Using SmartDefense

In earlier versions of VPN-1/FireWall-1, configuring the features now available in SmartDefense was a complicated process, involving manual editing of text configuration files and in-depth knowledge of how each protective measured worked. Thankfully, Check Point has now put all these features into an easy-to-understand component of the SmartDashboard that is much easier to configure.

All SmartDefense options are accessible under the SmartDefense tab in SmartDashboard, as shown in Figure 13.1.

Figure 13.1: The SmartDefense Tab

The initial SmartDefense screen includes links to update SmartDefense, which will be discussed later on, and allows you to enable the option of having SmartDefense automatically check for updates on startup. There are also links to the SmartDefense logs in SmartView Tracker, which tracks all traffic flowing through the firewall.

Choose Anti Spoofing Configuration Status to see a report of any interfaces on the firewall for which you have not enabled antispoofing, as shown in Figure 13.2. It is important to enable antispoofing for all interfaces; otherwise , your hosts are susceptible to spoofing attacks, in which the attacker is able to trick the firewall into perceiving the attacker s IP address as one that is allowed to inside hosts .

Figure 13.2: The Anti-Spoofing Configuration Status Window

You configure antispoofing by opening the properties of your firewall object, choosing the Topology tab, and ensuring that each interface is either set to External or Internal but not Not Defined , as in Figure 13.3.

Figure 13.3: Topology Configuration

Let s now examine in further detail the additional components of SmartDefense that are geared toward protecting your network from specific types of threats.