30. There are three GUIs that are available in FireWall-1:
1. Policy Editor GUI: Used for creating rules and network objects. GUI may have upto four tabs, a) Security Policy b) Address Translation c) Bandwidth Policy d) Compression Policy
2. Log Viewer GUI: Used for viewing log files that are composed for events recorded as per the Rule Base and also other events such as security alerts, important system events.
3. System Status GUI: Enables the real time monitoring of all FireWall modules and alerting. Communication and traffic flow statistics are also displayed.
31. FireWall-1 supports the following encryption schemes:
- FWZ: This is a Check Point proprietary encryption scheme. FWZ uses symmetric encryption.
- Manual IPSec: This is an encryption and authentication scheme. The keys are fixed over duration of the connection.
- SKIP: This has some advantages over IPSec, that the keys change over time. An Internet host can send an encrypted packet to another host without requiring a prior message exchange to set up a secure channel.
- IKE: The Internet Key Exchange (IKE) protocol is a key management protocol standard which is used in conjunction with the IPSec standard. IPSec is an IP security protocol that provides robust authentication and encryption of IP packets.
- ISAKMP stands for Internet Security Association and Key Management Protocol. ISAKMP defines procedures and packet formats to establish, negotiate, modify and delete Security Associations (SAs).
32. There are nine objects available to manage a network under Network Objects Manager. These are:
- Integrated Firewall
- Logical Server
- Address Range
The management tools available in FireWall-1 are:
- Network Objects
- Users on account unit
Note that, Users and Servers are management tools.
33. Some of the popular protocol port numbers are:
- Telnet: Port #23
- FTP: Port #21
- HTTP (WWW): Port #80
- SMTP: Port #25
34. The Internet Assigned Numbers Authority (IANA) has set aside several ranges of IP numbers that can be freely used over private networks (Internet will not route these IP addresses). These private IP address ranges that are designated private:
Class A private address range:10.0.0.0 - 10.255.255.255
Class B private address range:172.16.0.0 - 172.31.255.255
Class C private address range:192.168.0.0 - 192.168.255.255
35. VPN/FireWall-1 Security Policy permits any number of administrators to view the Security Policy. However, only one administrator can log in using read/write permissions. This arrangement will prevent confusion arising from two admins simultaneously making changes to the Security Policy, without knowing what the other is doing.
36. The following are required to log on to the Log Viewer of a FireWall-1 Management Server:
- User Name
- Name or IP address of Management Server.
37. The communication between the Firewalled objects and the Management station is done by using a proprietary FireWall-1 protocol.
38. If you want to install Management Module and FireWall Module on separate computers, an Enterprise license is required.
39. Before any remote management can take place, an authentication key needs to be created for each Firewall Module and the corresponding Management Console that is responsible for remotely managing the Firewall. This is done using the 'fw putkey' command. The correct syntax is:
fw putkey -p <password> <ip-address>
if you are configuring the putkey on Managament Console, the <ip-address> corresponds to the firewall. If you are configuring the putkey on the firewalled computer, the <ip-address> corresponds to the Management station.