SIC ==>> Secure internal communication.
This is the protocol to use make secure connection between Check point devices like connection between Security gateway and Security management server in the distributed deployment.
It is using SSL.
SIC measures for validation
Authentication certificate.
Triple DES for encryption
Standard based SSL for secure channel creation.
It works on TCP 18209
INSPECT engine in Firewall:
===========================
INSPECT Engine it inspect each packets and maintains a table which is stateful. even it created a virtual state table for a connection less protocol such as UDP, RCP etc.. which help the firewall to inspect and monitor the traffics.
Rules in Check points:
======================
Stealth Rule :
Which allows limits the traffic which goes to the gateway ,
Ex:
===
It allows only authenticated administrators traffic to gateway and blocks others traffic to the gateway.
Clean up rule:
==============
It blocks all the traffic which comes to the firewall and logs the same which help admin to analyze all the traffic.
It placed at last.
Explicit Rule:
==============
Created by admin.
Implicite Rule:
===============
The rule burned with firewall which is not visible.
Advantages of Checkpoint:
=========================
1.Single point of management means gateways can be managed by smart console.
2. Open Architecute means it can work with other security protects.
3.It updates it security software's often to avoid latest attackers.
Bit Map checkpoint firewall
Licence :
Local license is issued for the firewall gateway IP address.
Central license is issue and assigned to a IP address of ManagmentSmartcenter
TCP timeout is 60 minutes
UDP 2 minutes
ICMP 2Seconts
==========================
Type of check points;
Standard Checkpoint: Checks based on Objects
BitMap checkpoint: Checks Webpage pixel by pixel.
Image checkpoint: Check Webpages Source location.
Table checkpoint: Checks on Table cells
Text Checkpoint : Checks Texts in Webpages.
=================================
Check point XLs."
Core XL:
========
It makes CPU to run multiple task at same time.
Secure XL:
It is the accelerate the solution and maximize the performance.
But not compromise the security
When we enable the SecureXl some intensive process is taken care by Virtualization software instead of Firewall kernel.
ClusterXL:
VSX virtual system extension:
It is Virtual firewall(Context or VRF) default is VS0
Cluster XL uses Unique Virtual IP and MAC address.
It uses CCP for Cluster Device communications.
No need any rule or plicy
It run on UPD port 8116
Delta Sync It the Sync of Checkpoint Cluster Sync. It taken care directly by Checkpoint Kernel.
Routing configuration on Checkpoint Gaia.
When we configure a routing on the Checkpoint there are three types of option in Next hope.
Normal: Accept and forward packets.
Reject: Drop packets, and send unreachable messages.
Black Hole: Drop packets, but don't send unreachable messages.
Local scope :
This option is helpfull if we enable it, It will communicate to the cluster evethough the cluster is in different subnet.
When we add some a gateway in the checkpoint we can add a IP as a gateway or a local interface also configure as gateway.
We can add many gateways and configure a priority as per the requirments.
We can also enable the Ping responce time and count of Ping which is hitting the route and the interface.
Check point Packet flow:
===================
Comments
Post a Comment