Lets say employee wants to break security policy and use ssl tunnel in work to his home or to some vpn service on Internet. And via this encrypted tunnel he can access all he pages and he can do everything like he is indeed home. Checkpoint can do a HTTPS inspection and if employee is Full Article…
Application control and URL filtering
In every company you would have something called acceptable use policy. In that policy there will be lots of rules and regulations about what users are allowed to do. One of the rules can be for example that you cannot go to certain website categories like facebook, gaming, torrents, porn, you name it… And what Full Article…
Checkpoint CLI
There is a CLI in checkpoint and we need to now bacics for some certain situations like restoring policy if we pushed some wrong one and management server cannot communicate with gateway. Or we would like to check the linux related stuff on the appliance like arp, ifconfig, routing. There are also some checkpoint commands Full Article…
Site to Site VPNs
I know how the VPN works. There is IKE phase 1,2. In phase one there is HAGLE going on. In phase two HAGLE but HA is same, becasue (message + password) x hash is used for authentication and integrity check. Configuration of VPNs under checkpoint is very easy. In checkpoint there is some nomenclatures: vpn Full Article…
Backup and Recovery
We have lot of options for backups in checkpoint. Check the screen above. There is: DB Version – when we pushed out the policy we had option to create the backup of database. Inside of database are objects and policy. Backup – We already did this type of backup in the CLI. This includes the Full Article…
Smart Update
Imagine you are working for company which has many checkpoint gateways and their licensing vary for each of them. In some point these licenses are going to expire and you have to restore them and manage them remotely. You also would like to perform remote upgrades, patches and hot fixes of your devices. And for Full Article…
Remote access VPNs & additional CheckPoint features
To repeat the remote access VPN can be clientless and clientfull. Clientless is via ssl portal. From there client can access the most important resources via applets installed in the portal. If client want to use the clientfull VPN he has to have the client installed. He can download the client from the ssl portal. Full Article…