CHECKPOINT

Q.1 What
is
Checkpoint
Architecture?
Ans.
Check Point has developed a Unified Security Architecture that is implemented
throughout all of its security products. This Unified Security Architecture enables all
Check Point products to be managed and monitored from a single administrative
console,
and
provides
a
consistent
level
of
security.
The Check Point Unified Security Architecture is comprised of four main
components:
Core Technologies: - Check Point uses a common set of core technologies, such
as INSPECT for security inspection, across multiple layers of security.
Central Management: - All Check Point products can be managed and monitored
from
a
single
administrative
console.
Open Architecture: - Check Point has built its security architecture to be open and
interoperable in a heterogeneous environment. For example, Check Point products
can interoperate with other network and security equipment from third-party vendors
to
enable
cooperative
enforcement
of
Security
Policies.
Universal-update Ability: - Check Point has consolidated multiple security-alert and
update functions to ease update procedures and help Administrators ensure that
security is always up-to-date.
Q.2 How Checkpoint Component communicate and Syns with each other?
Ans.
Secure Internal Communications (SIC) is the Check Point feature that ensures
components, such as Security Gateways, SmartCenter Server, SmartConsole, etc.
can communicate with each other freely and securely using a simple communicationinitialization process.
Q.3
What are the major differences between SPLAT and GAIA?
Ans.
Gaia is the latest version of Checkpoint which is a combination of SPLAT and IPSO.
Here are some benefits of Gaia as compare to SPLAT/IPSO.
1.
2.
3.
4.
5.
6.
7.
8.
9.

Web-Based
Full

user

interface
Software

with

Search
Blade

Navigation
support
High
connection
capacity
Role-Based
administrative
Access
Intelligent
Software
updates
Native
IPv4
and
IPv6
Support
ClusterXL
or
VRRP
Clusters
Manageable
Dynamic
Routing
Suite
Full
Compatibility
with
IPSO
and
SecurePlatform.

For more information you can checkpoint official

http://www.checkpoint.com/products/check-point-gaia/

page

on

this

topic:

Q.4 What are the different different Checkpoint Ports and purpose of these
ports?
Ans.
PORT
TYPE
SERVICE
DESCRIPTION
21
TCP
ftp File transfer Protocol (control)
21
UDP
ftp
File
transfer
Protocol
(control)
22
Both
ssh
SSH
remote
login
25
Both
SMTP
Simple
Mail
transfer
Protocol
50
Encryption IP protocols esp IPSEC Encapsulation Security
Payload
51
Encryption IP protocols ah IPSEC Authentication Header
Protocol
53
Both
Domain
Name
Server
69
Both
TFTP
Trivial
File
Transfer
Protocol
94
TCP
Encryption IP protocols fwz_encapsulation (FW1_Eencapsulation)
137
Both
Netbios-ns
NETBIOS
Name
Service
138
Both
netbios-dgm
NETBIOS
Datagram
139
Both
netbios-ssn
NETBIOS
Session
256
TCP
FW1 (fwd) policy install port FWD_SVC_PORT
257
TCP
FW1_log
FW1_log
FWD_LOG_PORT
258
TCP
FW1_mgmt
FWM_SSVVC_PORT
259
TCP
FW1_clientauth_telnet
259
UDP
RDP
Reliable
Datagram
Protocol
260
TCP
sync
260
UDP
FW1_snmp
FWD_SNMP_PORT
261
TCP
FW1_snauth Session Authentication Daemon
262
TCP
MDQ

mail
dequer
263
TCP
dbs
264
TCP
FW1_topop Check Point SecureClient Topology Requests
265
TCP
FW1_key Check Point VPN-1 Public key transfer protocol
389
Both
LDAP Secure Client connecting to LDAP without SSL
443
SNX
VPN
can
use
443
too
444
TCP
SNX VPN SNX VPN tunnel in connectra only
500
UDP
IPSEC IKE Protocol (formerly ISAKMP/Oakley)
500
TCP
IKE
over
TCP
500
UDP
ISAKMPD_SPORT
&
ISAKMPD_DPORT
514
UDP
Syslog
Syslog
636
LDAP
Secure Client connecting to LDAP with SSL
900
TCP
FW1_clntauth_http Client Authentication Daemon
981
Management
https
on
the
edge
1247
1494
TCP
Winframe
Citrix
1645
TCP
Radius
1719
UDP
VOIP
1720
TCP
VOIP

