Académique Documents
Professionnel Documents
Culture Documents
Q.1 What
is
Checkpoint
Architecture?
Ans.
Check Point has developed a Unified Security Architecture that is implemented
throughout all of its security products. This Unified Security Architecture enables all
Check Point products to be managed and monitored from a single administrative
console,
and
provides
a
consistent
level
of
security.
The Check Point Unified Security Architecture is comprised of four main
components:
Core Technologies: - Check Point uses a common set of core technologies, such
as INSPECT for security inspection, across multiple layers of security.
Central Management: - All Check Point products can be managed and monitored
from
a
single
administrative
console.
Open Architecture: - Check Point has built its security architecture to be open and
interoperable in a heterogeneous environment. For example, Check Point products
can interoperate with other network and security equipment from third-party vendors
to
enable
cooperative
enforcement
of
Security
Policies.
Universal-update Ability: - Check Point has consolidated multiple security-alert and
update functions to ease update procedures and help Administrators ensure that
security is always up-to-date.
Q.2 How Checkpoint Component communicate and Syns with each other?
Ans.
Secure Internal Communications (SIC) is the Check Point feature that ensures
components, such as Security Gateways, SmartCenter Server, SmartConsole, etc.
can communicate with each other freely and securely using a simple communicationinitialization process.
Q.3
What are the major differences between SPLAT and GAIA?
Ans.
Gaia is the latest version of Checkpoint which is a combination of SPLAT and IPSO.
Here are some benefits of Gaia as compare to SPLAT/IPSO.
1.
2.
3.
4.
5.
6.
7.
8.
9.
Web-Based
Full
user
interface
Software
with
Search
Blade
Navigation
support
High
connection
capacity
Role-Based
administrative
Access
Intelligent
Software
updates
Native
IPv4
and
IPv6
Support
ClusterXL
or
VRRP
Clusters
Manageable
Dynamic
Routing
Suite
Full
Compatibility
with
IPSO
and
SecurePlatform.
page
on
this
topic:
Q.4 What are the different different Checkpoint Ports and purpose of these
ports?
Ans.
PORT
TYPE
SERVICE
DESCRIPTION
21
TCP
ftp File transfer Protocol (control)
21
UDP
ftp
File
transfer
Protocol
(control)
22
Both
ssh
SSH
remote
login
25
Both
SMTP
Simple
Mail
transfer
Protocol
50
Encryption IP protocols esp IPSEC Encapsulation Security
Payload
51
Encryption IP protocols ah IPSEC Authentication Header
Protocol
53
Both
Domain
Name
Server
69
Both
TFTP
Trivial
File
Transfer
Protocol
94
TCP
Encryption IP protocols fwz_encapsulation (FW1_Eencapsulation)
137
Both
Netbios-ns
NETBIOS
Name
Service
138
Both
netbios-dgm
NETBIOS
Datagram
139
Both
netbios-ssn
NETBIOS
Session
256
TCP
FW1 (fwd) policy install port FWD_SVC_PORT
257
TCP
FW1_log
FW1_log
FWD_LOG_PORT
258
TCP
FW1_mgmt
FWM_SSVVC_PORT
259
TCP
FW1_clientauth_telnet
259
UDP
RDP
Reliable
Datagram
Protocol
260
TCP
sync
260
UDP
FW1_snmp
FWD_SNMP_PORT
261
TCP
FW1_snauth Session Authentication Daemon
262
TCP
MDQ
mail
dequer
263
TCP
dbs
264
TCP
FW1_topop Check Point SecureClient Topology Requests
265
TCP
FW1_key Check Point VPN-1 Public key transfer protocol
389
Both
LDAP Secure Client connecting to LDAP without SSL
443
SNX
VPN
can
use
443
too
444
TCP
SNX VPN SNX VPN tunnel in connectra only
500
UDP
IPSEC IKE Protocol (formerly ISAKMP/Oakley)
500
TCP
IKE
over
TCP
500
UDP
ISAKMPD_SPORT
&
ISAKMPD_DPORT
514
UDP
Syslog
