Vous êtes sur la page 1sur 7

Question 1:

Question 1: What is Checkpoint Firewall Architecture? Answer: Check Point has developed a Unified Security Architecture
Question 1: What is Checkpoint Firewall Architecture? Answer: Check Point has developed a Unified Security Architecture
Question 1: What is Checkpoint Firewall Architecture? Answer: Check Point has developed a Unified Security Architecture
Question 1: What is Checkpoint Firewall Architecture? Answer: Check Point has developed a Unified Security Architecture
Question 1: What is Checkpoint Firewall Architecture? Answer: Check Point has developed a Unified Security Architecture
Question 1: What is Checkpoint Firewall Architecture? Answer: Check Point has developed a Unified Security Architecture

What is Checkpoint Firewall Architecture?

Answer:

Check Point has developed a Unified Security Architecture that is implemented throughout all of its security products. This Unified Security Architecture enables all Check Point products to be managed and monitored from a single administrative console, and provides a consistent level of security.

Question 2:

What is stateful inspection?

Answer:

Stateful inspection was invented by checkpoint, providing accurate and highly efficient traffic inspection. The
Stateful inspection was invented by checkpoint, providing accurate and highly efficient
traffic inspection. The inspection engine examines every packet as they are intercepted
at the network layer. The connection state and context information are stored and
updated dynamically in kernel table.
Question 3:
What is policy installation process in checkpoint firewall?
Answer:
a. INITIATION - Policy installation is initiated by the GUI.
b. VERIFICATION -The information in the database is verified
c. CONVERSION- The information in database is converted
d. CODE GENERATION & COMPILATION- Policy is translated to the INSPECT
language and compiled with the INSPECT compiler.

e. CPTA- checkpoint policy transfer agent transfers the policy to the firewall gateway using SIC

f. COMMIT- The gateway is instructed to load the new policy

Question 4:

What is the main purpose for the Security managementserver?

Answer:

Security management server is used for administrative management of the security policy, stores databased and objects.

www.NetTech.org.in

Question 5:

Question 5: What is the difference between standalone and distributed installation? Answer: A Standalone deployment is
Question 5: What is the difference between standalone and distributed installation? Answer: A Standalone deployment is
Question 5: What is the difference between standalone and distributed installation? Answer: A Standalone deployment is
Question 5: What is the difference between standalone and distributed installation? Answer: A Standalone deployment is
Question 5: What is the difference between standalone and distributed installation? Answer: A Standalone deployment is
Question 5: What is the difference between standalone and distributed installation? Answer: A Standalone deployment is

What is the difference between standalone and distributed installation?

Answer:

A Standalone deployment is the simplest deployment, where the management server and the gateway are installed on the same machine.

A distributed deployment is a more complex deployment, where the gateway and management server are deployed on different machines.

Question 6: what is SIC? Answer:Secure internal Communication (SIC) is the checkpoint feature that ensures
Question 6: what is SIC?
Answer:Secure internal Communication (SIC) is the checkpoint feature that ensures
components, such as Security Gateways, Security Management servers, etc. can
communicate freely and securely. The following security measures are taken to ensure
the safety of SIC
 Certificates for authentication
 Standards-based SSL for the creation of the secure channel
 3DES for encryption.
Question 7:what is Internal Certificate Authority (ICA)?
Answer:ICA is created during the management server installation process. It is
responsible for issuing certificates for:

SIC

VPN certificates for gateways

Users

Question 8:

What is Fw unload local?

Answer:

Fwunloadlocal is a command used to detach the security policy from the local machine.

www.NetTech.org.in

Question 9:

What is stealth rule in checkpoint firewall?

Answer:

9: What is stealth rule in checkpoint firewall? Answer: Stealth rule prevents users from connecting directly

Stealth rule prevents users from connecting directly to the gateway. Stealth rule at the top of the rule base protects your gateway from port scanning, spoofing and other types of direct attacks.

Question 10:

What is FW Monitor command?

Answer: FW Monitor is a packet analyzer tool available on every checkpoint security Gateway. It
Answer:
FW Monitor is a packet analyzer tool available on every checkpoint security Gateway.
It provides Kernel level inspection and works for Layers 3 and above in OSI model.
There are four inspection points as a packet passes through the kernel (or virtual
Machine)
i ---- Before the Virtual machine, in the inbound direction (Pre-Inbound)
I ---- After the virtual machine, in the inbound direction (Post – inbound)
o ---- Before the virtual machine, in the outbound direction (Pre Outbound)
O --- After the virtual machine, in the outbound direction (Post Outbound)
Question 11 – What are the two types of Check Point NG licenses?
Answer:

Central and Local licenses Central licenses are the new licensing model and are bound to the Security management server. Local licenses are the legacy licensing model and are bound to the enforcement module.

www.NetTech.org.in

Question 12 – What are the functions of CPD , FWM , and FWD processes?
Question 12 – What are the functions of CPD , FWM , and FWD processes?
Question 12 – What are the functions of CPD , FWM , and FWD processes?
Question 12 – What are the functions of CPD , FWM , and FWD processes?
Question 12 – What are the functions of CPD , FWM , and FWD processes?
Question 12 – What are the functions of CPD , FWM , and FWD processes?

Question 12 – What are the functions of CPD, FWM, and FWD processes?

Answer:

CPD – CPD is a high in the hierarchical chain and helps to execute many services, such as Secure Internal Communication (SIC), Licensing and status report. FWM – The FWM process is responsible for the execution of the database activities of the Management server. It is; therefore, responsible for Policy installation, Management High Availability (HA) Synchronization, saving the Policy, Database Read/Write action, Log Display, etc. FWD – The FWD process is responsible for logging. It is executed in relation to logging, Security Servers and communication with OPSEC applications.

