Professional Documents
Culture Documents
CCSE Class Slides
CCSE Class Slides
2013 Edition
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved.
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties
Preface
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 2
Training Blades and Certification
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 3
Certification Renewal Examples
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 4
Check Point Certified Security Expert
1. Advanced Upgrading
2. Advanced Firewall
3. Clustering and Acceleration
4. Advanced User Management
5. Advanced IPsec VPN and Remote Access
6. Auditing and Reporting
3/4
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 6
Lab Topology
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 7
Check Point 3D Security
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 8
Check Point 3D Security
Security is a process
– A network is never 100% secure
– IT security policy must be transparent
– Challenges to IT involve security, deployment, management,
and compliance
– Security products are tools to avoid risk
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 9
Check Point 3D Security
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 10
Deployment Scenario
Alpha Corp
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 11
Upgrading
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 12
Upgrading
Learning Objectives
10
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 13
Upgrading
Backup Schedule
11
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 14
Upgrading
11
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 15
Upgrading
Upgrade Tools
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 16
Upgrading
12
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 17
Upgrading
Upgrade Tools
migrate.conf
migrate
pre_upgrade_verifier.exe
upgrade export
cp_merge
12
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 18
Upgrading
Performing Upgrades
13
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 19
Upgrading
Upgrade by:
– SmartUpdate
– Local Upgrade
14
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 20
Upgrading
Upgrade by:
– Upgrading Production Security Management Server
– Migrate and Upgrade to a New Security Management
Server
14
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 21
Upgrading
Upgrade by:
– Upgrade one machine and synchronize second
(minimal downtime)
– Upgrade with clean installation on one machine and
synchronize second (system downtime)
16
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 22
Upgrading
16
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 23
Upgrading
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 24
Upgrading
Lab Practice
18
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 25
Upgrading
Review Questions
18
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 26
Upgrading
Review Questions
18
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 27
Upgrading
Review Questions
18
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 28
Upgrading
Review Questions
18
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 29
Upgrading
Review Questions
18
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 30
Upgrading
Review Questions
18
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 31
Advanced Firewall
20
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 32
Advanced Firewall
Learning Objectives
20
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 33
Advanced Firewall
FireWall-1 Infrastructure
21
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 34
Advanced Firewall
GUI Clients
SmartConsole Applications:
– SmartView Tracker
– SmartEvent
– SmartReporter
– SmartDashboard
Admin Tools:
– Configure
– Manage & Monitor
– Perform Maintenance
– Generate Reports
– Enforce Policy 21
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 35
Advanced Firewall
Management
21
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 36
Advanced Firewall
Security Gateway
22
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 37
Advanced Firewall
23
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 38
Advanced Firewall
24
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 39
Advanced Firewall
FWM
24
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 40
Advanced Firewall
FWD
FWD
– Forwards logs
– Related to policy installation
– Command line tool communication
25
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 41
Advanced Firewall
FWSSD
FWSSD
– Child process of FWD
– Maintains Security Servers
– Activated features
25
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 42
Advanced Firewall
CPWD
CPWD (WatchDog)
– Invokes and monitors critical processes
– Check Point daemons
– Restart attempts
– Processes monitored:
– cpd, fwd, fwm
– cpwd_admin utility used to show process
status, and to configure cpwd
25
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 43
Advanced Firewall
26
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 44
Advanced Firewall
27
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 45
Advanced Firewall
28
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 46
Advanced Firewall
Columns in a Chain
29
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 47
Advanced Firewall
Stateful Inspection
30
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 48
Advanced Firewall
Stateful Inspection
1. Packets pass
through the NIC to
the inspection
module. The
Inspection Module
inspects the
packets and their
data.
31
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 49
Advanced Firewall
Stateful Inspection
2. Packets are
matched to the
policy rule, one
rule at a time.
Packets that do
not match any
rule are
dropped.
