CheckPoint NG VPN 1/Firewall 1

CheckPoint NG VPN 1/Firewall 1

Advanced Configuration and Troubleshooting

1st Edition - May 11, 2003

Write a review

  • Author: Syngress
  • eBook ISBN: 9780080476469

Purchase options

Purchase options
DRM-free (PDF)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order

Description

Check Point Software Technologies is the worldwide leader in securing the Internet. The company's Secure Virtual Network (SVN) architecture provides the infrastructure that enables secure and reliable Internet communications. Check Point recently announced a ground-breaking user interface that meets the industry's next generation Internet security requirements, including simplified security management for increasingly complex environments. Built upon Check Point's Secure Virtual Network (SVN) architecture, the Next Generation User Interface revolutionizes the way security administrators define and manage enterprise security by further integrating management functions into a security dashboard and creating a visual picture of security operations. The Next Generation User Interface delivers unparalleled ease-of-use, improved security and true end-to-end security management. Check Point's revenues have more than doubled in each of the last two years, while capturing over 50% of the VPN market and over 40% of the firewall market according to IDC Research. The explosive growth of the company is further evidenced by over 29,000 IT professionals becoming Check Point Certified so far.This book will be the complimentary to Syngress' best-selling Check Point Next Generation Security Administration, which was a foundation-level guide to installing and configuring Check Point NG. This book will assume that readers have already mastered the basic functions of the product and they now want to master the more advanced security and VPN features of the product. Written by a team of Check Point Certified Instructors (the most prestigious Check Point certification) this book will provide readers with a complete reference book to Check Point NG and advanced case studies that illustrate the most difficult to implement configurations. Although not a Study Guide, this book will cover all of the objectives on Check Point's CCSE Exam.

Key Features

· The reader will learn to design and configure a Virtual Private Network (VPN).
· The reader will learn to configure Check Point NG for High Availability (HA), which is the ability of a system to perform its function continuously (without interruption) for a significantly longer period of time than the reliabilities of its individual components would suggest.
· The reader will learn to use SeucureUpdate, which allows them to perform simultaneous, secure, enterprise-wide software updates.

Table of Contents


  • Foreword

    Chapter 1 FW-1 NG Operational Changes

    Introduction

    Static NAT Changes from 4.x to NG

    Server-Side NAT

    Client-Side NAT

    Bidirectional NAT

    Automatic ARP

    When ARP Is Automatic

    When ARP Is Manual

    Upgrading 4.x to NG

    The 4.x Upgrade Process

    When to Rebuild

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 2 Smart Clients

    Introduction

    SmartDashboard

    What’s New in NG SmartDashboard

    A GUI Overview of New FP3 Features

    SmartView Status

    What’s New in SmartView Status

    Highlights of SmartView Status

    SmartView Tracker

    What’s New in SmartView Tracker

    Highlights From the SmartView Tracker

    SmartView Monitor

    Installation

    The Interface

    Traffic Monitoring

    Generating Reports

    User Monitor

    The Interface

    Managing Queries

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 3 Advanced Authentication

    Introduction

    Active Directory

    Setting Up Active Directory for FireWall-1 Authentication

    Setting Up the Firewall for AD Authentication

    Suggested Uses of MS-AD Authentication

    Standard LDAP

    Setting Up the LDAP for FireWall-1 Authentication

    Setting Up the Firewall for LDAP Authentication

    Suggested Uses of LDAP Authentication

    RADIUS

    Setting Up the Firewall for RADIUS Authentication

    Setting Up RADIUS for FireWall-1 Authentication

    Suggested Uses of RADIUS Authentication

    TACACS+

    Setting Up the Firewall for TACACS+ Authentication

    Setting Up TACACS+ for FireWall-1 Authentication

    Suggested Uses of TACACS+ Authentication

    General User Management

    Self-Service User Management with ADSI

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 4 Advanced VPN Concepts

    Introduction

    What Are SEP and MEP

    Sample Scenario

    Exploring SEP

    Exploring MEP

    SEP Configuration Examples

    Scenario One

    Scenario Two

    MEP Configuration Examples

    Scenario One

    Setup of New York Firewall

    Setup of San Diego Firewall

    Combinations of MEP and SEP

    VPN Modes

    Transparent Mode

    Connect Mode

    Routing Between VPN Connections

    Dynamic IP Address VPN Connections

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 5 Advanced VPN Client Installations

    Introduction

    The Difference Between SecuRemote and SecureClient

    Using DNSInfo Files

    Encrypting Internal Traffic

    Using SR/SC from Behind a CP-FW-1 System

    Using SecureClient

    Creating Rules for Internal Connections to Remote Clients

    Examples of Common Deployments

    L2TP Tunnels Terminating on a Check Point FP3 Box

    Office Mode SecureClient

    FP3 Clientless VPNs

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 6 High Availability and Clustering

