CheckPoint NG VPN 1/Firewall 1 - 1st Edition - ISBN: 9781931836975, 9780080476469

CheckPoint NG VPN 1/Firewall 1

1st Edition

Advanced Configuration and Troubleshooting

Authors: Syngress
eBook ISBN: 9780080476469
Imprint: Syngress
Published Date: 11th May 2003
Page Count: 606
Tax/VAT will be calculated at check-out
15% off
15% off
15% off
15% off
61.95
52.66
47.95
40.76
37.99
32.29
61.95
52.66
Unavailable
File Compatibility per Device

PDF, EPUB, VSB (Vital Source):
PC, Apple Mac, iPhone, iPad, Android mobile devices.

Mobi:
Amazon Kindle eReader.

Institutional Access


Description

Check Point Software Technologies is the worldwide leader in securing the Internet. The company's Secure Virtual Network (SVN) architecture provides the infrastructure that enables secure and reliable Internet communications. Check Point recently announced a ground-breaking user interface that meets the industry's next generation Internet security requirements, including simplified security management for increasingly complex environments. Built upon Check Point's Secure Virtual Network (SVN) architecture, the Next Generation User Interface revolutionizes the way security administrators define and manage enterprise security by further integrating management functions into a security dashboard and creating a visual picture of security operations. The Next Generation User Interface delivers unparalleled ease-of-use, improved security and true end-to-end security management. Check Point's revenues have more than doubled in each of the last two years, while capturing over 50% of the VPN market and over 40% of the firewall market according to IDC Research. The explosive growth of the company is further evidenced by over 29,000 IT professionals becoming Check Point Certified so far. This book will be the complimentary to Syngress' best-selling Check Point Next Generation Security Administration, which was a foundation-level guide to installing and configuring Check Point NG. This book will assume that readers have already mastered the basic functions of the product and they now want to master the more advanced security and VPN features of the product. Written by a team of Check Point Certified Instructors (the most prestigious Check Point certification) this book will provide readers with a complete reference book to Check Point NG and advanced case studies that illustrate the most difficult to implement configurations. Although not a Study Guide, this book will cover all of the objectives on Check Point's CCSE Exam.

Key Features

· The reader will learn to design and configure a Virtual Private Network (VPN). · The reader will learn to configure Check Point NG for High Availability (HA), which is the ability of a system to perform its function continuously (without interruption) for a significantly longer period of time than the reliabilities of its individual components would suggest. · The reader will learn to use SeucureUpdate, which allows them to perform simultaneous, secure, enterprise-wide software updates.

Table of Contents


Foreword

Chapter 1 FW-1 NG Operational Changes

Introduction

Static NAT Changes from 4.x to NG

Server-Side NAT

Client-Side NAT

Bidirectional NAT

Automatic ARP

When ARP Is Automatic

When ARP Is Manual

Upgrading 4.x to NG

The 4.x Upgrade Process

When to Rebuild

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 2 Smart Clients

Introduction

SmartDashboard

What’s New in NG SmartDashboard

A GUI Overview of New FP3 Features

SmartView Status

What’s New in SmartView Status

Highlights of SmartView Status

SmartView Tracker

What’s New in SmartView Tracker

Highlights From the SmartView Tracker

SmartView Monitor

Installation

The Interface

Traffic Monitoring

Generating Reports

User Monitor

The Interface

Managing Queries

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 3 Advanced Authentication

Introduction

Active Directory

Setting Up Active Directory for FireWall-1 Authentication

Setting Up the Firewall for AD Authentication

Suggested Uses of MS-AD Authentication

Standard LDAP

Setting Up the LDAP for FireWall-1 Authentication

Setting Up the Firewall for LDAP Authentication

Suggested Uses of LDAP Authentication

RADIUS

Setting Up the Firewall for RADIUS Authentication

Setting Up RADIUS for FireWall-1 Authentication

Suggested Uses of RADIUS Authentication

TACACS+

Setting Up the Firewall for TACACS+ Authentication

Setting Up TACACS+ for FireWall-1 Authentication

Suggested Uses of TACACS+ Authentication

General User Management

Self-Service User Management with ADSI

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 4 Advanced VPN Concepts

Introduction

What Are SEP and MEP

Sample Scenario

Exploring SEP

Exploring MEP

SEP Configuration Examples

Scenario One

Scenario Two

MEP Configuration Examples

Scenario One

Setup of New York Firewall

Setup of San Diego Firewall

Combinations of MEP and SEP

VPN Modes

Transparent Mode

Connect Mode

Routing Between VPN Connections

Dynamic IP Address VPN Connections

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 5 Advanced VPN Client Installations

Introduction

The Difference Between SecuRemote and SecureClient

Using DNSInfo Files

Encrypting Internal Traffic

Using SR/SC from Behind a CP-FW-1 System

Using SecureClient

Creating Rules for Internal Connections to Remote Clients

Examples of Common Deployments

L2TP Tunnels Terminating on a Check Point FP3 Box

Office Mode SecureClient

FP3 Clientless VPNs

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 6 High Availability and Clustering

