List of Figures


Chapter 1: Introduction to Check Point Next Generation with Application Intelligence

Figure 1.1: NG AI Security Dashboard
Figure 1.2: FloodGate-1 Policy
Figure 1.3: Distributed Client/Server Architecture
Figure 1.4: SecureUpdate Products Tab
Figure 1.5: SmartDashboard
Figure 1.6: Visual Policy Editor Showing Rule
Figure 1.7: FireWall-1 Data Flow and Inspection Engine Detail

Chapter 2: Installing and Configuring VPN-1/FireWall-1 Next Generation with Application Intelligence

Figure 2.1: Check Points User Center
Figure 2.2: Enable IP Forwarding in WinNT 4.0
Figure 2.3: Welcome Screen
Figure 2.4: License Agreement
Figure 2.5: Product Menu
Figure 2.6: Server/Gateway Components
Figure 2.7: Selected Products
Figure 2.8: Progress Window
Figure 2.9: VPN-1 & FireWall-1 Installation
Figure 2.10: VPN-1 & FireWall-1 Product Specification
Figure 2.11: Choose Destination Location
Figure 2.12: Copying Files
Figure 2.13: Setup Information
Figure 2.14: Management Client Location
Figure 2.15: Select Management Clients to Install
Figure 2.16: Management Clients Copying Files
Figure 2.17: Desktop Shortcuts
Figure 2.18: Management Client Setup Finished
Figure 2.19: Licenses
Figure 2.20: Adding a License
Figure 2.21: License Added Successfully
Figure 2.22: Configuring Administrators
Figure 2.23: Adding an Administrator
Figure 2.24: Administrators
Figure 2.25: Adding GUI Clients
Figure 2.26: GUI Clients Added
Figure 2.27: Key Hit Session
Figure 2.28: Certificate Authority Initialization
Figure 2.29: CA Initialized Successfully
Figure 2.30: Management Server Fingerprint
Figure 2.31: NG AI Configuration Complete
Figure 2.32: Reboot Computer
Figure 2.33: Check Point Configuration Tool
Figure 2.34: Enforcement Module Configuration Tool
Figure 2.35: Secure Internal Communication
Figure 2.36: High Availability
Figure 2.37: Add/Remove Check Point VPN-1/FireWall-1 4.1 Backward Compatibility
Figure 2.38: Add/Remove Check Point VPN-1/FireWall-1 NG AI
Figure 2.39: Check Point Warning
Figure 2.40: Stopping Services
Figure 2.41: Removing VPN-1/FireWall-1 Files
Figure 2.42: VPN-1/FireWall-1 Uninstall Complete
Figure 2.43: Add/Remove Check Point SVN Foundation NG AI
Figure 2.44: SVN Foundation Maintenance Complete
Figure 2.45: Add/Remove Management Clients NG
Figure 2.46: Maintenance Finished
Figure 2.47: UnixInstallScript
Figure 2.48: Welcome to Check Point NG
Figure 2.49: License Agreement
Figure 2.50: Select Installation
Figure 2.51: Select Products to Install
Figure 2.52: Choose the Type of Installation
Figure 2.53: Validation Screen
Figure 2.54: Installation Progress
Figure 2.55: SecureXL Acceleration
Figure 2.56: Random Pool
Figure 2.57: Configuring Certificate Authority
Figure 2.58: Installation Complete
Figure 2.59: Environment Variables
Figure 2.60: cpconfig
Figure 2.61: Secure Internal Communication Configuration
Figure 2.62: High Availability Configuration
Figure 2.63: Package Removal Choices
Figure 2.64: Uninstall of VPN-1/FireWall-1
Figure 2.65: Uninstall of VPN-1/FireWall-1 Continued
Figure 2.66: Management Clients Package Removal
Figure 2.67: Nokias Voyager GUI
Figure 2.68: cpconfig on Nokia
Figure 2.69: Managing Installed Packages
Figure 2.70: Check Points SecurePlatform GUI

Chapter 3: Using the Graphical Interface

Figure 3.1: SmartDashboard
Figure 3.2: View Selection
Figure 3.3: Topology Map
Figure 3.4: Network Objects Manager
Figure 3.5: Check Point Gateway Properties, General Properties Window
Figure 3.6: Node Properties
Figure 3.7: Network Properties: General Window
Figure 3.8: Domain Properties
Figure 3.9: OSE Device: General Window
Figure 3.10: Cisco OSE Setup Window
Figure 3.11: Interoperable Device General Properties
Figure 3.12: Group Properties
Figure 3.13: Logical Server Properties Window
Figure 3.14: Address Range Properties Window
Figure 3.15: Gateway ClusterGeneral Panel
Figure 3.16: Dynamic Object Properties Window
Figure 3.17: TCP Service Properties
Figure 3.18: Advanced TCP Service Properties
Figure 3.19: Advanced UDP Service Properties
Figure 3.20: RPC Service Properties
Figure 3.21: ICMP Service Properties
Figure 3.22: User-Defined Service PropertiesGeneral Panel
Figure 3.23: Group Properties
Figure 3.24: DCE-RPC Properties
Figure 3.25: RADIUS Server Properties
Figure 3.26: TACACS Server Properties
Figure 3.27: LDAP Account Unit Properties
Figure 3.28: Time ObjectDays Panel
Figure 3.29: Virtual Link PropertiesSLA Parameters
Figure 3.30: New Rule
Figure 3.31: Add Object
Figure 3.32: Global Properties
Figure 3.33: Implied Rules
Figure 3.34: SmartUpdate GUI
Figure 3.35: Adding a License
Figure 3.36: License RepositoryView All Licenses
Figure 3.37: Expired Licenses
Figure 3.38: Check Point SmartView Tracker
Figure 3.39: Column Options Window
Figure 3.40: System Status GUI

Chapter 4: Creating a Security Policy

Figure 4.1: Steps to Writing a Security Policy
Figure 4.2: Boot Security
Figure 4.3: Global Properties Implied Rules
Figure 4.4: New Security Policy Dialog
Figure 4.5: Workstation Properties with Check Point Products Installed
Figure 4.6: Topology Window
Figure 4.7: Topology Definition
Figure 4.8: Connection Persistence Options
Figure 4.9: The Cleanup Rule
Figure 4.10: The Stealth Rule
Figure 4.11: Rule Base from Security Policy
Figure 4.12: Context Menu for Manipulating Rules
Figure 4.13: Disabled Rule
Figure 4.14: Hidden Rules
Figure 4.15: Hidden Rules Options
Figure 4.16: Policy with Section Titles
Figure 4.17: Install Policy Progress Window

Chapter 5: Applying Network Address Translation

Figure 5.1: Address Translation Tab
Figure 5.2: Completed NAT Rule
Figure 5.3: Rule to Allow Outbound Traffic
Figure 5.4: Static Source Rule
Figure 5.5: Web Server External Object
Figure 5.6: Outbound Rule for Web Server
Figure 5.7: Static Destination Rule
Figure 5.8: Rules for Incoming Traffic to Web Server
Figure 5.9: NAT Tab of Network Object
Figure 5.10: NAT Rule Base with Generated Rules
Figure 5.11: NAT Tab of Web Server
Figure 5.12: Generated Address Translation Rules
Figure 5.13: NAT Global Properties

Chapter 6: Authenticating Users

Figure 6.1: Firewall Object Authentication Tab
Figure 6.2: RADIUS Server Configuration
Figure 6.3: TACACS Server Configuration
Figure 6.4: User Template General Properties
Figure 6.5: User Personal Properties
Figure 6.6: User Location Tab
Figure 6.7: User Time Tab
Figure 6.8: User Encryption Tab
Figure 6.9: Group Properties
Figure 6.10: User Access
Figure 6.11: User Authentication Rule
Figure 6.12: User Authentication Action Properties
Figure 6.13: Firewall Object Authentication Tab
Figure 6.14: Client Authentication Rule
Figure 6.15: Client Authentication Action Properties
Figure 6.16: Session Authentication Rule
Figure 6.17: Session Authentication Action Properties
Figure 6.18: LDAP Account Unit Properties
Figure 6.19: LDAP Server Properties
Figure 6.20: LDAP Properties

Chapter 7: Open Security (OPSEC) and Content Filtering

Figure 7.1: OPSEC Application PropertiesGeneral Tab
Figure 7.2: OPSEC Application PropertiesCVP Options Tab
Figure 7.3: FTP Resource PropertiesCVP Tab
Figure 7.4: Service with Resource Window
Figure 7.5: Security Policy Rule Using Resource
Figure 7.6: CVP Group Properties
Figure 7.7: UFP Server ObjectGeneral Tab
Figure 7.8: UFP Server ObjectUFP Options Tab
Figure 7.9: URI Resource PropertiesGeneral Tab
Figure 7.10: UFP Options for URI Resources
Figure 7.11: Security Policy Rule Using UFP Server in URI Resource
Figure 7.12: AMON Application PropertiesGeneral Tab
Figure 7.13: OPSEC Application PropertiesAMON Options Tab
Figure 7.14: URI Resource PropertiesAction Tab
Figure 7.15: URI Resource PropertiesGeneral Tab
Figure 7.16: URI File Configuration
Figure 7.17: URI Wildcard Resource General Tab
Figure 7.18: URI Wildcards Match Specification
Figure 7.19: URI Wildcards SOAP Specification
Figure 7.20: SMTP Resource PropertiesGeneral Tab
Figure 7.21: SMTP Resource PropertiesMatch Tab
Figure 7.22: SMTP Resource Action Tab Showing Address Rewrite
Figure 7.23: SMTP Resource PropertiesAction2 Tab
Figure 7.24: SMTP Resource PropertiesCVP Tab
Figure 7.25: FTP Resource PropertiesGeneral Tab
Figure 7.26: FTP Resource PropertiesMatch Tab
Figure 7.27: FTP Resource PropertiesCVP Tab
Figure 7.28: TCP Resource PropertiesGeneral Tab
Figure 7.29: TCP Resource PropertiesUFP Tab
Figure 7.30: TCP Resource PropertiesCVP Tab
Figure 7.31: CIFS Resource PropertiesGeneral Tab

Chapter 8: Managing Policies and Logs

Figure 8.1: Global Properties
Figure 8.2: Log and Alert Global Properties
Figure 8.3: A Bad Example
Figure 8.4: Logs and Optimum Rule Placement
Figure 8.5: Rules That Perform Accounting
Figure 8.6: SVN Foundation Details
Figure 8.7: Viewing the Keep Attribute for Tables
Figure 8.8: SmartUpdate Utility
Figure 8.9: Introduction to dbedit
Figure 8.10: The Policy Installation Process
Figure 8.11: The Block Intruder Dialog Box
Figure 8.12: Setting Firewall Logging Policy
Figure 8.13: Process ID Mapping in SecurePlatform

Chapter 9: Tracking and Alerts

Figure 9.1: Log and Alert Main Menu
Figure 9.2: Alert Commands Sub-Menu
Figure 9.3: Alert Context Menu
Figure 9.4: Alerting in Use
Figure 9.7: Active ConnectionsConnection ID
Figure 9.8: Specify the Connection ID
Figure 9.9: Clear Blocking Confirmation

