Check point Firewall interview questions

Question 1 – Which of the applications in Check Point technology can be used to configure security objects? Answer: SmartDashboard Question 2 – Which of the applications in Check Point technology can be used to view who and what the administrator do to the security policy? Answer: SmartView Tracker Question 3 – What are the two types of Check Point NG licenses? Answer: Central and Local licenses Central licenses are the new licensing model for NG and are bound to the SmartCenter server. Local licenses are the legacy licensing model and are bound to the enforcement module. Question 4 – What is the main different between cpstop/cpstart and fwstop/fwstart? Answer: Using cpstop and then cpstart will restart all Check Point components, including the SVN foundation. Using fwstop and then fwstart will only restart VPN-1/FireWall-1. Question 5 – What are the functions of CPD, FWM, and FWD processes? Answer: CPD – CPD is a high in the hierarchichal chain and helps to execute many services, such as Secure Internal Communcation (SIC), Licensing and status report. FWM – The FWM process is responsible for the execution of the database activities of the SmartCenter server. It is; therefore, responsible for Policy installation, Management High Availability (HA) Synchronization, saving the Policy, Database Read/Write action, Log Display, etc. FWD – The FWD process is responsible for logging. It is executed in relation to logging, Security Servers and communication with OPSEC applications. Question 6 – How to Install Checkpoint Firewall NGX on SecurePlatform? Answer: 1. Insert the Checkpoint CD into the computers CD Drive. 2. You will see a Welcome to Checkpoint SecurePlatform screen. It will prompt you to press any key. Press any key to start the installation,otherwise it will abort the installation. 3.You will now receive a message saying that your hardware was scanned and found suitable for installing secureplatform. Do you wish to proceed with the installation of Checkpoint SecurePlatform. Of the four options given, select OK, to continue. 4.You will be given a choice of these two: SecurePlatform SecurePlatform Pro Select Secureplatform Pro and enter ok to continue. 5.Next it will give you the option to select the keyboard type. Select your Keyboard type (default is US) and enter OK to continue. 6.The next option is the Networking Device. It will give you the interfaces of your machine and you can select the interface of your choice.

1 255. admin.255.0 and the default gateway as 1.2 which will be the IP address of your upstream router or Layer 3 device.The next option is the HTTPS Server Configuration. Enter n for next.1. Leave it blank for now. 8. we will set this IP address as 1. 14. Press OK to Continue.Configuring Host name: Press 1 to enter a host name. The next step is to launch the configuration wizard. 10. Chose a password. 12. the login name is admin and the password is also admin.255. For this tutorial. For the FIRST Time Login. 11.1. it will prompt you reboot the machine and importantly REMOVE THE INSTALLATION CD.The next option is the Network Interface Configuration. Note: Secureplatform disables your Num Lock by over riding System BIOS settings.Configuring Initial Login: Enter the user name and password as admin. .Start the firewall in Normal Mode. 13. 9. 15. It will say that the next stage of the installation process will format your hard drives. Press 2 to show host name. It will prompt you for a new password. You have to enter n for next and q for Quit. Press e to get out of that section. To start the configuration wizard. Press 1 to set the domain name. Enter new password: check$123 Enter new password again: check$123 You may choose a different user name: Enter a user name:fwadmin Now it will prompt you with the [cpmodule]# prompt. Press Enter to Reboot. so you press Num LOck to enable your Num Lock. Once it is done with the formatting and copying of image files.7. It now displays the name of the firewall as checkpointfw.Now you will see the Confirmation screen. Press 1 again to set the host name.Configuring the Domain name.1.Sit back and relax as the hard disk is formated and the files are being copied. subnet mask and the default gateway.1. Press 2 to enter the config mode for configuring the domain mode. type “sysconfig”. Enter host name: checkpointfw You can either enter an ip address of leave it blank to associate an IP address with this hostname. Enter the IP address. Leave the default and enter OK.

17. Press 4 to enter the Network Connections parameter.255.1 and a subnet mask of 255.Enter domain name:yourdomain.255. Press e to exit.168.com You can press 2 to show the domain name.1 255.1.Configuring the Default Gateway Configuration. 18.255.168.) Press 1) Change IP settings.1 Enter network Mask for interface eth2 (press c to cancel): 255.1. Configuring Domain Name Servers.0.10. Enter default gateway IP address: 1. 1.0. Enter 5 which is the Routing section to enter information on the default gateway configuration. Similarly configure the eth2 interface. 2.1.1. Enter IP Address of the domain name srever to add: Enter your domain name server IP Address HERE.com Example: Enter domain name: checkpointfw.255.10. Your Choice: 1) 2) 3) 4) eth0 eth1 eth2 eth3 Press 2 to configure eth1. You can press 1 to add a new domain name server.255.255.1. which will be acting as a DMZ in this case with 10. Press e to exit the configuration menu. Press 1 to enter the default gateway configuration. Enter 2 to Configure a new connection.1.2 . The default gateway will be configured as 1.Set default gateway. Enter IP address for eth1 (press c to cancel): 192.Show default gateway. 16. Network Connections.1.0 Enter broadcast address of the interface eth2 (leave empty for default): Enter Pres Enter to continue…. (We will configure this interface as the inside interface with an IP address of 192.

Press N to continue. A validation screen will be seen showing the following products: VPN-1 Pro and Primary Smartcenter. The next prompt will ask you to add an administrator.19. Press n to configure the timezone. The next prompt is the Import Checkpoint Products Configuration. You can n for next to skip this part as it is not needed for fresh installs. 22. You can add an administrator. Select New Installation from the menu. Next menu would show you the products to be installed. 25. Now the installation of VPN-1 Pro NGX R60 will start. select VPN Pro and Smartcenter Press N for next 24. If you enter n for next.The next section would show you the product Selection and Installation option menu. Next is the license agreement. U for purchased product and N for next. This part is self explanatory so you can do it yourself. 21. 23. Select Primary Smartcenter. Press Y and accept the license agreement. Choose a time and date configuration item. The set of menu is as follows: Do you want to add license (y/n) You can enter Y which is the default and enter your license information.You have the option of V for evaluation product.Next menu gives you the option to select the Smartcenter type you would like to install. Press n for next to continue. Select Checkpoint Enterprise/Pro. 20. Since this is a standalone installation configuration example. date and local time. . 26. Press N to continue. Press n for next. Press n for next.

After the ICA initialized. Reboot the firewall.27. The ICA will be created. 28. It will promtp you for the creation of the ICA and follow the steps. Question 7 – What are the types of NAT and how to configure it in Check Point Firewall? Answer: Static Mode – manually defined Outgoing Traffic Incoming Traffic . The next step is reboot. You can save this fingerprint because this will be later used while connecting to the smartcenter through the GUI.The next prompt will ask you to add a GUI Client. the ICA is initialized. The final process of installation is creation of the ICA. Enter the IP Address of the machine from where you want to manage this firewall. Once the random is configured ( you dont have to do anything). The two fingerprints should match. the fingerprint is displayed. This is a security feature.

Sign up to vote on this title
UsefulNot useful