Chapter 2. Implementation of VPN-1/FireWall-1 on AIX 85
root 2666 1 0 19:29:24 - 0:00 /usr/sbin/cron
root 3184 1 0 19:29:07 - 0:00 /usr/lib/errdemon
root 3618 2374 0 19:29:21 - 0:00 /usr/sbin/syslogd
root 3938 1 16 19:29:24 0 0:00 -ksh
root 4136 2374 0 19:29:24 - 0:00 /usr/sbin/inetd
root 4388 1 0 19:29:25 - 0:00
/usr/lpp/diagnostics/bin/diagd
root 4902 1 0 19:29:24 lft0 0:00 /usr/sbin/getty /dev/lft0
root 7234 3938 18 19:32:55 0 0:00 ps -ef
# netstat -a
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 0 *.shell *.* LISTEN
tcp 0 0 *.telnet *.* LISTEN
tcp 0 0 *.ftp *.* LISTEN
udp4 0 0 *.syslog *.*
Active UNIX domain sockets
SADR/PCB Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
[...]
#no -a
[...]
#
2.7 Creating VPN-1/FireWall-1 Security Policies
This section makes you familiar with the VPN-1/FireWall-1 Graphical User
Interface (GUI) and shows you the common mistakes that are made while
using it to create VPN-1/FireWall-1 Security Policies (also called rulesets).
This section does not contain any AIX-specific information.
2.7.1 Installation of the VPN-1/FireWall-1 Windows GUI
Now it is time to install the VPN-1/FireWall-1 GUI client software on the GUI
workstation in the adm network. If you are using an Windows OS (Windows
9x or Windows NT), you can do the install by executing
\windows\gui\setup.exe on the CD-ROM and clicking the Next button a couple
of times. You do not have to reboot.
The GUIs on other OS versions are ported versions of the Windows version,
and they are usually not as stable and well-supported as the Windows
versions.
86 Check Point VPN-1/FireWall-1 on AIX: A Cookbook for Stand-Alone and High Availability Solutions
All VPN-1/FireWall-1 documentation is provided in PDF format on the
VPN-1/FireWall CD in \docs\userguid on the CD-ROM. You will find the Adobe
Acrobat Reader for the supported operating systems in the directory
\docs\pdfread on the CD-ROM.
It may be a good idea to install the reader and copy the PDF files and the
installation directories for later use to the local hard disk of the GUI
workstation.
2.7.2 Creating a simple ruleset with VPN-1/FireWall-1
Complete the following steps to create a simple ruleset:
1. Start VPN-1/FireWall-1 on the firewall server with the
start-fw1
command.
2. Ping the firewall from the GUI workstation:
d:\>ping 10.4.4.193
Pinging 10.4.4.193 with 32 bytes of data:
Reply from 10.4.4.193: bytes=32 time=15ms TTL=255
Reply from 10.4.4.193: bytes=32 time<10ms TTL=255
Reply from 10.4.4.193: bytes=32 time<10ms TTL=255
Reply from 10.4.4.193: bytes=32 time<10ms TTL=255
d:\>
3. Start the VPN-1/FireWall-1 GUI by selecting Start -> Programs -> Check
Point Management Clients -> Policy Editor 4.1.
4. A pop-up box asks you for a user name, password, and management
server. Enter your VPN-1/FireWall-1 administrator account name and
password and the IP address of the firewall. See Figure 5 on page 87 for
more details.
Chapter 2. Implementation of VPN-1/FireWall-1 on AIX 87
Figure 5. VPN-1/FireWall-1 GUI login pop-up box
You get an empty rulebase panel. Now, we will go step-by-step through the
process, adding a first rule that will accept and log everything.
5. From the menu bar, select Edit -> Add Rule -> Bottom, as seen in Figure
6 on page 88.
Get Check Point VPN-1 / FireWall-1 on AIX: A Cookbook for Stand-Alone and High Availability Solutions now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
