,

Checkpoint Firewall Interview Question with Answer

Posted by

 

Checkpoint Firewall
Interview Question with Answer


Question 1:What is Checkpoint Firewall Architecture? 

Answer: Check Point has
developed a Unified Security Architecture that is implemented throughout all of
its security products. This Unified Security Architecture enables all Check
Point products to be managed and monitored from a single administrative console
and provides a consistent level of security.


Question2: What is a stateful inspection?

Answer: Stateful inspection was
invented by checkpoint, providing accurate and highly efficient traffic
inspection. The inspection engine examines every packet as they are intercepted
at the network layer. The connection state and context information are stored
and updated dynamically in kernel table.


Question 3: What is policy installation process in checkpoint firewall?

Answer:

  • a.
    INITIATION
     –
    Policy installation is initiated by the GUI.
  • b.
    VERIFICATION
     -The
    information in the database is verified
  • c.
    CONVERSION
    –  The
    information in the database is converted
  • d. CODE
    GENERATION & COMPILATION

    Policy is translated to the INSPECT language and compiled with the INSPECT
    compiler.
  • e. CPTA– checkpoint policy transfer
    agent transfers the policy to the firewall gateway using SIC
  • f. COMMIT– The gateway is instructed to
    load the new policy

Question 4: What is the main purpose for the
Security management server?
Answer: Security management server is used for administrative
management of the security policy, stores database and objects.

Question 5:  What is the difference between standalone and distributed
installation?
Answer: A Standalone deployment is the simplest
deployment, where the management server and the gateway are installed on the
same machine.
distributed deployment is a more complex deployment, where
the gateway and management server are deployed on different machines.

Question 6: what is SIC?
Answer: Secure Internal Communication (SIC) is the checkpoint
feature that ensures components, such as Security Gateways, Security Management
servers, etc. can communicate freely and securely. The following security
measures are taken to ensure the safety of SIC 

  • Certificates
    for authentication
  • Standards-based
    SSL for the creation of the secure channel
  • 3DES for
    encryption


Question 7: what is Internal Certificate Authority (ICA)?
Answer: ICA is created during the management server installation
process. It is responsible for issuing certificates for:

  • SIC
  • VPN
    certificates for gateways
  • Users

Question 8: What is FW unload local?
Answer. Fwunloadlocal is a command used to detach the security
policy from the local machine.

Question 9:  What is stealth rule in checkpoint firewall?
Answer: Stealth rule prevents users from connecting directly to the
gateway. Stealth rule at the top of the rule base protects your gateway from
port scanning, spoofing and other types of direct attacks.

Question10: What is FW Monitor command?
Answer: FW Monitor is a packet analyzer tool available on every
checkpoint security Gateway.
It provides Kernel level inspection and works for Layers 3 and above in OSI
model. There are four inspection points as a packet passes through the kernel
(or virtual Machine)
i —- Before the Virtual machine, in the inbound direction (Pre-Inbound)
I —- After the virtual machine, in the inbound direction (Post – inbound)
o —- Before the virtual machine, in the outbound direction (Pre Outbound)
O — After the virtual machine, in the outbound direction (Post Outbound)

Question11: What are the two types of Check Point NG licenses?
Answer: Central and Local licenses
Central licenses are the new licensing model and are bound to the Security
management server. Local licenses are the legacy licensing model and are bound
to the enforcement module.

Question 12: What are the functions of CPDFWM,
and FWD processes?
Answer: CPD – CPD is a high in the hierarchical chain and
helps to execute many services, such as Secure Internal Communication (SIC),
Licensing and status report.
FWM – The FWM process is responsible for the execution of the database
activities of the Management server. It is; therefore, responsible for Policy
installation, Management High Availability (HA) Synchronization, saving the
Policy, Database Read/Write action, Log Display, etc.
FWD – The FWD process is responsible for logging. It is executed in
relation to logging, Security Servers and communication with OPSEC
applications.

Question 13: What are the major differences between SPLAT and GAIA
platforms?
Answer: Gaia is the latest version of Checkpoint which is a
combination of SPLAT and IPSO. Here are some benefits of Gaia as compare to
SPLAT/IPSO.

1. Web-Based user interface with Search Navigation
2. Full Software Blade support
3. High connection capacity
4. Role-Based Administrative Access
5. Intelligent Software updates
6. Native IPv4 and IPv6 Support
7. ClusterXL or VRRP Clusters
8. Manageable Dynamic Routing Suite

 

Question14: what ports are used in SIC?
Answer: 8210       TCP    
    Pulls Certificates from an ICA.
  18211     TCP          Used by
the cod daemon (on the gateway) to receive Certificates.

