Check Point NG[s]AI
Chapter 1: Introduction to Check Point Next Generation with Application Intelligence
- Figure 1.1: NG AI Security Dashboard
- Figure 1.2: FloodGate-1 Policy
- Figure 1.3: Distributed Client/Server Architecture
- Figure 1.4: SecureUpdate Products Tab
- Figure 1.5: SmartDashboard
- Figure 1.6: Visual Policy Editor Showing Rule
- Figure 1.7: FireWall-1 Data Flow and Inspection Engine Detail
Chapter 2: Installing and Configuring VPN-1/FireWall-1 Next Generation with Application Intelligence
- Figure 2.1: Check Points User Center
- Figure 2.2: Enable IP Forwarding in WinNT 4.0
- Figure 2.3: Welcome Screen
- Figure 2.4: License Agreement
- Figure 2.5: Product Menu
- Figure 2.6: Server/Gateway Components
- Figure 2.7: Selected Products
- Figure 2.8: Progress Window
- Figure 2.9: VPN-1 & FireWall-1 Installation
- Figure 2.10: VPN-1 & FireWall-1 Product Specification
- Figure 2.11: Choose Destination Location
- Figure 2.12: Copying Files
- Figure 2.13: Setup Information
- Figure 2.14: Management Client Location
- Figure 2.15: Select Management Clients to Install
- Figure 2.16: Management Clients Copying Files
- Figure 2.17: Desktop Shortcuts
- Figure 2.18: Management Client Setup Finished
- Figure 2.19: Licenses
- Figure 2.20: Adding a License
- Figure 2.21: License Added Successfully
- Figure 2.22: Configuring Administrators
- Figure 2.23: Adding an Administrator
- Figure 2.24: Administrators
- Figure 2.25: Adding GUI Clients
- Figure 2.26: GUI Clients Added
- Figure 2.27: Key Hit Session
- Figure 2.28: Certificate Authority Initialization
- Figure 2.29: CA Initialized Successfully
- Figure 2.30: Management Server Fingerprint
- Figure 2.31: NG AI Configuration Complete
- Figure 2.32: Reboot Computer
- Figure 2.33: Check Point Configuration Tool
- Figure 2.34: Enforcement Module Configuration Tool
- Figure 2.35: Secure Internal Communication
- Figure 2.36: High Availability
- Figure 2.37: Add/Remove Check Point VPN-1/FireWall-1 4.1 Backward Compatibility
- Figure 2.38: Add/Remove Check Point VPN-1/FireWall-1 NG AI
- Figure 2.39: Check Point Warning
- Figure 2.40: Stopping Services
- Figure 2.41: Removing VPN-1/FireWall-1 Files
- Figure 2.42: VPN-1/FireWall-1 Uninstall Complete
- Figure 2.43: Add/Remove Check Point SVN Foundation NG AI
- Figure 2.44: SVN Foundation Maintenance Complete
- Figure 2.45: Add/Remove Management Clients NG
- Figure 2.46: Maintenance Finished
- Figure 2.47: UnixInstallScript
- Figure 2.48: Welcome to Check Point NG
- Figure 2.49: License Agreement
- Figure 2.50: Select Installation
- Figure 2.51: Select Products to Install
- Figure 2.52: Choose the Type of Installation
- Figure 2.53: Validation Screen
- Figure 2.54: Installation Progress
- Figure 2.55: SecureXL Acceleration
- Figure 2.56: Random Pool
- Figure 2.57: Configuring Certificate Authority
- Figure 2.58: Installation Complete
- Figure 2.59: Environment Variables
- Figure 2.60: cpconfig
- Figure 2.61: Secure Internal Communication Configuration
- Figure 2.62: High Availability Configuration
- Figure 2.63: Package Removal Choices
- Figure 2.64: Uninstall of VPN-1/FireWall-1
- Figure 2.65: Uninstall of VPN-1/FireWall-1 Continued
- Figure 2.66: Management Clients Package Removal
- Figure 2.67: Nokias Voyager GUI
- Figure 2.68: cpconfig on Nokia
- Figure 2.69: Managing Installed Packages
- Figure 2.70: Check Points SecurePlatform GUI
