Professional Documents
Culture Documents
8.checkpoint Firewall Interview Questions
8.checkpoint Firewall Interview Questions
8.checkpoint Firewall Interview Questions
Question 2:
What is stateful inspection?
Answer:
Stateful inspection was invented by checkpoint, providing accurate and highly efficient
traffic inspection. The inspection engine examines every packet as they are intercepted
at the network layer. The connection state and context information are stored and
updated dynamically in kernel table.
Question 3:
What is policy installation process in checkpoint firewall?
Answer:
Question 4:
Answer:
www.NetTech.org.in
Question 5:
Answer:
SIC
VPN certificates for gateways
Users
Question 8:
Answer:
Fwunloadlocal is a command used to detach the security policy from the local machine.
www.NetTech.org.in
Question 9:
Answer:
Stealth rule prevents users from connecting directly to the gateway. Stealth rule at the
top of the rule base protects your gateway from port scanning, spoofing and other types
of direct attacks.
Question 10:
Answer:
It provides Kernel level inspection and works for Layers 3 and above in OSI model.
There are four inspection points as a packet passes through the kernel (or virtual
Machine)
www.NetTech.org.in
Question 12 What are the functions of CPD, FWM, and FWD processes?
Answer:
CPD CPD is a high in the hierarchical chain and helps to execute many services, such
as Secure Internal Communication (SIC), Licensing and status report.
FWM The FWM process is responsible for the execution of the database activities of
the Management server. It is; therefore, responsible for Policy installation, Management
High Availability (HA) Synchronization, saving the Policy, Database Read/Write action,
Log Display, etc.
FWD The FWD process is responsible for logging. It is executed in relation to logging,
Security Servers and communication with OPSEC applications.
Question 13: What are the major differences between SPLAT and GAIA platforms?
Answer.
Gaia is the latest version of Checkpoint which is a combination of SPLAT and IPSO.
Here are some benefits of Gaia as compare to SPLAT/IPSO.
Answer:
www.NetTech.org.in
Question 15: What are the different Checkpoint Ports and purpose of these ports?
Answer:
PORT TYPE SHORT DESCRIPTION
256 TCP FW1 Checkpoint Security gateway Service
257 TCP FW1_log Protocol Used for delivering logs from FWM
259 TCP FW1_clientauth_telnet ( Client Authentication )
500 UDP IPSEC IKE Protocol (formerly ISAKMP/Oakley)
900 TCP FW1_clntauth_http (Client Authentication))
4433 TCP Management server Portal
4500 UDP NAT-T NAT Traversal,
8116 UDP Check Point Cluster Control protocol (CCP)
18190 TCP CPMI Check Point Management Interface,
Answer:
Tcpdump displays traffic coming or leaving to/from a firewall interface while few
monitor would also tell you how the packet is going through the firewall including
routing and NAT decisions.
FW Monitor captures traffic at 4 important points in the firewall namely i, I, o & O. You
would see them in the capture in the same sequence.
TCP Dumpcaptures at position i & O of firewall monitor, and you can be sure the traffic
has left the firewall. This is similar to the way captures work on a Cisco PIX/ASA
www.NetTech.org.in
Question 17: what is bi-directional NAT?
Answer:
If Bi-directional NAT is selected, the gateway will check all NAT rules to see if there is a
source match in one rule, and a destination match in another rule. The Gateway will use
the first matches found, and apply both rules concurrently.
Answer:
Peers exchange more key material, and agree on encryption and integrity methods for
IPsec Key. The DH Key is combined with the key material to produce the symmetrical
IP Sec key.
Question 19: Why cleanup rule need to add explicitly in Checkpoint Smart dashboard?
Answer:
Cleanup rule is required to drop all traffic that did not match any of the other rules (from
top to bottom) However there is an Implied rule in Checkpoint that does the same action
of dropping packets if no rule exists ( as you mentioned) but logging is not enabled for
this implied rule.
Question 20:
Answer:
Snapshot:
The snapshot utility backs up everything, including the drivers, .Snapshot can be used
to backup both your firewall and management modules.
The disadvantages of this utility are that the generated file is very big, and can only be
restored to the same device and exactly the same state (same OS, same Check Point
version, and same patch level).
www.NetTech.org.in
Backups:
The backup utility backs up your Check Point configuration and your networking/OS
system parameters (such as routing), the backup utility can be used to backup both
your firewall and management modules. The resulting file will be smaller than the one
generated by snapshot. Backup does not include the drivers, and can be restored to
different machine (as opposed to snapshot, which cannot).
www.NetTech.org.in