Question15: What are the different Checkpoint Ports and purpose of
these ports?
Answer: PORT     TYPE  SHORT DESCRIPTION
256         TCP      FW1
Checkpoint Security gateway
Service                         
257         TCP      FW1_log
Protocol Used for delivering logs from FWM
259         TCP     
FW1_clientauth_telnet ( Client Authentication )
500         UDP      IPSEC IKE
Protocol (formerly ISAKMP/Oakley)
900         TCP     
FW1_clntauth_http (Client Authentication))
4433       TCP      Management server
Portal
4500       UDP      NAT-T NAT Traversal,
8116       UDP      Check Point Cluster
Control protocol (CCP)
18190     TCP      CPMI Check Point
Management Interface,
                          
Protocol for communication between GUI and Management  
                           
Server                   
18191     TCP       CPD Check Point
Daemon Protocol
                            
Download of rule base from Management Server to FWM
                          
Fetching rule base from FWM to Management server.
18192     TCP       CPD_amon Check Point
Internal Application Monitoring
18210     TCP       FW1_ica_pull Check Point
Internal CA Pull Certificate
                            
Service    
18211     TCP       FW1_ica_pull Check Point
Internal CA Push Certificate

Service


Question16: What’s the difference between tcpdump and fwmonitor?
Answer: Tcpdump displays traffic coming or leaving to/from a
firewall interface while fw monitor would also tell you how
the packet is going through the firewall including routing and NAT decisions.

FW Monitor captures traffic at 4 important points in the firewall
namely i, I, o & O. You would see them in the capture in the same sequence.
TCP Dump captures at position i & O of firewall monitor, and
you can be sure the traffic has left the firewall. This is similar to the way
captures work on a Cisco PIX/ASA

Question17: what is bi-directional NAT?
Answer: If Bi-directional NAT is selected, the gateway will check
all NAT rules to see if there is a source match in one rule, and a destination
match in another rule. The Gateway will use the first matches found, and apply
both rules concurrently.

Question18: What are the stages of a phase2 IKE exchange?
Answer: Peers exchange more key material, and agree on encryption
and integrity methods for IPsec Key. The DH Key is combined with the key
material to produce the symmetrical IP Sec key.

 

Question19: Why cleanup rule need to add explicitly
in Checkpoint Smart dashboard?
Answer: Cleanup rule is required to drop all traffic that did not
match any of the other rules (from top to bottom) However there is an Implied
rule in Checkpoint that does the same action of dropping packets if no rule
exists ( as you mentioned) but logging is not enabled for this implied
rule. 

Question20: What Is the Difference in A Snapshot/Backup/Upgrade Export
(Migrate Export)/Database Revision Control
Answer: Snapshot: 
The snapshot utility backs up everything, including the drivers, .Snapshot can
be used to backup both your firewall and management modules.
The disadvantages of this utility are that the generated file is very big, and
can only be restored to the same device and exactly the same state (same OS,
same Check Point version, and same patch level).

Backups: 
The backup utility backs up your Check Point configuration and your
networking/OS system parameters (such as routing), the backup utility can be
used to backup both your firewall and management modules. The resulting file
will be smaller than the one generated by snapshot. Backup does not include the
drivers, and can be restored to different machine (as opposed to snapshot,
which cannot).

Database Revision Control: 
This utility creates a version of your current policies, object database, IPS
updates, etc. It is useful for minor changes or edits that you perform in Smart
Dashboard.  It cannot be used to restore your system in case of failure.

Migrate Export (Upgrade Export):
‘upgrade export’ tool backs up all Check Point configurations, independent of
hardware, OS or Check Point version, but does not include OS information.
You can use this utility to backup Check Point configuration on the management
station.
If you change the Check Point version you can only go up, in other words you
can upgrade not downgrade.
This utility can be used only on command line and cannot be scheduled.

Recommended backup schedule:
Snapshot – at least once, or before major change (for example: an
upgrade), during a maintenance window.
Backup – every couple of months, depending how frequently you
perform changes in your network/policy. Also before every major change, during
a maintenance window.
Upgrade export – every month or more often, depending on how
frequently you perform changes in your network/policy. Also important before
upgrade or migration. Can be run outside a maintenance window.

 

[the-post-grid id=”9538″ title=””]

Visit Our Store and Buy All document (F5, Zscaler, ASA, Paloalto, Checkpoint,Forescout, Cisco ISE etc) only in  1600RS, click here on store - Store

X
error: Content is protected !!