1. Introduction to Check Point

posted 28 Sep 2013, 05:59 by Santosh Kumar   [ updated 28 Sep 2013, 08:46 ]

Check Point is well known vendor for Firewall, They are pioneer in Firewall technology. Check Point firewall is software package based firewall which runs on top of an operating system (OS), supported operating systems are GAiA, Secure Platform (Linux), IPSO, Windows etc. In check point environment it’s really important to understand responsibility area of both An Operating system and Firewall package because both are working in an integrated manner, especially when it comes to troubleshooting then it’s important to find out that if it’s problem related to OS or firewall package. In summary OS is responsible for Interface configuration, Routing, DNS, DHCP, Backup, NTP, VLAN etc. and Firewall Package is responsible for Filtering, NAT, VPN, IPS, DLP, QOS etc. (Depending on currently configured blades)

                                                Working of firewall is once it’s installed on any box firewall kernel gets integrated with box’s OS kernel. As we know that Networking operations are divided into 7 layers by OSI, so before firewall package installation packet was being processed by OS kernel only but when we install firewall Package it puts firewall kernel in between OS layer 2 (Data link Layer) and Layer 3 (Network Layer) means now if any packet comes first it will be processed by OS kernel up to Layer 2 then it will be captured by Firewall Kernel and firewall kernel will process it up to layer 7 in its own stack if it’s accepted by firewall rule and Application security then this packet will be handed over to OS kernel on Layer 3 then OS will process it normally but if packet is not accepted as per firewall rules or application security then it will be dropped or rejected by firewall kernel as per configured action in this case packet will be visible to OS up to layer 2 but OS won’t get that packet on Layer 3. Check Point’s inspect module is responsible for doing filtering of packet, inspect module is working between OS layer 2 & Layer 3 or we can understand in this way that inspect module is working between NIC (up to layer 2) and TC/IP stack (Layer3 & above) then following is the flow diagram for a packet

Inspect Packet Flow


Check Point firewall can be implemented in Layer 3 or Layer 2 mode, default mode is Layer 3 mode. Layer 2 mode implantation is known as Bridge Mode/ Transparent Mode. Check Point has support for Layer 2 mode implementation but it’s not recommended to implement firewall in this mode as this mode has some limitation but whenever it’s required to put firewall in between without changing layer 3 topology then it’s helpful. In bridge mode it allow you to use two interface only and it will configure these interfaces as bridge interface if any traffic is coming to interface 1 it will forward to interface 2 and vice versa and during this forwarding it will perform firewall filtering. Check Point bridge mode is supported on GAiA & Secure Platform operating System but it can be configured on IPSO as well with more limitation to it on IPSO bridge mode can be configured for Firewall blade only.

                     Bridge Mode Implementation of Check Point Firewall

For Check Point box you have various options available Either you can use any I386 architecture Server or Workstation computer installed with previously mentioned OS except IPSO ( Also known as Open Server) or you can have Check Point IP Appliances ( Previously known as Nokia IP Appliances) running IPSO or GAiA or you may have Check Point UTM Devices

Comments