Chapter 3: Using the Graphical Interface
- Figure 3.1: SmartDashboard
- Figure 3.2: View Selection
- Figure 3.3: Topology Map
- Figure 3.4: Network Objects Manager
- Figure 3.5: Check Point Gateway Properties, General Properties Window
- Figure 3.6: Node Properties
- Figure 3.7: Network Properties: General Window
- Figure 3.8: Domain Properties
- Figure 3.9: OSE Device: General Window
- Figure 3.10: Cisco OSE Setup Window
- Figure 3.11: Interoperable Device General Properties
- Figure 3.12: Group Properties
- Figure 3.13: Logical Server Properties Window
- Figure 3.14: Address Range Properties Window
- Figure 3.15: Gateway ClusterGeneral Panel
- Figure 3.16: Dynamic Object Properties Window
- Figure 3.17: TCP Service Properties
- Figure 3.18: Advanced TCP Service Properties
- Figure 3.19: Advanced UDP Service Properties
- Figure 3.20: RPC Service Properties
- Figure 3.21: ICMP Service Properties
- Figure 3.22: User-Defined Service PropertiesGeneral Panel
- Figure 3.23: Group Properties
- Figure 3.24: DCE-RPC Properties
- Figure 3.25: RADIUS Server Properties
- Figure 3.26: TACACS Server Properties
- Figure 3.27: LDAP Account Unit Properties
- Figure 3.28: Time ObjectDays Panel
- Figure 3.29: Virtual Link PropertiesSLA Parameters
- Figure 3.30: New Rule
- Figure 3.31: Add Object
- Figure 3.32: Global Properties
- Figure 3.33: Implied Rules
- Figure 3.34: SmartUpdate GUI
- Figure 3.35: Adding a License
- Figure 3.36: License RepositoryView All Licenses
- Figure 3.37: Expired Licenses
- Figure 3.38: Check Point SmartView Tracker
- Figure 3.39: Column Options Window
- Figure 3.40: System Status GUI
Chapter 4: Creating a Security Policy
- Figure 4.1: Steps to Writing a Security Policy
- Figure 4.2: Boot Security
- Figure 4.3: Global Properties Implied Rules
- Figure 4.4: New Security Policy Dialog
- Figure 4.5: Workstation Properties with Check Point Products Installed
- Figure 4.6: Topology Window
- Figure 4.7: Topology Definition
- Figure 4.8: Connection Persistence Options
- Figure 4.9: The Cleanup Rule
- Figure 4.10: The Stealth Rule
- Figure 4.11: Rule Base from Security Policy
- Figure 4.12: Context Menu for Manipulating Rules
- Figure 4.13: Disabled Rule
- Figure 4.14: Hidden Rules
- Figure 4.15: Hidden Rules Options
- Figure 4.16: Policy with Section Titles
- Figure 4.17: Install Policy Progress Window
Chapter 5: Applying Network Address Translation
- Figure 5.1: Address Translation Tab
- Figure 5.2: Completed NAT Rule
- Figure 5.3: Rule to Allow Outbound Traffic
- Figure 5.4: Static Source Rule
- Figure 5.5: Web Server External Object
- Figure 5.6: Outbound Rule for Web Server
- Figure 5.7: Static Destination Rule
- Figure 5.8: Rules for Incoming Traffic to Web Server
- Figure 5.9: NAT Tab of Network Object
- Figure 5.10: NAT Rule Base with Generated Rules
- Figure 5.11: NAT Tab of Web Server
- Figure 5.12: Generated Address Translation Rules
- Figure 5.13: NAT Global Properties
Chapter 6: Authenticating Users
- Figure 6.1: Firewall Object Authentication Tab
- Figure 6.2: RADIUS Server Configuration
- Figure 6.3: TACACS Server Configuration
- Figure 6.4: User Template General Properties
- Figure 6.5: User Personal Properties
- Figure 6.6: User Location Tab
- Figure 6.7: User Time Tab
- Figure 6.8: User Encryption Tab
- Figure 6.9: Group Properties
- Figure 6.10: User Access
- Figure 6.11: User Authentication Rule
- Figure 6.12: User Authentication Action Properties
- Figure 6.13: Firewall Object Authentication Tab
- Figure 6.14: Client Authentication Rule
- Figure 6.15: Client Authentication Action Properties
- Figure 6.16: Session Authentication Rule
- Figure 6.17: Session Authentication Action Properties
- Figure 6.18: LDAP Account Unit Properties
- Figure 6.19: LDAP Server Properties
- Figure 6.20: LDAP Properties
Chapter 7: Open Security (OPSEC) and Content Filtering
- Figure 7.1: OPSEC Application PropertiesGeneral Tab
- Figure 7.2: OPSEC Application PropertiesCVP Options Tab
- Figure 7.3: FTP Resource PropertiesCVP Tab
- Figure 7.4: Service with Resource Window
- Figure 7.5: Security Policy Rule Using Resource
- Figure 7.6: CVP Group Properties
- Figure 7.7: UFP Server ObjectGeneral Tab
- Figure 7.8: UFP Server ObjectUFP Options Tab
- Figure 7.9: URI Resource PropertiesGeneral Tab
- Figure 7.10: UFP Options for URI Resources
- Figure 7.11: Security Policy Rule Using UFP Server in URI Resource
- Figure 7.12: AMON Application PropertiesGeneral Tab
- Figure 7.13: OPSEC Application PropertiesAMON Options Tab
- Figure 7.14: URI Resource PropertiesAction Tab
- Figure 7.15: URI Resource PropertiesGeneral Tab
- Figure 7.16: URI File Configuration
- Figure 7.17: URI Wildcard Resource General Tab
- Figure 7.18: URI Wildcards Match Specification
- Figure 7.19: URI Wildcards SOAP Specification
- Figure 7.20: SMTP Resource PropertiesGeneral Tab
- Figure 7.21: SMTP Resource PropertiesMatch Tab
- Figure 7.22: SMTP Resource Action Tab Showing Address Rewrite
- Figure 7.23: SMTP Resource PropertiesAction2 Tab
- Figure 7.24: SMTP Resource PropertiesCVP Tab
- Figure 7.25: FTP Resource PropertiesGeneral Tab
- Figure 7.26: FTP Resource PropertiesMatch Tab
- Figure 7.27: FTP Resource PropertiesCVP Tab
- Figure 7.28: TCP Resource PropertiesGeneral Tab
- Figure 7.29: TCP Resource PropertiesUFP Tab
- Figure 7.30: TCP Resource PropertiesCVP Tab
- Figure 7.31: CIFS Resource PropertiesGeneral Tab
Chapter 8: Managing Policies and Logs
- Figure 8.1: Global Properties
- Figure 8.2: Log and Alert Global Properties
- Figure 8.3: A Bad Example
- Figure 8.4: Logs and Optimum Rule Placement
- Figure 8.5: Rules That Perform Accounting
- Figure 8.6: SVN Foundation Details
- Figure 8.7: Viewing the Keep Attribute for Tables
- Figure 8.8: SmartUpdate Utility
- Figure 8.9: Introduction to dbedit
- Figure 8.10: The Policy Installation Process
- Figure 8.11: The Block Intruder Dialog Box
- Figure 8.12: Setting Firewall Logging Policy
- Figure 8.13: Process ID Mapping in SecurePlatform
Chapter 9: Tracking and Alerts
- Figure 9.1: Log and Alert Main Menu
- Figure 9.2: Alert Commands Sub-Menu
- Figure 9.3: Alert Context Menu
- Figure 9.4: Alerting in Use
- Figure 9.7: Active ConnectionsConnection ID
- Figure 9.8: Specify the Connection ID
- Figure 9.9: Clear Blocking Confirmation
Chapter 10: Configuring Virtual Private Networks
- Figure 10.1: VPN Configuration Method
- Figure 10.2: The IKE Properties Dialog Box
- Figure 10.3: VPN Domain Configuration
- Figure 10.4: Shared Secret Configuration
- Figure 10.5: IKE Encryption Rules
- Figure 10.6: IKE Properties Dialog Box
- Figure 10.7: Star VPN Community Properties
- Figure 10.8: VPN Properties
- Figure 10.9: Advanced VPN Properties
- Figure 10.10: VPN Match Conditions
- Figure 10.11: VPN Community Encryption Rules
