Notas CCSE Dia2
Notas CCSE Dia2
S t u d e n t & L a b M a n u a l
© 2019 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under
licensing restricting their use, copying, distribution, and de-compilation. No part of this product or related
documentation may be reproduced in any form or by any means without prior written authorization of Check
Point. While every precaution has been taken in the preparation of this book, Check Point assumes no
responsibility for errors or omissions. This publication and features described herein are subject to change
without notice.
TRADEMARKS:
Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks.
Refer to the Third Party copyright notices (http:// www.checkpoint.com/
3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses.
Document # DOC-Manual-CCSA-R80.20
Revision R80.20 v1
Content Vanessa Johnson, Matthew Frey
Graphics Vanessa Johnson, Chunming Jia
Contributors Beta Testing, Content Contribution, or Technical Review
Michael Adjei - Wickhill - England
Chris Alblas - QA - England
Eric Anderson - Netanium - USA
Mario Angelastro - ITway - Italy
Eli Faskha - Soluciones Seguras - Panama
Michael Curtin - Red Education - Australia
Kishin Fatnani - K-Secure - India
Patrick Felsner - Arrow ECS - Austria
Omar Gonzalez - Soluciones Seguras - Panama
Tim Hall - Shadow Peak - USA
Mark Halsall - Check Point Software Technologies - USA
Eli Har-Even - Check Point Software Technologies - Israel
Anthony Joubaire - Arrow ECS - France
Yasushi Kono - Arrow ECS - Germany
Fabrizio Lamanna - Check Point Software Technologies - USA
Jani Linder - S&T - Slovenia
Valeri Loukine - Dimension Data - Switzerland
Dries Mertens - Westcon - Belgium
Piotr Misiowiec - CLICO - Poland
Richard Parkin - Arrow ECS - England
Jigarkumar Patel - Check Point Software Technologies - USA
Yaakov Simon - Check Point Software Technologies - Israel
Dan Valluvassery - Arrow ECS - England
Erik Wagemans - Proximus ICT Academy - Belgium
Kim Winfield - Check Point Software Technologies - USA
Special Thanks:
Glen Bayless - Check Point Software Technologies - USA
Mauro Feletti - ITway - Italy (Milan Event Host)
Jeremy Ford - Check Point Software Technologies - USA
Fabrizio Lamanna - Check Point Software Technologies - USA
Ashley McDowell - Arrow ECS-UK (London Event Host)
Certification Exam Development:
Jason Tugwell
Check Point Technical Publications Team:
Uri Lewitus, Aliza Holon, Daly Yam, Daniel Epstein, Eli Har-Even, Luba Tuchin, Paul Grigg, Rachel Teitz,
Ronit Segal, Sergei Shir
Table of Contents
4
Check Point Automation Specialist
5
Check Point Automation Specialist
Anti-Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
The Rule Base . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Global Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Sections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Publish Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Policy Packages .......................................................................................................................................... 127
Policy Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Unified Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Shared Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Additional Policy Management Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Install Policy ............................................................................................................................................... 134
Install a Policy Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Lab 2.3: Configuring Hide and Static Network Address Translation . . . . . . . . . . . 226
Configuring Hide Network Address Translation ....................................................................................... 227
Configuring Static Network Address Translation ...................................................................................... 233
6
Check Point Automation Specialist
7
Check Point Automation Specialist
8
Check Point Automation Specialist
9
Check Point Automation Specialist
10
Check Point Automation Specialist
Lab 6.1: Configuring a Site-to-Site VPN Between Alpha and Bravo . . . . . . . . . . . . 548
Defining the VPN Domain ......................................................................................................................... 549
Creating the VPN Community ................................................................................................................... 553
Creating the VPN Rule and Modifying the Rule Base ............................................................................... 557
Testing the VPN ......................................................................................................................................... 564
END OF LAB 6.1 569
11
Check Point Automation Specialist
12
Check Point Automation Specialist
13
Security Administration P
Preface Outline
Course Layout
Prerequisites
Certificate title
Course Chapters and Learning Objectives
Lab Topology
Related Certification
_____________________
_____________________ 14
Check Point Security Administration
C o u r s e L ayo u t
This course is designed for Security Administrators, Check Point resellers, and those who are
working towards their Check Point Certified Cyber Security Administrator (CCSA)
certification. The following professionals benefit best from this course:
System Administrators
Support Analysts
Network Engineers
P r er eq u i s i te s
Before taking this course, we strongly suggest you have the following knowledge base:
Ch ec k Poi n t Ch ec kM a tes
CheckMates is a community of people passionate about cyber security#
It is an interactive platform with a large crowd of users where they can discuss various topics,
talk about challenges they face, develop and share API tools and scripts, discuss benefits of
products and solutions, exchange ideas, ask questions related to all Check Point products and
services, and interconnect through local CheckMates Live (local user group) events.
To boost your professional career with Check Point, become a member of the CheckMates
community and share your thoughts and experiences, follow technology trends, learn about the
most recent products and features, and participant in your local CheckMates community. Use
your UserCenter account to sign in and get started: https://community.checkpoint.com/
C o u r s e C ha p te r s a nd L ea r ni ng O b j e c t i ve s
_____________________
_____________________ 15
Check Point Security Administration
L a b To p o l o g y
Most lab exercises will require you to manipulate machines in your network and other labs will
require interaction with the instructor!s machines.
Rel a te d C er ti fi c a t i o n
The current Check Point Certified Cyber Security Administrator (CCSA) certification is
designed for partners and customers seeking to validate their knowledge of Check Point!s
Software Blade products.
_____________________
_____________________ 17
C
1
H
A
P
Technology
Check Point technology addresses network deployments and security threats while
providing administrative flexibility and accessibility. To accomplish this, Check Point
uses a unified Security Management Architecture and the Check Point Firewall. These
Check Point features are further enhanced with the SmartConsole interface and the Gaia
operating system. The following chapter provides a basic understanding of these features
and enhancements.
Learning Objectives
Interpret the concept of a Firewall and understand the mechanisms used for controlling network
traffic.
Describe the key elements of Check Point!s unified Security Management Architecture.
Recognize SmartConsole features, functions, and tools.
Understand Check Point deployment options.
Describe the basic functions of the Gaia operating system.
_____________________
_____________________ 18
Check Point Security Administration
Concept of a Firewall
Firewalls are the core of a strong network Security Policy. They control the traffic between
internal and external networks. Firewalls can be hardware, software, or a combination of both
and are configured to meet an organization!s security needs. When connecting to the Internet,
protecting the network against intrusion is of critical importance. The most effective way to
secure the Internet link is to put a Firewall system between the local network and the Internet.
The Firewall ensures that all communication between an organization!s network and the
Internet conforms to the organization!s Security Policy.
O p en Sy s tem s I n te r c o n n ec t M o d el
To understand the concept of a basic Firewall, it is beneficial to examine the aspects of the
Open Systems Interconnect (OSI) Model. The OSI Model demonstrates network
communication between computer systems and network devices, such as Security Gateways. It
governs how network hardware and software work together and illustrates how different
protocols fit together. It can be used as a guide for implementing network standards.
The OSI Model is comprised of seven layers. The bottom four layers govern the establishment
of a connection and how the packet will be transmitted. The top three layers of the model
determine how end user applications communicate and work. The Check Point Firewall kernel
module inspects packets between the Data Link and Network layers. Depending on the traffic
flow and service, inspection may transcend multiple layers.
_____________________
_____________________ 19
Check Point Security Administration
NOTE
Distinctions among layers 5, 6, and 7 are not always clear. Some models
combine these layers.
_____________________
_____________________ 20
Check Point Security Administration
The more layers a Firewall is capable of covering, the more thorough and effective the
Firewall. Advanced applications and protocols can be accommodated more efficiently with
additional layer coverage. In addition, advanced Firewalls, such as Check Point!s Security
Gateways, can provide services that are specifically oriented to the user, such as authentication
techniques and logging events of specific users.
The TCP/IP Model consists of four core layers that are responsible for its overall operation:
Network Interface layer, Internet layer, Transport layer and Application layer. Each layer
corresponds to one or more layers of the OSI Model. These core layers support many protocols
and applications.
_____________________
_____________________ 21
Check Point Security Administration
Network Interface layer " Corresponds to the Physical and Data Link layers of the
OSI Model. It deals with all aspects of the physical components of network
connectivity, connects with different network types, and is independent of any specific
network media.
Internet layer " Manages the routing of data between networks. The main protocol of
this layer is the IP, which handles IP addressing, routing, and packaging functions. IP
tells the packet where to go and how to get there. The packets are transported as
datagrams, which allow the data to travel along different routes to reach its destination.
Each destination has a unique IP address assigned. The Internet layer corresponds to the
Network layer of the OSI Model.
Transport layer " Manages the flow of data between two hosts to ensure that the
packets are correctly assembled and delivered to the targeted application. Transmission
Control Protocol (TCP) and User Datagram Protocol (UDP) are the core protocols of
the Transport layer. TCP ensures a reliable transmission of data across connected
networks by acknowledging received packets and verifying that data is not lost during
transmission. UDP also manages the flow of data; however, data verification is not as
reliable as TCP. The Transport layer corresponds to the Transport layer of the OSI
Model.
