Professional Documents
Culture Documents
02 Security 101 Gaia 2022
02 Security 101 Gaia 2022
1 (MAJ 2023)
ARCHITECTURE
COMPONENTS
The administrator makes one Security Management Server Active and the others
Standby.
If the Active Security Management Server is down, the administrator can promote
the Standby server to be Active.
This deployment lets you reduce the maintenance required for your
systems.
The two appliances are connected with a direct synchronization connection (2) and
work in High Availability mode
A bridge mode deployment adds a Security Gateway to an existing environment without changing IP Routing.
GAiA
SECURITY
MANAGEMENT
SERVER
▪ The Security Management Server (SMS) is used to manage the security policy.
▪ The Security Management Server maintains the database of objects and policies.
▪ Policies and objects are defined using SmartConsole or the web services API.
▪ Security Gateways send logs to the Security Management Server.
▪ Policies, objects and logs are indexed to facilitate lookups.
▪ The Internal Certificate Authority (ICA) on the SMS establishes trusted relations.
6000-XL
Large Enterprise
SECURITY
GATEWAYS
16000
Midsize Enterprise Turbo Hyperscale Up to 1.5 Tera bps
Up to 30 Gbps
+25%
15000
Up to 1500 Mbps +75% 20 Gbps
5600 - 5900 Up to 190 Gbps
+180% 5100 - 5400
10 Gbps
3100 - 3200 6.1 Gbps
1,460 Mbps
T H R E AT P R E V E N T I O N T H R O U G H P U T
585 Mbps
MHO175
Maestro
Hyperscale Span
from 2 to 15
400 Gbps
Maestro Span
MLS200
Beginning
2x MLS200
2x MLS200
400 Gbps
400 Gbps
Maestro Base Configuration Scale from 400 Gbps to 3 Tbps with Maestro*
* Or achieve the same 3 Tbps with 8x MLS400 + Maestro
• Some consideration:
• Two support vendors
• Higher cost for support
• No trade-in
SmartConsole
©2022 Check
[Confidential] For designated Pointand
groups Software Technologies Ltd. 28
individuals
Check Point Security 101
Check Point SmartConsole R81.20
SmartConsole provides access to:
[Confidential] For designated groups and individuals ©2022 Check Point Software Technologies Ltd. 29
Check Point Security 101
Check Point SmartConsole R81.20
SmartConsole provides access to:
©2022 Check
[Confidential] For designated Pointand
groups Software Technologies Ltd. 30
individuals
Check Point Security 101
Check Point SmartConsole R81.20
SmartConsole provides access to:
©2022 Check
[Confidential] For designated Pointand
groups Software Technologies Ltd. 31
individuals
Check Point Security 101
Check Point SmartConsole R81.20
SmartConsole provides access to:
©2022 Check
[Confidential] For designated Pointand
groups Software Technologies Ltd. 32
individuals
CHECK POINT
POLICIES: BASICS
Basic Rules
▪ Two rules used by nearly all administrators
– Stealth Rule
– Cleanup rule
©2022 Check
[Confidential] For designated Pointand
groups Software Technologies Ltd. 38
individuals
Check Point Security 101
Implied Rules
©2022 Check
[Confidential] For designated Pointand
groups Software Technologies Ltd. 39
individuals
Check Point Security 101
Rule Base Management
©2022 Check
[Confidential] For designated Pointand
groups Software Technologies Ltd. 40
individuals
Check Point Security 101
Rule Base Order – Access Control
▪ IP spoofing / IP options
▪ First Implied Rule[s] - No explicit rules can be placed before it.
▪ Explicit Rules - These are the rules that you create.
▪ Before Last Implied Rule[s] - Applied before the last explicit rule.
▪ Last Explicit Rule - We recommend using a Cleanup rule as the last explicit rule.
– Note - If you use the Cleanup rule as the last explicit rule, the Last Implied Rule and the Implicit
Cleanup Rule are not enforced.
▪ Last Implied Rule[s] - Although this rule is applied after all other explicit and implied rules, the
Implicit Cleanup Rule is still applied last.
▪ Implicit Cleanup Rule - The default rule that is applied if none of the rules in the Policy Layer match.
©2022 Check
[Confidential] For designated Pointand
groups Software Technologies Ltd. 41
individuals
©2022 Check Point Software Technologies Ltd. 42