Check Point Firewall Administration R81.10+: A practical guide to Check Point firewall deployment and administration
By Vladimir Yakovlev and Dameon D. Welch
()
About this ebook
Check Point firewalls are the premiere firewalls, access control, and threat prevention appliances for physical and virtual infrastructures. With Check Point’s superior security, administrators can help maintain confidentiality, integrity, and the availability of their resources protected by firewalls and threat prevention devices. This hands-on guide covers everything you need to be fluent in using Check Point firewalls for your operations.
This book familiarizes you with Check Point firewalls and their most common implementation scenarios, showing you how to deploy them from scratch. You will begin by following the deployment and configuration of Check Point products and advance to their administration for an organization. Once you’ve learned how to plan, prepare, and implement Check Point infrastructure components and grasped the fundamental principles of their operation, you’ll be guided through the creation and modification of access control policies of increasing complexity, as well as the inclusion of additional features. To run your routine operations infallibly, you’ll also learn how to monitor security logs and dashboards. Generating reports detailing current or historical traffic patterns and security incidents is also covered.
By the end of this book, you'll have gained the knowledge necessary to implement and comfortably operate Check Point firewalls.
Related to Check Point Firewall Administration R81.10+
Related ebooks
Practical Security Automation and Testing: Tools and techniques for automated security scanning and testing in DevSecOps Rating: 0 out of 5 stars0 ratingsCCNA Cloud Complete Study Guide: Exam 210-451 and Exam 210-455 Rating: 0 out of 5 stars0 ratingsHyper-V Security Rating: 0 out of 5 stars0 ratingsManaging Virtual Infrastructure with Veeam® ONE™ Rating: 0 out of 5 stars0 ratingsInstant VMware vCloud Starter Rating: 0 out of 5 stars0 ratingsLinux Security Fundamentals Rating: 0 out of 5 stars0 ratingsPractical Web Penetration Testing: Secure web applications using Burp Suite, Nmap, Metasploit, and more Rating: 0 out of 5 stars0 ratingsMastering Veeam Backup & Replication 10: Protect your virtual environment and implement cloud backup using Veeam technology Rating: 0 out of 5 stars0 ratingsMVVM Survival Guide for Enterprise Architectures in Silverlight and WPF: If you’re using Silverlight and WPF, then employing the MVVM pattern can make a powerful difference to your projects, reducing code and bugs in one. This book is an invaluable resource for serious developers. Rating: 0 out of 5 stars0 ratingsMastering Palo Alto Networks: Build, configure, and deploy network solutions for your infrastructure using features of PAN-OS Rating: 0 out of 5 stars0 ratingsPrivilege Escalation Techniques: Learn the art of exploiting Windows and Linux systems Rating: 0 out of 5 stars0 ratingsAuditing Cloud Computing: A Security and Privacy Guide Rating: 3 out of 5 stars3/5Applied Network Security: Proven tactics to detect and defend against all kinds of network attack Rating: 0 out of 5 stars0 ratingsCCNA Security Study Guide: Exam 210-260 Rating: 0 out of 5 stars0 ratings(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide Rating: 0 out of 5 stars0 ratingsThe Official (ISC)2 CCSP CBK Reference Rating: 0 out of 5 stars0 ratingsSpring Security Essentials Rating: 0 out of 5 stars0 ratingsASP.NET Core 5 Secure Coding Cookbook: Practical recipes for tackling vulnerabilities in your ASP.NET web applications Rating: 0 out of 5 stars0 ratingsLearn Selenium: Build data-driven test frameworks for mobile and web applications with Selenium Web Driver 3 Rating: 0 out of 5 stars0 ratings
Security For You
Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsCybersecurity All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsTor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsHow to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5CISM Certified Information Security Manager Study Guide Rating: 0 out of 5 stars0 ratingsMake Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701 Rating: 0 out of 5 stars0 ratingsThe Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws Rating: 3 out of 5 stars3/5Wireless Hacking 101 Rating: 5 out of 5 stars5/5The Pentester BluePrint: Starting a Career as an Ethical Hacker Rating: 4 out of 5 stars4/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsThe Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsWireless and Mobile Hacking and Sniffing Techniques Rating: 0 out of 5 stars0 ratings
Reviews for Check Point Firewall Administration R81.10+
0 ratings0 reviews
Book preview
Check Point Firewall Administration R81.10+ - Vladimir Yakovlev
BIRMINGHAM—MUMBAI
Check Point Firewall Administration R81.10+
Copyright © 2022 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Group Product Manager: Vijin Boricha
Publishing Product Manager: Preet Ahuja
Senior Editor: Shazeen Iqbal
Content Development Editor: Romy Dias
Technical Editor: Shruthi Shetty
Copy Editor: Safis Editing
Project Coordinator: Ashwin Dinesh Kharwa
Proofreader: Safis Editing
Indexer: Manju Arasan
Production Designer: Nilesh Mohite
Senior Marketing Coordinator: Hemangi Lotlikar
First published: August 2022
Production reference: 1040822
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-80107-271-7
www.packt.com
To my parents. It’s all your fault 😊
Foreword
One of my colleagues recently told me that no matter when you get into an industry, you’re always getting in on the ground floor of something. For me, that something ended up being the early days of Check Point FireWall-1, and what ultimately became the cyber security industry.
I’ve seen Check Point’s various products and services grow and change over the last 26 years. I’ve helped a lot of people make the best use of Check Point products, both directly and indirectly, including writing my own Check Point books in the early 2000s. While a lot has changed since, including Check Point’s corporate logo, the core philosophy behind every Check Point product and service has not.
These days, you need a lot more than just network firewalls to Secure Your Everything. Even so, firewalls still play a critical role in most environments by defining boundaries between both private and public networks, enabling controlled access to network resources, blocking malicious content, and preventing both data exfiltration and the unauthorized use of systems.
In the 20 years since Essential Check Point FireWall-1 NG was published, I’ve been asked numerous times if I was going to write another book on Check Point firewalls. If I were going to do so, I’d probably take the approach that Vladimir has taken in this book. There are concise explanations of the essential features of the Check Point Quantum Security Gateway and Management products, along with step-by-step instructions and annotated screenshots!
If you’re just getting started with deploying Check Point Quantum Security Gateways, or you’re trying to refresh your knowledge, this book is a great place to start. There’s also CheckMates (https://community.checkpoint.com), Check Point’s official cyber security community, which is full of additional learning resources and discussions to help those who want to continue their learning on Check Point after finishing this book.
Dameon D. Welch (a.k.a. PhoneBoy) Cyber Security Evangelist Check Point Software Technologies, Ltd.
Contributors
About the author
Vladimir Yakovlev, CISSP, is an infrastructure and security solutions architect and CTO at Higher Intelligence LLC., with over 20 years of Check Point experience.
He is recognized as a champion in the ISC2 and Check Point CheckMates communities and has been awarded Member of the Year and Contributor of the Year designations by peers, while also speaking at regional and international conferences.
Vladimir has previously held the roles of Sr. V.P. of Technology and CISO, responsible for the design, implementation, and operation of multiple iterations of secure and resilient infrastructures in the financial industry.
He enjoys helping others in the field of cybersecurity and can often be found in the CheckMates, LinkedIn, and ISC2 communities.
This project wouldn’t have happened without the encouragement and help from two authors of previous books dedicated to Check Point: Dameon D. Welch (a.k.a. PhoneBoy), my Technical Reviewer, and Timothy Hall, who went above and beyond in engaging with me in deep-dives on a multitude of subjects and sanity checks. Thank you both!
Huge thanks to all members of the Packt editing team and, especially, Romy Dias.
Last but not least, to my family, who tolerated my virtual absence for a year, and, specifically, to my son, Sam Yakovlev. He was (against his will) subjected to the first technical reading of this book, and is mainly responsible for defending the dignity of the English language (and the Oxford comma) from me.
About the reviewer
Dameon D. Welch, widely known as PhoneBoy,
is a Cyber Security Evangelist for Check Point Software Technologies. He is the public face of CheckMates, the Check Point cyber security community.