Application layer " Encompasses the responsibilities of the Session, Presentation,
and Application layers of the OSI Model. It defines the protocols that are used to
exchange data between networks and how host programs interact with the Transport
layer. The Application layer allows the end user to access the targeted network
application or service.
_____________________
_____________________ 22
Check Point Security Administration
Packet Filtering
Stateful Inspection
Application Layer Firewall
Pa c ket F i lte ri n g
Packet Filtering is the process by which traffic is broken down into packets. Basically,
messages are broken down into packets that include the following elements:
Source address
Destination address
Source port
Destination port
Protocol
_____________________
_____________________ 23
Check Point Security Administration
Packet Filtering is the most basic form of a Firewall. Its primary purpose is to control access to
specific network segments as directed by a preconfigured set of rules, or Rule Base, which
defines the traffic permitted access. Packet Filtering usually functions in the Network and
Transport layers of the network architecture. Packets are individually transmitted to their
destination through various routes. Once the packets have reached their destination, they are
recompiled into the original message.
Sta tef u l I n sp ec ti o n
Stateful Inspection analyzes a packet!s source and destination addresses, source and
destination ports, protocol, and content. With Stateful Inspection, the state of the connection is
monitored and state tables are created to compile the information. State tables hold useful
information in regards to monitoring performance through a Security Gateway. As a result,
filtering includes content that has been established by previous packets passed through the
Firewall. For example, Stateful Inspection provides a security measure against port scanning
by closing all ports until the specific port is requested.
_____________________
_____________________ 24
Check Point Security Administration
Check Point!s INSPECT Engine, which is installed on a Security Gateway, is used to extract
state related information from the packets and store that information in state tables. State tables
are key components of the Stateful Inspection technology because they are vital in maintaining
state information needed to correctly inspect packets. When new packets arrive, their contents
are compared to the state tables to determine whether they are denied or permitted.
NOTE
Stateful Inspection technology was developed and patented by Check
Point. State tables are covered in more detail in the CCSE course.
_____________________
_____________________ 25
Check Point Security Administration
A p p l i c a t i o n L ayer F i r ewal l
Many attacks are aimed at exploiting a network through network applications, rather than
directly targeting the Firewall. Application Layer Firewalls operate at the Application layer of
the TCP/IP protocol stack to detect and prevent attacks against specific applications and
services. They provide granular level filtering, Antivirus scanning, and access control for
network applications, such as email, FTP, and HTTP. These Firewalls may have proxy servers
or specialized application software added.
Application Layer Firewalls inspect traffic through the lower layers of the TCP/IP model and
up to and including the Application layer. They are usually implemented through software
running on a host or stand-alone network hardware and are used in conjunction with Packet
Filtering. Since Application Layer Firewalls are application-aware, they can look into
individual sessions and decide to drop a packet based on information in the application
protocol. The Firewalls deeply inspect traffic content and apply allow or block access rules per
session or connection instead of filtering connections per port like Packet Filtering. Packets are
inspected to ensure the validity of the content and to prevent embedded exploits. For example,
an Application Layer Firewall may block access to certain website content or software
containing viruses. The extent of filtering is based on the rules defined in the network Security
Policy. Application Layer Firewalls are often referred to as Next-Generation Firewalls because
they include the traditional functions of Packet Filtering and Stateful Inspection.
_____________________
_____________________ 26
Check Point Security Administration
Gaia can be configured via the Command Line Interface (CLI) or WebUI. For CLI-inclined
users, a shell-emulator pop-up window makes Gaia CLI more intuitive to use. The intuitive
WebUI delivers a seamless user experience for Security Administrators by integrating all
management functions into a Web-based dashboard accessible via most popular Web browsers.
The built-in search navigation delivers instant results on commands and properties.
C o m m a n d L i n e I n te r f a c e
Gaia utilizes an easy-to-use Command Line Interface (CLI) for the execution of various
commands that are structured using the same syntactic rules. CLI can be used via SSH or a
web browser. An enhanced help system and auto-completion further simplify user operation.
The default shell of the CLI is called Clish. Clish is a restrictive shell and does not provide
access to advanced system and Linux functions. Expert mode allows advanced system and
Linux function access to the system, including the file system. To use the expert shell, run the
expert command. A password for export mode must be set prior to running the shell. To exit
the expert shell and return to Clish, run the exit command.
_____________________
_____________________ 27
Check Point Security Administration
Operation Description
set Set a value in the system.
show Show a value or values from the system.
delete Delete a value from the system.
add Add a value from the system
save Save the configuration changes made since the last save operation.
reboot Restart the system.
halt Turn the computer off.
quit Exit the CLI.
exit Exit the shell.
start Start a transaction.
Put the CLI into transaction mode. All changes made using commands in
transaction mode are applied at once or none of the changes are applied
based on the way transaction mode is terminated.
commit End a transaction by committing changes.
expert Enter the expert shell.
ver Show the version of the active Gaia image.
help Retrieve help on navigating the CLI and some useful commands.
Table 1: CLI Operations and Descriptions
show commands
_____________________
_____________________ 28
Check Point Security Administration
show uptime
Parameter Description
all Show all system information.
os build Display the Gaia build number.
os edition Display the Gaia edition (32-bit or 64-bit).
os kernel Display the Gaia kernel build number.
product Display the Gaia version.
Table 2: System Information Parameters and Descriptions
_____________________
_____________________ 29
Check Point Security Administration
Command Completion
In order to save time, Gaia offers the ability to automatically complete a command using a few
keyboard buttons.
Parameter Description
command Name of the extended command.
path Path of the extended command.
description Description of the extended command.
Table 4: Extended Command Parameters and Description
_____________________
_____________________ 30
Check Point Security Administration
To display the version of Check Point software installed on a gateway, enter the following
command in the Clish shell:
fw ver
fw stat
fw getifs
_____________________
_____________________ 31
Check Point Security Administration
O b t a i n i n g a C o n fi g u r a t i o n L o c k
Only one user can have Read/Write access to Gaia configuration settings at a time. All other
users can only log in with Read-Only access to view configuration settings, as specified by
their assigned roles. For example, AdminA logs in and no other user has Read/Write access.
AdminA receives an exclusive configuration lock with Read/Write access. If AdminA logs in
and AdminB already has the configuration lock, AdminA has the option to override AdminB!s
lock. If AdminA decides to override the lock, AdminB stays logged in but will have Read-
Only access. If AdminA decides not to override the lock, they will only be granted Read-Only
access.
To further illustrate, AdminA can run the lock database override command to obtain
the configuration lock from AdminB and gain Read/Write access. Alternately, AdminB who
has Read/Write access can run unlock database to release the configuration lock. In this
instance, the configuration lock can be obtained by AdminA.
NOTE
The administrator whose Read/Write access is revoked does not receive
notification.
_____________________
_____________________ 32
Check Point Security Administration
Web U I
The WebUI is an advanced, web-based interface used to configure Gaia platforms. It provides
clientless access to the Gaia CLI directly from a browser. A majority of system configuration
tasks can be done through the WebUI. To access the WebUI, navigate to https://<Device IP
Address>. Log in with a user name and password. The following browsers support the WebUI:
Internet Explorer
Firefox
Chrome
Safari
Figure 8 ! WebUI
_____________________
_____________________ 33
Check Point Security Administration
System Overview " Provides system information, including the installed product,
product version number, kernel build, product build, edition (32 bit or 64 bit), platform
on which Gaia is installed, and computer serial number (if applicable).
Blades " Displays a list of installed Software Blades. Those that are enabled are
colored. Those that are not enabled are grayed out.
Network Configuration " Displays interfaces, their statuses, and IP addresses.
Memory Monitor " Provides a graphical display of memory usage.
CPU Monitor " Provides a graphical display of CPU usage.
Navigation Tree
The Navigation tree is used to select a page within the WebUI. Pages are arranged in logical
feature groups. There are two viewing modes:
To change the view mode, click View Mode and select a mode from the list. To hide the
Navigation tree, click the Hide icon.
Toolbar
The toolbar displays whether the user has Read/Write access or is in Read-Only mode. It is
also used to open the Terminal (Console) accessory for CLI commands and open the Scratch
Pad accessory, which is used for writing notes.
NOTE
The Scratch Pad accessories are available in Read/Write mode only.
_____________________
_____________________ 34
Check Point Security Administration
Search Tool
The Search tool is used to find an applicable configuration page by entering a keyword, which
can be a feature, a configuration parameter, or a word related to a configuration page.
Status Bar
The Status bar displays the result of the last configuration operation. To view a history of the
configuration operations during the current session, click the Expand icon.
Configuration Tab
Under the Configuration tab, a user may view and configure parameters for Gaia features and
settings groups. The parameters are organized into functional settings groups in the navigation
tree.
NOTE
Read/write access is required to configure parameters for a settings group.
Monitoring Tab
The Monitoring tab allows a user to view the status and detailed operational statistics, in real
time, for some routing and High Availability settings groups. This ability is useful for
monitoring dynamic routing and VRRP cluster performance.
Configuration Lock
To override a configuration lock in the WebUI, click the small lock icon in the toolbar. The
pencil icon, which indicates Read/Write access is enabled, will replace the lock icon.
NOTE
Only users with Read/Write access can override a configuration lock.
_____________________
_____________________ 35
Check Point Security Administration
Users
The WebUI and CLI can be used to manage user accounts and perform the following actions:
There are two default users that cannot be deleted. The Admin has full Read/Write access for
all Gaia features. This user has a User ID of 0 and therefore has all of the privileges of a root
user. The Monitor has Read-Only access for all features in the WebUI and the CLI and can
change their own password. An Admin must provide a password for the Monitor before the
Monitor user account can be used.
_____________________
_____________________ 36
Check Point Security Administration
New users have Read-Only privileges to the WebUI and CLI by default. They must be
assigned one or more roles before they can log in.
NOTE
Permissions can be assigned to all Gaia features or a subset of the features
without assigning a user ID of 0. If a user ID of 0 is assigned to a user
account (this can only be done in the CLI), the user is equivalent to the
Admin user and the roles assigned to that user cannot be modified.
_____________________
_____________________ 37
Check Point Security Administration
When a user is created, pre-defined roles, or privileges, are assigned to the user. For example, a
user with Read/Write access to the Users feature can change the password of another user or an
Admin user. It is also possible to specify which access mechanisms, the WebUI or CLI, are
available to the user.
When users log in to the WebUI, they see only those features for which they have Read-Only
or Read/Write access. If they have Read-Only access to a feature, they can see the settings
pages but cannot change the settings.
_____________________
_____________________ 38
Check Point Security Administration
_____________________
_____________________ 39
Check Point Security Administration
_____________________
_____________________ 40
Check Point Security Administration
Parameter Description
Role <name> Role name as a character string that contains letters, numbers, or
the underscore (_) character.
Domain-type Reserved for future use.
System
readonly- Comma separated list of Gaia features that have read only
features <List> permissions in the specified role. You can add Read-Only and
Read/Write feature lists in the same command.
readwrite- Comma separated list of Gaia features that have Read/Write
features <List> permissions in the specified role. You can add Read-Only and
Read/Write feature lists in the same command.
user <User name> User to which access mechanism permissions and roles are
assigned.
roles <List> Comma separated list of role names that are assigned to or
removed from the specified user.
access- Defines the access mechanisms that users can work with to
mechanisms manage Gaia. You can only specify one access mechanism at a
time with this command.
Table 5: User and Role Parameters and Descriptions
For example:
_____________________
_____________________ 41
Check Point Security Administration
U p d a tes
Gaia provides the ability to directly receive updates for licensed Check Point products. With
the Check Point Upgrade Service Engine (CPUSE), you can automatically update Check Point
products for the Gaia operating system and the Gaia operating system itself. Updates can be
downloaded automatically, manually, or periodically and installed manually or periodically.
Hotfixes are downloaded and installed automatically by default, however full installation and
upgrade packages must be installed manually. Email notifications are sent for newly available
updates, downloads, and installations. Updates are discussed in greater detail in the CCSE
course.
L a b 1 .1
Working with Gaia Portal
_____________________
_____________________ 42
L
Working with Gaia Portal A
B
1.1
This lab is an introduction to Check Point Gaia. Here, you will view and manipulate basic settings of the
Gaia operating system through the Gaia Portal, the WebUI. Create users and define settings that will
appear in later labs.
Pe r for ma n c e Ob j ec t ive s:
Identify important operating system level settings configured through the WebUI.
Create and confirm administrator users for the domain.
Configure network messages.
Confirm existing configuration settings.
Ta sks :
Review and configure basic settings in the Gaia Portal.
Define a new role and create new Check Point users.
Work in Expert mode.
Apply useful commands.
Add and delete administrators via the CLI.
Test user role assignments.
_____________________
_____________________ 43
Check Point Security Administration
https://10.1.1.101
NOTE
You must use HTTPS to access the Gaia Portal or the connection will fail.
3. Press Enter, and your browser should warn you that the site!s Security Certificate is from an
untrusted source.
