You are on page 1of 6

1)From which was the first version of Checkpoint you worked?

2)What is the difference between CP NG and CP NGX?

3)In how many mode we can install the checkpoint?
4)What is architecture of Checkpoint?
5)What is SIC ?
6)What is NAT and how many type of NAT supported by CP explain ?
7)What is the unicast and multicast?
8)What is the rules define Stealth and Clean up rule ?
9)Can we configure rules above stealth rule?
10)What is the purpose of clean up rule ?
11)How you can configure smart view client in new pc?
12)How you are taking backup of CP?
13)How you can take manual backup and which folders are necessary ?
14)How you can configure Log server and where in CP we configure it?
15)How you use smart view tracker tell about three pannes of it.
16)Have you ever configure smart defence if yes tell us the few feature of it.
17)What are the important communication ports of the checkpoint ?
18)Tell me about licence part of the CP and types of it.
19)How you can integrate gateway boxes with CP like Nokia and Nortel or UTM boxes?
20)How you can bring up Nokia box integration with CP server.
21)Have you configure Cluster in CP if yes then tell us process?
22)What is VRRP?
23)What is FW monitor ?
24)Try to give 5 important CLI commands which are helpful for CP admin ?
25)Have you done CCSA if yes then what is the career path for it and how many question were
there .
26)What is Bi directional NAT?
27)If log folder is crossed the threshold value which you had defined in CP server then what will
28)What is the use of database revision control?
29)Have you ever configure VPN if yes then tell us about Site to Site with IPSEC in CP?
30)Have you ever upgrade the R60 to R62 or R65 if yes then tell us the process?
31)What is FW unloadlocal
32)If log tracker is showing green means accepted even though defined rule is not working then
what causes might be tell us.?
33)What is SYNC in cluster ?
35)What is statefull inspection technology ?
36)Apart from Statefull which other technology firewall belongs too?
37)Difference between ASA and Checkpoint firewall?
38)What is ICMP default setting in global properties of CP?
39)How you can reconfigure SIC password ?
40)If you restarted the remote gateway then what will happen in CP network ?

Below are the difference between Checkpoint and Juniper Firewall from my view and understand.

Difference between Checkpoint and Juniper Firewalls:

Juniper follows two-tier architecture whereas Checkpoint follows three-tier architecture.

Juniper uses the concept of Deep inspection process where as the checkpoint uses the stateful
inspection process.
Juniper uses the concept of Zones whereas Checkpoint do not use.
Netscreen firewalls can be administered locally or from a central management station, Checkpoint
firewalls really can't be administered locally without connectivity to a SmartCentre.

Netscreens are appliances, you can't put any vendor's network interfaces in it, and you don't have
the driver issues to deal with when Dell/HP/Intel/Broadcom/etc. change chipsets.

Netscreens firewalls require the policies to be written as "from trusted-zone to untrusted-zone" so

the definition of "any" is different to Checkpoint.

Question 1:What is Checkpoint Firewall Architecture?

Answer: Check Point has developed a Unified Security Architecture that is implemented
throughout all of its security products. This Unified Security Architecture enables all Check Point
products to be managed and monitored from a single administrative console, and provides a
consistent level of security.

Question2:What is stateful inspection?

Answer: Stateful inspection was invented by checkpoint, providing accurate and highly efficient
traffic inspection. The inspection engine examines every packet as they are intercepted at the
network layer. The connection state and context information are stored and updated dynamically in
kernel table.

Question 3: What is policy installation process in checkpoint firewall?


a. INITIATION - Policy installation is initiated by the GUI.

b. VERIFICATION -The information in the database is verified
c. CONVERSION- The information in database is converted
d. CODE GENERATION & COMPILATION- Policy is translated to the INSPECT
language and compiled with the INSPECT compiler.
e. CPTA- checkpoint policy transfer agent transfers the policy to the firewall gateway using
f. COMMIT- The gateway is instructed to load the new policy

Question 4: What is the main purpose for the Security managementserver?

Answer: Security management server is used for administrative management of the security policy,
stores databased and objects.
Question 5: What is the difference between standalone and distributed installation?
Answer: A Standalone deployment is the simplest deployment, where the management server and
the gateway are installed on the same machine.
A distributed deployment is a more complex deployment, where the gateway and management
server are deployed on different machines.

Question 6: what is SIC?

Answer: Secure internal Communication (SIC) is the checkpoint feature that ensures components,
such as Security Gateways, Security Management servers, etc. can communicate freely and
securely. The following security measures are taken to ensure the safety of SIC
Certificates for authentication
Standards-based SSL for the creation of the secure channel
3DES for encryption

Question 7: what is Internal Certificate Authority (ICA)?

Answer: ICA is created during the management server installation process. It is responsible for
issuing certificates for:
VPN certificates for gateways

Question 8: What is Fw unload local?

Answer. Fwunloadlocal is a command used to detach the security policy from the local machine.

Question 9: What is stealth rule in checkpoint firewall?

Answer: Stealth rule prevents users from connecting directly to the gateway. Stealth rule at the top
of the rule base protects your gateway from port scanning, spoofing and other types of direct

Question10: What is FW Monitor command?

