CheckPoint NG VPN 1/Firewall 1
Syngress Media,U.S. (Verlag)
978-1-931836-97-5 (ISBN)
- Titel ist leider vergriffen;
keine Neuauflage - Artikel merken
Check Point Software Technologies is the worldwide leader in securing the Internet. The company's Secure Virtual Network (SVN) architecture provides the infrastructure that enables secure and reliable Internet communications. Check Point recently announced a ground-breaking user interface that meets the industry's next generation Internet security requirements, including simplified security management for increasingly complex environments. Built upon Check Point's Secure Virtual Network (SVN) architecture, the Next Generation User Interface revolutionizes the way security administrators define and manage enterprise security by further integrating management functions into a security dashboard and creating a visual picture of security operations. The Next Generation User Interface delivers unparalleled ease-of-use, improved security and true end-to-end security management. Check Point's revenues have more than doubled in each of the last two years, while capturing over 50% of the VPN market and over 40% of the firewall market according to IDC Research. The explosive growth of the company is further evidenced by over 29,000 IT professionals becoming Check Point Certified so far.
This book will be the complimentary to Syngress' best-selling Check Point Next Generation Security Administration, which was a foundation-level guide to installing and configuring Check Point NG. This book will assume that readers have already mastered the basic functions of the product and they now want to master the more advanced security and VPN features of the product. Written by a team of Check Point Certified Instructors (the most prestigious Check Point certification) this book will provide readers with a complete reference book to Check Point NG and advanced case studies that illustrate the most difficult to implement configurations. Although not a Study Guide, this book will cover all of the objectives on Check Point's CCSE Exam.
Senior Professional Security Engineer for Integralis
Foreword
Chapter 1 FW-1 NG Operational Changes
Introduction
Static NAT Changes from 4.x to NG
Server-Side NAT
Client-Side NAT
Bidirectional NAT
Automatic ARP
When ARP Is Automatic
When ARP Is Manual
Upgrading 4.x to NG
The 4.x Upgrade Process
When to Rebuild
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 2 Smart Clients
Introduction
SmartDashboard
What’s New in NG SmartDashboard
A GUI Overview of New FP3 Features
SmartView Status
What’s New in SmartView Status
Highlights of SmartView Status
SmartView Tracker
What’s New in SmartView Tracker
Highlights From the SmartView Tracker
SmartView Monitor
Installation
The Interface
Traffic Monitoring
Generating Reports
User Monitor
The Interface
Managing Queries
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 3 Advanced Authentication
Introduction
Active Directory
Setting Up Active Directory for FireWall-1 Authentication
Setting Up the Firewall for AD Authentication
Suggested Uses of MS-AD Authentication
Standard LDAP
Setting Up the LDAP for FireWall-1 Authentication
Setting Up the Firewall for LDAP Authentication
Suggested Uses of LDAP Authentication
RADIUS
Setting Up the Firewall for RADIUS Authentication
Setting Up RADIUS for FireWall-1 Authentication
Suggested Uses of RADIUS Authentication
TACACS+
Setting Up the Firewall for TACACS+ Authentication
Setting Up TACACS+ for FireWall-1 Authentication
Suggested Uses of TACACS+ Authentication
General User Management
Self-Service User Management with ADSI
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 4 Advanced VPN Concepts
Introduction
What Are SEP and MEP
Sample Scenario
Exploring SEP
Exploring MEP
SEP Configuration Examples
Scenario One
Scenario Two
MEP Configuration Examples
Scenario One
Setup of New York Firewall
Setup of San Diego Firewall
Combinations of MEP and SEP
VPN Modes
Transparent Mode
Connect Mode
Routing Between VPN Connections
Dynamic IP Address VPN Connections
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 5 Advanced VPN Client Installations
Introduction
The Difference Between SecuRemote and SecureClient
Using DNSInfo Files
Encrypting Internal Traffic
Using SR/SC from Behind a CP-FW-1 System
Using SecureClient
Creating Rules for Internal Connections to Remote Clients
Examples of Common Deployments
L2TP Tunnels Terminating on a Check Point FP3 Box
Office Mode SecureClient
FP3 Clientless VPNs
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 6 High Availability and Clustering
Introduction
Designing Your Cluster
Why Do You Need a Cluster
High Availability or Load Sharing
Clustering and Check Point
Connecting the Cluster to Your Network: Hubs or Switches
FireWall-1 Features, Single Gateways vs. Clusters: The Same, But Different
Installing FireWall-1 NG FP3
Checking the Installation Prerequisites
Installation Options
Installation Procedure
Check Point ClusterXL
Configuring ClusterXL in HA New Mode
Testing ClusterXL in HA New Mode
Test 1: Pinging the Virtual IP Address of Each Interface
Test 2: Using SmartView Status to Examine the Status of the Cluster Members
Test 3: FTP Session Through the Cluster When an Interface Fails
Command-Line Diagnostics on ClusterXL
How Does ClusterXL HA New Mode Work
ClusterXL HA New Mode Failover
ClusterXL Failover Conditions
Special Considerations for ClusterXL in HA New Mode
