The combination of the ICMP echo request and echo reply messages are known as ping. They provide a simple diagnostic tool to find out if a host is reachable. In the cOS Core CLI, the ping command provides this feature. However in cOS Core the ping tool can be used to test much more than  Full Article…

Before going deep to every VPN technology setup in cOS Core lets look on overview of common requirements: Define the Tunnel – Firstly we must define the tunnel itself. cOS Core has various tunnel object types which are used to do this, such as an IPsec Tunnel object. A Route Must Exist – Before any  Full Article…

cOS Core supports two types of translation: Dynamic Network Address Translation (NAT) Static Address Translation (SAT) Two types of cOS Core IP rules, NAT rules and SAT rules are used to configure address translation. NAT Dynamic Network Address Translation (NAT) provides a mechanism for translating original source IP addresses to a different address. Outgoing packets  Full Article…

Address Resolution Protocol (ARP) allows the mapping of a network layer protocol (OSI layer 3) address to a data link layer hardware address (OSI layer 2). In data networks it is used to resolve an IPv4 address into its corresponding Ethernet address. The ARP Cache in network equipment, such as switches and security gateways, is  Full Article…

Before a new connection is checked against the IP rule set, cOS Core checks the connection source against a set of Access Rules. Access Rules can be used to specify what traffic source is expected on a given interface and also to automatically drop traffic originating from specific sources. AccessRules provide an efficient and targeted  Full Article…

The components of a Route Interface – Interface where is the destination network Network – destination network itself Gateway – next hop IP address Local IP Address – something like secondary ip address. You can specify this on your physical interface and FW will reply to ARP for this IP. Where it is useful? When  Full Article…

cOS Core security policies are configured by the administrator to regulate the way in which traffic can flow through the Clavister Security Gateway. Such policies are described by the contents of different cOS Core rule sets. These rule sets share a uniform means of specifying filtering criteria which determine the type of traffic to which  Full Article…

In every network device there is source and destination interface. In clavister there is also Core interface which refers to the clavister fw itself. cOS Core supports a number of interface types, which can be divided into the following four major groups: Ethernet Interfaces – Each Ethernet interface represents a physical Ethernet interface on a  Full Article…

A Service object is a reference to a specific IP protocol with associated parameters. A service definition is usually based on one of the major transport protocols such as TCP or UDP which is associated with a specific source and/or destination port number(s). For example, the HTTP service is defined as using the TCP protocol  Full Article…

The cOS Core Address Book contains named objects representing various types of IP addresses, including single IP addresses, networks as well as ranges of IP addresses. Ethernet MAC addresses can also be defined in the address book. IP Address objects are used to define symbolic names for various types of IP addresses. Depending on how  Full Article…

Claviste FW is using cOS Core OS. Its OS running at the top of linux machine like in checkpoint. It is UTM firewall as it supports features like Routing, FW policies, NAT, ALG (application inspection), VPN, TLS termination, Application control, Anti-Virus scanning, IDS/IPS, Web content filtering, Traffic management (shaping, LB, QoS), HA, Virtualization, etc. cOS  Full Article…