Check Point Firewall Administration R81.10+

Check Point Firewall Administration R81.10+

by Vladimir Yakovlev
Released August 2022
Publisher(s): Packt Publishing
ISBN: 9781801072717

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Improve your organization's security posture by performing routine administration tasks flawlessly

Key Features

  • Get a gradual and practical introduction to Check Point firewalls
  • Acquire the knowledge and skills necessary for effective firewall administration, maintenance, and troubleshooting
  • Create and operate a lab environment with gradually increasing complexity to practice firewall administration skills

Book Description

Check Point firewalls are the premiere firewalls, access control, and threat prevention appliances for physical and virtual infrastructures. With Check Point’s superior security, administrators can help maintain confidentiality, integrity, and the availability of their resources protected by firewalls and threat prevention devices. This hands-on guide covers everything you need to be fluent in using Check Point firewalls for your operations.

This book familiarizes you with Check Point firewalls and their most common implementation scenarios, showing you how to deploy them from scratch. You will begin by following the deployment and configuration of Check Point products and advance to their administration for an organization. Once you’ve learned how to plan, prepare, and implement Check Point infrastructure components and grasped the fundamental principles of their operation, you’ll be guided through the creation and modification of access control policies of increasing complexity, as well as the inclusion of additional features. To run your routine operations infallibly, you’ll also learn how to monitor security logs and dashboards. Generating reports detailing current or historical traffic patterns and security incidents is also covered.

By the end of this book, you'll have gained the knowledge necessary to implement and comfortably operate Check Point firewalls.

What you will learn

  • Understand various Check Point implementation scenarios in different infrastructure topologies
  • Perform initial installation and configuration tasks using Web UI and the CLI
  • Create objects of different categories and types
  • Configure different NAT options
  • Work with access control policies and rules
  • Use identity awareness to create highly granular rules
  • Operate high-availability clusters

Who this book is for

Whether you’re new to Check Point firewalls or looking to catch up with the latest R81.10++ releases, this book is for you. Although intended for information/cybersecurity professionals with some experience in network or IT infrastructure security, IT professionals looking to shift their career focus to cybersecurity will also find this firewall book useful. Familiarity with Linux and bash scripting is a plus.

