launch Menu -> Policy -> Install POLICY
2. Or Icon Install POLICY
Inside Install POLICY
Revision Control
- Create Database; snapshot
- Once done it will deploy the policy
- Policy Installation status -> date and succeeded
3. To verify in Firewall
FW> fw stat
FW> fw fetch IP.Address.of.Manager
Troubleshooting via CLI
FW> fw stat
FW> show configuration interfaces
FW> fw fetch [location]
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment