CP_R71_Firewall_AdminGuide.pdf
(
2605 KB
)
Pobierz
Firewall
R71
Administration Guide
13 April, 2010
More Information
The latest version of this document is at:
http://supportcontent.checkpoint.com/documentation_download?ID=10309
For additional technical information about Check Point visit Check Point Support Center
(http://supportcenter.checkpoint.com).
Feedback
Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your
comments to us (mailto:cp_techpub_feedback@checkpoint.com?subject=Feedback
on Firewall R71
Administration Guide).
© 2010 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under
licensing restricting their use, copying, distribution, and decompilation. No part of this product or related
documentation may be reproduced in any form or by any means without prior written authorization of Check
Point. While every precaution has been taken in the preparation of this book, Check Point assumes no
responsibility for errors or omissions. This publication and features described herein are subject to change
without notice.
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph
(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR
52.227-19.
TRADEMARKS:
Please refer to our Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks.
Please refer to our Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a
list of relevant copyrights.
Contents
Access Control .......................................................................................................8
Check Point Access Control Solution .................................................................. 8
Rules and the Rule Base ..................................................................................... 9
Rule Base Elements ....................................................................................... 9
Implied Rules .................................................................................................10
Order of Rule Enforcement ............................................................................10
Example Access Control Rule........................................................................10
Special Considerations for Access Control ....................................................10
Defining Access Control Rules .......................................................................12
Defining an Access Control Policy ...............................................................12
Preventing IP Spoofing .......................................................................................13
Configuring Anti-Spoofing ..............................................................................14
Excluding Specific Internal Addresses ...........................................................15
Legal Addresses ............................................................................................15
Multicast Access Control ....................................................................................16
Multicast Routing Protocols............................................................................16
Dynamic Registration Using IGMP .................................................................16
IP Multicast Group Addressing .......................................................................16
Per-Interface Multicast Restrictions................................................................17
Configuring Multicast Access Control .............................................................18
Cooperative Enforcement ...................................................................................18
Enforcement Mode ........................................................................................19
NAT Environments .........................................................................................19
Monitor Only Deployment Mode .....................................................................19
Configuring Cooperative Enforcement ...........................................................19
End Point Quarantine (EPQ) - Intel® AMT .......................................................20
Configuring End Point Quarantine (EPQ) .......................................................20
Authentication.......................................................................................................25
Authentication Schemes .....................................................................................25
Check Point Password ...................................................................................25
Operating System Password ..........................................................................25
RADIUS .........................................................................................................25
SecurID..........................................................................................................27
TACACS ........................................................................................................28
Undefined ......................................................................................................29
Authentication Methods ......................................................................................29
User Authentication .......................................................................................29
Session Authentication ..................................................................................30
Client Authentication ......................................................................................32
Creating Users and Groups ................................................................................37
Creating User Groups ....................................................................................37
Creating a User Template ..............................................................................37
Creating Users ...............................................................................................38
Installing User Information in the Database....................................................38
Configuring Authentication Tracking ...................................................................38
Configuring Policy for Groups of Windows Users ...............................................38
Network Address Translation ..............................................................................40
NAT Modes ........................................................................................................40
Static NAT .....................................................................................................41
Hide NAT .......................................................................................................41
NAT Rule Base...................................................................................................43
Rule Match Order ..........................................................................................43
Automatic and Manual NAT Rules .................................................................44
Bidirectional NAT ...........................................................................................44
Understanding Automatically Generated Rules ..............................................44
Planning Considerations for NAT........................................................................45
Hide Versus Static .........................................................................................45
Automatic Versus Manual Rules ....................................................................45
Choosing the Hide Address in Hide NAT .......................................................46
Specific Deployment Considerations..............................................................46
Configuring NAT .................................................................................................47
General Steps for Configuring NAT................................................................47
Basic Configuration - Network Node with Hide NAT .......................................48
Sample Configuration (Static and Hide NAT) .................................................49
Sample Configuration (Using Manual Rules for Port Translation)...................50
Configuring Automatic Hide NAT for Internal Networks ..................................50
Advanced NAT Configuration .............................................................................51
Connecting Translated Objects on Different Interfaces ..................................51
Internal Communication with Overlapping Addresses ....................................51
Security Management Behind NAT ................................................................53
IP Pool NAT ...................................................................................................55
ISP Redundancy ...................................................................................................59
ISP Redundancy Overview .................................................................................59
ISP Redundancy Operational Modes .............................................................60
Monitoring the ISP Links ................................................................................60
How ISP Redundancy Works .........................................................................61
ISP Redundancy Script ..................................................................................62
Manually Changing the Link Status (fw isp_link) ............................................62
ISP Redundancy Deployments ......................................................................62
ISP Redundancy and VPNs ...........................................................................64
Considerations for ISP Link Redundancy ...........................................................65