    Introduction

    Designing Your Cluster

    Why Do You Need a Cluster

    High Availability or Load Sharing

    Clustering and Check Point

    Connecting the Cluster to Your Network: Hubs or Switches

    FireWall-1 Features, Single Gateways vs. Clusters: The Same, But Different

    Installing FireWall-1 NG FP3

    Checking the Installation Prerequisites

    Installation Options

    Installation Procedure

    Check Point ClusterXL

    Configuring ClusterXL in HA New Mode

    Testing ClusterXL in HA New Mode

    Test 1: Pinging the Virtual IP Address of Each Interface

    Test 2: Using SmartView Status to Examine the Status of the Cluster Members

    Test 3: FTP Session Through the Cluster When an Interface Fails

    Command-Line Diagnostics on ClusterXL

    How Does ClusterXL HA New Mode Work

    ClusterXL HA New Mode Failover

    ClusterXL Failover Conditions

    Special Considerations for ClusterXL in HA New Mode

    Network Address Translation

    Configuring ClusterXL in HA Legacy Mode

    Configuring ClusterXL in Load-Sharing Mode

    Prerequisites for Configuring ClusterXL in Load-Sharing Mode

    Configuration of ClusterXL in Load-Sharing Mode

    Testing ClusterXL in Load-Sharing Mode

    Test 1: Pinging the Virtual IP Address for Each Interface

    Test 2: Using SmartView Status to Examine the Status of the Cluster Members

    Test 3: FTPing Through ClusterXL Load Sharing During Failover

    Command-Line Diagnostics for ClusterXL

    How ClusterXL Works in Load-Sharing Mode

    Special Considerations for ClusterXL in Load-Sharing Mode

    Network Address Translation

    User Authentication and One-Time Passcodes

    Nokia IPSO Clustering

    Nokia Configuration

    Check Point FireWall-1

    Configuration for a Nokia Cluster

    Nokia Cluster Configuration on Voyager

    Testing the Nokia Cluster

    How Nokia Clustering Works

    Special Considerations for Nokia Clusters

    Nokia IPSO VRRP Clusters

    Nokia Configuration

    Nokia VRRP Configuration on Voyager

    Testing the Nokia VRRP Cluster

    How VRRP Works

    Special Considerations for Nokia VRRP Clusters

    Third-Party Clustering Solutions

    Clustering and HA Performance Tuning

    Data Throughput or Large Number of Connections

    Improving for Large Number of Connections

    Final Tweaks to Get the Last Drop of Performance

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 7 SecurePlatform

    Introduction

    The Basics

    Installation

    Configuration

    CPShell

    Applying OS and Application Updates

    Adding Hardware to SecurePlatform

    Adding NICs

    Adding a Second Processor

    Adding Hard Drives

    FireWall-1 Performance Counters

    Firewall Commands

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 8 SmartCenter Management Server, High Availability and Failover, and SMART Clients

    Introduction

    SmartCenter Server:The Roles of a Management Server

    Internal Certificate Authority

    Management Server Backup Options

    Protecting the Configuration

    Enforcement Point Functions

    Installing a Secondary Management Server

    SMART Clients

    SMART Client Functions

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 9 Integration and Configuration of CVP / UFP

    Introduction

    Using CVP for Virus Scanning E-Mail

    Configuring CVP

    URL Filtering for HTTP Content Screening

    Setting Up URL Filtering with UFP

    Using Screening without CVP

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 10 SecureClient Packaging Tool

    Introduction

    Installing the SecureClient Packaging Tool

    Starting the SecureClient Packaging Tool

    Creating a Profile

    The Welcome Window

    The General Window

    The Connect Mode Window

    The SecureClient Window

    The Additional Options Window

    The Topology Window

    The Certificates Window

    The Silent Installation Window

    The Installation Options Window

    The Operating System Logon Window

    The Finish Window

    Managing SecureClient Profiles

    Creating a New Profile From an Existing Profile

    Deleting a Profile

    Editing a Profile

    Creating SecureClient Installation Packages

    The Welcome Window

    The Package Generation Window

    Deploying SecuRemote Packages

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 11 SmartDefense

    Introduction

    Understanding and Configuring SmartDefense

    General

    Anti-Spoofing Configuration Status

    Denial of Service

    IP and ICMP

    TCP

    DNS

    FTP

    HTTP

    SMTP Security Server

    Successive Events

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 12 SmartUpdate

    Introduction

    Licensing Your Products

    Management Server

    Enforcement Points

    Other License Types

    Updating Your Products

    Adding a New Product

    Installing a Product

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 13 Performance Pack

    Introduction

    How Performance Pack works

    Working on Interfaces While Using Performance Pack

    Installing Performance Pack

    Hardware Requirements

    Performance Considerations

    Installing Performance Pack on Solaris 8

    Installing Performance Pack on SecurePlatform

    Command-Line Options for Performance Pack

    Stopping and Starting SecureXL

    Checking the Status of SecureXL

    Configuring SecureXL

    Troubleshooting Performance Pack

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 14 UserAuthority

    Introduction

    Defining UserAuthority

    WAM in Detail

    Supported Platforms

    Installing UserAuthority

    Installing the UserAuthority Server

    Installing UserAuthority SecureAgent

    Installing the UserAuthority WebAccess Plug-In

    Implementing UserAuthority Chaining

    Utilizing UserAuthority Logging

    FireWall-1 SSO Policy Rules

    WAM Web Access Logging

    UAS Event Logging

    Understanding Credentials Management and Domain Equality

    Domain Equality

    Deploying UserAuthority

    Authenticated Internet Access

    Authenticated Web Server

    SSO Internet Access and Web Server

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 15 Firewall Troubleshooting

    Introduction

    SmartView Tracker

    Filtering Traffic

    Active and Audit Logs

    SmartView Monitor

    Monitoring Check Point System Counters

    Monitoring Traffic

    Monitoring a Virtual Link

    Running History Reports

    Using fw monitor

    How It Works

    Reviewing the Output

    Other Tools

    Check Point Tools

    Operating System and Third-Party Tools

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Index


Product details

  • No. of pages: 606
  • Language: English
  • Copyright: © Syngress 2003
  • Published: May 11, 2003
  • Imprint: Syngress
  • eBook ISBN: 9780080476469

About the Author

Syngress

Ratings and Reviews

Write a review

There are currently no reviews for "CheckPoint NG VPN 1/Firewall 1"