Introduction

Designing Your Cluster

Why Do You Need a Cluster

High Availability or Load Sharing

Clustering and Check Point

Connecting the Cluster to Your Network: Hubs or Switches

FireWall-1 Features, Single Gateways vs. Clusters: The Same, But Different

Installing FireWall-1 NG FP3

Checking the Installation Prerequisites

Installation Options

Installation Procedure

Check Point ClusterXL

Configuring ClusterXL in HA New Mode

Testing ClusterXL in HA New Mode

Test 1: Pinging the Virtual IP Address of Each Interface

Test 2: Using SmartView Status to Examine the Status of the Cluster Members

Test 3: FTP Session Through the Cluster When an Interface Fails

Command-Line Diagnostics on ClusterXL

How Does ClusterXL HA New Mode Work

ClusterXL HA New Mode Failover

ClusterXL Failover Conditions

Special Considerations for ClusterXL in HA New Mode

Network Address Translation

Configuring ClusterXL in HA Legacy Mode

Configuring ClusterXL in Load-Sharing Mode

Prerequisites for Configuring ClusterXL in Load-Sharing Mode

Configuration of ClusterXL in Load-Sharing Mode

Testing ClusterXL in Load-Sharing Mode

Test 1: Pinging the Virtual IP Address for Each Interface

Test 2: Using SmartView Status to Examine the Status of the Cluster Members

Test 3: FTPing Through ClusterXL Load Sharing During Failover

Command-Line Diagnostics for ClusterXL

How ClusterXL Works in Load-Sharing Mode

Special Considerations for ClusterXL in Load-Sharing Mode

Network Address Translation

User Authentication and One-Time Passcodes

Nokia IPSO Clustering

Nokia Configuration

Check Point FireWall-1

Configuration for a Nokia Cluster

Nokia Cluster Configuration on Voyager

Testing the Nokia Cluster

How Nokia Clustering Works

Special Considerations for Nokia Clusters

Nokia IPSO VRRP Clusters

Nokia Configuration

Nokia VRRP Configuration on Voyager

Testing the Nokia VRRP Cluster

How VRRP Works

Special Considerations for Nokia VRRP Clusters

Third-Party Clustering Solutions

Clustering and HA Performance Tuning

Data Throughput or Large Number of Connections

Improving for Large Number of Connections

Final Tweaks to Get the Last Drop of Performance

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 7 SecurePlatform

Introduction

The Basics

Installation

Configuration

CPShell

Applying OS and Application Updates

Adding Hardware to SecurePlatform

Adding NICs

Adding a Second Processor

Adding Hard Drives

FireWall-1 Performance Counters

Firewall Commands

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 8 SmartCenter Management Server, High Availability and Failover, and SMART Clients

Introduction

SmartCenter Server:The Roles of a Management Server

Internal Certificate Authority

Management Server Backup Options

Protecting the Configuration

Enforcement Point Functions

Installing a Secondary Management Server

SMART Clients

SMART Client Functions

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 9 Integration and Configuration of CVP / UFP

Introduction

Using CVP for Virus Scanning E-Mail

Configuring CVP

URL Filtering for HTTP Content Screening

Setting Up URL Filtering with UFP

Using Screening without CVP

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 10 SecureClient Packaging Tool

Introduction

Installing the SecureClient Packaging Tool

Starting the SecureClient Packaging Tool

Creating a Profile

The Welcome Window

The General Window

The Connect Mode Window

The SecureClient Window

The Additional Options Window

The Topology Window

The Certificates Window

The Silent Installation Window

The Installation Options Window

The Operating System Logon Window

The Finish Window

Managing SecureClient Profiles

Creating a New Profile From an Existing Profile

Deleting a Profile

Editing a Profile

Creating SecureClient Installation Packages

The Welcome Window

The Package Generation Window

Deploying SecuRemote Packages

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 11 SmartDefense

Introduction

Understanding and Configuring SmartDefense

General

Anti-Spoofing Configuration Status

Denial of Service

IP and ICMP

TCP

DNS

FTP

HTTP

SMTP Security Server

Successive Events

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 12 SmartUpdate

Introduction

Licensing Your Products

Management Server

Enforcement Points

Other License Types

Updating Your Products

Adding a New Product

Installing a Product

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 13 Performance Pack

Introduction

How Performance Pack works

Working on Interfaces While Using Performance Pack

Installing Performance Pack

Hardware Requirements

Performance Considerations

Installing Performance Pack on Solaris 8

Installing Performance Pack on SecurePlatform

Command-Line Options for Performance Pack

Stopping and Starting SecureXL

Checking the Status of SecureXL

Configuring SecureXL

Troubleshooting Performance Pack

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 14 UserAuthority

Introduction

Defining UserAuthority

WAM in Detail

Supported Platforms

Installing UserAuthority

Installing the UserAuthority Server

Installing UserAuthority SecureAgent

Installing the UserAuthority WebAccess Plug-In

Implementing UserAuthority Chaining

Utilizing UserAuthority Logging

FireWall-1 SSO Policy Rules

WAM Web Access Logging

UAS Event Logging

Understanding Credentials Management and Domain Equality

Domain Equality

Deploying UserAuthority

Authenticated Internet Access

Authenticated Web Server

SSO Internet Access and Web Server

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 15 Firewall Troubleshooting

Introduction

SmartView Tracker

Filtering Traffic

Active and Audit Logs

SmartView Monitor

Monitoring Check Point System Counters

Monitoring Traffic

Monitoring a Virtual Link

Running History Reports

Using fw monitor

How It Works

Reviewing the Output

Other Tools

Check Point Tools

Operating System and Third-Party Tools

Summary

Solutions Fast Track

Frequently Asked Questions

Index


Details

No. of pages:
606
Language:
English
Copyright:
© Syngress 2003
Published:
Imprint:
Syngress
eBook ISBN:
9780080476469

About the Author