4. Ignore this warning and continue to the site. The system displays the Gaia Portal login screen:
Username: admin
Password: Chkp!234
_____________________
_____________________ 44
Check Point Security Administration
6. Click Login, and the system displays the Gaia Portal Overview page:
Figure 14 ! Overview
7. Review the Overview page and identify the information presented about A-SMS.
_____________________
_____________________ 45
Check Point Security Administration
_____________________
_____________________ 46
Check Point Security Administration
dns
12. In the search results, select Hosts and DNS. The system displays the Hosts and DNS page.
_____________________
_____________________ 47
Check Point Security Administration
13. Use the information below to configure the DNS settings for A-SMS:
_____________________
_____________________ 48
Check Point Security Administration
16. In the Banner Message field, replace the default text with the following:
A-SMS
_____________________
_____________________ 49
Check Point Security Administration
_____________________
_____________________ 50
Check Point Security Administration
_____________________
_____________________ 51
Check Point Security Administration
2. In the Roles page, click Add. The system displays the Add Role window:
rtrRole
_____________________
_____________________ 52
Check Point Security Administration
route
NOTE
The search results displayed by the system are a list of commands and features
available for assignment to the role, based on the search criteria.
_____________________
_____________________ 53
Check Point Security Administration
5. To view the permission options, click the down arrow next to the Route item:
NOTE
If no privilege is specifically selected for the command or feature, it is not assigned
to the role.
_____________________
_____________________ 54
Check Point Security Administration
_____________________
_____________________ 55
Check Point Security Administration
7. Click OK, and the system adds rtrRole to the list of configured roles:
_____________________
_____________________ 56
Check Point Security Administration
_____________________
_____________________ 57
Check Point Security Administration
9. In the Users page, click Add and the system displays the following:
_____________________
_____________________ 58
Check Point Security Administration
NOTE
The system automatically assigns the Real Name and Home Directory settings.
_____________________
_____________________ 59
Check Point Security Administration
11. Click OK, and the system displays the new user in the Users list:
_____________________
_____________________ 60
Check Point Security Administration
_____________________
_____________________ 61
Check Point Security Administration
16. Click the Logout icon to the right of the username, and the system logs the user out of the Gaia Portal:
_____________________
_____________________ 62
Check Point Security Administration
1. Log into Gaia on the first gateway in the Alpha cluster, A-GW-01.
Username: admin
Password: Chkp!234
NOTE
Log into the Virtual Machine either directly or from A-GUI through a Putty session.
set expert-password
3. When prompted to enter a new password for Expert mode, type and confirm the following:
Chkp!234
save config
_____________________
_____________________ 63
Check Point Security Administration
expert
8. Press Enter, and the system prompts you for the newly configured Expert mode password.
9. Type the following and press Enter:
Chkp!234
NOTE
Once in Expert mode, you are in BASH. Notice that the prompt now displays
Expert@A-GW-01:0, indicating the current mode.
NOTE
Expert mode is root BASH. Proceed with caution.
10. Type exit and press Enter, so that you are at the Clish prompt.
NOTE
To exit to the login prompt, you would type exit again.
NOTE
This runs a packet sniff on eth1.
_____________________
_____________________ 64
Check Point Security Administration
NOTE
More commands worth noting are shutdown and reboot.
_____________________
_____________________ 65
Check Point Security Administration
1. Type the following command, and press Enter. This displays the name of the Security Policy installed
on the gateway:
fw stat
Figure 34 ! fw stat
2. Type the following command, and press Enter. This unloads the current Security Policy:
fw unloadlocal
Figure 35 ! fw unloadlocal
NOTE
This command unloads all policies from the gateway, preventing network access,
disabling IP forwarding, and turning off NAT. Consider only using this command
when you need to regain access to the gateway and all other measures have failed.
_____________________
_____________________ 66
Check Point Security Administration
fw stat
Figure 36 ! fw stat
4. Type the following command and press Enter, to display the gateway version:
fw ver
Figure 37 ! fw ver
NOTE
For more information about each command from the prompt, type the command
name followed by --help. For example, fw --help.
_____________________
_____________________ 67
Check Point Security Administration
5. Type the following command and press Enter, to display the system interfaces:
show interfaces
NOTE
This command displays information on the show available options for the show
interfaces command. If you are not sure which flags are available for a
command, simply type the basic command and then press the Tab key.
6. Type the following command and press Enter, to display information on eth0:
_____________________
_____________________ 68
Check Point Security Administration
7. Type the following command and press Enter, to display route information:
show route
8. Type the following command and press Enter, to display the routing table:
netstat -rn
_____________________
_____________________ 69
Check Point Security Administration
9. Type the following command and press Enter, to display running services and down ports:
netstat -an
10. Type the following command and press Enter, to display interface information:
fw getifs
Figure 43 ! fw getifs
_____________________
_____________________ 70
Check Point Security Administration
2. Type the following command and press Enter, to set the user!s password:
NOTE
When adding users in Clish, you must assign a permissions profile in addition to the
password. Because we do not have any permission profiles defined, we are not going
to do this step. This is, however, important.