31
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 50
Advanced Firewall
Stateful Inspection
31
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 51
Advanced Firewall
Stateful Inspection
31
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 52
Advanced Firewall
Stateful Inspection
31
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 53
Advanced Firewall
Stateful Inspection
31
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 54
Advanced Firewall
Kernel Tables
32
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 55
Advanced Firewall
Kernel Tables
32
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 56
Advanced Firewall
Connections Tables
33
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 57
Advanced Firewall
Connections Tables
Enhanced performance
Allow server replies
Stateful Featues
– Streaming apps
– Sequence verification and translation
– Hide NAT
– Logging, accounting, monitoring
– Client and server id
– Data connections 33
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 58
Advanced Firewall
34
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 59
Advanced Firewall
35
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 60
Advanced Firewall
35
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 61
Advanced Firewall
36
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 62
Advanced Firewall
Installation
Verification
Conversion
Code generation
CPTA
Commit
38
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 63
Advanced Firewall
39
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 64
Advanced Firewall
41
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 65
Advanced Firewall
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 66
Advanced Firewall
42
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 67
Advanced Firewall
Security Servers
43
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 68
Advanced Firewall
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 69
Advanced Firewall
43
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 70
Advanced Firewall
44
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 71
Advanced Firewall
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 72
Advanced Firewall
44
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 73
Advanced Firewall
Common Commands
cpconfig
cplic print
cpstart
cpstop
45
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 74
Advanced Firewall
What is FW Monitor?
46
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 75
Advanced Firewall
What is FW Monitor?
46
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 76
Advanced Firewall
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 77
Advanced Firewall
5247
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 78
Advanced Firewall
fw monitor
48
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 79
Advanced Firewall
Lab Practice
49
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 80
Advanced Firewall
Review Questions
54
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 81
Advanced Firewall
Review Questions
49
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 82
Advanced Firewall
Review Questions
49
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 83
Advanced Firewall
Review Questions
49
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 84
Clustering and Acceleration
51
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 85
Clustering and Acceleration
Learning Objectives
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 86
Clustering and Acceleration
VRRP
53
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 87
Clustering and Acceleration
VRRP vs ClusterXL
53
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 88
Clustering and Acceleration
VRRP vs ClusterXL
Advantages of VRRP
– Minimum failover time
– Supports 255 virtual routers
– Minimum service disruptions during failover
– Election of multiple virtual routers for load balancing
– Addresses failover at router level
– Avoids configuration changes in end nodes if router fails
– No need for router discovery protocol for failover operation
– Multi access LAN technology support
53
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 89
Clustering and Acceleration
54
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 90
Clustering and Acceleration
55
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 91
Clustering and Acceleration
56
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 92
Clustering and Acceleration
VRRP Configurations
Advanced VRRP
– Necessary to monitor each interface individually
– Can change the VMAC (Virtual MAC Address assignment
mode
56
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 93
Clustering and Acceleration
57
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 94
Clustering and Acceleration
Troubleshooting VRRP
57
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 95
Clustering and Acceleration
Firewall Policies
58
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 96
Clustering and Acceleration
60
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 97
Clustering and Acceleration
Clustering Terms
Active Up
Critical Device
Failure
Failover
High Availability (HA)
Hot Standby
Cluster Control Protocol
61
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 98
Clustering and Acceleration
ClusterXL
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 99
Clustering and Acceleration
ClusterXL
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 100
Clustering and Acceleration
Cluster Synchronization
63
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 101
Clustering and Acceleration
Cluster Synchronization
60
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 102
Clustering and Acceleration
Synchronized-Cluster Restrictions
64
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 103
Clustering and Acceleration
64
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 104
Clustering and Acceleration
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 105
Clustering and Acceleration
66
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 106
Clustering and Acceleration
66
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 107
Clustering and Acceleration
66
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 108
Clustering and Acceleration
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 109
Clustering and Acceleration
Sticky Connections
68
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 110
Clustering and Acceleration
68
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 111
Clustering and Acceleration
70
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 112
Clustering and Acceleration
70
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 113
Clustering and Acceleration
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 114
Clustering and Acceleration
68
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 115
Clustering and Acceleration
Management HA
72
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 116
Clustering and Acceleration
Management HA
72
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 117
Clustering and Acceleration
72
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 118
Clustering and Acceleration
73
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 119
Clustering and Acceleration
73
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 120
Clustering and Acceleration
Synchronization Modes
73
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 121
Clustering and Acceleration
Synchronization Status
74
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 122
Clustering and Acceleration
75
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 123
Clustering and Acceleration
75
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 124
Clustering and Acceleration
Packet Acceleration
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 125
Clustering and Acceleration
New connection setup packets that match, avoid a round trip to the
firewall application.
