Scribd Logo
Upload

Welcome to Scribd!

  • Checkpoint Packet Flow

    Uploaded by

    SurajKumar
    21 views3 pages

    Original Title

    checkpoint packet flow.txt

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    21 views3 pages

    Checkpoint Packet Flow

    Uploaded by

    SurajKumar

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 3

    KAMAKHYA VILLAS

    Plot No.-1, Near Radha Swami satsang


    Crossing Road, Shaberi, Sector-4 G.Noida(W)

    Gateway mangment

    Sam Data base--- to prvent attack


    Address snoppifing -- source --outside(syn)(Syn ASk)
    Session lookup--(syn synack syn)
    policy lookup (
    Destantion Nat/Static NAT
    route lookup(where should packet)
    Source Nat
    Layer 7 lookup(To check application--Active or passive)
    VPN lookup(vpn--)
    Packet forwerd

    34.Explain The Messages Exchange Between The Peers In Ike/isakmp?

    Answer :
    Phase 1 - Main Mode

    MESSAGE 1: Initiator offers Policy proposal which includes encryption,


    authentication, hashing algorithms (like AES or 3DES, PSK or PKI, MD5 or RSA).

    MESSAGE 2: Responder presents policy acceptance (or not).

    MESSAGE 3: Initiator sends the Diffie-Helman key and nonce.

    MESSAGE 4: Responder sends the Diffie-Helman key and nonce.

    MESSAGE 5: Initiator sends ID, preshare key or certificate exchange for


    authentication.

    MESSAGE 6: Responder sends ID, preshare key or certificate exchange for


    authentication.

    Only First Four messages were exchanged in clear text. After that all messages are
    encrypted.

    Phase 2 - Quick Mode:

    MESSAGE 7: Initiator sends Hash, IPSec Proposal, ID, nonce.

    MESSAGE 8: Responder sends Hash, IPSec Proposal, ID, nonce.

    MESSAGE 9: Initiator sends signature, hash, ID.

    All messages in Quick mode are encrypted.

    33.Explain How Ike/isakmp Works?

    Answer :
    IKE is a two-phase protocol:

    Phase 1

    IKE phase 1 negotiates the following:-


    1.It protects the phase 1 communication itself (using crypto and hash algorithms).

    2.It generates Session key using Diffie-Hellman groups.

    3.Peers will authenticate each other using pre-shared, public key encryption, or
    digital signature.

    4.It also protects the negotiation of phase 2 communication.

    There are two modes in IKE phase 1:-

    Main mode - Total Six messages are exchanged in main mode for establishing phase 1
    SA.

    Aggressive mode - It is faster than the main mode as only three messages are
    exchanged in this mode to establish phase 1 SA.
    It is faster but less secure.

    At the end of phase 1, a bidirectional ISAKMP/IKE SA (phase 1 SA) is established


    for IKE communication.

    Phase 2:

    IKE phase 2 protects the user data and establishes SA for IPsec.

    There is one mode in IKE phase 2:-

    Quick mode - In this mode three messages are exchanged to establish the phase 2
    IPsec SA.

    At the end of phase 2 negotiations, two unidirectional IPsec SAs (Phase 2 SA) are
    established for user data�one for sending and another for receiving encrypted data.

    45.Name A Major Drawback Of Both Gre & L2tp?

    Answer :
    No encryption.

    53.How Do You Check The Status Of The Tunnel�s Phase 1 & 2 ?

    Answer :
    Use following commands to check the status of tunnel phases:-

    Phase 1 - show crypto isakmp sa

    Phase 2 - show crypto ipsec sa

    36.How Diffie-hellman Works?

    Answer :
    Each side have a private key which is never passed and a Diffie-Hellman Key (Public
    Key used for encryption).
    When both side wants to do a key exchange they send their Public Key to each other.

    for example Side A get the Public Key of Side B, then using the RSA it creates a
    shared key which can only be opened on Side B with Side B's Private Key So,
    even if somebody intercepts the shared key he will not be able to do reverse
    engineering to see it as only the private key of Side B will be able to open it.

    28.What Are The 3 Protocols Used In Ipsec?

    Answer : ?Authentication Header (AH).


    ?Encapsulating Security Payload (ESP).
    ?Internet Key Exchange (IKE).

    --cluster
    --VPN
    --NAT

    CCSE NG: Check Point Certified Security Expert Study Guide:


    �Installing and configuring VPN-1/FireWall-1 Gateway
    �Administering post-installation procedures
    �Configuring user tracking
    �Using the VPN-1 SecureClient packaging tool
    �Configuring an HTTP, CVP, and TCP security server
    �Setting up a logical server for load balancing of HTTP traffic
    �Configuring and testing VPN-1 SecuRemote and VPN-1 SecureClient
    �Setting up VPN desktop policies and use Security Configuration Verification
    �Enabling Java blocking, URL filtering and anti-virus checking
    �Establishing trust relationships with digital certificates

    You might also like