Choosing the Deployment ..............................................................................65
Choosing the Redundancy Mode ...................................................................66
Configuring ISP Link Redundancy ......................................................................66
Introduction to ISP Link Redundancy Configuration .......................................66
Registering the Domain and Obtaining IP Addresses.....................................66
DNS Server Configuration for Incoming Connections.....................................67
Dialup Link Setup for Incoming Connections..................................................67
SmartDashboard Configuration ......................................................................67
Configuring Default Route for ISP Redundancy Gateway ..............................69
ConnectControl - Server Load Balancing ...........................................................70
Introduction to ConnectControl ...........................................................................70
Load-Balancing Methods ....................................................................................70
ConnectControl Packet Flow ..............................................................................71
Logical Server Types ..........................................................................................71
HTTP .............................................................................................................71
Other .............................................................................................................73
Considering Logical Server Types .................................................................73
Persistent Server Mode ......................................................................................73
Persistency By Server....................................................................................74
Persistency By Service ..................................................................................74
Persistent Server Timeout..............................................................................74
Server Availability ...............................................................................................75
Load Measuring ..................................................................................................75
Configuring ConnectControl ...............................................................................75
Bridge Mode ..........................................................................................................77
Introduction to Bridge Mode................................................................................77
Limitations in Bridge Mode .................................................................................77
Configuring Bridge Mode ....................................................................................78
Bridging Interfaces .........................................................................................78
Configuring Anti-Spoofing ..............................................................................78
Displaying the Bridge Configuration ...............................................................78
CoreXL Administration .........................................................................................80
Introduction to CoreXL........................................................................................80
Supported Platforms and Features ................................................................80
Default Configuration .....................................................................................80
Performance Tuning ...........................................................................................81
Processing Core Allocation ............................................................................81
Allocating Processing Cores ..........................................................................81
Configuring CoreXL ............................................................................................84
Command Line Reference ..................................................................................84
Affinity Settings ..............................................................................................84
fwaffinity.conf .................................................................................................84
fwaffinty_apply ...............................................................................................85
fw ctl affinity ...................................................................................................86
fw ctl multik stat .............................................................................................87
Anti-Virus and URL Filtering ................................................................................88
Anti-Virus Protection ...........................................................................................88
Introduction to Integrated Anti-Virus Protection ..............................................88
Architecture ...................................................................................................88
Configuring Integrated Anti-Virus Scanning ...................................................88
Database Updates .........................................................................................89
Understanding Anti-Virus Scanning Options ..................................................90
Configuring Anti-Virus ....................................................................................96
Logging and Monitoring .................................................................................98
UTM-1 Edge Anti-Virus ..................................................................................98
URL Filtering ......................................................................................................99
Introduction to URL Filtering ..........................................................................99
Terminology ...................................................................................................99
Architecture ...................................................................................................99
Configuring URL Filtering .............................................................................100
Anti-Spam and Mail............................................................................................. 101
Introduction to Anti-Spam and Mail Security .....................................................101
Mail Security Overview .....................................................................................102
Anti-Spam ....................................................................................................102
Adaptive Continuous Download ...................................................................104
Configuring Anti-Spam .....................................................................................104
Configuring a Content Anti-Spam Policy ......................................................104
Configuring an IP Reputation Policy.............................................................104
Configuring a Block List ...............................................................................105
Configuring Anti-Spam SMTP ......................................................................105
Configuring Anti-Spam POP3 ......................................................................105
Configuring Network Exceptions ..................................................................105
Configuring an Allow List .............................................................................106
Selecting a Customized Server ....................................................................106
Anti-Spam on UTM-1 Edge Devices ............................................................106
Bridge Mode and Anti-Spam ........................................................................107
Configuring Anti-Virus Protection for Mail .........................................................107
Configuring Mail Anti-Virus...........................................................................107
Configuring Zero Hour Malware Protection ..................................................108
Configuring SMTP and POP3 ......................................................................108
Configuring File Types .................................................................................109
Configuring Settings ....................................................................................109
Configuring a Disclaimer ..................................................................................109
Anti-Spam Logging and Monitoring...................................................................110
Reporting False Positives to Check Point .........................................................110
Anti-Spam Tracking and Reporting Options ......................................................110
SmartView Tracker ......................................................................................111
SmartView Monitor ......................................................................................111
SmartReporter .............................................................................................111
Plik z chomika:
miszz
Inne pliki z tego folderu:
vmw-nsx-network-virtualization-design-guide.pdf
(21727 KB)
vmware-vxlan-deployment-guide-white-paper.pdf
(13501 KB)
waris-l2vpn-tutorial (1).pdf
(2417 KB)
White_Paper_Design_VMware_Arista_3-15-2014.pdf
(1852 KB)
Jacek_Skowyra_Juniper_routers_security(2).pdf
(1218 KB)
Inne foldery tego chomika:
Pliki dostępne do 09.04.2026
Dokumenty
Drivers
Galeria
Obrazy BIN ISO VMWare
Zgłoś jeśli
naruszono regulamin