P. 1


|Views: 2,499|Likes:
Published by thomas926

More info:

Published by: thomas926 on Mar 16, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





The strength of FireWall-1 is its ease of use in terms of the user interface for
configuration, management, and logging. This makes the product intuitive to
set up and use. The documentation is good, and there is additional support
available on the Internet. Add-on software is also available to turn FireWall-1
into a total security solution.

FireWall-1 provides a central management console facility that enables you to
administer a number of firewalls remotely. A central management console
increases manageability by having a central location from which to implement
security policies across multiple network entry points. Traffic to and from the
management console is encrypted.

FireWall-1 supports multiple authentication schemes, including SecureID and
RADIUS through internal or external authentication servers. Other user
authentication schemes include operating system password, FireWall-1
password, S/Key and digital certificates. It also has built-in support for LDAP
directory services to centralize user management.

Encryption can be used for VPN with support for Internet standards (IKE,
IPSec, DES, 3DES, RSA, Diffie-Hellman, and so on). SecureRemote can be

26 Additional Security Tools for AIX Systems

used to provide IPSec compliant encryption and key management to extend
VPN to remote users.

There are three security servers in FireWall-1 that provide for content

HTTP Security Server protects Web servers against malicious Java and
ActiveX applications as well as undesirable URLs.

FTP Security Server protects FTP servers by controlling access to get
and put commands.

SMTP Security Server protects Mail servers by removing certain
sendmail header fields.

Check Point FireWall-1 is available in several different configurations:

• Basic firewall (includes management module and firewall module)

• Firewall with VPN support (includes VPN for multiple site setup)

• Firewall with VPN and DES encryption - may be subject to US export
regulations based on key strength

• Firewall engine (no management console; requires a separate
management console)

Check Point FireWall-1 requires licenses to be installed for it to work properly.
Licensing is based on the number of internal hosts to be protected (25, 50,
250, or unlimited). Ensure that the correct license package is obtained.

A license is also required to use the Motif GUI to connect to the FireWall-1
management console. This license is not required with the Windows GUI. The
Motif license needs to be installed on the management console, and it should
be tied to the management console's hostname or IP address as appropriate.
In FireWall-1 4.0 and earlier, this license is free and can be requested off the
Web. In FireWall-1 4.1, you will need to pay extra for it, and it should be
ordered with the FireWall 4.1 product.

For performance, built-in server load balancing (five different algorithms) may
be used to transparently load balance servers behind the firewall. FireWall-1
also has network address translation (NAT) using many-to-one and
one-to-one configurations.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->