11. Administrative permissions available for CP 2000 Firewall:
1) Read/Write : Allows full access to all Check Point products. Note that only one FireWall-1 administrator can be logged in with Read/Write permission at any given time.
2) Custom: Permissions can be set individually per administrator.
12. For an administrator, the following are required parameters to log-in:
- User Name
- Name or IP address of of the management server.
13. While implementing security policy, there are three different enforcement directions:
- Inbound (default), packets going into the FireWall are checked.
- Outbound, packets going out of the FireWall are checked.
- Eitherbound, packets going into and packets leaving the FireWall are checked against the security policy.
14. License: All Check Point products except GUI require a license for their operation.
15. The communication between the Management module and the Firewall Module is encrypted. The Management server establishes a trust relationship with FireWall module for secure communication between the modules.
16. VPN-1/FireWall-1 is uninstalled on different platforms as below:
1. Windows Platform: To uninstall VPN-1/FireWall-1 on a Windows platform use, Add/Remove Programs applet in the Control Panel.
2. Solaris Platform: To uninstall VPN-1/FireWall-1 on a Solaris platform, use pkgrm
3. Linux Platform: To uninstall VPN-1/FireWall-1 on a Linux platform, use rpm -e
Note that, if the Primary Management Servr is uninstalled, all other Check Point Products need to be uninstalled and reinstalled from scratch.
17. Fingerprint is used to verify the identity of the Management Server being accessed via the GUI Client for the first time. When a GUI Client initially connects to the Management Server, you should fetch the fingerprint and compare it with the established fingerprint obtained by means of fax, mail, print, or some other non network means. Fingerprint matching ensures that the Management Server is communicating to the right GUI.
18. VPN-1/FireWall-1 supports the following internal authentication schemes:
- OS Password: This is Operating System password
- FireWall-1 password: This is an encryped password supported by FireWall-1
- S/Key: One time password, very secure.
The following external authentication schemes are supported:
- SecurID: Here the Security Dynamics PassCode is entered by the user.
- EXENT Pathway Defender: Separate server software requires response from the user.
- RADIUS: Requires RADIUS server to perform centralized authentication.
- TACACS: TACACS server prompts the user for a response.
The Kerberos authentication scheme is not supported by VPN-1/FireWall-1.
19. To define a rule in the rule base in FireWall-1, the following must be specified at the minimum:
- Install On (the enforcement point)
20. VPN-1/FireWall-1 ignores other protocol packets such as IPX, DecNET. These protocols are processed by other protocols stacks. Note that, if you install an IPX protocol stack, for example, the IPX packets are processed by IPX stack independent of VPN-1/FireWall-1. This could be a security risk and need to be thoroughly evaluation for need before installing the same.