2040
TCP
MIP
meta
Ip
admin
server
2746
UDP
UDP encapsualtion for SR VPN1_IPSEC_encapsulation
VPN1_IPSEC
encapsulation
2746
TCP
CPUDPENCap
4000
Policy
Server
Port
(Redmond)
4433
TCP
Connectra Admin HTTPS Connectra admin port
4500
UDP
NAT-T
NAT
Traversal
4532
TCP
SNDAEMON_PORT sn_auth_trap: sn_auth daemon Sec.Serv
comm,
5001
TCP
Meta
IP
Web
Connection,
MIP
5002
TCP
Meta
IP
DHCP
Failover
5004
TCP
Meta
IP
UAM
5005
TCP
Meta
IP
SMC
6969
UDP
KP_PORT
KeyProt
8116
UDP
Check Point HA SyncMode= CPHAP (new sync mode)
8116
UDP
Connection table synchronization between firewalls
8989
TCP
CPIS
Messaging
MSG_DEFAULT_PORT
8998
TCP
MDS_SERVER_PORT
9000
Command
Line
Port
for
Secure
Client
10001
TCP
Default CPRSM listener port for coms with RealSecure Console
18181
TCP
FW1_cvp Check Point OPSEC Content Vectoring Protocol
18182
TCP
FW1_ufp Check Point OPSEC URL Filtering Protocol
18183
TCP
FW1_sam Check Point OPSEC Suspicious Activity monitoring
Proto
(SAM
API)
18184
TCP
FW1_lea Check Point OPSEC Log Export API
18185
TCP
FW1_omi Check Point OPSEC Objects Management Interface
18186 TCP
FW1_omi-sic Check Point OPSEC Objects management Interface
with
Secure
Internal
Communication
18187
TCP
FW1_ela Check Point OPSEC Event Loging API
18190
TCP
CPMI Check Point
Management
Interface
18191
TCP
CPD
Check
Point
Daemon
Proto
NG
18192
TCP
CPD_amon Check Point Internal Application Monitoring NG
18193
TCP
FW1_amon Check Point OPSEC Appication Monitoring NG
18201
TCP
FGD_SVC_PORT
18202
TCP
CP_rtm Check Point Real time Monitoring
18203
TCP
FGD_RTMP_PORT
18204
TCP
CE
communication
18205
TCP
CP_reporting Check Point Reporting Client Protocol
18207
TCP
FW1_pslogon Check Point Policy Server logon Protocol
18208
TCP
FW1_CPRID (SmartUpdate) Check Point remote Installation
Protocol
18209
TCP
FWM CA for establishing SIC communication
18210
TCP
FW1_ica_pull Check Point Internal CA Pull Certificate Service
18211
TCP
FW1_ica_pull Check Point Internal CA Push Certificate Service
18212
UDP
Connect
Control

Load
Agent
port
18213
TCP
cpinp:
inp
(admin
server)
18214
TCP
cpsmc:
SMC
18214
UDP
cpsmc:
SMC
Connectionless
18221 TCP
CP_redundant Check Point Redundant Management Protocol NG
18231 TCP
FW1_pslogon_NG Check Point NG Policy Server Logon Protocol

18231
TCP
NG listens on this port by default dtps.exe
18232
TCP
FW1_sds_logon Check Point SecuRemote Distribution Server
Protocol
18233 UDP
Check Point SecureClient Verification Keepalive Protocol
FW1_scv_keep_alive
18241
UDP
e2ecp
18262
TCP
CP_Exnet_PK Check Point Public Key Resolution
18263 TCP
CP_Exnet_resolve Check Point Extranet remote objects resolution
18264
TCP
FW1_ica_services Check Point Internal CA Fetch CRL and User
Registration
Services
19190
TCP
FW1_netso Check Point OPSEC User Authority Simple Protocol
19191
TCP
FW1_uaa Check point OPSEC User Authority API
65524
FW1_sds_logon_NG Secure Client Distribution Server Protocol (VC
and
Higher)
Q.5
How SIC work? What are the different ports of SIC?
Ans.
Secure Internal Communication (SIC) lets Check Point platforms and products
authenticate with each other. The SIC procedure creates a trusted status between
gateways, management servers and other Check Point components. SIC is required
to install polices on gateways and to send logs between gateways and management
servers.
These
1.
2.
3.

