An Introduction to Checkpoint Firewall
This paper is an introduction to Checkpoint’s Firewall version 4.1. In this paper you willlearn the basics of what Checkpoint is and how it works. You will also see a graphicalinstallation of Checkpoint on an NT 4 server as well as creating a generic set of rules thatwould apply to a small business or home user. Through out my years of usingCheckpoint, I have never seen “HowTo’ instructions on Checkpoint like this other thanwhat is taught in the Checkpoint classes. At the very end of this document, you will findsome useful links to sites I have found helpful over the years. Please keep in mind thatthis is not meant to be a comprehensive, all-inclusive tutorial on Checkpoint, but simply aquick get up to speed small business paper.
A brief overview of Firewalls
There are 3 basic types of Firewall systems used today:
Application Gateway Proxy
Stateful InspectionA Packet Filtering Firewall examines each packet that passes through it up to the network layer. This means that the upper four layers (Application, Presentation, Session, andTransport) are allowed into an internal network. The Packet Filtering Firewall looks ateach packet and determines what to do with it based on a rulebaseyou define. This typeof Firewall technique is popular because it’s inexpensive, transparent to applications andis quicker than most application layer gateways. However, it provides low security, has alimited ability to manipulate information, is difficult to configure, and is subject to IPSpoofing. The types of Firewalls can usually be found on routers.Application Layer Gateway, or better known as Proxies, function on the applicationlevel. Proxies are being challenged today in that outside networks are continuallygrowing and introducing new protocols, services and applications all the time. As thishappens, the Proxy has a difficult time handling these extreme communications onnetworks.Proxy Firewalls remain popular today because they offer a decent level of security, arerelatively inexpensive and provide full application-layer awareness. However, eachservice requires its own application layer gateway, meaning scalability is horrible.Running at the application level is critical to performance and they are vulnerable tooperating system and application level bugs and exploits.StatefulInspection is the third type of firewall used today. StatefulInspection gathers,stores, and manipulates information pertaining to all communication layers and fromother applications. In other words, imagine a giant spreadsheet. Every packet that isallowed through the firewall is entered into that spreadsheet and kept there for a pre-determined amount of time, creating a ‘StatefulInspection Table.’ The benefits of thisare excellent security, full application-layer awareness, high performance and scalability.