Chapter 10: Configuring Virtual Private Networks

Figure 10.1: VPN Configuration Method
Figure 10.2: The IKE Properties Dialog Box
Figure 10.3: VPN Domain Configuration
Figure 10.4: Shared Secret Configuration
Figure 10.5: IKE Encryption Rules
Figure 10.6: IKE Properties Dialog Box
Figure 10.7: Star VPN Community Properties
Figure 10.8: VPN Properties
Figure 10.9: Advanced VPN Properties
Figure 10.10: VPN Match Conditions
Figure 10.11: VPN Community Encryption Rules
Figure 10.12: SmartView Tracker Entries Showing Encrypts, Decrypts, and Key Exchanges
Figure 10.13: Address Translation Disabled Between VPN Domains with Manual Rules
Figure 10.14: Remote Access Window from Policy Global Properties
Figure 10.15: IKE Phase 2 Properties
Figure 10.16: SecuRemote Client Encrypt Rule
Figure 10.17: SecuRemote Client Encrypt Rule
Figure 10.18: Client Encrypt Properties
Figure 10.19: SecuRemote Desktop Security Prompt During Installation
Figure 10.20: SecuRemote Adapter Configuration Screen During Installation
Figure 10.21: Creating a New Site
Figure 10.22: SecuRemote Authentication Window
Figure 10.23: SecuRemote Connection Window

Chapter 11: Securing Remote Clients

Figure 11.1: Check Point Policy Server Installation
Figure 11.2: General Firewall Properties
Figure 11.3: Authentication Firewall Properties
Figure 11.4: Desktop Security Rulebase
Figure 11.5: Remote Access Global Properties
Figure 11.6: Remote Access VPN Basic Global Properties
Figure 11.7: Remote Access VPN Basic Global Properties
Figure 11.8: Remote Access Certificates Global Properties
Figure 11.9: Remote Access SCV Global Properties
Figure 11.10: Remote Access Early Versions Compatibility Global Properties
Figure 11.11: Client Encrypt Rule
Figure 11.12: User Encryption Action Properties
Figure 11.13: Previous Version Screen
Figure 11.14: SecureClient
Figure 11.15: Network Adapters
Figure 11.16: Packaging Tool Login
Figure 11.17: List of Profiles
Figure 11.18: General Properties
Figure 11.19: Client Mode Configuration
Figure 11.20: SecureClient Configuration
Figure 11.21: Additional Information
Figure 11.22: Topology Information
Figure 11.23: Certificate Information
Figure 11.24: Silent Installation
Figure 11.25: Installation Options
Figure 11.26: Operating System Logon
Figure 11.27: Finish

Chapter 12: Advanced VPN Configurations

Figure 12.1: Highly Available Cluster using Legacy Mode
Figure 12.2: Other HA and Load Sharing Cluster Configurations
Figure 12.3: Add Synchronization Network
Figure 12.4: Gateway Cluster: General Window
Figure 12.5: Gateway Cluster: Topology Window
Figure 12.6: Gateway Cluster: Cluster Members
Figure 12.7: Gateway Cluster: ClusterXL Window
Figure 12.8: Gateway Cluster: Synchronization
Figure 12.9: Simple MEP Illustration
Figure 12.10: Enabling MEP
Figure 12.11: VPN Domain Types
Figure 12.12: Enabling IP Pool NAT
Figure 12.13: Configuring a Backup Gateway
Figure 12.14: Configuring IP Pool NAT
Figure 12.15: Selecting the VPN Domain
Figure 12.16: Fully Overlapping VPN Domain
Figure 12.17: Overlapping VPN Domain Group
Figure 12.18: Overlapping VPN Domain
Figure 12.19: Using IP Pools

Chapter 13: SmartDefense

Figure 13.1: The SmartDefense Tab
Figure 13.2: The Anti-Spoofing Configuration Status Window
Figure 13.3: Topology Configuration
Figure 13.4: IP Fragments
Figure 13.5: Network Quota
Figure 13.6: SYN Attack Configuration
Figure 13.7: SYN Attack Configuration
Figure 13.8: Dynamic Ports
Figure 13.9: General HTTP Worm Catcher
Figure 13.10: HTTP Protocol Inspection
Figure 13.11: HTTP Format Sizes
Figure 13.12: Cross-Site Scripting
Figure 13.13: Peer-to-Peer Blocking
Figure 13.14: File and Print Sharing
Figure 13.15: SmartDefense Update



Check Point NG[s]AI
Check Point NG[s]AI
ISBN: 735623015
EAN: N/A
Year: 2004
Pages: 149

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net