Skip to main content

Issues with FIREWALLS

More
21 years 1 month ago #646 by sidd
Issues with FIREWALLS was created by sidd
HEY IF YOU HAVE ANY QUERIES RELATED TO FIREWALLS OR ANY CONFIG ISSUES RELATED TO CISCO PIX FIREWALL ......MAYBE I COULD HELP



SIDD
More
21 years 1 month ago #649 by Chris
Replied by Chris on topic Re: Issues with FIREWALLS
Sidd,

Please feel free to assist our fellow members in anyway you can!

Cheers,

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
21 years 3 weeks ago #1563 by naddyboy
Replied by naddyboy on topic Firewall Newbie
Hi Sidd,

Can u tell me if there are any simluations available for chechpoint firewalls like there are for routers? I tried several google searches but no luck. I'm new to firewalls.

How differrent are checkpoint firewalls from cisco pix firewalls in terms of configuration, operation and functionality?
Which one serves what purpose ?

thanx

Syed :D
More
21 years 3 weeks ago #1597 by sahirh
Replied by sahirh on topic Re: Issues with FIREWALLS
Naddyboy, I really doubt you'd find a checkpoint evaluation.. you'd be better off checking out a trial version. Checkpoint as a firewall is actually a whole lot of modules, you buy licenses for whatever you want to use and on the CD you get demos of all their other stuff.

The Cisco PIX is a box.. whereas Check Point is software. Also checkpoint can be deployed in a distributed system.. hmm I actually have some short notes I wrote on CP NG a while ago as a general description.. I'll just post it here, keep in mind that some of the details may have changed :

Check Point Firewall-1 NG is a stateful multilayer inspection firewall consisting of a

1 GUI where security policy is defined
2 Management Server where the policy and logging is saved
3 Firewall module deployed at gateways where the security policy is loaded


The three components can be distributed through the network in a client-server model to provide a distributed solution with central management and secure remote administration using X.509 certificates. Inter module communication is done via SSL using 3DES or RC4. The firewall supports authentication through ‘security servers’ for http, ftp, telnet and rlogin. It also features content security for FTP, HTTP and SMTP including third party virus scanning and stripping activex and java tags from HTML.

The firewall maintains a rule base against which packets are checked and according to which rule they match, the appropriate action can be taken. The action need not be simple accept / reject, but can also involve NAT, authentication, and encryption.

The stateful inspection mechanism stores the state of each connection in a ‘state table’; this allows it to monitor the entire communication session. It is intelligent enough to recognize sessions such as FTP where the data and control ports are different. The firewall through its OPSEC architecture allows it to export the rule base into ACL (access-control lists) for many third party products such as routers etc, and can upload the ACL to them automatically.

Check Point supports the following crypto algorithms: AES, DES, 3DES, Ipsec and digital certificates for PKI (pub key infrastructure) enabled systems. It can map NT logon data (username etc) to IP addresses for single sign on, rules based by user and easier log reading.

There is an optional ConnectControl load balancing module which allows you to group many servers offering the same services to one IP address, for example all the web servers can be grouped to one IP address and the module can distribute requests to them on a round robin basis, by server load, by ping time, randomly, or by proximity (domain name). This is transparent to the users who think they are querying a single web server.

All systems running with the firewall module share the state information for redundancy, in case one system fails, the other module will seamlessly pick up the connection. This is also useful in situations where some of the packets may be routed through a different gateway and thus that gateway also needs to have access to the state table.


Hope some of that helps.

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.135 seconds