security

measures

make

Certificates
Standards-based SSL for
3DES

The

Internal

the

sure

of

for
creation
for

Certificate

the
of

safety

the

of

SIC:

authentication
secure channel
encryption

Authority

(ICA)

The ICA is created during the Security Management server installation process. The
ICA is responsible for issuing certificates for authentication. For example, ICA issues
certificates such as SIC certificates for authentication purposes to administrators and
VPN
certificates
to
users
and
gateways.
Initializing

the

Trust

Establishment

Process

Communication Initialization establishes a trust between the Security Management

server and the Check Point gateways. This trust lets Check Point components
communicate securely. Trust can only be established when the gateways and the
server
have
SIC
certificates.
Note - For SIC to succeed, the clocks of the gateways and servers must be
synchronized.
The Internal Certificate Authority (ICA) is created when the Security Management
server is installed. The ICA issues and delivers a certificate to the Security

Management

server.

To

initialize

SIC:

1.
Decide
on
an
alphanumeric
Activation
Key.
2. In SmartDashboard, open the gateway network object. In the General Properties
page of the gateway, click Communication to initialize the SIC procedure.
3. In the Communication window of the object, enter the Activation Key that you
created
in
step
2.
4.
Click
Initialize.
The ICA signs and issues a certificate to the gateway. Trust state is Initialized but not
trusted. The certificate is issued for the gateway, but not yet delivered.
SSL negotiation takes place. The two communicating peers are authenticated with
their
Activation
Key.
The

certificate

is

downloaded

securely

and

stored

on

the

gateway.

After successful Initialization, the gateway can communicate with any Check Point
node that possesses a SIC certificate, signed by the same ICA. The Activation Key is
deleted. The SIC process no longer requires the Activation Key, only the SIC
certificates.
Checkpoint
PORT
18209
18210
18211
Q.6
Ans.

SIC
tcp

tcp

Ports

TYPE
SERVICE
DESCRIPTION
NGX Gateways <> ICAs (status, issue, or revoke).
tcp
Pulls
Certificates
from
an
ICA.
Used by the cpd daemon (on the gateway) to receive Certificates.

Checkpoint

In case of SNAT
Antispoofing
Session lookup
Policy lookup
Routing
Netting

In case of DNAT

Packet

flow

for

SNAT

and

DNAT?

Antispoofing
Session lookup
Policy lookup
Netting
Routing
Q.7
What is the main different between cpstop/cpstart and fwstop/fwstart?
Ans.
Using cpstop and then cpstart will restart all Check Point components, including the
SVN foundation. Using fwstop and then fwstart will only restart VPN-1/FireWall-1.
Q.8

What are the functions of CPD, FWM, and FWD processes?

Ans.
CPD CPD is a high in thehierarchicalchain and helps to execute many
services, such as Secure InternalCommunication(SIC), Licensing and status report.
FWM The FWM process is responsible for the execution of the databaseactivities of
the SmartCenter server. It is; therefore, responsible forPolicy installation,
Management High Availability (HA) Synchronization,saving the Policy, Database
Read/Write
action,
Log
Display,
etc.
FWD The FWD process is responsible for logging. It is executed in relationto
logging, Security Servers and communication with OPSEC applications.
Q.9
Q.10
Q.11
Q.12
Q.13
Q.14
Q.15
Q.16
Q.17
Q.18
Q.19

What is Anti-Boat?
How to block ICMP tunnel in checkpoint?
Difference between fwstop and cpstop?
What are the services which impacted during cpstop and spstart?
What is CPinfo? And why it is used?
What are Cluster_XL, Secure_XL and CORE_XL?
What is Provider1?
What is MDF Database?
How to configure SMC HA?
How
to
check
License
via
Smartview
Monitor?
How to configure perform DNAT before routing via Global Properties?

CHECKPOINT CLUSTER
Q.1
Q.2
Q.3
Q.4
Q.5
Q.6

Which protocol use in Checkpoint for Clustering?

How Cluster_XL works? What the ports used by Cluster_XL?
What are the New and Legacy Mode in Clustering?
What are Delta and Full Mode in Clustering?
Step by Step Process of configuring Checkpoint Cluster?
How to use VRRP for Checkpoint Clustering?

