Check Point is well known vendor for Firewall, They are pioneer
in Firewall technology. Check Point firewall is software package based firewall
which runs on top of an operating system (OS), supported operating systems are
GAiA, Secure Platform (Linux), IPSO, Windows etc. In check point environment it’s
really important to understand responsibility area of both An Operating system
and Firewall package because both are working in an integrated manner, especially
when it comes to troubleshooting then it’s important to find out that if it’s
problem related to OS or firewall package. In summary OS is responsible for Interface
configuration, Routing, DNS, DHCP, Backup, NTP, VLAN etc. and Firewall Package
is responsible for Filtering, NAT, VPN, IPS, DLP, QOS etc. (Depending on
currently configured blades)
Working
of firewall is once it’s installed on any box firewall kernel gets integrated
with box’s OS kernel. As we know that Networking operations are divided into 7
layers by OSI, so before firewall package installation packet was being
processed by OS kernel only but when we install firewall Package it puts firewall
kernel in between OS layer 2 (Data link Layer) and Layer 3 (Network Layer)
means now if any packet comes first it will be processed by OS kernel up to Layer
2 then it will be captured by Firewall Kernel and firewall kernel will process it
up to layer 7 in its own stack if it’s accepted by firewall rule and
Application security then this packet will be handed over to OS kernel on Layer
3 then OS will process it normally but if packet is not accepted as per
firewall rules or application security then it will be dropped or rejected by
firewall kernel as per configured action in this case packet will be visible to
OS up to layer 2 but OS won’t get that packet on Layer 3. Check Point’s inspect
module is responsible for doing filtering of packet, inspect module is working
between OS layer 2 & Layer 3 or we can understand in this way that inspect
module is working between NIC (up to layer 2) and TC/IP stack (Layer3 &
above) then following is the flow diagram for a packet
Inspect Packet Flow
Check Point firewall can be
implemented in Layer 3 or Layer 2 mode, default mode is Layer 3 mode. Layer 2
mode implantation is known as Bridge Mode/ Transparent Mode. Check Point has
support for Layer 2 mode implementation but it’s not recommended to implement
firewall in this mode as this mode has some limitation but whenever it’s
required to put firewall in between without changing layer 3 topology then it’s
helpful. In bridge mode it allow you to use two interface only and it will
configure these interfaces as bridge interface if any traffic is coming to interface
1 it will forward to interface 2 and vice versa and during this forwarding it
will perform firewall filtering. Check Point bridge mode is supported on GAiA
& Secure Platform operating System but it can be configured on IPSO as well
with more limitation to it on IPSO bridge mode can be configured for Firewall
blade only.
Bridge
Mode Implementation of Check Point Firewall
For
Check Point box you have various options available Either you can use any I386
architecture Server or Workstation computer installed with previously mentioned
OS except IPSO ( Also known as Open Server) or you can have Check Point IP
Appliances ( Previously known as Nokia IP Appliances) running IPSO or GAiA or
you may have Check Point UTM Devices
|