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 126
Clustering and Acceleration
76
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 127
Clustering and Acceleration
Between the Web Client and a Web Server, TCP connections are
initiated by the Web Client sending an HTTP request
77
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 128
Clustering and Acceleration
77
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 129
Clustering and Acceleration
77
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 130
Clustering and Acceleration
77
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 131
Clustering and Acceleration
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 132
Clustering and Acceleration
HTTP 1.1
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 133
Clustering and Acceleration
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 134
Clustering and Acceleration
Time objects
Dynamic objects
Domain objects
Source port ranges
IPS features no supported in Acceleration
NAT
Encrypted Connections
79
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 135
Clustering and Acceleration
Packet Flow
80
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 136
Clustering and Acceleration
VPN Capabilities
81
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 137
Clustering and Acceleration
82
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 138
Clustering and Acceleration
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 139
Clustering and Acceleration
Default Configuration
83
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 140
Clustering and Acceleration
83
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 141
Clustering and Acceleration
83
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 142
Clustering and Acceleration
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 143
Clustering and Acceleration
84
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 144
Clustering and Acceleration
84
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 145
Clustering and Acceleration
85
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 146
Clustering and Acceleration
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 147
Clustering and Acceleration
85
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 148
Clustering and Acceleration
85
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 149
Clustering and Acceleration
Acceleration path
– Packet handled by
Secure XL
Medium path
– Packet handled by
Secure XL, except for
IPS processing
Firewall path
– SecureXL unable to
process packet
86
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 150
Clustering and Acceleration
Lab Practice
87
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 151
Clustering and Acceleration
Review Questions
87
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 152
Clustering and Acceleration
Review Questions
87
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 153
Clustering and Acceleration
Review Questions
87
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 154
Clustering and Acceleration
Review Questions
87
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 155
Clustering and Acceleration
Review Questions
87
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 156
Clustering and Acceleration
Review Questions
87
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 157
Clustering and Acceleration
Review Questions
87
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 158
Clustering and Acceleration
Review Questions
87
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 159
Advanced User Management
89
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 160
Advanced User Management
Learning Objectives
90
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 161
Advanced User Management
91
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 162
Advanced User Management
Set of rules that govern the types of objects in the directory, and their
associations is called the schema
91
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 163
Advanced User Management
91
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 164
Advanced User Management
Each are distinct containers at their own level and are part of the
enterprise container: atlantiscorp.cp.local
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 165
Advanced User Management
92
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 166
Advanced User Management
LDAP advantages:
– SMS performance enhanced
– LDAP database available for other applications
93
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 167
Advanced User Management
93
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 168
Advanced User Management
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 169
Advanced User Management
94
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 170
Advanced User Management
94
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 171
Advanced User Management
95
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 172
Advanced User Management
95
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 173
Advanced User Management
Schemas
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 174
Advanced User Management
96
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 175
Advanced User Management
96
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 176
Advanced User Management
97
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 177
Advanced User Management
97
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 178
Advanced User Management
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 179
Advanced User Management
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 180
Advanced User Management
98
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 181
Advanced User Management
98
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 182
Advanced User Management
99
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 183
Advanced User Management
99
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 184
Advanced User Management
ldapsearch
For example: ldapsearch -D cn=administrator,
cn=users,dc=boaz,dc=com -w zubur1! -b
cn=users,dc=boaz,dc=com -h 20.20.20.100
'(&(objectclass=user)(sAMAccountName=zaza) )'
mobile otherMobile.