Syslog
636
LDAP
Secure Client connecting to LDAP with SSL
900
TCP
FW1_clntauth_http Client Authentication Daemon
981
Management
https
on
the
edge
1247
1494
TCP
Winframe
Citrix
1645
TCP
Radius
1719
UDP
VOIP
1720
TCP
VOIP
2040
TCP
MIP
meta
Ip
admin
server
2746
UDP
UDP encapsualtion for SR VPN1_IPSEC_encapsulation
VPN1_IPSEC
encapsulation
2746
TCP
CPUDPENCap
4000
Policy
Server
Port
(Redmond)
4433
TCP
Connectra Admin HTTPS Connectra admin port
4500
UDP
NAT-T
NAT
Traversal
4532
TCP
SNDAEMON_PORT sn_auth_trap: sn_auth daemon Sec.Serv
comm,
5001
TCP
Meta
IP
Web
Connection,
MIP
5002
TCP
Meta
IP
DHCP
Failover
5004
TCP
Meta
IP
UAM
5005
TCP
Meta
IP
SMC
6969
UDP
KP_PORT
KeyProt
8116
UDP
Check Point HA SyncMode= CPHAP (new sync mode)
8116
UDP
Connection table synchronization between firewalls
8989
TCP
CPIS
Messaging
MSG_DEFAULT_PORT
8998
TCP
MDS_SERVER_PORT
9000
Command
Line
Port
for
Secure
Client
10001
TCP
Default CPRSM listener port for coms with RealSecure Console
18181
TCP
FW1_cvp Check Point OPSEC Content Vectoring Protocol
18182
TCP
FW1_ufp Check Point OPSEC URL Filtering Protocol
18183
TCP
FW1_sam Check Point OPSEC Suspicious Activity monitoring
Proto
(SAM
API)
18184
TCP
FW1_lea Check Point OPSEC Log Export API
18185
TCP
FW1_omi Check Point OPSEC Objects Management Interface
18186 TCP
FW1_omi-sic Check Point OPSEC Objects management Interface
with
Secure
Internal
Communication
18187
TCP
FW1_ela Check Point OPSEC Event Loging API
18190
TCP
CPMI Check Point
Management
Interface
18191
TCP
CPD
Check
Point
Daemon
Proto
NG
18192
TCP
CPD_amon Check Point Internal Application Monitoring NG
18193
TCP
FW1_amon Check Point OPSEC Appication Monitoring NG
18201
TCP
FGD_SVC_PORT
18202
TCP
CP_rtm Check Point Real time Monitoring
18203
TCP
FGD_RTMP_PORT
18204
TCP
CE
communication
18205
TCP
CP_reporting Check Point Reporting Client Protocol
18207
TCP
FW1_pslogon Check Point Policy Server logon Protocol
18208
TCP
FW1_CPRID (SmartUpdate) Check Point remote Installation
Protocol
18209
TCP
FWM CA for establishing SIC communication
18210
TCP
FW1_ica_pull Check Point Internal CA Pull Certificate Service
18211
TCP
FW1_ica_pull Check Point Internal CA Push Certificate Service
18212
UDP
Connect
Control
Load
Agent
port
18213
TCP
cpinp:
inp
(admin
server)
18214
TCP
cpsmc:
SMC
18214
UDP
cpsmc:
SMC
Connectionless
18221 TCP
CP_redundant Check Point Redundant Management Protocol NG
18231 TCP
FW1_pslogon_NG Check Point NG Policy Server Logon Protocol
18231
TCP
NG listens on this port by default dtps.exe
18232
TCP
FW1_sds_logon Check Point SecuRemote Distribution Server
Protocol
18233 UDP
Check Point SecureClient Verification Keepalive Protocol
FW1_scv_keep_alive
18241
UDP
e2ecp
18262
TCP
CP_Exnet_PK Check Point Public Key Resolution
18263 TCP
CP_Exnet_resolve Check Point Extranet remote objects resolution
18264
TCP
FW1_ica_services Check Point Internal CA Fetch CRL and User
Registration
Services
19190
TCP
FW1_netso Check Point OPSEC User Authority Simple Protocol
19191
TCP
FW1_uaa Check point OPSEC User Authority API
65524
FW1_sds_logon_NG Secure Client Distribution Server Protocol (VC
and
Higher)
Q.5
How SIC work? What are the different ports of SIC?
Ans.
Secure Internal Communication (SIC) lets Check Point platforms and products
authenticate with each other. The SIC procedure creates a trusted status between
gateways, management servers and other Check Point components. SIC is required
to install polices on gateways and to send logs between gateways and management
servers.
