If you want to use the smartConsole applications for managing the FWs, login to mgmg server via https and click on head border to download now the smartconsole. After downloading you just install it 😉 You will see a loooot of applications. You can install all. Main application for managing the fw is called SmartDashboard. Full Article…
Search the Wiki
Installing rules and objects and pushing them
General overview of checkpoint rules are: Mgmt rules – needed for the access of physical server. You should allow also ssh and https for specified client because you may have problems with SIC so you want to connect directly to FW Stealth rules – you dont want any external user connect to the FW, you Full Article…
Network address translation
Checkpoint is using more or less the same types of NAT as Cisco ASA. It has source/destination NAT, static/dynamic NAT, PAT called Hide NAT. Same as in ASA, the destination NAT is performed before routed. In most configuration they will need you to choose from static and hide nat. The difference between these two is Full Article…
Policy packages
When you have more firewall under you management domain you have more options to implements policy. Either you configure one policy package and within this policy package you create specific sections for specific firewalls or you create specific policy packages for specific firewalls. The first is good for small environment, the latter is more used. Full Article…
SmartView Tracker
SmartView tracker is an excellent tool. Checkpoint implements not just brilliant logging but also tools via which you can dig into the log files and file the logs you really need. With SmarView Tracker you can query the data and find what you need. SmartView Tracker has 3 main categories or modes: Log – you Full Article…
SmartView Monitor
Smart Monitor is very powerful tool. It can answer questions like CPU, memory, disk usage, traffic bandwidth, etc. In this tool you can also set the threshold values to trigger alarms so you can be proactive. Another important feature of Monitor is to create and view suspicious activity rules. As it is very dangerous to Full Article…
Connecting Checkpoint to LDAP server
Account in checkpoint can be kept locally or remotely. For remote account we can use several protocols like LDAP, Radius, TACACS, SecureID. TACACS is using encrypted session, RADIUS is encrypting just the password and for LDAP you can choose to encrypt it with the SSL. In production you should always use the encryption. There are Full Article…
Identity awareness
How do we acquire the actual identity of users in your network? How do we acomplish that firewall will know the users and can map them to theirs specific IP address. Here are the possibilities: AD Query – when user logged into the AD the Security Event Logs triggers including also IP address info about Full Article…
HTTPS inspection
Lets say employee wants to break security policy and use ssl tunnel in work to his home or to some vpn service on Internet. And via this encrypted tunnel he can access all he pages and he can do everything like he is indeed home. Checkpoint can do a HTTPS inspection and if employee is Full Article…
Application control and URL filtering
In every company you would have something called acceptable use policy. In that policy there will be lots of rules and regulations about what users are allowed to do. One of the rules can be for example that you cannot go to certain website categories like facebook, gaming, torrents, porn, you name it… And what Full Article…