Network Address Translation
Configuring ClusterXL in HA Legacy Mode
Configuring ClusterXL in Load-Sharing Mode
Prerequisites for Configuring ClusterXL in Load-Sharing Mode
Configuration of ClusterXL in Load-Sharing Mode
Testing ClusterXL in Load-Sharing Mode
Test 1: Pinging the Virtual IP Address for Each Interface
Test 2: Using SmartView Status to Examine the Status of the Cluster Members
Test 3: FTPing Through ClusterXL Load Sharing During Failover
Command-Line Diagnostics for ClusterXL
How ClusterXL Works in Load-Sharing Mode
Special Considerations for ClusterXL in Load-Sharing Mode
Network Address Translation
User Authentication and One-Time Passcodes
Nokia IPSO Clustering
Nokia Configuration
Check Point FireWall-1
Configuration for a Nokia Cluster
Nokia Cluster Configuration on Voyager
Testing the Nokia Cluster
How Nokia Clustering Works
Special Considerations for Nokia Clusters
Nokia IPSO VRRP Clusters
Nokia Configuration
Nokia VRRP Configuration on Voyager
Testing the Nokia VRRP Cluster
How VRRP Works
Special Considerations for Nokia VRRP Clusters
Third-Party Clustering Solutions
Clustering and HA Performance Tuning
Data Throughput or Large Number of Connections
Improving for Large Number of Connections
Final Tweaks to Get the Last Drop of Performance
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 7 SecurePlatform
Introduction
The Basics
Installation
Configuration
CPShell
Applying OS and Application Updates
Adding Hardware to SecurePlatform
Adding NICs
Adding a Second Processor
Adding Hard Drives
FireWall-1 Performance Counters
Firewall Commands
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 8 SmartCenter Management Server, High Availability and Failover, and SMART Clients
Introduction
SmartCenter Server:The Roles of a Management Server
Internal Certificate Authority
Management Server Backup Options
Protecting the Configuration
Enforcement Point Functions
Installing a Secondary Management Server
SMART Clients
SMART Client Functions
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 9 Integration and Configuration of CVP / UFP
Introduction
Using CVP for Virus Scanning E-Mail
Configuring CVP
URL Filtering for HTTP Content Screening
Setting Up URL Filtering with UFP
Using Screening without CVP
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 10 SecureClient Packaging Tool
Introduction
Installing the SecureClient Packaging Tool
Starting the SecureClient Packaging Tool
Creating a Profile
The Welcome Window
The General Window
The Connect Mode Window
The SecureClient Window
The Additional Options Window
The Topology Window
The Certificates Window
The Silent Installation Window
The Installation Options Window
The Operating System Logon Window
The Finish Window
Managing SecureClient Profiles
Creating a New Profile From an Existing Profile
Deleting a Profile
Editing a Profile
Creating SecureClient Installation Packages
The Welcome Window
The Package Generation Window
Deploying SecuRemote Packages
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 11 SmartDefense
Introduction
Understanding and Configuring SmartDefense
General
Anti-Spoofing Configuration Status
Denial of Service
IP and ICMP
TCP
DNS
FTP
HTTP
SMTP Security Server
Successive Events
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 12 SmartUpdate
Introduction
Licensing Your Products
Management Server
Enforcement Points
Other License Types
Updating Your Products
Adding a New Product
Installing a Product
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 13 Performance Pack
Introduction
How Performance Pack works
Working on Interfaces While Using Performance Pack
Installing Performance Pack
Hardware Requirements
Performance Considerations
Installing Performance Pack on Solaris 8
Installing Performance Pack on SecurePlatform
Command-Line Options for Performance Pack
Stopping and Starting SecureXL
Checking the Status of SecureXL
Configuring SecureXL
Troubleshooting Performance Pack
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 14 UserAuthority
Introduction
Defining UserAuthority
WAM in Detail
Supported Platforms
Installing UserAuthority
Installing the UserAuthority Server
Installing UserAuthority SecureAgent
Installing the UserAuthority WebAccess Plug-In
Implementing UserAuthority Chaining
Utilizing UserAuthority Logging
FireWall-1 SSO Policy Rules
WAM Web Access Logging
UAS Event Logging
Understanding Credentials Management and Domain Equality
Domain Equality
Deploying UserAuthority
Authenticated Internet Access
Authenticated Web Server
SSO Internet Access and Web Server
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 15 Firewall Troubleshooting
Introduction
SmartView Tracker
Filtering Traffic
Active and Audit Logs
SmartView Monitor
Monitoring Check Point System Counters
Monitoring Traffic
Monitoring a Virtual Link
Running History Reports
Using fw monitor
How It Works
Reviewing the Output
Other Tools
Check Point Tools
Operating System and Third-Party Tools
Summary
Solutions Fast Track
Frequently Asked Questions
Index
| Erscheint lt. Verlag | 11.5.2003 |
|---|---|
| Verlagsort | Rockland, MA |
| Sprache | englisch |
| Maße | 152 x 229 mm |
| Gewicht | 1090 g |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Informatik ► Theorie / Studium ► Kryptologie | |
| ISBN-10 | 1-931836-97-3 / 1931836973 |
| ISBN-13 | 978-1-931836-97-5 / 9781931836975 |
| Zustand | Neuware |
| Haben Sie eine Frage zum Produkt? |
aus dem Bereich