Question 13: What are the major differences between SPLAT and GAIA platforms? Answer. Gaia is
Question 13:
What are the major differences between SPLAT and GAIA platforms?
Answer.
Gaia is the latest version of Checkpoint which is a combination of SPLAT and IPSO.
Here are some benefits of Gaia as compare to SPLAT/IPSO.
1. Web-Based user interface with Search Navigation
2. Full Software Blade support
3. High connection capacity
4. Role-Based administrative Access
5. Intelligent Software updates
6. Native IPv4 and IPv6 Support
7. ClusterXL or VRRP Clusters
8. Manageable Dynamic Routing Suite

Question 14: what ports are used in SIC?

Answer:

8210

TCP

Pulls Certificates from an ICA.

18211

TCP

Used by the cod daemon (on the gateway) to receive Certificates.

www.NetTech.org.in

Question 15: Answer : PORT 256 TCP 257 TCP 259 TCP 500 UDP 900 TCP

Question 15:

Answer:

PORT

256

TCP

257

TCP

259

TCP

500

UDP

900

TCP

4433

TCP

4500

UDP

What are the different Checkpoint Ports and purpose of these ports?

TYPE SHORT DESCRIPTION

FW1 Checkpoint Security gateway Service FW1_log Protocol Used for delivering logs from FWM FW1_clientauth_telnet ( Client Authentication ) IPSEC IKE Protocol (formerly ISAKMP/Oakley) FW1_clntauth_http (Client Authentication)) Management server Portal NAT-T NAT Traversal, Check Point Cluster Control protocol (CCP) CPMI Check Point Management Interface,

8116 UDP 18190 TCP Protocol for communication between GUI and Management Server 18191 TCP CPD
8116
UDP
18190
TCP
Protocol for communication between GUI and Management
Server
18191
TCP
CPD Check Point Daemon Protocol
Download of rule base from Management Server to FWM
Fetching rule base from FWM to Management server.
18192
TCP
CPD_amon Check Point Internal Application Monitoring
18210
TCP
FW1_ica_pull Check Point Internal CA Pull Certificate
Service
18211
TCP
FW1_ica_pull Check Point Internal CA Push Certificate
Service

Question 16: What’s the difference between tcpdump and fewmonitor?

Answer:

Tcpdump displays traffic coming or leaving to/from a firewall interface while few monitor would also tell you how the packet is going through the firewall including routing and NAT decisions.

FW Monitor captures traffic at 4 important points in the firewall namely i, I, o & O. You would see them in the capture in the same sequence. TCP Dumpcaptures at position i & O of firewall monitor, and you can be sure the traffic has left the firewall. This is similar to the way captures work on a Cisco PIX/ASA

www.NetTech.org.in

Question 17: what is bi-directional NAT?

Question 17: what is bi-directional NAT? Answer: If Bi-directional NAT is selected, the gateway will check

Answer:

If Bi-directional NAT is selected, the gateway will check all NAT rules to see if there is a source match in one rule, and a destination match in another rule. The Gateway will use the first matches found, and apply both rules concurrently.

Question 18:What are the stages of a phase2 IKE exchange?

Answer:

Peers exchange more key material, and agree on encryption and integrity methods for IPsec Key. The DH Key is combined with the key material to produce the symmetrical IP Sec key.

Question 19: Why cleanup rule need to add explicitly in Checkpoint Smart dashboard? Answer: Cleanup
Question 19: Why cleanup rule need to add explicitly in Checkpoint Smart dashboard?
Answer:
Cleanup rule is required to drop all traffic that did not match any of the other rules (from
top to bottom) However there is an Implied rule in Checkpoint that does the same action
of dropping packets if no rule exists ( as you mentioned) but logging is not enabled for
this implied rule.
Question 20:
What Is the Difference in A Snapshot/Backup/Upgrade Export (Migrate
Export)/Database Revision Control

Answer:

Snapshot:

The snapshot utility backs up everything, including the drivers, .Snapshot can be used to backup both your firewall and management modules. The disadvantages of this utility are that the generated file is very big, and can only be restored to the same device and exactly the same state (same OS, same Check Point version, and same patch level).

www.NetTech.org.in

Backups: The backup utility backs up your Check Point configuration and your networking/OS system parameters

Backups:

The backup utility backs up your Check Point configuration and your networking/OS system parameters (such as routing), the backup utility can be used to backup both your firewall and management modules. The resulting file will be smaller than the one generated by snapshot. Backup does not include the drivers, and can be restored to different machine (as opposed to snapshot, which cannot).

Database Revision Control:

This utility creates a version of your current policies, object database, IPS updates, etc. It is useful for minor changes or edits that you perform in Smart Dashboard. It cannot be used to restore your system in case of failure.

Migrate Export (Upgrade Export):

'upgrade export' tool backs up all Check Point configurations, independent of hardware, OS or Check Point version, but does not include OS information. You can use this utility to backup Check Point configuration on the management station. If you change the Check Point version you can only go up, in other words you can upgrade not downgrade. This utility can be used only on command line and cannot be scheduled.

Recommended backup schedule: Snapshot - at least once, or before major change (for example: an
Recommended backup schedule:
Snapshot - at least once, or before major change (for example: an upgrade), during a
maintenance window.
Backup - every couple of months, depending how frequently you perform changes in
your network/policy. Also before every major change, during a maintenance window.
Upgrade export - every month or more often, depending on how frequently you
perform changes in your network/policy. Also important before upgrade or migration.
Can be run outside a maintenance window.

www.NetTech.org.in