Search the Wiki

Viewing 51 to 60 of 151 items

Connecting the FW to MGMT server

If you want to use the smartConsole applications for managing the FWs, login to mgmg server via https and click on head border to download now the smartconsole. After downloading you just install it 😉 You will see a loooot of applications. You can install all. Main application for managing the fw is called SmartDashboard.  Full Article…

Komentáře nejsou povolené u textu s názvem Connecting the FW to MGMT server

Installing rules and objects and pushing them

General overview of checkpoint rules are: Mgmt rules – needed for the access of physical server. You should allow also ssh and https for specified client because you may have problems with SIC so you want to connect directly to FW Stealth rules – you dont want any external user connect to the FW, you  Full Article…

Komentáře nejsou povolené u textu s názvem Installing rules and objects and pushing them

Network address translation

Checkpoint is using more or less the same types of NAT as Cisco ASA. It has source/destination NAT, static/dynamic NAT, PAT called Hide NAT. Same as in ASA, the destination NAT is performed before routed. In most configuration they will need you to choose from static and hide nat. The difference between these two is  Full Article…

Komentáře nejsou povolené u textu s názvem Network address translation

Policy packages

When you have more firewall under you management domain you have more options to implements policy. Either you configure one policy package and within this policy package you create specific sections for specific firewalls or you create specific policy packages for specific firewalls. The first is good for small environment, the latter is more used.  Full Article…

Komentáře nejsou povolené u textu s názvem Policy packages

SmartView Tracker

SmartView tracker is an excellent tool. Checkpoint implements not just brilliant logging but also tools via which you can dig into the log files and file the logs you really need. With SmarView Tracker you can query the data and find what you need. SmartView Tracker has 3 main categories or modes: Log – you  Full Article…

Komentáře nejsou povolené u textu s názvem SmartView Tracker

SmartView Monitor

Smart Monitor is very powerful tool. It can answer questions like CPU, memory, disk usage, traffic bandwidth, etc. In this tool you can also set the threshold values to trigger alarms so you can be proactive. Another important feature of Monitor is to create and view suspicious activity rules. As it is very dangerous to  Full Article…

Komentáře nejsou povolené u textu s názvem SmartView Monitor

Connecting Checkpoint to LDAP server

Account in checkpoint can be kept locally or remotely. For remote account we can use several protocols like LDAP, Radius, TACACS, SecureID. TACACS is using encrypted session, RADIUS is encrypting just the password and for LDAP you can choose to encrypt it with the SSL. In production you should always use the encryption. There are  Full Article…

Komentáře nejsou povolené u textu s názvem Connecting Checkpoint to LDAP server

Identity awareness

How do we acquire the actual identity of users in your network? How do we acomplish that firewall will know the users and can map them to theirs specific IP address. Here are the possibilities: AD Query – when user logged into the AD the Security Event Logs triggers including also IP address info about  Full Article…

Komentáře nejsou povolené u textu s názvem Identity awareness

HTTPS inspection

Lets say employee wants to break security policy and use ssl tunnel in work to his home or to some vpn service on Internet. And via this encrypted tunnel he can access all he pages and he can do everything like he is indeed home. Checkpoint can do a HTTPS inspection and if employee is  Full Article…

Komentáře nejsou povolené u textu s názvem HTTPS inspection

Application control and URL filtering

In every company you would have something called acceptable use policy. In that policy there will be lots of rules and regulations about what users are allowed to do. One of the rules can be for example that you cannot go to certain website categories like facebook, gaming, torrents, porn, you name it… And what  Full Article…

Komentáře nejsou povolené u textu s názvem Application control and URL filtering