Check Point R80.20 Manuals

Manuals and User Guides for Check Point R80.20. We have 1 Check Point R80.20 manual available for free PDF download: Manual

Check Point R80.20 Manual (626 pages)

NEXT GENERATION SECURITY GATEWAY

Brand: Check Point | Category: Gateway | Size: 5 MB

Important Information
3
Smartconsole Toolbars
5
Table of Contents
7
Terms
16
Check Point Next Generation Security Gateway Solution
18
Overview of Firewall Features
18
How to Use this Guide
18
Components of the Check Point Firewall Solution
20
Mirror and Decrypt
21
Introduction to Mirror and Decrypt
21
Mirror and Decrypt Requirements
24
Configuring Mirror and Decrypt in Gateway Mode
25
Preparing the Security Gateway
26
Configuring Mirror and Decrypt in Smartconsole
27
Configuring Mirror and Decrypt in VSX Mode
32
Preparing the VSX Gateway
34
Configuring Mirror and Decrypt in Smartconsole for One Virtual System
35
Configuring Mirror and Decrypt in Smartconsole for Several Virtual Systems
40
Mirror and Decrypt Logs
45
ICAP Client
46
Introduction to ICAP
46
ICAP Client in Check Point Security Gateway
51
ICAP Client User Disclaimer
52
Configuring ICAP Client in Gateway Mode
53
Configuring ICAP Client in VSX Mode
54
The ICAP Client Configuration File
55
Example of the ICAP Client Configuration File
67
Advanced ICAP Client Configuration
70
Configuring Additional ICAP Response Headers for Enforcement
70
Configuring Additional HTTPS Status Code, Which ICAP Client Sends in RESPMOD
76
Configuring Connection Timeout for ICAP Connections
78
Configuring ICAP Client Data Trickling Parameters
79
Hardware Security Module (HSM)
82
Why Use an HSM
82
The Check Point Environment with Gemalto Safenet HSM Appliance
83
Workflow for Setting up Your HSM Environment
83
Step 1: Extracting the Gemalto Help Package
84
Step 2: Configuring the Gemalto HSM Appliance Server to Work with Check Point Security Gateway
84
Step 3: Configuring the Gemalto HSM Client Workstation
85
Step 4: Creating the CA Certificate on the Gemalto HSM Appliance Server
86
Step 5: Configuring the Check Point Security Gateway to Work with the Gemalto HSM Appliance Server
87
(A) Installing the Gemalto HSM Simplified Client Software Packages on the Check Point Security Gateway
88
(B) Establishing a Trust Link between the Check Point Security Gateway and the Gemalto HSM Appliance Server
88
Configuring HTTPS Inspection on the Check Point Security Gateway to Work with the Gemalto HSM Appliance Server
90
Additional Actions for a Gemalto HSM Appliance Server
91
Disabling Communication from the Check Point Gateway to the Gemalto HSM Appliance Server
91
Deleting a Trust Link with the HSM Appliance Server
91
Configuring a Second Interface on a Gemalto HSM Appliance for NTLS
92
Monitoring HTTPS Inspection on Check Point Gateway When Working with the Gemalto HSM Appliance Server
92
Smartconsole Logs
93
Snmp
95
Cpstat Https_Inspection
101
Creating an Access Control Policy
107
Managing Gateways
107
Manually Updating the Gateway Topology
107
Dynamically Updating the Topology
107
Introducing the Unified Access Control Policy
108
Creating a Basic Access Control Policy
109
Basic Rules
109
Use Case - Basic Access Control
109
Use Case - Inline Layer for each Department
110
Creating Application Control and URL Filtering Rules
112
Monitoring Applications
112
Blocking Applications and Informing Users
113
Limiting Application Traffic
113
Using Identity Awareness Features in Rules
114
Blocking Sites
115
Blocking URL Categories
116
Ordered Layers and Inline Layers
117
The Need for Ordered Layers and Inline Layers
117
Order of Rule Enforcement in Inline Layers
117
Order of Rule Enforcement in Ordered Layers
118
Creating an Inline Layer
119
Creating a Ordered Layer
120
Enabling Access Control Features
121
Types of Rules in the Rule Base
122
Administrators for Access Control Layers
124
Sharing Layers
124
Visual Division of the Rule Base with Sections
125
Exporting Layer Rules to a .CSV File
125
Managing Policies and Layers
125
The Columns of the Access Control Rule Base
126
Source and Destination Column
126
VPN Column
127
Services & Applications Column
128
Content Column
131
Actions Column
132
Tracking Column
134
Unified Rule Base Use Cases
134
Use Case - Application Control and Content Awareness Ordered Layer
134
Use Case - Inline Layer for Web Traffic
135
Use Case - Content Awareness Ordered Layer
136
Use Case - Application & URL Filtering Ordered Layer
138
Rule Matching in the Access Control Policy
139
Examples of Rule Matching
139
Best Practices for Access Control Rules
142
Installing the Access Control Policy
143
Analyzing the Rule Base Hit Count
144
Enabling or Disabling Hit Count
144
Configuring the Hit Count Display
145
Preventing IP Spoofing
146
Configuring Anti-Spoofing
146
Anti-Spoofing Options
148
Translating IP Addresses (NAT)
148
To Learn more about NAT
149
Usercheck Interactions in the Access Control Policy
149
Configuring the Security Gateway for Usercheck
149
Blocking Applications and Informing Users
151
Usercheck for Access Control Default Messages
151
Creating a Usercheck Interaction Object
152
Example Usercheck Message Using Field Variables
153
Localizing and Customizing the Usercheck Portal
153
Usercheck Frequency and Scope
153
Usercheck Settings
154
Usercheck CLI
155
Revoking Incidents
156
Usercheck Client
157
Blade Settings
165
Inspection Settings
165
Configuring Inspection Settings
165
Creating a Threat Prevention Policy
168
Threat Prevention Components
168
Ips
169
Anti-Bot
170
Anti-Virus
171
Sandblast
172
Assigning Administrators for Threat Prevention
174
Analyzing Threats
174
Out-Of-The-Box Protection from Threats
175
Getting Quickly up and Running with the Threat Prevention Policy
175
Enabling the Threat Prevention Software Blades
175
Installing the Threat Prevention Policy
178
Introducing Profiles
178
Optimized Protection Profile Settings
179
Predefined Rule
180
The Threat Prevention Policy
181
Workflow for Creating a Threat Prevention Policy
181
Threat Prevention Policy Layers
181
Threat Prevention Rule Base
183
Creating Threat Prevention Rules
184
Configuring IPS Profile Settings
184
Blocking Viruses
185
Configuring Anti-Bot Settings
186
Configuring Threat Emulation Settings
188
Configuring Threat Extraction Settings
191
Configuring a Malware DNS Trap
192
Exception Rules
193
The Check Point Threatcloud
195
Updating IPS Protections
196
Threat Prevention Scheduled Updates
197
Updating Threat Emulation
197
To Learn more about Threat Prevention
197
Creating Shared Policies
198
Shared Policies
198
Configuring HTTPS Inspection
199
Inspecting HTTPS Packets
199
Configuring Gateways to Inspect Outbound and Inbound HTTPS
200
Configuring the Geo Policy
208
Adding Users to the Policy
210
Using Identity Awareness
210
Identity Sources
210
Enabling Identity Awareness
211
Creating Access Roles
212
Using Identity Awareness in the Access Control Policy
213
Redirecting to a Captive Portal
214
Sample Identity Awareness Rules
214
Using User Directory
216
User Directory Features
216
Deploying User Directory
216
Account Units
217
Working with LDAP Account Units
217
Enabling User Directory
220
Managing LDAP Information
220
To Learn more about Adding Users to the Policy
221
Logging and Monitoring
222
Log Analysis
223
Configuring Logging
223
Enabling Log Indexing
225
Sample Log Analysis
226
Tracking Options
227
Log Sessions
229
Views and Reports
230
Enabling Views and Reports