- Figure 10.12: SmartView Tracker Entries Showing Encrypts, Decrypts, and Key Exchanges
- Figure 10.13: Address Translation Disabled Between VPN Domains with Manual Rules
- Figure 10.14: Remote Access Window from Policy Global Properties
- Figure 10.15: IKE Phase 2 Properties
- Figure 10.16: SecuRemote Client Encrypt Rule
- Figure 10.17: SecuRemote Client Encrypt Rule
- Figure 10.18: Client Encrypt Properties
- Figure 10.19: SecuRemote Desktop Security Prompt During Installation
- Figure 10.20: SecuRemote Adapter Configuration Screen During Installation
- Figure 10.21: Creating a New Site
- Figure 10.22: SecuRemote Authentication Window
- Figure 10.23: SecuRemote Connection Window
Chapter 11: Securing Remote Clients
- Figure 11.1: Check Point Policy Server Installation
- Figure 11.2: General Firewall Properties
- Figure 11.3: Authentication Firewall Properties
- Figure 11.4: Desktop Security Rulebase
- Figure 11.5: Remote Access Global Properties
- Figure 11.6: Remote Access VPN Basic Global Properties
- Figure 11.7: Remote Access VPN Basic Global Properties
- Figure 11.8: Remote Access Certificates Global Properties
- Figure 11.9: Remote Access SCV Global Properties
- Figure 11.10: Remote Access Early Versions Compatibility Global Properties
- Figure 11.11: Client Encrypt Rule
- Figure 11.12: User Encryption Action Properties
- Figure 11.13: Previous Version Screen
- Figure 11.14: SecureClient
- Figure 11.15: Network Adapters
- Figure 11.16: Packaging Tool Login
- Figure 11.17: List of Profiles
- Figure 11.18: General Properties
- Figure 11.19: Client Mode Configuration
- Figure 11.20: SecureClient Configuration
- Figure 11.21: Additional Information
- Figure 11.22: Topology Information
- Figure 11.23: Certificate Information
- Figure 11.24: Silent Installation
- Figure 11.25: Installation Options
- Figure 11.26: Operating System Logon
- Figure 11.27: Finish
Chapter 12: Advanced VPN Configurations
- Figure 12.1: Highly Available Cluster using Legacy Mode
- Figure 12.2: Other HA and Load Sharing Cluster Configurations
- Figure 12.3: Add Synchronization Network
- Figure 12.4: Gateway Cluster: General Window
- Figure 12.5: Gateway Cluster: Topology Window
- Figure 12.6: Gateway Cluster: Cluster Members
- Figure 12.7: Gateway Cluster: ClusterXL Window
- Figure 12.8: Gateway Cluster: Synchronization
- Figure 12.9: Simple MEP Illustration
- Figure 12.10: Enabling MEP
- Figure 12.11: VPN Domain Types
- Figure 12.12: Enabling IP Pool NAT
- Figure 12.13: Configuring a Backup Gateway
- Figure 12.14: Configuring IP Pool NAT
- Figure 12.15: Selecting the VPN Domain
- Figure 12.16: Fully Overlapping VPN Domain
- Figure 12.17: Overlapping VPN Domain Group
- Figure 12.18: Overlapping VPN Domain
- Figure 12.19: Using IP Pools
Chapter 13: SmartDefense
- Figure 13.1: The SmartDefense Tab
- Figure 13.2: The Anti-Spoofing Configuration Status Window
- Figure 13.3: Topology Configuration
- Figure 13.4: IP Fragments
- Figure 13.5: Network Quota
- Figure 13.6: SYN Attack Configuration
- Figure 13.7: SYN Attack Configuration
- Figure 13.8: Dynamic Ports
- Figure 13.9: General HTTP Worm Catcher
- Figure 13.10: HTTP Protocol Inspection
- Figure 13.11: HTTP Format Sizes
- Figure 13.12: Cross-Site Scripting
- Figure 13.13: Peer-to-Peer Blocking
- Figure 13.14: File and Print Sharing
- Figure 13.15: SmartDefense Update