Checkpoint process the packet in the ingress and the egress using two CHAINS. Basic: -Physical layer – ingress interface -Data Link Layer/Ethernet -Inspect Driver [inspect Engine] -Network Layer/IP Routing -Inspect Driver -Data Link Layer/Ethernet -Physical layer – egress interface Advance: 1. NIC hardware -The network card receives electrical signalling from the link partner. 2. NIC [...]
When you enable the SSL VPN blade in Checkpoint firewall: You are automatically given a 30 day trial license for 10 users. Start the SSL VPN Wizard: -Configure your firewall access rules to permit SSL VPN traffic. The actual rules needed depend on your configuration. -A rule allowing HTTPS (TCP/443) traffic is automatically added to [...]
For administration and configuration tasks: cpconfig -Menu based configuration tool. Options depend on the installed products and modules. sysconfig -Start SPLAT OS and Check Point product configuration tool. cp_conf admin add <user> <pass> <perm> -Add admin user with password pass and permissions perm where w is read/write access and r is read only. Note:permission w [...]
For basic firewall informaton gathering: fgate stat-Status and statistics of Flood-Gate-1. fwaccel <stat|stats|conns> – View status, statistics or connection table of SecureXL. fw getifs-Show list of configured interfaces with IP and netmask. cpstat <app_flag> [-f flavour] -View OS, HW and CP application status. Issue cpstat without any options to see all possible application flags <app_flag> and [...]
For starting or stopping firewall services cpstop-Stop all Check Point services except cprid . You can also stop specific services by issuing an option with cpstop. For instance cpstop FW1 stops FW-1/VPN-1 or use cpstop WebAccess to stop WebAccess. cpstart-Start all Check Point services except cprid . cpstart works with the same options as cpstop [...]
Secure Internal Communication (SIC) is used when you integrate a Check Point product with Websense software.If Websense software is integrated with a FireWall-1 NG version, you can configure both programs to use Secure Internal Communication (SIC).