231
Catalog of Views and Reports
231
Views
232
Reports
232
Automatic View and Report Updates
234
Opening a View or Report
235
Exporting Views and Reports
235
Scheduling a View or Report
236
To Learn more about Logging and Monitoring
236
Maximizing Network Performance and Redundancy
238
Solutions for Enhancing Network Performance and Redundancy
238
Corexl
238
Configuring Corexl
239
To Learn more about Corexl
239
About Securexl
239
Configuring Securexl
241
To Learn more about Securexl
242
Multi-Queue
242
Clusterxl
243
The Need for Clusters
243
Clusterxl Solution
243
Ipv6 Support for Clusterxl
244
How Clusterxl Works
244
Installation and Platform Support
244
High Availability and Load Sharing in Clusterxl
245
Configuring Clusterxl
253
VRRP Cluster
257
How VRRP Failover Works
258
Internal Network High Availability
258
Preparing a VRRP Cluster
260
Configuring Monitored Circuit/Simplified VRRP - Gaia Portal
262
Configuring the VRRP Security Gateway Cluster in Smartconsole
264
Configuring VRRP Rules for the Security Gateway
265
To Learn more about Maximizing Network Performance
265
Simplifying Security for Private Clouds
266
Introduction to Virtual Systems (VSX)
266
VSX Overview
266
How VSX Works
267
VSX Architecture and Concepts
269
Virtual Devices
270
Interfaces
271
VSX Clusters
272
Configuring a VSX Cluster
275
An Example VSX Cluster
275
Step 1 - Creating a VSX Cluster
276
Step 2 - Creating a Virtual Switch
279
Step 3 - Creating Virtual System 1
279
Step 4 - Creating a New Virtual System 2
280
Step 5 - Configuring the Policy on the Virtual Systems
280
To Learn more about VSX
281
Securing Data
282
Overview
282
Data Loss Prevention Features
282
Using a Mail Relay and Mail Server
283
Enabling DLP
283
Adding Data Owners
284
Notifying Data Owners
284
Using DLP with Microsoft Exchange
285
DLP Rule Base
286
Managing the DLP Rule Base
286
DLP Rule Exceptions
287
DLP Rule Actions
287
Sample Rule Base
288
Analyzing and Tracking DLP
288
Analyzing DLP Incidents in the Logs
289
Event Analysis Views Available in Smartconsole
289
To Learn more about Data Loss Prevention
289
Connectcontrol - Server Load Balancing
291
Connectcontrol Packet Flow
291
Logical Server Types
292
Persistent Server Mode
292
Persistent Server Timeout
293
Load-Balancing Methods
293
Server Availability
294
End to End Connectcontrol
294
Ipv6 Neighbor Discovery
296
Managing Ethernet Protocols
296
Deploying a Security Gateway in Monitor Mode
298
Configuring Link State Propagation (LSP)
299
Troubleshooting Specific Problems
302
Resetting SIC in Security Gateways
302
Security before Firewall Activation
303
Boot Security
304
Control of IP Forwarding on Boot
304
The Default Filter
304
Selecting the Default Filter
305
Defining a Custom Default Filter
306
Using the Default Filter for Maintenance
307
The Initial Policy
308
Monitoring Security
309
Unloading Default Filter or Initial Policy
310
Troubleshooting: Cannot Complete Reboot
311
Command Line Reference
312
Comp_Init_Policy
313
Control_Bootsec
317
Cp_Conf
320
Cp_Conf Auto
322
Cp_Conf Corexl
323
Cp_Conf Fullha
325
Cp_Conf Ha
326
Cp_Conf Intfs
327
Cp_Conf Lic
328
Cp_Conf Sic
330
Cpconfig
331
Cpinfo
334
Cplic
335
Cplic Check
337
Cplic Contract
339
Cplic del
340
Cplic Print
341
Cplic Put
342
Cpprod_Util
344
Cpstart
347
Cpstat
348
Cpstop
355
Cpview
356
Overview of Cpview
356
Cpview User Interface
356
Using Cpview
356
Dynamic_Objects
358
Cpwd_Admin
360
Cpwd_Admin Config
362
Cpwd_Admin del
365
Cpwd_Admin Detach
366
Cpwd_Admin Exist
367
Cpwd_Admin Flist
368
Cpwd_Admin Getpid
369
Cpwd_Admin Kill
370
Cpwd_Admin List
371
Cpwd_Admin Exist
373
Cpwd_Admin Start
374
Cpwd_Admin Start_Monitor
376
Cpwd_Admin Stop
377
Cpwd_Admin Stop_Monitor
379
Fw -I
