|
"C-shell" (/bin/csh), 694
CA. see Certificate authorities (CAs)
Cable, failover, 388–389
Cable pinouts
Ethernet, 380
failover, 389
Cables, securing, 47
Cabling, troubleshooting, 378–381
Cache Array Routing Protocol (CARP), 968–969
Cache configuration, ISA Server, 970–973
Caching problems, 1019–1020
Cain & Abel password breaker, 262
Capabilities and features, 370, 408
Capacity, increasing, 714–715
capture command (PIX firewalls), 266
Capturing traffic
description, 404–405
displaying traffic, 405–406
downloading traffic, 406–407
support options, 407–408
Cards, networking, 800
CARP (Cache Array Routing Protocol), 968–969
Categories of firewalls, 55–57
CCO (Cisco Connection Online), 407
CD, installing from, 435–444, 460–465
Central licensing, 522
Certificate, self-signed, 671–672
Certificate authorities (CAs)
description, 582
encryption, 582
initialization, 450–452, 471–473, 633–636
objects, 512
Certificate servers
enterprise root, 942–944
publishing, 1100–1102
stand-alone root, 935–942
Certificates, Web site, 944–947
Certification, Common Criteria EAL4, 243
CGI scripts with fwlogwatch tool, 202–205
Chains, user-defined, 139
Chains and tables (Linux), 138
Challenge-Handshake Authentication Protocol (CHAP), 363
Check Point High Availability (CPHA) module
description, 556
enabling, 556–559
failover, 559–560
firewall synchronization, 560–562
NG FP2/FP3 difference, 754
Check Point software
encryption algorithms, 580
objects, managing, 492
options for Nokia Security Platform (NSP), 618–619
Performance Pack, 801
reason for deploying, 530
Security Policy, 530
workstation objects, 495
see also Check Point High Availability (CPHA) module; ClusterXL; Configuration of FireWall-1; FireWall-1 (Check Point); Objects, managing; Rules
checksum command (PIX firewalls), 265
CIR (Committed Information Rate), 514
Cisco
Internetworking Operating System (IOS), 243, 612
IP Phones, 347
IP/TV, 326
see also PIX firewalls
Cisco Connection Online (CCO), 407
CiscoWorks management tool, 242
Clean-up rule, 545
CLI. see Command-line interface (CLI) for PIX firewalls
CLI Reference Guide, 654
Client connection problems, 1017–1019
Client performance problems, 1015–1016
Client-to-site VPNs, 582
Clients
DHCP, 342–343
FireWall-1 management, 492, 631–632
Firewall Service, 838–839
ISA Server, 838–842
Microsoft Outlook, 321, 1165
redirection of, 311
SecuRemote, 596–599
CLISH (Command Line Interface Shell) tool, 654, 696
Closed systems, 6
Cluster solutions
connections, increasing, 802–807
HA performance tuning, 799–807
hubs or network switches, 719
load-sharing or high availability, 715, 727
management station, 716–719
Network Address Translation (NAT), 719–720, 755–758, 767, 787–788
operating systems, 715
reasons for clusters, 714–683
remote authentication servers, 721
security servers, 720
single gateways or clusters, 719
stateful inspection, 715
stickiness, 716
third-party, 722, 799
throughput, improving, 800–802
throughput versus connections, 799–800
virtual private networks (VPNs), 721
see also Clusters with Nokia; ClusterXL (Check Point)
Clusters with Nokia
Address Resolution Protocol (ARP), 788
cluster object topology, 788
configuration steps, 768–769
configuration with Voyager, 774–778
description, 784–786
failover, 786–787
FireWall-1, configuration of, 769–770
gateway cluster object, configuring, 770–774
gateway cluster object, creating, 729–739
Network Address Translation (NAT), 787–788
testing, 778–784
topology, configuring, 772
see also Cluster solutions
ClusterXL (Check Point)
command-line diagnostic tools (HA New mode), 745–748
command-line diagnostic tools (load-sharing mode), 761–764
configuration in ClusterXL HA New mode, 729–743
configuration in HA Legacy mode, 717, 758
configuration in load-sharing mode, 759
failover in HA New mode, 749–755
HA New mode, 727–728, 748–749
load-sharing mode, 764–767
modes, 727
monitoring and manipulating, 745–747
Network Address Translation (NAT), 755–758, 767
packet structure, 766
requirements, 727–728
SmartView Status GUI, 744
testing in HA New mode, 743–748
testing in load-sharing mode, 759–764
trust state, 731–732
user authentication, 767
see also Cluster solutions
Code, filtering, 339–341
Code Red worm, 6
Command-line diagnostic tools
ClusterXL in HA New mode, 745–748
ClusterXL in load-sharing mode, 761–764
VRRP, 796
Command-line interface (CLI) for IPSO
CLI Reference Guide, 654
installing packages, 686–687
Command-line interface (CLI) for PIX firewalls
administrative access modes, 265–267
commands, basic, 267–270
commands, management, 271–273
configuring interfaces, 268–269
default configurations, 264
password configuration, 270
static routes, 269–270
Command Line Interface Shell (CLISH) tool, 654, 696
Commands, emacs-style, 267
Committed Information Rate (CIR), 514
Common Criteria EAL4 certification, 243
Communication handshake, 243
Component options for firewall hosts, 429–432
conduit command (PIX firewalls), 246, 292–294
Conduits, 294, 305–307, 312, 394
Conectiva Linux, 1210
conf directory, 622
Confidentiality, 7
/config/active file, 656
Configuration of FireWall-1
address range for rule base, 502
administrators, 629–631
certificate authorities (CAs), initialization of, 633–636
certificate authority object, 512
configuration file, 544
configuration screens, returning to, 636–637
cpconfig tool, 626–628
DCE-RPC service object, 509
domain objects, 497–498
dynamic objects, 503–504
enabling on NSP, 621–623
environment and path variables on NSP, 622
FireWall-1 directories on NSP, 622–624
gateway clusters, 503
group objects, 508–509
groups of objects, 514
GUI client access, testing of, 638–641
ICMP service object, 507–508
implied rules, 518–519
InitialPolicy script, effect of, 636
InitialPolicy script, unloading, 625–626
installation on NSP, 620–621
internal users, 513
IP forwarding, 623–625
LDAP account unit, 512
licenses, 628–629
logical server group, 501–502
management clients, 631–632
network objects, 496–497
Nokia Security Platform (NSP), 620
Open Security Extension (OSE) objects, 498–499
policies, 623–625
policy, pushing and fetching, 641–644
RADIUS server objects, 510–511
Random Pool, 633
remote procedure call (RPC), 506–507
scheduled events, 514
SecuRemote DNS internal servers, 513
SMTP resource objects, 510
SYNDefender, 519–520
TACACS servers, 511
TCP service object, 505
time objects, 513–514
UDP service object, 506
URI for QoS objects, 510
user-defined services object, 508
Virtual Links, 514–515
VPN-1 directories on NSP, 622
workstation objects, 494–496
Configuration of Linux kernel, 137
Configuration of Nokia Security Platform (NSP)
host name, 618
licenses, obtaining, 617
options, 618–620
preparation, 616–617
Configuration of PIX firewalls
access lists, 284–290, 293, 302–305
complex example, 301
default, 264
dynamic translation, 278–282
ICMP-type object groups, 298
identity NAT, 282–283
interfaces, 268–269, 302
managing, 271–273
network object groups, 298–299
passwords, 270
protocol object groups, 299
service object groups, 299–301
static translation, 292–293
Configuration of VPN, multiple-entry-point (MEP)
description, 567–568
gateway configuration, 571–572
network object, 569
overlapping VPN domains, 568–570, 572–574
synchronization not available, 561
Configuration of VPN, single-entry-point (SEP)
description, 562
gateway configuration, 563–567
gateway objects, 583
network object, 564
policy configuration, 567
Configuration of VPN-1/FireWall-1 NG
on Nokia, 487–488
on Solaris, 465–466, 475–476
on Windows, 444, 453–455
configure command (PIX firewalls), 266, 272
ConnectControl panel (FireWall-1), 521
Connected routes, 353–355
Connection dropped, 1014
Connections
assessing, 39
inbound and outbound, 246
increasing, 802–807
maximum number of, 243
Connectivity, troubleshooting, 175, 381–382
Console ports, 257–259
Control commands (PIX firewalls), 267
Control connections in FTP, 314
Controls, security, 533
copy command (PIX firewalls), 266, 271–272
Costs, maintenance, 243
Counters, ISA Server performance, 949–958
Counters for errors, 377–378
cpconfig command (CPHA), 557–559
cpconfig tool, 626–628
$CPDIR variable, 430–431
CPHA. see Check Point High Availability (CPHA) module
cphaprob diagnostic tool, 559–560, 745–747, 762
cplic command (FireWall-1), 645
cpstat ha diagnostic tool, 747–748, 762–764
cpstop and cpstart commands (FireWall-1), 620, 645
CRL grace periods, 520
cron scheduler, 174, 205–206, 625–626, 638, 708–710
CU-SeeMe, 330
curpriv command (PIX firewalls), 265
Customization, ISA Server
administration scripts, 975–977
application filters, 977–978
Software Developer's Kit (SDK), 975
third-party add-on tools, 978–980
CVS versioning system, 1226
|