Scribd Logo
Upload

Welcome to Scribd!

  • Notas CCSE Dia3

    Uploaded by

    fco159
    6 views11 pages
    1. The document provides instructions for organizing the rule base of a Check Point security policy, including adding section titles and rearranging rules. 2. Steps are given to create a network group called "Alpha-Nets" containing several internal networks, and to modify the source fields of existing rules to reference this new group. 3. Basic firewall settings are then reviewed in the global properties to ensure correct configuration.

    Original Description:

    Original Title

    Notas CCSE dia3

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1. The document provides instructions for organizing the rule base of a Check Point security policy, including adding section titles and rearranging rules. 2. Steps are given to create a network group called "Alpha-Nets" containing several internal networks, and to modify the source fields of existing rules to reference this new group. 3. Basic firewall settings are then reviewed in the global properties to ensure correct configuration.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views11 pages

    Notas CCSE Dia3

    Uploaded by

    fco159
    1. The document provides instructions for organizing the rule base of a Check Point security policy, including adding section titles and rearranging rules. 2. Steps are given to create a network group called "Alpha-Nets" containing several internal networks, and to modify the source fields of existing rules to reference this new group. 3. Basic firewall settings are then reviewed in the global properties to ensure correct configuration.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    Check Point Security Administration

    24. Click OK, and the system displays the following message:

    Figure 106 — Check Point SmartConsole

    25. Click Yes.

    _____________________
    _____________________ 150
    Check Point Security Administration

    Editing and Creating Rules for the Rule Base


    Clean up the existing Rule Base and define new rules and objects to allow for traffic to the DMZ.

    1. In the Objects pane, click the New button.


    2. Select More > Network Object > Group:

    Figure 107 — New Object Menu

    _____________________
    _____________________ 151
    Check Point Security Administration

    3. Select Network Group:

    Figure 108 — New Network Group

    4. Use the following information to configure the New Network Group window:

    Name: Alpha-Nets
    Comment: All Alpha Networks

    5. Click the plus icon to access the Object picker.

    _____________________
    _____________________ 152
    Check Point Security Administration

    6. In the search field, enter the following:

    net

    Figure 109 — New Network Group

    7. Click the + icon next to the following items to add them to the group:
    • A-DMZ-NET
    • A-INT-NET
    • A-MGMT-NET

    _____________________
    _____________________ 153
    Check Point Security Administration

    8. Close the Search window, and the system adds the selected networks to the new group:

    Figure 110 — New Network Group

    9. Click OK.
    10. In the Rule Base, select the Source field of the LDAP rule:

    Figure 111 — LDAP Rule

    11. Delete all objects in the Source field by right-clicking each object and selecting Remove.

    _____________________
    _____________________ 154
    Check Point Security Administration

    12. Click the + icon, to access the Object picker:

    Figure 112 — LDAP Rule

    _____________________
    _____________________ 155
    Check Point Security Administration

    13. From the Object picker, click on the following object to add it as a source:

    Alpha-Nets

    Figure 113 — LDAP Rule

    14. Next, delete all the objects in the Source field of the DNS rule.
    15. Click and drag the Alpha-Nets object to the Source field of the DNS rule.
    16. Then, click the Number field of the DNS rule and drag the DNS rule beneath the Stealth rule:

    Figure 114 — DNS Rule

    _____________________
    _____________________ 156
    Check Point Security Administration

    Reviewing Existing Security Policy Settings


    Verify the correct configuration of basic settings in Global Properties.

    1. Click on the Application menu:

    Figure 115 — Application Menu

    2. Select Global Properties.

    _____________________
    _____________________ 157
    Check Point Security Administration

    3. Configure the Firewall page as follows:

    Accept control connections: First


    Accept Remote Access control connections: First
    Accept SmartUpdate connections: First
    Accept IPS-1 management connections: First
    Accept outgoing packets originating from Gateway: Before Last
    Accept RIP: Deselected
    Accept Domain Name over UDP (Queries): Deselected
    Accept Domain name over TCP (Zone Transfer): Deselected
    Accept ICMP requests: First
    Accept Web and SSH connections for Gateway’s First
    administration (Small Office Appliance):
    Accept incoming traffic to DHCP and DNS services of First
    gateways (Small Office Appliance):
    Accept Dynamic Address modules’ outgoing Internet First
    connections:
    Accept VRRP packets originating from cluster members First
    (VSX IPSO VRRP):
    Accept Identity Awareness control connections: First
    Log Implied Rules: Selected

    _____________________
    _____________________ 158
    Check Point Security Administration

    4. Verify that the Global Properties is configured as follows:

    Figure 116 — Global Properties

    5. Click OK.

    _____________________
    _____________________ 159
    Check Point Security Administration

    Organizing the Rule Base


    Add section titles to the Rule Base to better organize your Security Policy.

    1. Review the existing Rule Base.


    2. Right-click the No. column of the first rule in the Rule Base:

    Figure 117 — Do Not Log Rule

    3. Select New Section Title > Above. The system adds a default section title to the top of the Rule Base:

    Figure 118 — Section Title

    4. In the section title, type the following and press Enter:

    Management Rules

    5. Add a new section title below the Stealth rule and call it Site Traffic Rules.

    _____________________
    _____________________ 160

    You might also like