383
Fw Amw
384
Fw Ctl
387
Fw Defaultgen
436
Fw Fetch
437
Fw Fetchlogs
439
Fw Getifs
441
Fw Hastat
442
Fw Isp_Link
444
Fw Kill
445
Fw Lichosts
446
Fw Log
447
Fw Logswitch
455
Fw Lslogs
459
Fw Mergefiles
462
Fw Monitor
464
Fw Repairlog
476
Fw Sam
477
Fw Sam_Policy' and 'Fw6 Sam_Policy
484
Fw Showuptables
503
Fw Stat
507
Fw Tab
509
Fw Unloadlocal
514
Fw Up_Execute
517
Fw Ver
520
Fwboot Bootconf
521
Fwboot Bootconf
523
Fwboot Corexl
526
Fwboot Cpuid
531
Fwboot Default
533
Fwboot Fwboot_Ipv6
534
Fwboot Fwdefault
535
Fwboot Ha_Conf
536
Fwboot Ht
537
Fwboot Multik_Reg
539
Fwboot Post_Drv
540
Sam_Alert
541
Usrchk
544
Working with Kernel Parameters on Security Gateway
547
Introduction to Kernel Parameters
548
Firewall Kernel Parameters
549
Securexl Kernel Parameters
554
Kernel Debug on Security Gateway
557
Kernel Debug Syntax
557
Kernel Debug Filters
563
Kernel Debug Procedure
567
Kernel Debug Procedure with Connection Life Cycle
569
Kernel Debug Modules and Debug Flags
574
Module 'UPIS' (Unified Policy Infrastructure)
575
Module 'UP
575
Module 'Accel_Apps' (Accelerated Applications)
576
Module 'Accel_Pm_Mgr' (Accelerated Pattern Match Manager)
577
Module 'APPI' (Application Control Inspection)
578
Module 'BOA' (Boolean Analyzer for Web Intelligence)
579
Module 'CI' (Content Inspection)
580
Module 'Cluster' (Clusterxl)
581
Module 'Cmi_Loader' (Context Management Interface/Infrastructure Loader)
583
Module 'CPAS' (Check Point Active Streaming)
584
Module 'Cpcode' (Data Loss Prevention - Cpcode)
585
Module 'Dlpda' (Data Loss Prevention - Download Agent for Content Awareness)
586
Module 'Dlpk' (Data Loss Prevention - Kernel Space)
587
Module 'Dlpuk' (Data Loss Prevention - User Space)
588
Module 'Fg' (Floodgate-1 - Qos)
589
Module 'FILEAPP' (File Application)
590
Module 'Fw' (Firewall)
591
Module 'Gtp' (GPRS Tunneling Protocol)
595
Module 'H323' (Voip H.323)
596
Module 'ICAP_CLIENT' (Internet Content Adaptation Protocol Client)
597
Module 'IDAPI' (Identity Awareness API)
598
Clob Classification Object (CLOB) Observer (Data Classification)
598
Module 'Kiss' (Kernel Infrastructure)
599
Module 'Kissflow' (Kernel Infrastructure Flow)
601
Module 'MALWARE' (Threat Prevention)
602
Module 'Multik' (Multi-Kernel Inspection - Corexl)
603
Module 'MUX' (Multiplexer for Applications Traffic)
604
Module 'NRB' (Next Rule Base)
605
Module 'PSL' (Passive Streaming Library)
606
Module 'RAD_KERNEL' (Resource Advisor - Kernel Space)
607
Module 'RTM' (Real Time Monitoring)
608
Module 'Seqvalid' (TCP Sequence Validator and Translator)
610
Module 'SFT' (Stream File Type)
611
Module 'SGEN' (Struct Generator)
612
Module 'Synatk' (Accelerated SYN Defender)
613
Module 'UC' (Usercheck)
614
Module 'UP' (Unified Policy)
615
Vpn VPN Classifier
615
Module 'Upconv' (Unified Policy Conversion)
617
Module 'UPIS' (Unified Policy Infrastructure)
618
Flag Description
619
Module 'VPN' (Site-To-Site VPN and Remote Access VPN)
620
Also See the
620
Module 'WS' (Web Intelligence)
622
Address Information about Connection's IP Address
622
Coverage Coverage Times (Entering, Blocking, and Time Spent)
622
Info General Information
622
Memory Memory Allocation Operations
622
Subject Prints the Debug Subject of each Debug Message
623
Timestamp Prints the Timestamp for each Debug Message
623
Debug Flag 'Coverage')
623
Vs Prints the VSID of the Debugged Virtual System
623
Error General Errors
624
Verbose Prints Additional Information (Used with Other Debug Flags)
626

Check Point Categories

Network Hardware Gateway Firewall

Power Supply Server

More Check Point Manuals

Check Point R80.20 Manuals

Check Point R80.20 Manual (626 pages)

Table of Contents

Related Products

Check Point Categories