Table of contents

  1. Check Point Firewall Administration R81.10+
  2. Foreword
  3. Contributors
  4. About the author
  5. About the reviewer
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the example code files
    5. Download the color images
    6. Conventions used
    7. Get in touch
    8. Legal disclaimer
    9. Share your thoughts
  7. Part 1: Introduction to Check Point, Network Topology, and Firewalls in Your Infrastructure and Lab
  8. Chapter 1: Introduction to Check Point Firewalls and Threat Prevention Products
    1. Technical requirements
    2. Learning about Check Point's history and the current state of the technology
      1. "In the beginning, there was FireWall-1"
      2. Check Point today
    3. Understanding the Check Point product lineup and coverage
    4. Introducing the Unified Management concepts and the advantages of security product consolidation
    5. Familiarization with the Security Management Architecture (SMART)
    6. Determining how we learn
    7. Navigating the Check Point User Center
    8. Summary
    9. Further reading
  9. Chapter 2: Common Deployment Scenarios and Network Segmentation
    1. Understanding your network topology
      1. Common topology scenarios and exercises
    2. Learning about network segmentation
      1. User network segmentation
      2. North-South and East-West
    3. Protecting the core
    4. Protecting the perimeter
    5. Sizing appliances for new implementations and determining load on current systems
    6. Summary
    7. Further reading
  10. Chapter 3: Building a Check Point Lab Environment – Part 1
    1. Technical requirements
    2. Lab topology and components
      1. Lab topology
      2. Lab components
    3. Downloading the prerequisites
      1. Downloading Oracle VirtualBox and the VirtualBox extension pack
      2. Downloading the Windows Server ISO
    4. Installing Oracle VirtualBox
      1. Installing the VirtualBox extension pack
    5. Deploying the VyOS router
    6. Summary
  11. Chapter 4: Building a Check Point Lab Environment – Part 2
    1. Technical requirements
    2. Creating a Windows base VM
      1. Creating a Windows Server base VM in the GUI
      2. Windows Server base image scripted
      3. Finalizing the Windows Server base VM installation
    3. Creating a Check Point base VM
      1. Check Point base image scripted
      2. Finalizing the Check Point base VM installation
    4. Creating linked clones
      1. Preparing cloned Windows hosts
      2. Preparing cloned Check Point hosts
    5. Summary
  12. Part 2: Introduction to Gaia, Check Point Management Interfaces, Objects, and NAT
  13. Chapter 5: Gaia OS, the First Time Configuration Wizard, and an Introduction to the Gaia Portal (WebUI)
    1. Technical requirements
    2. Learning about Gaia's roots – a historical note
    3. Using the First Time Configuration Wizard
      1. Using the FTW for the primary management server
      2. First Time Configuration Wizard for gateways
      3. First-time configuration using the CLI
      4. Rerunning the FTW
    4. Introduction to the Gaia Portal (WebUI)
      1. Toolbar
      2. Navigation tree
      3. Widgets and status bar
    5. Summary
  14. Chapter 6: Check Point Gaia Command-Line Interface; Backup and Recovery Methods; CPUSE
    1. Learning about the Check Point Gaia CLI
    2. Introduction to Expert mode
    3. Configuring Gaia using CLISH
    4. Saving Gaia configuration, backups, snapshots, and migration tools
      1. Gaia OS-level configuration backup
      2. System backup
      3. Snapshots
      4. Server migration tools
    5. Saving and loading the configuration
      1. Saving the configuration to a file
      2. Loading the configuration
    6. Offline configuration editing and comparison
    7. Using CPUSE
      1. CPUSE in WebUI
      2. CPUSE in the CLI
      3. CPUSE in offline mode
    8. Summary
  15. Chapter 7: SmartConsole – Familiarization and Navigation
    1. Technical requirements
    2. Introduction to the SmartConsole application and Demo Mode
      1. Installing the SmartConsole application
      2. Initializing Demo Mode
    3. SmartConsole components, capabilities, and navigation
      1. Global toolbar
      2. Session management toolbar
      3. Objects bar and the Validations and Session panes
      4. Logged-in administrator's pending changes or publish status
      5. Management server(s) status and actions
      6. Task information area
      7. The WHAT'S NEW popup recall and management script CLI and API
    4. Summary
  16. Chapter 8: Introduction to Policies, Layers, and Rules
    1. Access Control policies, layers, and rules
      1. Policies
      2. Layers
      3. Rules
    2. Packet flows and acceleration
      1. Inspection chains
      2. Content inspection
    3. Best practices for Access Control rules
      1. Threat prevention exemptions
      2. Column-based matching
    4. APCL/URLF layer structure
      1. Actions and user interactions (UserCheck)
      2. Content Awareness
    5. Logs, tracking depth, and oddities
      1. Oddities – CPEarlyDrop and insufficient data passed
    6. Summary
  17. Chapter 9: Working with Objects – ICA, SIC, Managed, Static, and Variable Objects
    1. Working with objects
    2. Object categories
      1. Static and variable object categories
    3. Introduction to Internal Certificate Authority and Secure Internal Communication
      1. Internal Certificate Authority
      2. Secure Internal Communication
    4. Gateways and servers
      1. Activation keys
      2. Creating a gateway cluster
