Checkpoint interview questions and answers

Posted by

Checkpoint Firewall Interview Question with Answer

Question 1:What is Checkpoint Firewall Architecture? 

Answer: Check Point has developed a Unified Security Architecture that is implemented throughout all of its security products. This Unified Security Architecture enables all Check Point products to be managed and monitored from a single administrative console and provides a consistent level of security.

Question2: What is a stateful inspection?

Answer: Stateful inspection was invented by checkpoint, providing accurate and highly efficient traffic inspection. The inspection engine examines every packet as they are intercepted at the network layer. The connection state and context information are stored and updated dynamically in kernel table.

Question 3What is policy installation process in checkpoint firewall?

Answer:

·                a. INITIATION – Policy installation is initiated by the GUI.

·                b. VERIFICATION -The information in the database is verified

·                c. CONVERSION–  The information in the database is converted

·                d. CODE GENERATION & COMPILATION– Policy is translated to the INSPECT language and compiled with the INSPECT compiler.

·                e. CPTA– checkpoint policy transfer agent transfers the policy to the firewall gateway using SIC

·                f. COMMIT– The gateway is instructed to load the new policy

Question 4: What is the main purpose for the Security management server? Answer: Security management server is used for administrative management of the security policy, stores database and objects.

Question 5:  What is the difference between standalone and distributed installation?

Answer: 

Standalone deployment is the simplest deployment, where the management server and the gateway are installed on the same machine.

distributed deployment is a more complex deployment, where the gateway and management server are deployed on different machines

Question 6what is SIC?

Answer: Secure Internal Communication (SIC) is the checkpoint feature that ensures components, such as Security Gateways, Security Management servers, etc. can communicate freely and securely. The following security measures are taken to ensure the safety of SIC 

·                Certificates for authentication

·                Standards-based SSL for the creation of the secure channel

·                3DES for encryption

Question 7: what is Internal Certificate Authority (ICA)? Answer: ICA is created during the management server installation process. It is responsible for issuing certificates for:

·                SIC

·                VPN certificates for gateways

·                Users

Question 8: What is FW unload local?

Answer. Fwunloadlocal is a command used to detach the security policy from the local machine.

Question 9:  What is stealth rule in checkpoint firewall?

Answer: Stealth rule prevents users from connecting directly to the gateway. Stealth rule at the top of the rule base protects your gateway from port scanning, spoofing and other types of direct attacks.

Question10: What is FW Monitor command?

Answer: FW Monitor is a packet analyzer tool available on every checkpoint security Gateway.It provides Kernel level inspection and works for Layers 3 and above in OSI model. There are four inspection points as a packet passes through the kernel (or virtual Machine)

i —- Before the Virtual machine, in the inbound direction (Pre-Inbound)

I —- After the virtual machine, in the inbound direction (Post – inbound)

o —- Before the virtual machine, in the outbound direction (Pre Outbound)

O — After the virtual machine, in the outbound direction (Post Outbound)

Question11: What are the two types of Check Point NG licenses? Answer: Central and Local licenses Central licenses are the new licensing model and are bound to the Security management server. Local licenses are the legacy licensing model and are bound to the enforcement module.

Question 12: What are the functions of CPD, FWM, and FWD processes?

Answer: 

CPD – CPD is a high in the hierarchical chain and helps to execute many services, such as Secure Internal Communication (SIC), Licensing and status report.

FWM – The FWM process is responsible for the execution of the database activities of the Management server. It is; therefore, responsible for Policy installation, Management High Availability (HA) Synchronization, saving the Policy, Database Read/Write action, Log Display, etc.

FWD – The FWD process is responsible for logging. It is executed in relation to logging, Security Servers and communication with OPSEC applications.

Question 13: What are the major differences between SPLAT and GAIA platforms?

Answer: Gaia is the latest version of Checkpoint which is a combination of SPLAT and IPSO. Here are some benefits of Gaia as compare to SPLAT/IPSO.

1. Web-Based user interface with Search Navigation

2. Full Software Blade support

3. High connection capacity

4. Role-Based Administrative Access

5. Intelligent Software updates

6. Native IPv4 and IPv6 Support

7. ClusterXL or VRRP Clusters

8. Manageable Dynamic Routing Suite

Question14: what ports are used in SIC?

Answer: 

8210       TCP         Pulls Certificates from an ICA.  

18211     TCP          Used by the cod daemon (on the gateway) to receive Certificates.

Question15: What are the different Checkpoint Ports and purpose of these ports?

Answer:

 PORT     TYPE  SHORT DESCRIPTION

256         TCP      FW1 Checkpoint Security gateway Service                    

 257         TCP      FW1_log Protocol Used for delivering logs from FWM

259         TCP      FW1_clientauth_telnet ( Client Authentication )

500         UDP      IPSEC IKE Protocol (formerly ISAKMP/Oakley)

900         TCP      FW1_clntauth_http (Client Authentication))

4433       TCP      Management server Portal

4500       UDP      NAT-T NAT Traversal,

8116       UDP      Check Point Cluster Control protocol (CCP)

18190     TCP      CPMI Check Point Management Interface,                            Protocol for communication between GUI and Management                               Server                   

18191     TCP       CPD Check Point Daemon Protocol Download of rule base from Management Server to FWM Fetching rule base from FWM to Management server.

18192    TCP   CPD_amon Check Point Internal Application Monitoring

18210     TCP       FW1_ica_pull Check Point Internal CA Pull Certificate  Service     18211     TCP       FW1_ica_pull Check Point Internal CA Push Certificate

Service

Question16: What’s the difference between tcpdump and fwmonitor?

Answer: 

Tcpdump displays traffic coming or leaving to/from a firewall interface while

fw monitor would also tell you how the packet is going through the firewall including routing and NAT decisions.

FW Monitor captures traffic at 4 important points in the firewall namely i, I, o & O. You would see them in the capture in the same sequence.

TCP Dump captures at position i & O of firewall monitor, and you can be sure the traffic has left the firewall. This is similar to the way captures work on a Cisco PIX/ASA

For more questions please visit to our website – https://techclick.in

[the-post-grid id=”9538″ title=””]

Leave a Reply

Your email address will not be published. Required fields are marked *

Visit Our Store and Buy All document (F5, Zscaler, ASA, Paloalto, Checkpoint,Forescout, Cisco ISE etc) only in  1600RS, click here on store - Store

X
error: Content is protected !!