Book Image

Check Point Firewall Administration R81.10+

By : Vladimir Yakovlev
Book Image

Check Point Firewall Administration R81.10+

By: Vladimir Yakovlev

Overview of this book

Check Point firewalls are the premiere firewalls, access control, and threat prevention appliances for physical and virtual infrastructures. With Check Point’s superior security, administrators can help maintain confidentiality, integrity, and the availability of their resources protected by firewalls and threat prevention devices. This hands-on guide covers everything you need to be fluent in using Check Point firewalls for your operations. This book familiarizes you with Check Point firewalls and their most common implementation scenarios, showing you how to deploy them from scratch. You will begin by following the deployment and configuration of Check Point products and advance to their administration for an organization. Once you’ve learned how to plan, prepare, and implement Check Point infrastructure components and grasped the fundamental principles of their operation, you’ll be guided through the creation and modification of access control policies of increasing complexity, as well as the inclusion of additional features. To run your routine operations infallibly, you’ll also learn how to monitor security logs and dashboards. Generating reports detailing current or historical traffic patterns and security incidents is also covered. By the end of this book, you'll have gained the knowledge necessary to implement and comfortably operate Check Point firewalls.

Related Content you might be interested in

Current Title:

Small book image
Check Point Firewall Administration R81.10+
Vladimir Yakovlev
Aug, 2022 | 654 pages
Small book image
Mastering Palo Alto Networks
Tom Piens aka reaper
Jun, 2022 | 636 pages
Table of Contents (21 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Legal disclaimer
Share your thoughts
1
Part 1: Introduction to Check Point, Network Topology, and Firewalls in Your Infrastructure and Lab
Part 1: Introduction to Check Point, Network Topology, and Firewalls in Your Infrastructure and Lab
Free Chapter
2
Chapter 1: Introduction to Check Point Firewalls and Threat Prevention Products
Chapter 1: Introduction to Check Point Firewalls and Threat Prevention Products
Technical requirements
Learning about Check Point's history and the current state of the technology
Understanding the Check Point product lineup and coverage
Introducing the Unified Management concepts and the advantages of security product consolidation
Familiarization with the Security Management Architecture (SMART)
Determining how we learn
Navigating the Check Point User Center
Summary
Further reading
3
Chapter 2: Common Deployment Scenarios and Network Segmentation
Chapter 2: Common Deployment Scenarios and Network Segmentation
Understanding your network topology
Learning about network segmentation
Protecting the core
Protecting the perimeter
Sizing appliances for new implementations and determining load on current systems
Summary
Further reading
4
Chapter 3: Building a Check Point Lab Environment – Part 1
Chapter 3: Building a Check Point Lab Environment – Part 1
Technical requirements
Lab topology and components
Downloading the prerequisites
Installing Oracle VirtualBox
Deploying the VyOS router
Summary
5
Chapter 4: Building a Check Point Lab Environment – Part 2
Chapter 4: Building a Check Point Lab Environment – Part 2
Technical requirements
Creating a Windows base VM
Creating a Check Point base VM
Creating linked clones
Summary
6
Part 2: Introduction to Gaia, Check Point Management Interfaces, Objects, and NAT
Part 2: Introduction to Gaia, Check Point Management Interfaces, Objects, and NAT
7
Chapter 5: Gaia OS, the First Time Configuration Wizard, and an Introduction to the Gaia Portal (WebUI)
Chapter 5: Gaia OS, the First Time Configuration Wizard, and an Introduction to the Gaia Portal (WebUI)
Technical requirements
Learning about Gaia's roots – a historical note
Using the First Time Configuration Wizard
Introduction to the Gaia Portal (WebUI)
Summary
8
Chapter 6: Check Point Gaia Command-Line Interface; Backup and Recovery Methods; CPUSE
Chapter 6: Check Point Gaia Command-Line Interface; Backup and Recovery Methods; CPUSE
Learning about the Check Point Gaia CLI
Introduction to Expert mode
Configuring Gaia using CLISH
Saving Gaia configuration, backups, snapshots, and migration tools
Saving and loading the configuration
Offline configuration editing and comparison
Using CPUSE
Summary
9
Chapter 7: SmartConsole – Familiarization and Navigation
Chapter 7: SmartConsole – Familiarization and Navigation
Technical requirements
Introduction to the SmartConsole application and Demo Mode
SmartConsole components, capabilities, and navigation
Summary
10
Chapter 8: Introduction to Policies, Layers, and Rules
Chapter 8: Introduction to Policies, Layers, and Rules
Access Control policies, layers, and rules
Packet flows and acceleration
Best practices for Access Control rules
APCL/URLF layer structure
Logs, tracking depth, and oddities
Summary
11
Chapter 9: Working with Objects – ICA, SIC, Managed, Static, and Variable Objects
Chapter 9: Working with Objects – ICA, SIC, Managed, Static, and Variable Objects
Working with objects
Object categories
Introduction to Internal Certificate Authority and Secure Internal Communication
Gateways and servers
Creating networks and Host objects
Variable objects
Summary
12
Chapter 10: Working with Network Address Translation
Chapter 10: Working with Network Address Translation
The need for NAT
NAT policies, rules, and processing orders
Automatic NAT
When NAT is not enough
NAT logging
Summary
13
Part 3: Introduction to Practical Administration for Achieving Common Objectives
Part 3: Introduction to Practical Administration for Achieving Common Objectives
14
Chapter 11: Building Your First Policy
Chapter 11: Building Your First Policy
Defining the access control policy structure
Creating rules for the firewall/networking layer
Creating the APCL/URLF layer and rules
Using Identity Awareness and access roles
Summary
15
Chapter 12: Configuring Site-to-Site and Remote Access VPNs
Chapter 12: Configuring Site-to-Site and Remote Access VPNs
An introduction to site-to-site VPN capabilities
Configuring a remote gateway and creating its policy
Building a site-to-site VPN using gateways managed by the same management server
An introduction to Check Point remote access VPN solutions
Configuring a remote access IPSec VPN
Summary
16
Chapter 13: Introduction to Logging and SmartEvent
Chapter 13: Introduction to Logging and SmartEvent
Logging into a single security domain
Introduction to SmartEvent
Summary
17
Chapter 14: Working with ClusterXL High Availability
Chapter 14: Working with ClusterXL High Availability
ClusterXL in HA mode
ClusterXL HA failover simulations
Alternative preferred HA options
Summary
18
Chapter 15: Performing Basic Troubleshooting
Chapter 15: Performing Basic Troubleshooting
Troubleshooting constraints and your actions
Typical issues and the tools to solve them
Service Requests – getting them right every time
Community resources and engagements
Postmortems and lessons learned
Summary
19
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts
Appendix: Licensing
Appendix: Licensing
Licensing
Licensing for gateways
Licensing for management servers
Central and local licenses
License activation
Evaluation licenses for the lab
SmartUpdate and additional information
Why subscribe?

NAT logging

NAT is logged in rules where Log Generation | Per Connection are enabled. As per the recommendations made in Chapter 8, Introduction to Policies, Layers, and Rules, this should be the default setting for the firewall-only rules.

The NAT portion of the log card is really easy to understand, but I have seen repeated questions in forums regarding these two fields: NAT Rule Number and NAT Additional Rule Number.

To illustrate, let’s take a look at the following log card:

Figure 10.29 – The NAT Rule Number and NAT Additional Rule Number log fields

In the preceding screenshot, we can see the following:

  • Traffic is accepted from host 10.10.10.21 [1] to host 200.100.0.5 [2].
  • The translated source IP is 10.30.30.1 [3], which belongs to one of the virtual IPs of our cluster, and the translated destination is 10.30.30.5 [4].
  • We can see that NAT Rule Number is 4 [5] and NAT Additional Rule Number is 9 [6].

This log...

Previous Section
End of Section 6
Next Section