      3. Anti-Spoofing
    5. Creating networks and Host objects
      1. Networks
      2. Hosts
    6. Variable objects
      1. Dynamic objects
      2. Zones (conditional)
      3. Domains
      4. Updatable objects
      5. Access roles
      6. Variable objects in DevOps and DevSecOps
    7. Summary
  18. Chapter 10: Working with Network Address Translation
    1. The need for NAT
    2. NAT policies, rules, and processing orders
    3. Automatic NAT
      1. Automatic static NAT
      2. Automatic dynamic NAT
      3. Preventing unnecessary NAT
    4. When NAT is not enough
      1. Many-to-less
      2. Manual static NAT
      3. NAT pools
      4. Bells and whistles
    5. NAT logging
    6. Summary
  19. Part 3: Introduction to Practical Administration for Achieving Common Objectives
  20. Chapter 11: Building Your First Policy
    1. Defining the access control policy structure
    2. Creating rules for the firewall/networking layer
      1. Defining hosts for broadcast addresses
      2. Creating rules for DHCP traffic
      3. Configuring rules for noise suppression
      4. Configuring rules for core services
      5. Configuring rules for privileged access
      6. Rules that have corresponding entries with an empty threat prevention profile
      7. Configuring internal access rules
      8. Configuring DMZ access rules
      9. Configuring rules for access to updatable objects
      10. Configuring rules for probes
      11. Non-optimized rules
    3. Creating the APCL/URLF layer and rules
      1. Enabling APCL/URLF in the properties of the cluster
      2. Creating an outbound CA certificate for HTTPS inspection and enabling HTTPS Inspection in the properties of the cluster
      3. Configuring the HTTPS Inspection policy
      4. Distributing and installing the outbound CA and ICA certificates to the client machines
      5. Changing the website categorization to Hold mode
    4. Using Identity Awareness and access roles
      1. Preparing Active Directory for integration with Identity Awareness
      2. Enabling Identity Awareness and browser-based authentication
      3. Creating and using access roles
      4. Testing access role-based rules
    5. Summary
  21. Chapter 12: Configuring Site-to-Site and Remote Access VPNs
    1. An introduction to site-to-site VPN capabilities
    2. Configuring a remote gateway and creating its policy
    3. Building a site-to-site VPN using gateways managed by the same management server
      1. Star community – To center only
      2. Star community – To center or through the center to other satellites, to Internet and other VPN targets
      3. Changing portals’ URLs and renewing a gateway cluster certificate
    4. An introduction to Check Point remote access VPN solutions
    5. Configuring a remote access IPSec VPN
      1. Cloning a policy
      2. Creating local user templates, groups, users, and access roles
      3. Configuring a gateway or cluster for remote access
      4. Configuring global properties for remote access
      5. Configuring a VPN community for remote access
      6. Configuring access control policy rules for remote access
      7. Configuring a DHCP server for a remote access Office Mode IP range
      8. Preparing remote client
      9. Testing a remote access VPN
    6. Summary
  22. Chapter 13: Introduction to Logging and SmartEvent
    1. Logging into a single security domain
      1. Configuring logging on gateways or clusters
      2. Security management servers or log servers
      3. Logging with management high availability or log servers
      4. Strategies for the effective use of management high availability and log servers
      5. Smart-1 Cloud
    2. Introduction to SmartEvent
      1. Initial configuration
      2. Views
      3. Events
      4. Security incidents
      5. Reports
      6. Automatic reactions
    3. Summary
  23. Chapter 14: Working with ClusterXL High Availability
    1. ClusterXL in HA mode
      1. Virtual MAC
      2. Cluster member priority
      3. Network interfaces
      4. Critical devices
      5. Cluster Control Protocol, Full Sync, and routing synchronization
      6. Cluster member states
      7. Failover
      8. Edge cases
      9. Recovery
    2. ClusterXL HA failover simulations
      1. Manual failover test
      2. Catastrophic failure and recovery simulation
      3. Conclusion
    3. Alternative preferred HA options
    4. Summary
  24. Chapter 15: Performing Basic Troubleshooting
    1. Troubleshooting constraints and your actions
    2. Typical issues and the tools to solve them
      1. Troubleshooting prerequisites
      2. Stability issue troubleshooting example
      3. Troubleshooting intermittent issues
      4. Troubleshooting connectivity issues
    3. Service Requests – getting them right every time
      1. TAC and JHFAs
    4. Community resources and engagements
    5. Postmortems and lessons learned
    6. Summary
  25. Appendix: Licensing
    1. Licensing
      1. Containers and blades
    2. Licensing for gateways
    3. Licensing for management servers
    4. Central and local licenses
    5. License activation
      1. Offline activation
      2. Licensing options for hardware appliances
    6. Evaluation licenses for the lab
    7. SmartUpdate and additional information
    8. Why subscribe?
  26. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share your thoughts

Product information

  • Title: Check Point Firewall Administration R81.10+
  • Author(s): Vladimir Yakovlev
  • Release date: August 2022
  • Publisher(s): Packt Publishing
  • ISBN: 9781801072717