Ldapmodify
For example: ldapmodify -c -h <host> -D <Admin FQDN> -w
<password> -f <schema ldif file>
99
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 185
Advanced User Management
100
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 186
Advanced User Management
100
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 188
Advanced User Management
Identity Awareness
101
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 189
Advanced User Management
Identity Awareness
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 190
Advanced User Management
Identity Awareness
102
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 191
Advanced User Management
Enabling AD Query
102
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 192
Advanced User Management
AD Query Setup
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 193
Advanced User Management
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 194
Advanced User Management
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 195
Advanced User Management
105
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 196
Advanced User Management
105
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 197
Advanced User Management
104105
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 198
Advanced User Management
Lab Practice
107
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 200
Advanced User Management
Review Questions
107
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 201
Advanced User Management
Review Questions
107
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 202
Advanced User Management
Review Questions
107
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 203
Advanced User Management
Review Questions
107
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 204
Advanced User Management
Review Questions
107
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 205
Advanced User Management
Review Questions
107
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 206
Advanced User Management
Review Questions
107
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 207
Advanced User Management
Review Questions
107
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 208
Advanced IPsec VPN and Remote Access
109
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 209
Advanced IPSec VPN and Remote Access
Learning Objectives
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 210
Advanced IPSec VPN and Remote Access
IPsec
111
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 211
Advanced IPSec VPN and Remote Access
112
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 212
Advanced IPSec VPN and Remote Access
111
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 213
Advanced IPSec VPN and Remote Access
111
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 214
Advanced IPSec VPN and Remote Access
– 172.24.104.1
– Encryption algorithm:
AES-CBC
– Key length: 256 bit
– Hash algorithm: SHA1
– Authentication
method: pre-shared
key
111
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 215
Advanced IPSec VPN and Remote Access
1. Packet 2 is from the responder to agree on one encryption and hash algorithm:
113
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 216
Advanced IPSec VPN and Remote Access
2. Packets 3 and 4 perform key exchanges and include a large number never used
before, called a nonce:
112
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 217
Advanced IPSec VPN and Remote Access
3. Packets 5 and 6 perform authentication between the peers of the tunnel. The
peer’s IP address shows in the ID field under MM packet 5:
113
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 218
Advanced IPSec VPN and Remote Access
4. Packet 6 shows the peer has agreed to the proposal and has authenticated the
initiator:
113
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 219
Advanced IPSec VPN and Remote Access
In Phase 2
– Security Associations are negotiated
– Shared-secret key material is determined
– Additional DH exchange occurs
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 220
Advanced IPSec VPN and Remote Access
Phase 2 Stages
– Peers exchange more key material and agree on encryption and
integrity methods for IPSec
– DHC key is combined with the key material to produce the
symmetrical IPSec key
– Symmetric IPSec keys are generated
115
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 221
Advanced IPSec VPN and Remote Access
1. Packet 1 proposes either a subnet or host ID, an encryption and hash algorithm,
and ID data:
115
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 222
Advanced IPSec VPN and Remote Access
In the ID field, the initiator’s VPN Domain configuration displays. In the following figure,
the VPN Domain for the initiator is the 10.2.4.0/24 network:
116
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 223
Advanced IPSec VPN and Remote Access
2. ID field_2 proposes the peer’s VPN Domain configuration. In the figure below, the
VPN Domain for the peer Gateway is the 10.2.2.0/24 network:
116
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 224
Advanced IPSec VPN and Remote Access
3. Packet 2 from the responder agrees to its own subnet or host ID, and encryption
and hash algorithm:
117
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 225
Advanced IPSec VPN and Remote Access
117
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 226
Advanced IPSec VPN and Remote Access
118
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 227
Advanced IPSec VPN and Remote Access
Connection Initiation
In order for VPN tunnel between the site and remote user, an
IKE negotiation must take place between them
Peer identities are authenticated (Phase 1):