CHECKPOINT VPN

Q.3

Q.7
Q.8

Q.1 Difference between IPSec and SSL VPN?

Q.2 Difference between Domain Base and Route Base VPN?
What are the protocols of IPSec? And what are the Protocol numbers of IPSec
Protocols.?
Ans. IPSec use two Protocols AH (Authentication Header) and ESP (Encapsulated
Security Payload). AH works on Protocol number 51 and ESP works on Protocol
number 50.
Q.4 What is NAT traversal? Where it used?
Q.5 How use NAT in VPN Tunnel?
Q.6 What is Norm in IPSec?
What the Phases of IPSec VPN? And many messages being exchanged in MAIN
and QUICK Mode? What are these messages?
What
is
Encryption
Domain?
Q.9
IPSec
works
at
which
OSI
layer?
Ans. IP Layer (Network Layer and provide security services Network Layer and
above).

JUNIPER SCREENOS
Q.1
Q.2
Q.3
Q.4
Q.5
Q.6

What are the series of ScreenOS boxes?

What is the latest version ScreenOS?
Juniper Packet Flow.
What is Screen Check? How to configure Screen Check in Juniper?
What is DIP, MIP and VIP?
How to configure Cluster in Juniper?

ROUTING
Q.1
Q.2

Difference between Static and Dynamic Routing?

Different between AD Value and Metric? And what is the AD value of EIGRP, OSPF,
RIP and BGP?

Ans.
AD: - The administrative distance is helpful to select best between two or more
routing Protocols. For example best route selection between OSPF and RIP.
Metric: - Metrics are only helpful to select route inside a routing protocol. For
example best route inside the RIP.

Q.3
Q.4

Administrative Distance Valuse

Connected Interface = 0
Static Route = 1
EIGRP Summery Route = 5
External BGP = 20
Internal EIGRP = 90
IGRP = 100
OSPF = 110
IS-IS = 115
RIP = 120
EGP = 140
On Demand Routing = 160
External EIGRP = 170
Internal BGP = 200
Unknown = 255
How to configure Inter-VLAN routing in router?
How to enable trunking in router?

SWITCHING
Q.1
Q.2
Q.3
Q.4
Q.5

What is Private VLAN? What is extended or High VLAN range?

What is Native VLAN?
What is VTP?
What is Transparent Mode in VTP and how it works? If we create new VLAN on
Transparent Switch that will be advertise or not?
What is 802.1x standard?

PROTOCOLS

Q.1

What are different ports of FTP? What is the use of FTP different ports?
Ans. A Client makes a TCP connection to the server port 21. This connection
remains open for the duration of the session and thus it is called a control session.
Then another connection is opened on Port 20 and it is called the data connection.
The control connection is used for authenticating, command and administrating
exchanged between the client and the server.

Q.2

What are the modes of FTP?

Ans.

There are two types of FTP.

Passive FTP: - In passive mode, the client establishes both channels (Data and
control). In that case, the server tells the client which port should be used for the
data channel.

Active FTP: - In active mode, the client establishes the control channel but the
server establishes the data channel.

Q.3

Why FTP not work with Packet Filter Firewall?

Q.4
Ans.

What are the ports of DNS?

DNS use Port TCP & UDP 53.

Q.5
Ans.

When DNS use port tcp_53?

UDP/53 is used when a host or a router wants to resolve a domain name to an IP
address (or vice versa).
TCP/53 is used between two DNS servers when they want to sync or share their
databases. Or If the size of the response message is more than 512 bytes, a TCP
connection is used.

Q.6

What is DHCP? What are the Ports of DHCP?

MCAFEE
Q.1
Q.2
Q.3
Q.4
Q.5
Q.6
Q.7
Q.8

How to Installation and Configuration ePO sever?

What is McAfee Agent Handler?
How to restore ePO database?
How to make policy in new ePO?
What is default Console Port of ePO?
What is the default Group of ePO?
On which port ePO communication with client agent?
What is Client Task?

RSA AUTHENTICATION MANAGER

Q.1
Q.2
Q.3

How Install and Configure RSA Authentication Manager?

How to install and configure RSA Agent in Firewall or Windows Server?
How to configure RADIUS in RSA?

Q.4

What are the RSA important files?

MISC QUESTION

Q.1

What is OSI stack? Explains all the OSI layers?