Checkpoint õط 1 policy?global properties 2 Gateway
ϴݵö
222 Policy design cp policy ص㣺
1 Accept only the traffic that is required ,drop anything else ģܾ
2 When a rule is match ,that action is followed and no more rules are checked.
ǴϵƥģǰѾƥ£Dzȥƥ 3 there is an invisible rule at the bottom of runbase : drop anything
һܾ
rule Stealth Rule
Placed near the top of the policy and explicitly blocks access to the firewall
Clean up rule
Placed at the bottom of the policy and explicitly drops and log all traffic that has not match other rules .but the clean up rule ensure it get logged.
223ȫжذȫ
Request that the security policy be unloaded from remote gateways 1 from the menu,policy ?uninstall
2 run the command fw unload local from the command line of the gateway itself
224 cp implied Rules IJ
1- View?implied rules ʾsecurity pane ߵ
ЩIJԣֶɾ
2- policy?global properties ?firewall
225 Checkpoint NAT
1 Զ
A Hide NAT (൱PAT) B Static Nat 2 ֶ
A Hide Nat
B Static Nat
C Port translation
̬NATPATת
ֶ(Proxy ARP)
226 Checkpoint ֤ʽ 1 user Authentication
1 ֻܹ֧http ftp telnet rlogin
2 User authentication ǻÿһconnection 3 cisco cute-through
snauth(tcp/261) Fwl_snauth 2 session auth 3 client auth
1 clientҪ
FWl_clntauth_http (http/900)FWl_clntauth_telnet(telnet/259) 2 client½ʽ
a manual
b partially auto
c full auto
d agent auto sign
e single sign on
(1)partially auto:http Ftptelnet rlogn ʹuser auth ,Эʹclient auth manual auth
(2)full auto:http ftp telnet rlogin ʹuser auth Эʹsession auth ,manual auth Ȼڡ
3Agent auto Эʹsession auth,manual auth Ȼڡ 4single sign-on :ʹuser authority server ʵһԵ½
Opsec ȫƽ̨ CiFS windowsļ
227 Vpn 1 VPNʽ 2 ͳVPNʽ 3 봫ͳVPNʽ
VPN Communities ص
1 VPN communities 豸ӵͬIJ 2 ò׳ϵĴ
3 SmartcenterܹԶVPN deviceͳһ
Vpn communities types 1 meshed(״) 2 star()
豸ϼcommunities
豸϶Ȥ
Remote access vpn
ͻcheckpoint
Checkpoint ʵֲ
31 Remote access vpn ʵ
outside ˣһ̨VPNõPC½ɹpingͨڲ172.16.1.0/24 1 PC
loading