– Digital Certificates
– Pre-Shared Secrets
– Hybrid Mode
– One-Time Password
– Security Gateway Password
– OS Password
– RADIUS
– TACACS
118
– SAS
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 228
Advanced IPSec VPN and Remote Access
Connection Initiation
118
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 229
Advanced IPSec VPN and Remote Access
Connection Initiation
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 230
Advanced IPSec VPN and Remote Access
Link Selection
119
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 231
Advanced IPSec VPN and Remote Access
Link Selection
119
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 232
Advanced IPSec VPN and Remote Access
121
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 233
Advanced IPSec VPN and Remote Access
121
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 234
Advanced IPSec VPN and Remote Access
Explicit MEP
121
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 235
Advanced IPSec VPN and Remote Access
Implicit MEP
For remote access MEP VPNs, clients must use Office mode
122
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 236
Advanced IPSec VPN and Remote Access
Tunnel Management
123
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 237
Advanced IPSec VPN and Remote Access
Permanent Tunnels
123
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 238
Advanced IPSec VPN and Remote Access
Tunnel Testing
124
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 239
Advanced IPSec VPN and Remote Access
Tunnel Testing
124
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 240
Advanced IPSec VPN and Remote Access
124
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 241
Advanced IPSec VPN and Remote Access
125
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 242
Advanced IPSec VPN and Remote Access
126
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 243
Advanced IPSec VPN and Remote Access
Tracking Options
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 244
Advanced IPSec VPN and Remote Access
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 245
Advanced IPSec VPN and Remote Access
127
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 246
Advanced IPSec VPN and Remote Access
Troubleshooting
128
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 247
Advanced IPSec VPN and Remote Access
Troubleshooting
127
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 248
Advanced IPSec VPN and Remote Access
Troubleshooting
128
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 249
Advanced IPSec VPN and Remote Access
VPN Debug
129
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 250
Advanced IPSec VPN and Remote Access
VPN Debug
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 251
Advanced IPSec VPN and Remote Access
VPN Debug
130
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 252
Advanced IPSec VPN and Remote Access
VPN Debug
130
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 253
Advanced IPSec VPN and Remote Access
VPN Debug
130
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 254
Advanced IPSec VPN and Remote Access
131
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 255
Advanced IPSec VPN and Remote Access
131
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 256
Advanced IPSec VPN and Remote Access
VPN Debug
vpn tu
– The command vpn tu is short for vpn tunnelutil, and is
useful for deleting IPSec or IKE SAs to a specific peer or user
without interrupting other VPN activities.
Example
– You have several site-to-site VPN tunnels among Gateways.
– You want to remove the IKE SAs for a particular peer, without
interrupting the other VPNs. How do you do that?
– Run vpn tu from the Gateway Command Line Interface, and select
delete all IPSec and IKE SAs for a given Peer (GW) option.
132
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 257
Advanced IPSec VPN and Remote Access
VPN Debug
Comparing SAs
1. Enable VPN debugging on both your site and your partner’s site with vpn
debug on trunc.
2. Use vpn tunnelutil (vpn tu) to remove all SAs for either the peer
with which you are about to create the tunnel, or all tunnels.
3. Have your peer initiate the tunnel from its site to yours.
4. Use vpn tunnelutil (vpn tu) to remove all SAs for either the peer
with which you are about to create the tunnel, or all tunnels.
5. Initiate the tunnel from your site to your peer.
6. Disable debugging on both sites.
7. Examine ike.elg and vpnd.elg, as they will now contain records of
the SA sent by your gateway, as well as what was received from your
partner site.
132
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 258
Advanced IPSec VPN and Remote Access
Quick mode packet 1 fails with error “No Proposal Chosen” from
the peer.
– Cause: Peer does not agree to the proposal field, such as encryption
strength or hash
– A Security Gateway agrees loosely to the proposal, when host or network
based.
– Third part vendors may only agree to proposals with strict adherence to
defined parameters
133
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 259
Advanced IPSec VPN and Remote Access
133
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 260
Advanced IPSec VPN and Remote Access
– This will prevent Check Point from supernetting networks in the VPN
domain. The subnets defined in the network object should be used.
133
– Cont…
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 261
Advanced IPSec VPN and Remote Access
– Check for multiple network objects in the VPN domain that overlap.
For example, 10.1.1.1/24 and 10.0.0.0/8 are both in the VPN
domain. It is possible that a packet sourced from 10.1.x.x will use
255.0.0.0 for the subnet in phase 2 instead of 255.255.255.0.