A recognized industry security veteran, with more than two decades of experience, Welch is best known for his creation of the PhoneBoy FireWall-1 FAQ in the mid-1990s. It was used by Check Point and thousands of its customers worldwide. He is also the author of Essential Check Point FireWall-1 NG: An Installation, Configuration, and Troubleshooting Guide.
I’d like to thank everyone who has supported and encouraged me over the years.
Table of Contents
Preface
Part 1: Introduction to Check Point, Network Topology, and Firewalls in Your Infrastructure and Lab
Chapter 1: Introduction to Check Point Firewalls and Threat Prevention Products
Technical requirements
Learning about Check Point's history and the current state of the technology
In the beginning, there was FireWall-1
Check Point today
Understanding the Check Point product lineup and coverage
Introducing the Unified Management concepts and the advantages of security product consolidation
Familiarization with the Security Management Architecture (SMART)
Determining how we learn
Navigating the Check Point User Center
Summary
Further reading
Chapter 2: Common Deployment Scenarios and Network Segmentation
Understanding your network topology
Common topology scenarios and exercises
Learning about network segmentation
User network segmentation
North-South and East-West
Protecting the core
Protecting the perimeter
Sizing appliances for new implementations and determining load on current systems
Summary
Further reading
Chapter 3: Building a Check Point Lab Environment – Part 1
Technical requirements
Lab topology and components
Lab topology
Lab components
Downloading the prerequisites
Downloading Oracle VirtualBox and the VirtualBox extension pack
Downloading the Windows Server ISO
Installing Oracle VirtualBox
Installing the VirtualBox extension pack
Deploying the VyOS router
Summary
Chapter 4: Building a Check Point Lab Environment – Part 2
Technical requirements
Creating a Windows base VM
Creating a Windows Server base VM in the GUI
Windows Server base image scripted
Finalizing the Windows Server base VM installation
Creating a Check Point base VM
Check Point base image scripted
Finalizing the Check Point base VM installation
Creating linked clones
Preparing cloned Windows hosts
Preparing cloned Check Point hosts
Summary
Part 2: Introduction to Gaia, Check Point Management Interfaces, Objects, and NAT
Chapter 5: Gaia OS, the First Time Configuration Wizard, and an Introduction to the Gaia Portal (WebUI)
Technical requirements
Learning about Gaia's roots – a historical note
Using the First Time Configuration Wizard
Using the FTW for the primary management server
First Time Configuration Wizard for gateways
First-time configuration using the CLI
Rerunning the FTW
Introduction to the Gaia Portal (WebUI)
Toolbar
Navigation tree
Widgets and status bar
Summary
Chapter 6: Check Point Gaia Command-Line Interface; Backup and Recovery Methods; CPUSE
Learning about the Check Point Gaia CLI
Introduction to Expert mode
Configuring Gaia using CLISH
Saving Gaia configuration, backups, snapshots, and migration tools
Gaia OS-level configuration backup
System backup
Snapshots
Server migration tools
Saving and loading the configuration
Saving the configuration to a file
Loading the configuration
Offline configuration editing and comparison
Using CPUSE
CPUSE in WebUI
CPUSE in the CLI
CPUSE in offline mode
Summary
Chapter 7: SmartConsole – Familiarization and Navigation
Technical requirements
Introduction to the SmartConsole application and Demo Mode
Installing the SmartConsole application
Initializing Demo Mode
SmartConsole components, capabilities, and navigation
Global toolbar
Session management toolbar
Objects bar and the Validations and Session panes
Logged-in administrator's pending changes or publish status
Management server(s) status and actions
Task information area
The WHAT'S NEW popup recall and management script CLI and API
Summary
Chapter 8: Introduction to Policies, Layers, and Rules
Access Control policies, layers, and rules
Policies
Layers
Rules
Packet flows and acceleration
Inspection chains
Content inspection
Best practices for Access Control rules
Threat prevention exemptions
Column-based matching
APCL/URLF layer structure
Actions and user interactions (UserCheck)
Content Awareness
Logs, tracking depth, and oddities
Oddities – CPEarlyDrop and insufficient data passed
Summary
Chapter 9: Working with Objects – ICA, SIC, Managed, Static, and Variable Objects
Working with objects
Object categories
Static and variable object categories
Introduction to Internal Certificate Authority and Secure Internal Communication
Internal Certificate Authority
Secure Internal Communication
Gateways and servers
Activation keys
Creating a gateway cluster
Anti-Spoofing
Creating networks and Host objects
Networks
Hosts
Variable objects
Dynamic objects
Zones (conditional)
Domains
Updatable objects
Access roles
Variable objects in DevOps and DevSecOps
Summary
Chapter 10: Working with Network Address Translation
The need for NAT
NAT policies, rules, and processing orders
Automatic NAT
Automatic static NAT
Automatic dynamic NAT
Preventing unnecessary NAT
When NAT is not enough
Many-to-less
Manual static NAT
NAT pools
Bells and whistles
NAT logging
Summary
Part 3: Introduction to Practical Administration for Achieving Common Objectives
Chapter 11: Building Your First Policy
Defining the access control policy structure
Creating rules for the firewall/networking layer
Defining hosts for broadcast addresses
Creating rules for DHCP traffic
Configuring rules for noise suppression
Configuring rules for core services
Configuring rules for privileged access
Rules that have corresponding entries with an empty threat prevention profile
Configuring internal access rules
Configuring DMZ access rules
Configuring rules for access to updatable objects
Configuring rules for probes
Non-optimized rules
Creating the APCL/URLF layer and rules
Enabling APCL/URLF in the properties of the cluster
Creating an outbound CA certificate for HTTPS inspection and enabling HTTPS Inspection in the properties of the cluster
Configuring the HTTPS Inspection policy
Distributing and installing the outbound CA and ICA certificates to the client machines
Changing the website categorization to Hold mode
Using Identity Awareness and access roles
Preparing Active Directory for integration with Identity Awareness
Enabling Identity Awareness and browser-based authentication
Creating and using access roles
Testing access role-based rules
Summary
Chapter 12: Configuring Site-to-Site and Remote Access VPNs
An introduction to site-to-site VPN capabilities
Configuring a remote gateway and creating its policy
Building a site-to-site VPN using gateways managed by the same management server
Star community – To center only
Star community – To center or through the center to other satellites, to Internet and other VPN targets
Changing portals’ URLs and renewing a gateway cluster certificate
An introduction to Check Point remote access VPN solutions
Configuring a remote access IPSec VPN
Cloning a policy
Creating local user templates, groups, users, and access roles
Configuring a gateway or cluster for remote access
Configuring global properties for remote access
Configuring a VPN community for remote access
Configuring access control policy rules for remote access
Configuring a DHCP server for a remote access Office Mode IP range
Preparing remote client
Testing a remote access VPN
Summary
Chapter 13: Introduction to Logging and SmartEvent
Logging into a single security domain
Configuring logging on gateways or clusters
Security management servers or log servers
Logging with management high availability or log servers
Strategies for the effective use of management high availability and log servers
Smart-1 Cloud
Introduction to SmartEvent
Initial configuration
Views
Events
Security incidents
Reports
Automatic reactions
Summary
Chapter 14: Working with ClusterXL High Availability
ClusterXL in HA mode
Virtual MAC
Cluster member priority
Network interfaces
Critical devices
Cluster Control Protocol, Full Sync, and routing synchronization
Cluster member states
Failover
Edge cases
Recovery
ClusterXL HA failover simulations
Manual failover test
Catastrophic failure and recovery simulation
Conclusion
Alternative preferred HA options
Summary
Chapter 15: Performing Basic Troubleshooting
Troubleshooting constraints and your actions
Typical issues and the tools to solve them
Troubleshooting prerequisites
Stability issue troubleshooting example
Troubleshooting intermittent issues
Troubleshooting connectivity issues
Service Requests – getting them right every time
TAC and JHFAs
Community resources and engagements
Postmortems and lessons learned
Summary
Appendix: Licensing
Licensing
Containers and blades
Licensing for gateways
Licensing for management servers
Central and local licenses
License activation
Offline activation
Licensing options for hardware appliances
Evaluation licenses for the lab
SmartUpdate and additional information
Other Books You May Enjoy
Preface
Check Point Firewall Administration R81.10+ was written to help security administrators develop the necessary skills for effective deployment and operation of Check Point firewalls or high-availability clusters to improve network segmentation, configure site-to-site or remote access VPNs, and implement airtight access control policies.
Who this book is for
This book is for those new to Check Point firewalls or those who are catching up to the current R81.10++ releases. Although intended for information/cybersecurity professionals with some experience in network or IT infrastructure security, it may also be helpful for IT professionals looking to shift their career focus to cybersecurity. Some familiarity with Linux and bash scripting is a plus.
It may also be useful for technical decision makers as a tool to take Check Point firewalls for a spin before committing resources to proof of concept or in anticipation of purchasing the product. Your security administrators will be better prepared for Proof of Concept (PoC) or implementation after reading it and building their own lab prior to undertaking formal training and certification.
What this book covers
Chapter 1, Introduction to Check Point Firewalls and Threat Prevention Products, covers the evolution of Check Point security products and capabilities, security management architecture, and the creation of a user account to access relevant software and information.
Chapter 2, Common Deployment Scenarios and Network Segmentation, looks at firewall placement in common network topologies, network segmentation, as well as performance and capacity assessments of existing firewalls.
Chapter 3, Building a Check Point Lab Environment – Part 1, delves into lab topology, components, software, and resources, as well as looking at the installation of Oracle VirtualBox, deployment, and describing a process configuration of a virtual router.
Chapter 4, Building a Check Point Lab Environment – Part 2, explains creating Windows Server and Check Point base images and creating and preparing linked clones for the rest of the lab components.
Chapter 5, Gaia OS, the First Time Configuration Wizard, and an Introduction to the Gaia Portal (WebUI), introduces Gaia, the operating system in use by Check Point management servers and gateways. This chapter also covers the First Time Configuration Wizard and Gaia web interface.
Chapter 6, Check Point Gaia Command-Line Interface; Backup and Recovery Methods; CPUSE, covers accessing and using the Check Point Gaia command-line interface and expert mode shells. Backup and recovery options and Check Point Update Service Engine are also covered.
Chapter 7, SmartConsole – Familiarization and Navigation, provides a detailed examination of SmartConsole features, components, and capabilities and teaches you being comfortable with the Check Point primary management interface.
Chapter 8, Introduction to Policies, Layers, and Rules, covers policy packages, blades (features) used in Access Control policies, and their use in layers. The chapter also looks at policy organization methods, rules’ structure and capabilities, and their placement based on the packet flows and use of acceleration technology.
Chapter 9, Working with Objects – ICA, SIC, Managed, Static, and Variable Objects, looks at the Internal Certificate Authority and Secure Internal Communication and how these factor into the creation of other Check Point managed objects. The chapter also looks at creating your first high-availability cluster and the rest of the objects for lab components, learning about different object types and their properties.
Chapter 10, Working with Network Address Translation, introduces network and port address translation using automatic and manual NAT options. The chapter goes on to look at the use of NAT in object properties, policies, and rules, and additional relevant configuration options, as well as NAT logging and interpretation of NAT log data.
Chapter 11, Building Your First Policy, defines policy structure while accounting for the most common scenarios likely to be encountered in any infrastructure. The creation of rules and, when necessary, additional objects is also covered, as is expanding a policy’s capabilities and granularity by enabling additional features, rules, and objects.
Chapter 12, Configuring Site-to-Site and Remote Access VPNs, looks at configuring VPNs for communication with peers, data, or service providers as well as implementing remote access capabilities using Check Point IPSec VPN features. The chapter also looks at utilizing Access Roles for granular remote access.
Chapter 13, Introduction to Logging and SmartEvent, explains how logging works in Check Point, and how to use different configuration options to best address your infrastructure's logging requirements. The chapter also introduces SmartEvent, which simplifies the work of Check Point administrators by providing enhanced views, reporting capabilities, and automated reactions.
Chapter 14, Working with ClusterXL High Availability, provides an explanation of the ClusterXL HA mechanism, operating a fault-tolerant cluster, and alternative Check Point offerings for high availability and load sharing.
Chapter 15, Performing Basic Troubleshooting, looks at troubleshooting constraints and your actions. The chapter introduces typical issue categories, approaches, and tools helpful for solving them. It also looks at initiating and handling service requests interaction with Check Point Technical Assistance Centers. The chapter goes on to detail resources available from, and interaction with, the CheckMates user community.
Appendix, Licensing, introduces Check Point licensing terminology, specific information for management servers and gateways, and licensing for a lab environment.
To get the most out of this book
You will need a Windows 10 or 11 PC with 24-32 GB of RAM and approximately 200 GB of free disk space to replicate the VirtualBox lab environment described in the book. If you are experienced in and prefer to use different virtualization platforms, adapt virtual hardware and networking requirements for the lab to a platform of your choice. All software required for the labs is available in free, trial, or evaluation versions. You will be required to register on some of the vendors’ portals for access to their products.
Additional software includes VirtualBox, PuTTY, WinSCP, and Notepad++ and you’ll be instructed to install them on relevant physical or virtual hosts throughout the book.
If you are using the digital version of this book, we advise you to type the code yourself or access the code from the book’s GitHub repository (a link is available in the next section). Doing so will help you avoid any potential errors related to the copying and pasting of code.
If you are using the digital version of this book, I suggest viewing it in two-page, side-by-side format. This will make it easier to process text referencing screenshots, commands, or code on adjacent pages. Alternatively, download the PDF with figures, referenced later in this document, and use it to look up information referenced in the text.
Download the example code files
You can download the example code files for this book from GitHub at https://github.com/PacktPublishing/Check-Point-Firewall-Administration-R81.10-. If there’s an update to the code, it will be updated in the GitHub repository.
Download the color images
We also provide a PDF file that has color images of the screenshots and diagrams used in this book. You can download it here: https://packt.link/ImE2Y.
Conventions used
There are a number of text conventions used throughout this book.
Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, CLI menu choices, commands, and user input. Here is an example: When logged in to CPCM1, execute the command, set expert-password.
A block of code or sequential uninterrupted commands is set as follows:
add host name host_test1 ip-address 10.0.0.111
add host name host_test2 ip-address 10.0.0.112
add host name host_test3 ip-address 10.0.0.113
When commands are shown in the context of a particular shell, are interactive, or are combined with step descriptions, they are shown like this:
# Step 1
show installer packages recommended
# Note the Display name of the package you are interested in.
# Step 2
show installer package
# [press spacebar and then press the Tab key]
# Note the Num(ber) corresponding to the Display name of the package from step 1.
Any command-line input or output is written as follows:
CPXXX> show date
Date 02/02/2022
CPXXX > show time
Time 18:19:17
$ cd css
Bold indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: Once the Plugins Admin window is opened, scroll down until you see Compare and check the checkbox.
Italics indicates either internal or external references, such as "In Chapter 7, SmartConsole – Familiarization and Navigation, we saw how to do that using the management CLI. It is also used to denote a specific keypress, such as
press Enter."
Additionally, italics are used to indicate an emphasis on specifics, such as in the following sentence: "Even though the domain objects are defined, created, and modified in SmartConsole, we must use associated CLI tools on the gateways where the policies containing these objects are installed, and not on the management server."
[#], [A], and [a] indicate the numerical or letter-based points of interest in figures (screenshots), typically referencing screenshots following the text, unless explicitly noted otherwise, as follows:
To illustrate how to create additional server objects (also referred to as a Check Point Host object), let’s click on the New icon [1] in the Actions menu of the GATEWAYS & SERVERS view, click More [2], and then click Check Point Host… [3]:
Sample image showing [] instances
Keywords are used whenever a new important term is used in the context of the chapter or a section, such as: Access roles are the ultimate tool for the implementation of the zero-trust concept in your environment.
Tips or Important Notes
Appear like this.
Get in touch
Feedback from our readers is always welcome.
General feedback: If you have questions about any aspect of this book, email us at customercare@packtpub.com and mention the book title in the subject of your message.
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.
Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at copyright@packt.com with a link to the material.
If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.
Legal disclaimer
This document was created using the official VMware icon and diagram library.
Copyright© 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at https://www.vmware.com/go/patents. VMware does not endorse or make any representations about third-party information included in this document, nor does the inclusion of any VMware icon or diagram in this document imply such an endorsement.
All copyrights are property of their respective owners including Check Point®
Share your thoughts
Once you’ve read Check Point Firewall Administration R81.10+, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.
Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.
Part 1: Introduction to Check Point, Network Topology, and Firewalls in Your Infrastructure and Lab
In this portion of the book, you will be introduced to Check Point products and, specifically, firewalls. We’ll look at them in the context of different infrastructure topologies and segments. You will create a realistic lab environment that will be used in subsequent chapters.
The following chapters will be covered in this section:
Chapter 1, Introduction to Check Point Firewalls and Threat Prevention Products
Chapter 2, Common Deployment Scenarios and Network Segmentation
Chapter 3, Building a Check Point Lab Environment – Part 1
Chapter 4, Building a Check Point Lab Environment – Part 2
Chapter 1: Introduction to Check Point Firewalls and Threat Prevention Products
In this chapter, we will learn about the past and the present of Check Point Software Technologies in the context of evolving cybersecurity challenges. We will become familiar with the three main product lines, their components, and their relevance to the threat prevention capabilities of Check Point firewalls. We will examine the flexibility and advantages of security management architecture, address the learning process, and go through the user and account creation process in preparation for the following chapters.
In this chapter, we are going to cover the following main topics:
Learning about Check Point's history and the current state of the technology
Understanding the Check Point product lineup and coverage
Introducing the Unified Management concepts and the advantages of security product consolidation
Familiarization with the Security Management Architecture (SMART)
Determining how we learn
Navigating the Check Point User Center
Technical requirements
For this chapter, we will need a web browser for access to the Check Point User Center and a smartphone running either iOS or Android, with an authentication manager application of your choice and a time-based, one-time password functionality, such as Google or Microsoft Authenticator, to enable second-factor authentication for access to the User Center.
Learning about Check Point's history and the current state of the technology
To get a sense of the product and the company behind it, it is good to have perspective. When were they founded? How long have they been in business? How consistent is their performance over time? What areas of cybersecurity is the company working in and how well are they rated? To find the answers to these questions, let's look at the past and the present of Check Point Software Technologies.
In the beginning, there was FireWall-1
In 1994, FireWall-1, released by Check Point Software Technologies, effectively launched the commercial firewall market and, according to Gartner, Check Point has been named a leader in the Network Firewalls category 21 times since.
The company received the following mention at the Cybersecurity Excellence Awards for 2016: "All of the US Fortune 100, and over 90% of the Fortune 500, rely on Check Point solutions to protect their networks and data." ¹
Shortly after launching FireWall-1, Check Point released VPN-1 for remote access and secure connectivity with peers and, over the years, continued to introduce additional components, enhancements, and new products. Since then, the cybersecurity arena has become saturated with many entrants bringing new products to the market. Throughout all of this time, Check Point's expanding product line, and especially their evolving management interface, has been recognized as the gold standard against which all competitors are measured.
Check Point firewalls were originally created to run on multiple operating systems and hardware, hence the name of the company, Check Point Software Technologies.
This is an important distinction when compared with the offerings provided by other vendors that were creating their solutions based on specialized ASICs (Application-Specific Integrated Circuits). When cloud computing ushered in a new era in information technology, Check Point was able to immediately offer the same degree of protection to cloud-based environments as was previously available to traditional infrastructures. Since Check Point enterprise firewalls were running on x86/x64 platforms, they did not require porting or emulation to do that.
Check Point today
Check Point's products are now deployed in 88 countries and more than 100,000 businesses. It has offices in 75 countries, over 3,500 security experts, and a world-acclaimed research and intelligence organization². Its firewall and threat prevention product line has offerings that cover an entire spectrum of clients; from small offices to enterprises, carrier networks, government agencies, and industrial control systems. They are available in the largest number of cloud services, including Amazon AWS, Microsoft Azure, Oracle Cloud, Google Cloud services, Alibaba Cloud, and IBM Cloud.
Check Point Software Technologies was recognized as a Microsoft Security 20/20 Partner Award Winner for Most Prolific Integration Partner in 2020, and for Most Transformative Integration Partner in 2021³.
By protecting networks, hosts, data, workloads on hypervisors, containers, and microservices from advanced threats while using unified management architecture, Check Point remains at the forefront of cybersecurity. It has grown organically and, through judicious acquisitions and integration of complementary products over the years, and is now the largest publicly traded cybersecurity company in Israel, a nation known worldwide for its remarkably strong information security and intelligence capabilities.
With an unparalleled commitment to product evolution and quality, its ever-growing list of partners, dedicated support for automation, and orchestration for organizations adopting DevSecOps practices, it is the best choice for anyone looking to embark on their journey of becoming a member of the cyber defense elite.
Now that we've learned a little about the company's history, let's take a look at Check Point's product line.
Understanding the Check Point product lineup and coverage
The scope of Check Point offerings could be better understood when looking at the following chart depicting the three main branches of products:
Figure 1.1 – Check Point unified security architecture componentsFigure 1.1 – Check Point unified security architecture components
The Quantum branch is primarily concerned with hardware appliances, but it does include Check Point's own cloud-hosted scalable management solution (Quantum Smart-1 Cloud).
The small business appliances in the Quantum branch are running an embedded version of Check Point's firewall. They are different from the rest of the lineup in that category, but they, too, could be managed from the same centralized management solutions as the rest.
The CloudGuard branch, while primarily concerned with cloud-based solutions, includes those for the on-premises virtualization environments, such as VMware vSphere, Microsoft Hyper-V, and Nutanix. Additionally, the management servers deployed in the cloud as VMs are also considered to be part of the CloudGuard product line.
The Harmony branch contains solutions necessary to safeguard endpoints inside, as well as outside, of your organization (including BYOD and mobile devices) and to provide your users with multiple choices for secure remote connectivity.
Now that we have learned about the scope of Check Point products, let's take a look at the benefits of having a single vendor solution protecting your infrastructure and data.
Introducing the Unified Management concepts and the advantages of security product consolidation
Historically, security-conscious enterprises were practicing defense-in-depth by layering and combining multiple solutions in the hope of preventing systems and network compromise. While this approach was viable 10 years ago, it is getting progressively more difficult to maintain it.
Let's look at the evolution of the threats over time to get a better idea of why this is so by using the following diagram:
Figure 1.2 – Attack generations and types, escalation, and the response over timeFigure 1.2 – Attack generations and types, escalation, and the response over time
In addition to the complexity and advances of the attacks, the numbers of bad actors, as well as the number of different attacks, are increasing exponentially. The field of offensive cybersecurity is attracting an ever-increasing number of people, not all of them ethical hackers. This contributes to the snowballing effect and the number of compromised systems, networks, and companies. The latest batch of attacks focusing on the supply chain is yet another manifestation of this trend.
The sheer number of cybersecurity vendors and point solutions, each trying to address different problem areas, makes it a virtual impossibility for smaller teams to manage them effectively. It takes years to gain proficiency with a single product, let alone multiple ones. Add to this the rapid development cycles of each vendor trying to keep up with evolving capabilities of cybercriminals and offerings by competition, and you will have to spend most of your time learning about new features and changes in all of these products, while at the same time fighting compatibility issues.
For a while, the combination of Security Information and Event Management (SIEM) solutions as hubs for the consolidation of logs, their correlation, and Security Orchestration Automation and Response (SOAR) actions based on pre-defined conditions looked like a possible solution to this problem. However, these options failed to address the multi-vendor cost of human capital, further complicating the operations of smaller security teams. They are now primarily relegated to larger enterprises, carrier networks, and Managed Security Services Providers (MSSPs) that can afford to