Download Check Point Security Gateway

--> --> QoS R81 Administration Guide ) --> Important - For R81 and higher, Security GatewayDedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. also refers to a VSXVirtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Virtual System. The Check Point QoS Solution QoSCheck Point Software Blade on a Security Gateway that provides policy-based traffic bandwidth management to prioritize business-critical traffic and guarantee bandwidth and control latency. is a policy based bandwidth management solution that lets you: Prioritize business-critical traffic, such as ERP, database and Web services traffic, over lower priority traffic. Guarantee bandwidth and control latency for streaming applications, such as Voice over IP (VoIP) and video conferencing. Give guaranteed or priority access to specified employees, even if they are remotely accessing network resources. You deploy QoS with the Security Gateway. QoS is enabled for both encrypted and unencrypted traffic. Item Description 1 SmartConsoleCheck Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. 2 Security Management ServerDedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. 3 QoS Policy 4 Security Gateway with QoS Software BladeSpecific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. 5 Internet 6 Internal network QoS leverages the industry's most advanced traffic inspection and bandwidth control technologies. Check

Step 1 - Enable the IPsec VPN Software Blade on Security Gateways Site to Site VPNAn encrypted tunnel between two or more Security Gateways. Synonym: Site-to-Site VPN. Contractions: S2S VPN, S-to-S VPN. requires two or more Security Gateways with the IPsec VPNCheck Point Software Blade on a Security Gateway that provides a Site to Site VPN and Remote Access VPN access. Software BladeSpecific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. enabled. Other Software Blades can be enabled on these Security Gateways. Make sure that Trusted Communication is established between all Security Gateways and the Management ServerCheck Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.. Do these steps in SmartConsoleCheck Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.: Create the Security GatewayDedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. objects. Create the Trusted Communication (SICSecure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server.) with the Management Server. Enable the IPsec VPN Software Blade. On the page, in the tab, select . Click . Note - An internal CA certificate for the Security Gateway is created automatically. Step 2 - Create a VPN Community You can create a Meshed or Star VPN CommunityA named collection of VPN domains, each protected by a VPN gateway.. See VPN Communities. The procedure below shows an example of a Star Community. Configuring a new VPN community From the left navigation panel, click . In the top left section , click . In the bottom left section , click . Click () and select . Enter a name for the VPN Community. In the area, click the icon to add one or more Security Gateways (Clusters) to be in the center of the community. In the area, click the icon to add one or more Security Gateways (Clusters) to be around the center Security Gateways (Clusters). Click . The Community uses the default encryption and VPN Routing settings. Optional: Edit more settings for the VPN Community in the community object. More VPN Community Settings In addition to the Security Gateway members, you can edit these settings for the VPN Community in the community object: - Select to encrypt and decrypt all traffic between the Security Gateways. If this is

QUESTION 1 - (Exam Topic 2)Which of these is an implicit MEP option? A. Primary-backup B. Source address based C. Round robin D. Load Sharing Correct Answer: A QUESTION 2 - (Exam Topic 3)Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all the following except: A. Create new dashboards to manage 3rd party task B. Create products that use and enhance 3rd party solutions C. Execute automated scripts to perform common tasks D. Create products that use and enhance the Check Point Solution Correct Answer: A Check Point APIs let system administrators and developers make changes to the security policy with CLI tools and web-services. You can use an API to:• Use an automated script to perform common tasks• Integrate Check Point products with 3rd party solutions• Create products that use and enhance the Check Point solution References: QUESTION 3 - (Exam Topic 3)Fill in the blanks. There are _______ types of software containers: ________. A. Three; security management, Security Gateway, and endpoint security B. Three; Security Gateway, endpoint security, and gateway management C. Two; security management and endpoint security D. Two; endpoint security and Security Gateway Correct Answer: A QUESTION 4 - (Exam Topic 1)Which of the following authentication methods ARE NOT used for Mobile Access? A. RADIUS server B. Username and password (internal, LDAP) C. SecurID D. TACACS+ Correct Answer: D QUESTION 5 - (Exam Topic 4)Which command will reset the kernel debug options to default settings? A. fw ctl dbg -a 0 B. fw ctl dbg resetall C. fw ctl debug 0 D. fw ctl debug set 0 Correct Answer: C

Step 1 - Enable the IPsec VPN Software Blade on Security Gateways Site to Site VPNAn encrypted tunnel between two or more Security Gateways. Synonym: Site-to-Site VPN. Contractions: S2S VPN, S-to-S VPN. requires two or more Security Gateways with the Software BladeSpecific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. enabled. You can enable other Software Blades on these Security Gateways. Make sure that Trusted Communication is established between all Security Gateways and the Management ServerCheck Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.. Do these steps in SmartConsoleCheck Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.: Create the Security GatewayDedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. objects. See the R81.20 Security Management Administration Guide. Create the Trusted Communication (SICSecure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server.) with the Management Server. Enable the Software Blade. On the page, in the tab, select . Click . Note - An internal CA certificate for the Security Gateway is created automatically. Step 2 - Create a VPN Community You can create a Star VPN CommunityA named collection of VPN domains, each protected by a VPN gateway. or a Meshed VPN Community. See VPN Communities. The procedure below shows an example of a Star Community. Configuring a new VPN community From the left navigation panel,

--> --> R82 Quantum Security Management Administration Guide ) --> If employees remotely access sensitive information from different locations and devices, system administrators must make sure that this access does not become a security vulnerability. Check Point's Remote Access VPN solutions let you create a VPN tunnel between a remote user and the internal network. The Mobile AccessCheck Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB. Software BladeSpecific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. extends the functionality of Remote Access solutions to include many clients and deployments. VPN Connectivity Modes When securely connecting remote clients with the internal resources, organizations face connectivity challenges, such as these: The IP addresses of a remote access client might be unknown The remote access client can be connected to a LAN with internal IP addresses (such as, at hotels) It is necessary for the remote client to use protocols that are not supported The Check Point IPsec VPNCheck Point Software Blade on a Security Gateway that provides a Site to Site VPN and Remote Access VPN access. Software Blade provides these VPN connectivity modes to help organizations resolve those challenges: Office Mode Remote users can be assigned the same or non-routable IP addresses from the local ISP. Office Mode solves these routing problems and encapsulates the IP packets with an available IP address from the internal network. Remote users can send traffic as if they are in the office and avoid VPN routing problems. Visitor Mode Remote users can be restricted to using only HTTP and HTTPS protocols. Visitor Mode lets these users tunnel all protocols through regular TCP connections on port 443. Sample Remote Access VPN Workflow Here is an example of a Remote Access VPN workflow: Use SmartConsoleCheck Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to enable Remote Access VPN on the Security GatewayDedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.. Add the remote user information to the Security Management ServerDedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.: Create and configure an LDAP Account Unit Enter the information in the SmartConsole user database Optional: Configure the Security Gateway for remote user authentication. Define the Access Control and encryption rules for the Security Gateway. Create

--> --> Identity Awareness R81 Administration Guide ) --> For secure SSL connection, gateways must establish trust with endpoint computers by showing a Server Certificate. This section discusses the procedures necessary to generate and install server certificates. Check Point gateways, by default, use a certificate created by the Internal Certificate Authority on the Security Management ServerDedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. as their server certificate. Browsers do not trust this certificate. When an endpoint computer tries to connect to the gateway with the default certificate, certificate warning messages open in the browser. To prevent these warnings, the administrator must install a server certificate signed by a trusted certificate authority. All portals on the same Security GatewayDedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. IP address use the same certificate. Obtaining and Installing a Trusted Server Certificate To be accepted by an endpoint computer without a warning, gateways must have a server certificate signed by a known certificate authority (such as Entrust, VeriSign or Thawte). This certificate can be issued directly to the gateway, or be a chained certificate that has a certification path to a trusted root certificate authority (CA). Follow the next procedures to get a certificate for a gateway that is signed by a known Certificate Authority (CA). Generating the Certificate Signing Request First, generate a Certificate Signing Request (CSR). The CSR is for a server certificate, because the gateway works as a server to the clients. Note - This procedure creates private key files. If private key files with the same names already exist on the computer, they are overwritten without warning. From the gateway command line, log in to the Expert mode. Run: This command generates a private key. This output comes into view: Generating a 2048 bit RSA private key.+++...+++writing new private key to 'server1.key'Enter PEM pass phrase: Enter a password and confirm. Fill in the data. The field