These
1.
2.
3.
security
measures
make
Certificates
Standards-based SSL for
3DES
The
Internal
the
sure
of
for
creation
for
Certificate
the
of
safety
the
of
SIC:
authentication
secure channel
encryption
Authority
(ICA)
The ICA is created during the Security Management server installation process. The
ICA is responsible for issuing certificates for authentication. For example, ICA issues
certificates such as SIC certificates for authentication purposes to administrators and
VPN
certificates
to
users
and
gateways.
Initializing
the
Trust
Establishment
Process
Management
server.
To
initialize
SIC:
1.
Decide
on
an
alphanumeric
Activation
Key.
2. In SmartDashboard, open the gateway network object. In the General Properties
page of the gateway, click Communication to initialize the SIC procedure.
3. In the Communication window of the object, enter the Activation Key that you
created
in
step
2.
4.
Click
Initialize.
The ICA signs and issues a certificate to the gateway. Trust state is Initialized but not
trusted. The certificate is issued for the gateway, but not yet delivered.
SSL negotiation takes place. The two communicating peers are authenticated with
their
Activation
Key.
The
certificate
is
downloaded
securely
and
stored
on
the
gateway.
After successful Initialization, the gateway can communicate with any Check Point
node that possesses a SIC certificate, signed by the same ICA. The Activation Key is
deleted. The SIC process no longer requires the Activation Key, only the SIC
certificates.
Checkpoint
PORT
18209
18210
18211
Q.6
Ans.
SIC
tcp
tcp
Ports
TYPE
SERVICE
DESCRIPTION
NGX Gateways <> ICAs (status, issue, or revoke).
tcp
Pulls
Certificates
from
an
ICA.
Used by the cpd daemon (on the gateway) to receive Certificates.
Checkpoint
In case of SNAT
Antispoofing
Session lookup
Policy lookup
Routing
Netting
In case of DNAT
Packet
flow
for
SNAT
and
DNAT?
Antispoofing
Session lookup
Policy lookup
Netting
Routing
Q.7
What is the main different between cpstop/cpstart and fwstop/fwstart?
Ans.
Using cpstop and then cpstart will restart all Check Point components, including the
SVN foundation. Using fwstop and then fwstart will only restart VPN-1/FireWall-1.
Q.8
What is Anti-Boat?
How to block ICMP tunnel in checkpoint?
Difference between fwstop and cpstop?
What are the services which impacted during cpstop and spstart?
What is CPinfo? And why it is used?
What are Cluster_XL, Secure_XL and CORE_XL?
What is Provider1?
What is MDF Database?
How to configure SMC HA?
How
to
check
License
via
Smartview
Monitor?
How to configure perform DNAT before routing via Global Properties?
CHECKPOINT CLUSTER
Q.1
Q.2
Q.3
Q.4
Q.5
Q.6
CHECKPOINT VPN
Q.3
Q.7
Q.8
JUNIPER SCREENOS
Q.1
Q.2
Q.3
Q.4
Q.5
Q.6
ROUTING
Q.1
Q.2
Ans.
AD: - The administrative distance is helpful to select best between two or more
routing Protocols. For example best route selection between OSPF and RIP.
Metric: - Metrics are only helpful to select route inside a routing protocol. For
example best route inside the RIP.
Q.3
Q.4
SWITCHING
Q.1
Q.2
Q.3
Q.4
Q.5
PROTOCOLS
Q.1
What are different ports of FTP? What is the use of FTP different ports?
Ans. A Client makes a TCP connection to the server port 21. This connection
remains open for the duration of the session and thus it is called a control session.
Then another connection is opened on Port 20 and it is called the data connection.
The control connection is used for authenticating, command and administrating
exchanged between the client and the server.
Q.2
Ans.
Passive FTP: - In passive mode, the client establishes both channels (Data and
control). In that case, the server tells the client which port should be used for the
data channel.
Active FTP: - In active mode, the client establishes the control channel but the
server establishes the data channel.
Q.3
Q.4
Ans.
Q.5
Ans.
Q.6
MCAFEE
Q.1
Q.2
Q.3
Q.4
Q.5
Q.6
Q.7
Q.8
Q.4
MISC QUESTION
Q.1