Example - 1
– Assume you have a site-to-site VPN between two Check Point
Security Gateways.
– They are managed by their own Management Servers.
– You see a lot of IKE Phase 1 failures in SmartView Tracker.
– You run IKE debug on one Gateway and discover only one packet
in Main mode is transferred.
– There is no packet in Main mode after packet 1.
– What might have caused this problem?
134
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 263
Advanced IPSec VPN and Remote Access
Example - 1
– What might have caused this problem?
134
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 264
Advanced IPSec VPN and Remote Access
Example - 2
– You are configuring a site-to-site VPN from a Check Point Security
Gateway to a Cisco device.
– You see that traffic initiated from the VPN Domain inside the Security
Gateway is dropped with the error, “Packet is dropped as there is no
– valid SA”.
– The Cisco side is sending “Delete SA” to the Security Gateway.
– The IKE debug indicates a Phase 2 (Quick mode) failure.
– What is causing the misconfiguration?
134
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 265
Advanced IPSec VPN and Remote Access
Example - 2
– What is causing the misconfiguration?
134
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 266
Advanced IPSec VPN and Remote Access
Lab Practice
135
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 267
Advanced IPSec VPN and Remote Access
Review Questions
135
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 268
Advanced IPSec VPN and Remote Access
Review Questions
135
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 269
Advanced IPSec VPN and Remote Access
Review Questions
135
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 270
Advanced IPSec VPN and Remote Access
Review Questions
135
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 271
Advanced IPSec VPN and Remote Access
Review Questions
135
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 272
Advanced IPSec VPN and Remote Access
Review Questions
135
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 273
Advanced IPSec VPN and Remote Access
Review Questions
135
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 274
Advanced IPSec VPN and Remote Access
Review Questions
135
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 275
Auditing and Reporting
137
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 276
Auditing and Reporting
Learning Objectives
Corporate governance
– Efficient auditing and reporting
– Compliance regulatory practices
139
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 278
Auditing and Reporting
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 279
Auditing and Reporting
140
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 280
Auditing and Reporting
SmartEvent
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 281
Auditing and Reporting
SmartEvent
141
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 282
Auditing and Reporting
SmartEvent
142
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 283
Auditing and Reporting
SmartEvent Intro
142
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 284
Auditing and Reporting
SmartEvent Architecture
143
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 285
Auditing and Reporting
Example Deployment
143
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 286
Auditing and Reporting
144
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 287
Auditing and Reporting
Analyzer Server
144
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 288
Auditing and Reporting
145
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 289
Auditing and Reporting
145
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 290
Auditing and Reporting
146
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 291
Auditing and Reporting
147
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 292
Auditing and Reporting
147
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 293
Auditing and Reporting
148
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 294
Auditing and Reporting
149
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 295
Auditing and Reporting
150
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 296
Auditing and Reporting
151
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 297
Auditing and Reporting
152
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 298
Auditing and Reporting
153
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 299
Auditing and Reporting
SmartReporter
SmartReporter provides:
– High-level view, trends, reports
– Understanding of the details of each event
– Integration with other tools to modify the security policies
– Manage events by state and owner
154
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 300
Auditing and Reporting
SmartReporter
154
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 301
Auditing and Reporting
Consolidation Policy
Consolidation Policy:
– Similar to a Security Policy in structure and management
– Uses Rule Bases defined via SmartDashboard
– Uses the network objects
– Consolidation rules – store or ignore logs that match rules
– Based on logs, not security issues
155
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 302
Auditing and Reporting
SmartReporter
155
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 303
Auditing and Reporting
Consolidation Policy
155
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 304
Auditing and Reporting
Report Types
156
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 305
User Management and Authentication
Lab Practice
157
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 306
User Management and Authentication
Review Questions
157
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 307
User Management and Authentication
Review Questions
157
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 308
User Management and Authentication
Review Questions
157
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 309
User Management and Authentication
Review Questions
157
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 310
User Management and Authentication
Review Questions
157
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 311
User Management and Authentication
Review Questions
157
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties | 312
Security Engineering
2013 Edition
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved.
©2013 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties