(CCSA: Checkpoint® Certified Systems Administrator)
22. Using the Security Policy Editor, four types of policies can be defined:
23. Important file names used in FireWall-1:
24. A Gateway must atleast have two network interfaces, one for the external network connection, and one for internal network connection.
25. The three types of Authentication schemes supported by VPN-1/FireWall-1 are:
26. VPN-1/FireWall-1 services covered by User Authentication are: Telnet, FTP, RLOGIN, HTTP, and HTTPS.
27. VPN-1/FireWall-1 supports third party routers (OPSEC products) such as Cisco, 3Com, Nortel (Bay Networks) routers, Cisco PIX firewalls, and Microsoft RRAS (Formerly known as Steelhead). For this purpose, Check Point's Open Security Extension ( an optional module) is required.
28. VPN-1/FireWall-1 supports two modes of Address Translation:
a. Hide mode: This has a many to 1 relation. Here many invalid addresses are translated to one valid IP address. Dynamically assigned port numbers are used to distinguish between the invalid addresses. This is called Hide mode, since invalid IP addresses are hidden behind the valid IP address.
b. Static mode: This has 1 to 1 correspondence of IP addresses. Here, the invalid IP is translated to a corresponding valid IP. There are two modes of static Address Translation:
29. The NAT Rule Base consists of three elements:
Original Packet and Translated Packet, in turn, consist of the following:
"Install On" specifies which firewalled objects will enforce the rule.
30. GUIs that are available in FireWall-1:
1. Policy Editor GUI: Used for creating rules and network objects. GUI may have upto four tabs, a) Security Policy b) Address Translation c) Bandwidth Policy d) Compression Policy
2. Log Viewer GUI: Used for viewing log files that are composed for events recorded as per the Rule Base and also other events such as security alerts, important system events.
3. System Status GUI: Enables the real time monitoring of all FireWall modules and alerting. Communication and traffic flow statistics are also displayed.
4. SecureClient Packaging Tool: This tool helps in customizing SecureClient installations, and simplifies large scale deployment of SecuRemote/SecureClient.
5. Traffic Monitoring: This tool is used for monitoring traffic.
6. SecureUpdate: SecureUpdate enables centralized management of CheckPoint and OPSEC software products including licensing.