Professional Documents
Culture Documents
Firewall Administration
Training
Introduction
Introduce the Instructor
Introduce you!
Introduce the course
You
What is Firewall?
A firewall is a system of
hardware and/or software
that controls access between
two or more networks.
Firewall sits at the junction point or gateway
between the two networks, usually a private
network and a public network such as the
Internet.
Types of Firewalls
Categories of firewalls
Hardware Firewalls
Software Firewalls
Hardware Firewall
Software Firewall
DMZ Interface
A firewall needs a minimum number of two
interfaces to connect to two different networks.
A third interface can be added to the firewall ,
to separate the public servers from the private
LAN.
This interface is referred as Demilitarized Zone
( DMZ).
This is done so that, even if the public servers
are attacked , the private LAN still remains
secure.
Contd
Address Translation
Authentication
Content Security
Logging network activity
VPN Termination
Checkpoint Power-1
Appliance
Checkpoint Firewall
This is a software firewall and one of
the earliest firewalls to use Stateful
inspection.
It is modular in nature, with separate
functions incorporated in each
module.
Checkpoint Firewall
Components
Management Server
Firewall Module
Graphical User Interface (GUI)
Firewall Models
Single Gateway product
Enterprise Gateway product
(Distributed Setup)
Licensing
The Checkpoint Firewall needs to be
licensed before it can be used.
Licenses primarily specify the
number of IP addresses that will be
protected by Firewall-1, that is, the
number of hosts behind the firewall.
The License will also decide which
features are enabled on the firewall.
Types of Licensing
Central License
Local License
Checkpoint Firewall
Rulebase
Firewall-1 Rulebase
Firewall-1 Rulebase
The Rule base is where you actually
define which traffic can be allowed
and which traffic has to be dropped
when passing through the firewall.
It consists of a set of rules defining
the security policy of the organization
The rule base is processed in a top
down fashion
Format of a rule
Cleanup Rule
By default, anything that is not explicitly
permitted is dropped and no log is
maintained for dropped packets.
To see which packets did not match any
rule in the rule base, you have to define an
explicit drop rule in the policy and enable
tracking.
The cleanup rule will have Source ANY,
Destination ANY, Service ANY , Action
DROP and Track will be LOG.
The cleanup rule should be the last rule in
the rule base.
Ip Spoofing
IP Spoofing is an attack in which the
hacker forges the IP address of his
packet to make it appear as if it is from
a legitimate source.
Checkpoint can guard against spoofing
attacks.
The anti spoofing feature can be
turned on from the Topology tab of
the firewall object.