Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Issues with FIREWALLS

Issues with FIREWALLS 13 years 2 months ago #646

  • sidd
  • sidd's Avatar
  • Offline
  • Frequent Member
  • Posts: 34
  • Karma: 0
HEY IF YOU HAVE ANY QUERIES RELATED TO FIREWALLS OR ANY CONFIG ISSUES RELATED TO CISCO PIX FIREWALL ......MAYBE I COULD HELP



SIDD
The administrator has disabled public write access.

Re: Issues with FIREWALLS 13 years 2 months ago #649

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Sidd,

Please feel free to assist our fellow members in anyway you can!

Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Firewall Newbie 13 years 1 month ago #1563

  • naddyboy
  • naddyboy's Avatar
  • Offline
  • Frequent Member
  • Posts: 37
  • Karma: 0
Hi Sidd,

Can u tell me if there are any simluations available for chechpoint firewalls like there are for routers? I tried several google searches but no luck. I'm new to firewalls.

How differrent are checkpoint firewalls from cisco pix firewalls in terms of configuration, operation and functionality?
Which one serves what purpose ?

thanx

Syed :D
The administrator has disabled public write access.

Re: Issues with FIREWALLS 13 years 1 month ago #1597

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Naddyboy, I really doubt you'd find a checkpoint evaluation.. you'd be better off checking out a trial version. Checkpoint as a firewall is actually a whole lot of modules, you buy licenses for whatever you want to use and on the CD you get demos of all their other stuff.

The Cisco PIX is a box.. whereas Check Point is software. Also checkpoint can be deployed in a distributed system.. hmm I actually have some short notes I wrote on CP NG a while ago as a general description.. I'll just post it here, keep in mind that some of the details may have changed :

Check Point Firewall-1 NG is a stateful multilayer inspection firewall consisting of a

1 GUI where security policy is defined
2 Management Server where the policy and logging is saved
3 Firewall module deployed at gateways where the security policy is loaded


The three components can be distributed through the network in a client-server model to provide a distributed solution with central management and secure remote administration using X.509 certificates. Inter module communication is done via SSL using 3DES or RC4. The firewall supports authentication through ‘security servers’ for http, ftp, telnet and rlogin. It also features content security for FTP, HTTP and SMTP including third party virus scanning and stripping activex and java tags from HTML.

The firewall maintains a rule base against which packets are checked and according to which rule they match, the appropriate action can be taken. The action need not be simple accept / reject, but can also involve NAT, authentication, and encryption.

The stateful inspection mechanism stores the state of each connection in a ‘state table’; this allows it to monitor the entire communication session. It is intelligent enough to recognize sessions such as FTP where the data and control ports are different. The firewall through its OPSEC architecture allows it to export the rule base into ACL (access-control lists) for many third party products such as routers etc, and can upload the ACL to them automatically.

Check Point supports the following crypto algorithms: AES, DES, 3DES, Ipsec and digital certificates for PKI (pub key infrastructure) enabled systems. It can map NT logon data (username etc) to IP addresses for single sign on, rules based by user and easier log reading.

There is an optional ConnectControl load balancing module which allows you to group many servers offering the same services to one IP address, for example all the web servers can be grouped to one IP address and the module can distribute requests to them on a round robin basis, by server load, by ping time, randomly, or by proximity (domain name). This is transparent to the users who think they are querying a single web server.

All systems running with the firewall module share the state information for redundancy, in case one system fails, the other module will seamlessly pick up the connection. This is also useful in situations where some of the packets may be routed through a different gateway and thus that gateway also needs to have access to the state table.


Hope some of that helps.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.
Time to create page: 0.084 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup