© Copyright IBM Corp. 2001 vii
Figures
1. Simplest classic firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Classic DMZ firewall environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Modern firewall environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
4. Network plan for stand-alone configuration. . . . . . . . . . . . . . . . . . . . . . . 25
5. VPN-1/FireWall-1 GUI login pop-up box . . . . . . . . . . . . . . . . . . . . . . . . . 87
6. Adding a rule to the bottom . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
7. Changing action to accept. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
8. Changing track to account. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
9. Opening the Network Objects menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
10. Creating a new workstation object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
11. Workstation Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
12. Interfaces tab of the firewalls Workstation Properties. . . . . . . . . . . . . . . 94
13. Icon of a firewall gateway object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
14. Installing the Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
15. Implied rules warning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
16. Install Security Policy target selection . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
17. IP spoofing warning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
18. Install Security Policy results. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
19. Modified Check Point log viewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
20. VPN-1/FireWall-1 Log Viewer: options . . . . . . . . . . . . . . . . . . . . . . . . . . 99
21. Deactivating implied rules in policy properties. . . . . . . . . . . . . . . . . . . . 100
22. Making the implied pseudo rules visible . . . . . . . . . . . . . . . . . . . . . . . . 101
23. More implied rules in Policy -> Properties -> Services tab . . . . . . . . . . 102
24. IP Options Drop Track in Policy -> Properties -> Log and Alert tab . . . 103
25. A sample workstation type network object . . . . . . . . . . . . . . . . . . . . . . 104
26. A sample network type network object . . . . . . . . . . . . . . . . . . . . . . . . . 105
27. A sample group type network object . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
28. A sample group that includes a group type network object. . . . . . . . . . 107
29. Sample panel of IP spoofing configuration . . . . . . . . . . . . . . . . . . . . . . 108
30. The ruleset we used for our examples . . . . . . . . . . . . . . . . . . . . . . . . . 110
31. Creating a new user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
32. Entering the new users data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
33. Choosing an authentication scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
34. Changing the HTTP rule to user authentication . . . . . . . . . . . . . . . . . . 114
35. Enabling VPN-1/FireWall-1 password as authentication scheme . . . . . 115
36. Enabling user authenticated access to allow all HTTP servers. . . . . . . 115
37. Changing the ICMP rule to client authentication . . . . . . . . . . . . . . . . . . 117
38. Client Authentication Action Properties: Limits . . . . . . . . . . . . . . . . . . . 118
39. Client Authentication using Web browser: Login. . . . . . . . . . . . . . . . . . 119
40. Client Authentication using Web browser: Password . . . . . . . . . . . . . . 120

Get Check Point VPN-1 / FireWall-1 on AIX: A Cookbook for Stand-Alone and High Availability Solutions now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial