Main Page

"When it comes to security products and technologies, experience is far and away the best teacher. PhoneBoy has been installing, running, and supporting Check Point FireWall-1 for years , and his experience shows in this book. Save yourself the pain of learning from your own mistakes-let PhoneBoy show you the right way to manage your FireWall-1 NG infrastructure."
-Tina Bird, Computer Security Officer, Stanford University

"Dameon has taken his original definitive guide and updated it thoroughly for NG. No other book is informed by his depth of experience with Check Point. Accept no substitutes!"
-Matthew Gast, author of 802.11 Wireless Networks: The Definitive Guide

"PhoneBoy is the de facto expert on this product, and people have been clamoring for an NG book from him since he published the first one. No one can compete with him."
-Valerie M. Leveille, Professional Educator

"Dameon is the foremost authority on FireWall-1. He has the knowledge to give details of FireWall-1 functionality that no other reference on this topic can."
-Paul Keser, Senior Network Security Engineer, Raytheon ITSS/NASA Ames Research Center

"This book is the Swiss army knife solution for Check Point FireWall-1 NG."
-Thomas Warfield, TNT-OK.com

Now there's a definitive insider's guide to planning, installing, configuring, and maintaining the newest version of the world's #1 firewall: Check Point FireWall-1(R) Next Generation . Leading Check Point support authority Dameon Welch-Abernathy (a.k.a. PhoneBoy) offers exclusive hands-on tips, techniques, checklists, and detailed sample configurations you can use right now to improve reliability, efficiency, and manageability in your Check Point environment.

The author's previous Check Point FireWall-1 guide became an instant bestseller, earning the praise of security professionals worldwide. This new book has been thoroughly revamped to reflect Check Point FireWall-1 NG's powerful new features, and it includes even more expert solutions from PhoneBoy's FireWall-1 FAQ, the Web's #1 independent Check Point support site. Whether you're a security/network architect, administrator, or manager, you'll find it indispensable .

Whether you're running FireWall-1 NG on UNIX or Windows platforms, this book brings together expert guidance for virtually every challenge you'll face: building your rulebase, logging and alerting, remote management, user authentication, inbound/outbound content restriction, managing NAT environments, building site-to-site VPNs with SecuRemote, even INSPECT programming. Welch-Abernathy also covers high availability in detail, identifying proven solutions for the challenges of implementing multiple firewalls in parallel.

	Table of Contents

Essential Check Point FireWall-1 NG: An Installation, Configuration, and Troubleshooting Guide
By Dameon D. Welch-Abernathy
Publisher	: Addison Wesley
Pub Date	: January 21, 2004
ISBN	: 0-321-18061-5
Pages	: 656

		Copyright
		Frequently Asked Questions
		Preface
			How This Book Came to Be
			What This Book Is and Is Not
			Conventions
			Acknowledgments
		Chapter 1.  Introduction to Firewalls
			What Is a Firewall?
			What a Firewall Cannot Do
			An Overview of Firewall Security Technologies
			What Kind of Firewall Is FireWall-1?
			Do You Really Need FireWall-1?
			More Information
		Chapter 2.  Planning Your FireWall-1 Installation
			Network Topology
			Developing a Site-Wide Security Policy
			Fun with Check Point Licensing
			Summary
		Chapter 3.  Installing FireWall-1
			Selecting an Operating System
			Installing the Operating System
			Beginning the FireWall-1 Installation
			Upgrading from FireWall-1 4.1
			Summary
		Chapter 4.  Building Your Rulebase
			The Management GUIs
			The Rulebase Components
			The Rulebase
			Making Your First Rulebase
			Frequently Asked Questions
			Troubleshooting
			Summary
		Chapter 5.  Logging and Alerting
			SmartView Status
			SmartView Tracker
			Alerts
			Log Maintenance
			Summary
		Chapter 6.  Common Issues
			Common Configuration Questions
			Common Error Messages in the System Log
			Service-Related Questions
			Problems with Stateful Inspection of TCP Connections
			Problems with FTP
			Problems That Aren't the Firewall's Fault
			Summary
		Chapter 7.  Remote Management
			The Components
			Secure Internal Communication
			Special Remote Management Conditions
			What You Can Do with Remote Management
			Moving Management Modules
			Highly Availabile Management Modules
			Troubleshooting Remote Management Issues
			Large-Scale Management Issues
			Summary
		Chapter 8.  User Authentication
			Passwords
			How Users Authenticate
			Setting Up Authentication
			Setting Up User Authentication
			Setting Up Session Authentication
			Setting Up Client Authentication
			Integrating External Authentication Servers
			Clientless VPN
			Frequently Asked Questions
			Troubleshooting Authentication Problems
			Summary
			Sample Configurations
		Chapter 9.  Content Security
			The Security Servers
			The HTTP Security Server
			The FTP Security Server
			The SMTP Security Server
			The TCP Security Server
			General Questions about the Security Servers
			Debugging the Security Servers
			Summary
			Sample Configurations
		Chapter 10.  Network Address Translation
			Introduction to Address Translation
			RFC1918 and Link-Local Addresses
			How NAT Works in FireWall-1
			Implementing NAT : A Step-by-Step Example
			Limitations of NAT
			Troubleshooting NAT with a Packet Sniffer
			Summary
			Sample Configurations
		Chapter 11.  Site-to-Site VPN
			Introduction to a VPN
			A Word about Licensing
			FWZ, IPSec, and IKE
			How to Configure Encryption
			Frequently Asked Questions about VPNs in FireWall-1
			Troubleshooting VPN Problems
			Summary
			Sample Configurations
		Chapter 12.  SecuRemote and SecureClient
			Introduction to SecuRemote and SecureClient
			A Word about Licensing
			Configuring SecuRemote on FireWall-1
			Office Mode
			Microsoft L2TP Clients
			High-Availability and Multiple Entry Point Configurations
			Microsoft Networking and SecureClient
			SecureClient Packaging Tool
			Frequently Asked Questions
			Troubleshooting
			Summary
			Sample Configurations
		Chapter 13.  High Availability
			State Synchronization's Role in High Availability
			Implementing High Availability
			Frequently Asked Questions Regarding State Synchronization
			Error Messages That Occur with ClusterXL or State Synchronization
			Summary
		Chapter 14.  INSPECT
			What Is INSPECT?
			Basic INSPECT Syntax
			How Your Rulebase Is Converted to INSPECT
			Sample INSPECT Code
			Summary
		Appendix A.  Securing Your Bastion Host
			Securing Solaris
			Securing Windows NT
			Securing Windows 2000
			Securing Linux
		Appendix B.  Sample Acceptable Usage Policy
		Appendix C.  firewall-1.conf File for Use with OpenLDAP v1
		Appendix D.  firewall-1.schema File for Use with OpenLDAP v2
		Appendix E.  Performance Tuning
			Number of Entries Permitted in Tables
			Memory Used for State Tables
			Tweaks for Specific Operating Systems
		Appendix F.  Sample defaultfilter.pf File
		Appendix G.  Other Resources
			Internet Resources
			Software
		Appendix H.  Further Reading