3. Type the following command and press Enter, to set the user!s role:
_____________________
_____________________ 71
Check Point Security Administration
show users
5. To delete the user Sam, type the following command and press Enter:
show users
_____________________
_____________________ 72
Check Point Security Administration
10.1.1.101
_____________________
_____________________ 73
Check Point Security Administration
5. Type the following and press Enter, to display the configuration of A-SMS:
show configuration
_____________________
_____________________ 74
Check Point Security Administration
Login: rtradmin
Password: Chkp!234
_____________________
_____________________ 75
Check Point Security Administration
10. Attempt to display the configuration for A-SMS. Note that this user does not have sufficient privileges
to execute this command.
_____________________
_____________________ 76
Check Point Security Administration
Sma r tCo n so l e
SmartConsole is a Graphical User Interface (GUI) used to manage the objects that represent
network elements, servers, and gateways. These objects are used throughout SmartConsole for
many tasks including creating Security Policies. SmartConsole is also used to monitor traffic
through logs and manage Software Blades, licenses, and updates.
S ec u r i t y M a n a g em en t S er ver
When a Security Policy is created in SmartConsole, it is stored in the Security Management
Server. The Security Management Server then distributes that Security Policy to the various
Security Gateways. The Security Management Server is also used to maintain and store an
organization!s databases, including object definitions and log files, for all gateways.
_____________________
_____________________ 77
Check Point Security Administration
S ec u r i t y G a teway
A Security Gateway is a gateway on which the Firewall Software Blade is enabled. It is also
known as a Firewalled machine. Security gateways are deployed at network access points, or
points where the organization!s network is exposed to external traffic. They protect the
network using the Security Policy pushed to them by the Security Management Server.
_____________________
_____________________ 78
Check Point Security Administration
Network Communication
S e c u r e I n ter n a l C o m m u n i c a t i o n
Secure Internal Communication (SIC) is a means by which platforms and products
authenticate with each other. It creates trusted connections between gateways, management
servers, and other Check Point components. SIC is required for policy installation on gateways
and to send logs between gateways and management servers. Once SIC is established, the
management server and its components are identified by their SIC names rather than the IP
address.
Check Point platforms and products authenticate each other through one of these SIC methods:
Certificates
TLS for the creation of secure channels
3DES or AES128 for encryption
NOTE
Gateways above R71 use AES128 for SIC. If one of the gateways is below
R71, the gateways use 3DES.
NOTE
If the Security Management Server is renamed, trust will need to be
reestablished as the certificate is reissued.
_____________________
_____________________ 79
Check Point Security Administration
Initializing Trust
A gateway and management server use a one-time password to initially establish trust. The
ICA signs and issues a certificate to the gateway. At this point, the trust state is initialized but
not trusted. The ICA issues a certificate for the gateway, but does not yet deliver it. The
gateway and management server will then authenticate over SSL using a one-time password.
The certificate is then downloaded and stored on the gateway, trust is established, and the one-
time password is deleted. Now, the gateway can safely communicate with other Check Point
gateways and management servers that have a security certificate signed by the same ICA.
NOTE
Make sure the clocks of the gateway and management server are
synchronized before initializing trust between them.
To initialize trust:
_____________________
_____________________ 80
Check Point Security Administration
NOTE
If the default policy is in place on the gateway, trust cannot be reset
because communication from the management server will be dropped
along with traffic from any other source.
The trust state must be reset on the gateway as well. To establish a new trust state for a
gateway:
_____________________
_____________________ 81
Check Point Security Administration
The SmartConsole
The SmartConsole is an all-encompassing, unified console for managing Security Policies,
monitoring events, installing updates, adding new devices and appliances, and managing a
multi-domain environment.
N av i g a t i o n Pan e O ve r v i ew
Figure 54 ! SmartConsole
_____________________
_____________________ 82
Check Point Security Administration
_____________________
_____________________ 83
Check Point Security Administration
Sec u r i ty Po l i c i es Ta b
Under the Security Policies tab, you are able to manipulate the various Security Policies and
layers.
_____________________
_____________________ 84
Check Point Security Administration
L o g s & M o n i to r Tab
The Logs & Monitor tab allows you to view graphs and pivot tables in an organized dashboard,
search through logs, schedule customizable reports, and monitor gateways.
_____________________
_____________________ 85
Check Point Security Administration
M a n a g e & S et t i n g s Tab
The Manage & Settings tab allows you to manipulate various general settings.
1. Manage & Settings menu " Navigate between the various menu options, create, edit,
and manage permission profiles and administrators, manage Software Blade global set-
tings, view sessions and revisions, manage tags, and edit preferences.
_____________________
_____________________ 86
Check Point Security Administration
SmartConsole Applications
S m a r t E ven t (Ad va n c ed E ven t s a n d Re p o r ts )
SmartEvent correlates logs and detects real security threats. It provides a centralized display of
aggregated data and potential attack patterns from perimeter devices, internal devices, Security
Gateways, and third-party security devices. SmartEvent automatically prioritizes security
events for action. This automation minimizes the amount of data that needs to be reviewed,
thereby reducing the use of resources. SmartEvent is capable of managing millions of logs per
day per correlation unit in large networks. A correlation unit is used to analyze log entries and
identify events. SmartEvent is a licensed Software Blade and can be installed on a single server
or across multiple correlation units to reduce the network load.
SmartEvent views can be customized to monitor patterns and events that are most important to
a Security Administrator. Information can be displayed from a high level view down to a
detailed forensics analysis view. The free-text search engine is extremely effective in quickly
running data analysis and identifying critical security events.
Sm a r tU p d a te
SmartUpdate is used to manage licenses and packages for multi-domain servers, domain
servers, gateways, and Software Blades. Through this client, an administrator can add licenses
to the central license repository and assign those licenses to components as necessary.
SmartUpdate can also be used to upgrade packages and install contract files. SmartUpdate is
discussed in greater detail in a later chapter.
_____________________
_____________________ 87
Check Point Security Administration
SmartDashboard
There are a few legacy applications that must be accessed through SmartDashboard. Links to
SmartDashboard are located throughout SmartConsole and provide access to the following
applications:
Lab 1.2
Installing and Touring SmartConsole
_____________________
_____________________ 88
L
Installing and Touring
SmartConsole
A
B
1.2
From the Gaia Portal, you will download and install the SmartConsole application. Once installation is
complete, tour the new GUI client application to see how to configure and manage your security
environment.
Pe r for ma n c e Ob j ec t ive s:
Perform an installation of the SmartConsole application.
Connect and tour SmartConsole.
Ta sks :
From Gaia Portal, download and install SmartConsole.
Tour SmartConsole.
_____________________
_____________________ 89
Check Point Security Administration
Installing SmartConsole
Download the SmartConsole installer from the Gaia Portal of the Security Management Server.
1. From A-GUI, log into the A-SMS through the Gaia Portal using the following credentials:
Username: admin
Password: Chkp!234
2. In the Overview page, identify the Manage Software Blades using SmartConsole banner.
NOTE
You can also find the SmartConsole download in the Maintenance section of the
Gaia Portal.
Figure 59 ! Downloads
_____________________
_____________________ 90
Check Point Security Administration
NOTE
The SmartConsole installer may be compressed. If it is, extract the executable file
before attempting to install.
Figure 60 ! Welcome
I have read and agree to the Check Point End User License Agreement
NOTE
In this lab environment, you should accept the default installation path.
_____________________
_____________________ 91
Check Point Security Administration
Figure 61 ! Installation
_____________________
_____________________ 92
Check Point Security Administration
Figure 62 ! Finish
Launch SmartConsole
_____________________
_____________________ 93
Check Point Security Administration
Touring SmartConsole
Launch SmartConsole for the first time and tour features of the software version.
1. From the desktop of A-GUI, select Start > All Programs > Check Point SmartConsole [R80.xx
version] > SmartConsole [R80.xx version]. The system displays the Login window:
Username: admin
Password: Chkp!234
IP Address: 10.1.1.101
Read Only: Deselected
Demo Mode: Deselected
_____________________
_____________________ 94
Check Point Security Administration
3. Click the Login button, and the system displays the Fingerprint message:
Figure 64 ! Fingerprint
_____________________
_____________________ 95
Check Point Security Administration
cpconfig
Figure 66 ! cpconfig
_____________________
_____________________ 96
Check Point Security Administration
9. On the Welcome to SmartConsole page, review the features highlighted for this software version:
_____________________
_____________________ 97
Check Point Security Administration
10. Click the right arrow and the system displays the following:
11. Identify where in the Navigation frame the following items are located:
Application menu
Application main navigation
Session details and actions
Objects management
_____________________
_____________________ 98
Check Point Security Administration
12. Click the right arrow and the system displays the following:
13. Identify where in the Gateways & Servers tab the following items are located:
Server status
Module version
Active software blades
CPU usage
Object summary
_____________________
_____________________ 99
Check Point Security Administration
14. Click the right arrow and the system displays the following:
15. Identify where in the Security Policies tab the following items are located:
Access Control policy
Threat Prevention policy
Shared Policies
Install Policy Button
_____________________
_____________________ 100