Anda di halaman 1dari 3

- Checkpoint sits between the datalink layer and the Network layer. # Firewalls supported by Checkpoint 1.

Packet Filter Firewall - Firewall in its most basic form. - Functions at layer 3 of the OSI model - It filters traffic based on 5 factors (Source IP address, Destination IP addre ss, Source Port, Destination Port, Protocol) - Least secure type of Firewall because it has no intelligence to look to see if a SMTP packet is indeed a SMTP packet (or it is spoofed). 2. Stateful Inspection Firewall - very critical to networking today. - It gives us the opportunity to examine the entire packet (from the header to t he end of the packet) to make sure that the packet is what it says it is. - Technology is developed and patented by Checkpoint a little before 1992. - A stateful inspection firewall takes place at the transport layer (TCP/UDP) 3. Bridge Mode Firewall - Invisible to all Layer 3 traffic. - All traffic are passed from one interface to another (layer 2). - Corrects routing limitations on the network. - using the 'mii-tool' command can show if you can use bridged mode on the firew all. If you get errors, this is an indication that you may not be able to use it on your hardware. + VPN 1 and Smart Center: VPN-1 is the actual firewall product and the Smart Cen ter is the management Server. ============================================ PRODUCT INSTALLATION PART 1 ============================================ # WHat is SPLAT? - Secure Platform Firewall. - It is distributed as a bootable CD-ROM directly from Checkpoint. It's based on a Redhat Linux kernel and it has no unnecessary services running by default and this takes out many risks. - Requires minimal configuration.

# SPLAT Hardware Requirements - 512MB RAM; 10GB HDD space.. Check from Checkpoint website. # Hardware Compatibility List - Visit and search for HCL

- You can also burn a hardware compatibility testing tool # Hardware Platform Selection - We can either deploy Checkpoint using open servers in our environment OR we ca n use checkpoint appliances and we do have different options. - We can either use Open Servers or Checkpoint Appliances. We have Power-1 appli ances, UTM-1 appliances, Smart-1 appliances, Sales@office appliances and Connect ra appliances. - Connectra Appliances are used for SSL-VPNs. - The following appliances run Secure Platform: Power-1 appliances, UTM-1 applia nces, Smart-1 appliances and Connectra appliances. So this means that once we le arn the use of Secure Platform in our CCSA studies, we can use the same knowledg e for these appliances. # Deployment Scenarios 1. Stand-alone deployment: One Server that we have our software installed on. Fo r small to medium sized enterprises that have a need for only one firewall. - We have the management server and the checkpoint firewall on the same box. 2. Distributed deployment: For a company that has more than one firewall that th ey need to manage. - So there will be the Checkpoint Smart Center Server on one appliance or one se rver and the firewalls on other servers because we will need the ability to mana ge those firewalls and get the logging and everything from them back on the Chec kpoint Smart Center Server. - We will be managing more than one firewall from the smart center server in the distributed deployment. # Firewall Install on SPLAT - We will be doing our installation on a virtual machine. - We can actually use VMWare workstation to fully emulate the same type of deplo yment that we would so on an open server or even a checkpoint appliance. - We will be installing the CheckPoint SecurePlatform.