Topics discussed on this page are from Check Point Level 1 Certification which is known as Check Point Certified Security Administrator |
Check Point >
Tutorial For Level 1
1. Introduction to Check Point
Check Point is well known vendor for Firewall, They are pioneer in Firewall technology. Check Point firewall is software package based firewall which runs on top of an operating system (OS), supported operating systems are GAiA, Secure Platform (Linux), IPSO, Windows etc. In check point environment it’s really important to understand responsibility area of both An Operating system and Firewall package because both are working in an integrated manner, especially when it comes to troubleshooting then it’s important to find out that if it’s problem related to OS or firewall package. In summary OS is responsible for Interface configuration, Routing, DNS, DHCP, Backup, NTP, VLAN etc. and Firewall Package is responsible for Filtering, NAT, VPN, IPS, DLP, QOS etc. (Depending on currently configured blades) Working of firewall is once it’s installed on any box firewall kernel gets integrated with box’s OS kernel. As we know that Networking operations are divided into 7 layers by OSI, so before firewall package installation packet was being processed by OS kernel only but when we install firewall Package it puts firewall kernel in between OS layer 2 (Data link Layer) and Layer 3 (Network Layer) means now if any packet comes first it will be processed by OS kernel up to Layer 2 then it will be captured by Firewall Kernel and firewall kernel will process it up to layer 7 in its own stack if it’s accepted by firewall rule and Application security then this packet will be handed over to OS kernel on Layer 3 then OS will process it normally but if packet is not accepted as per firewall rules or application security then it will be dropped or rejected by firewall kernel as per configured action in this case packet will be visible to OS up to layer 2 but OS won’t get that packet on Layer 3. Check Point’s inspect module is responsible for doing filtering of packet, inspect module is working between OS layer 2 & Layer 3 or we can understand in this way that inspect module is working between NIC (up to layer 2) and TC/IP stack (Layer3 & above) then following is the flow diagram for a packet Inspect Packet Flow
Check Point firewall can be implemented in Layer 3 or Layer 2 mode, default mode is Layer 3 mode. Layer 2 mode implantation is known as Bridge Mode/ Transparent Mode. Check Point has support for Layer 2 mode implementation but it’s not recommended to implement firewall in this mode as this mode has some limitation but whenever it’s required to put firewall in between without changing layer 3 topology then it’s helpful. In bridge mode it allow you to use two interface only and it will configure these interfaces as bridge interface if any traffic is coming to interface 1 it will forward to interface 2 and vice versa and during this forwarding it will perform firewall filtering. Check Point bridge mode is supported on GAiA & Secure Platform operating System but it can be configured on IPSO as well with more limitation to it on IPSO bridge mode can be configured for Firewall blade only.  Bridge Mode Implementation of Check Point Firewall For
Check Point box you have various options available Either you can use any I386
architecture Server or Workstation computer installed with previously mentioned
OS except IPSO ( Also known as Open Server) or you can have Check Point IP
Appliances ( Previously known as Nokia IP Appliances) running IPSO or GAiA or
you may have Check Point UTM Devices
|
1-1 of 1