Answer:FW Monitor is a packet analyzer tool available on every checkpoint security Gateway.
It provides Kernel level inspection and works for Layers 3 and above in OSI model. There are four
inspection points as a packet passes through the kernel (or virtual Machine)
i ---- Before the Virtual machine, in the inbound direction (Pre-Inbound)
I ---- After the virtual machine, in the inbound direction (Post inbound)
o ---- Before the virtual machine, in the outbound direction (Pre Outbound)
O --- After the virtual machine, in the outbound direction (Post Outbound)
Question11: What are the two types of Check Point NG licenses?
Answer: Central and Local licenses
Central licenses are the new licensing model and are bound to the Security management server.
Local licenses are the legacy licensing model and are bound to the enforcement module.

Question 12: What are the functions of CPD, FWM, and FWD processes?
Answer: CPD CPD is a high in the hierarchical chain and helps to execute many services, such as
Secure Internal Communication (SIC), Licensing and status report.
FWM The FWM process is responsible for the execution of the database activities of the
Management server. It is; therefore, responsible for Policy installation, Management High
Availability (HA) Synchronization, saving the Policy, Database Read/Write action, Log Display,
FWD The FWD process is responsible for logging. It is executed in relation to logging, Security
Servers and communication with OPSEC applications.

Question 13: What are the major differences between SPLAT and GAIA platforms?
Answer: Gaia is the latest version of Checkpoint which is a combination of SPLAT and IPSO. Here
are some benefits of Gaia as compare to SPLAT/IPSO.

1. Web-Based user interface with Search Navigation

2. Full Software Blade support
3. High connection capacity
4. Role-Based administrative Access
5. Intelligent Software updates
6. Native IPv4 and IPv6 Support
7. ClusterXL or VRRP Clusters
8. Manageable Dynamic Routing Suite

Question14: what ports are used in SIC?

Answer: 8210 TCP Pulls Certificates from an ICA.
18211 TCP Used by the cod daemon (on the gateway) to receive Certificates.
Question15: What are the different Checkpoint Ports and purpose of these ports?
256 TCP FW1 Checkpoint Security gateway Service
257 TCP FW1_log Protocol Used for delivering logs from FWM
259 TCP FW1_clientauth_telnet ( Client Authentication )
500 UDP IPSEC IKE Protocol (formerly ISAKMP/Oakley)
900 TCP FW1_clntauth_http (Client Authentication))
4433 TCP Management server Portal
4500 UDP NAT-T NAT Traversal,
8116 UDP Check Point Cluster Control protocol (CCP)
18190 TCP CPMI Check Point Management Interface,
Protocol for communication between GUI and Management
18191 TCP CPD Check Point Daemon Protocol
Download of rule base from Management Server to FWM
Fetching rule base from FWM to Management server.
18192 TCP CPD_amon Check Point Internal Application Monitoring
18210 TCP FW1_ica_pull Check Point Internal CA Pull Certificate
18211 TCP FW1_ica_pull Check Point Internal CA Push Certificate

Question16: Whats the difference between tcpdump and fewmonitor?

Answer: Tcpdump displays traffic coming or leaving to/from a firewall interface while few
monitor would also tell you how the packet is going through the firewall including routing and
NAT decisions.
FW Monitor captures traffic at 4 important points in the firewall namely i, I, o & O. You would see
them in the capture in the same sequence.
TCP Dump captures at position i & O of firewall monitor, and you can be sure the traffic has left
the firewall. This is similar to the way captures work on a Cisco PIX/ASA

Question17: what is bi-directional NAT?

Answer: If Bi-directional NAT is selected, the gateway will check all NAT rules to see if there is a
source match in one rule, and a destination match in another rule. The Gateway will use the first
matches found, and apply both rules concurrently.

Question18: What are the stages of a phase2 IKE exchange?

Answer: Peers exchange more key material, and agree on encryption and integrity methods for
IPsec Key. The DH Key is combined with the key material to produce the symmetrical IP Sec key.

Question19: Why cleanup rule need to add explicitly in Checkpoint Smart dashboard?
Answer: Cleanup rule is required to drop all traffic that did not match any of the other rules (from
top to bottom) However there is an Implied rule in Checkpoint that does the same action of
dropping packets if no rule exists ( as you mentioned) but logging is not enabled for this implied
Question20: What Is the Difference in A Snapshot/Backup/Upgrade Export (Migrate
Export)/Database Revision Control
Answer: Snapshot:
The snapshot utility backs up everything, including the drivers, .Snapshot can be used to backup
both your firewall and management modules.
The disadvantages of this utility are that the generated file is very big, and can only be restored to
the same device and exactly the same state (same OS, same Check Point version, and same patch

The backup utility backs up your Check Point configuration and your networking/OS system
parameters (such as routing), the backup utility can be used to backup both your firewall and
management modules. The resulting file will be smaller than the one generated by snapshot. Backup
does not include the drivers, and can be restored to different machine (as opposed to snapshot,
which cannot).

Database Revision Control:

This utility creates a version of your current policies, object database, IPS updates, etc. It is useful
for minor changes or edits that you perform in Smart Dashboard. It cannot be used to restore your
system in case of failure.

Migrate Export (Upgrade Export):

'upgrade export' tool backs up all Check Point configurations, independent of hardware, OS or
Check Point version, but does not include OS information.
You can use this utility to backup Check Point configuration on the management station.
If you change the Check Point version you can only go up, in other words you can upgrade not
This utility can be used only on command line and cannot be scheduled.
Recommended backup schedule:
Snapshot - at least once, or before major change (for example: an upgrade), during a maintenance
Backup - every couple of months, depending how frequently you perform changes in your
network/policy. Also before every major change, during a maintenance window.
Upgrade export - every month or more often, depending on how frequently you perform changes
in your network/policy. Also important before upgrade or migration. Can be run outside a
maintenance window.