-Which of the applications in Check Point technology can be used to configure security objects?
What is Anti-Spoofing.
Ans- Anti-Spoofing is the feature of Checkpoint Firewall. which is protect from attacker who generate IP Packet with Fake or Spoof source address. Its determine that whether traffic is legitimate or not. If traffic is not legitimate then firewall block that traffic on interface of firewall.
What is Stealth Rule in checkpoint firewall.
Ans – Stealth Rule Protect Checkpoint firewall from direct access any traffic. Its rule should be place on the top of Security rule base. In this rule administrator denied all traffic to access checkpoint firewall.
What is Cleanup rule In Checkpoint Firewall.
Ans – Cleanup rule place at last of the security rule base, Its used to drop all traffic which not match with above rule and Logged. Cleanup rule mainly created for log purpose. In this rule administrator denied all the traffic and enable log.
What is VPN (Virtual Private Network).
Ans – VPN (Virtual Private Network) is used to create secure connection between two private network over Internet. Its used Encryption authentication to secure data during transmission. There are two type of VPN
•Site to Site VPN.
•Remote Access VPN.
What is IP Sec.
Ans – IP Sec (IP Security) is a set of protocol. which is responsible for make secure communication between two host machine, or network over public network such as Internet. IPSec Protocol provide Confidentiality , Integrity, Authenticity and Anti Replay protection. There is two IPSec protocol which provide security 1. ESP (Encapsulation Security Payload) and 2. AH (Authentication Header).
ESP – ESP Protocol is a part of IPsec suit , Its provide Confidentiality, Integrity and Authenticity. Its used in two mode Transport mode and Tunnel mode.
AH – Its is also part of a IPsec suit, Its provide only Authentication and Integrity, Its does not provide Encryption. Its also used to two mode Transport mode and Tunnel mode.
What is difference between standalone deployment distributed deployment.
Standalone deployment – In standalone deployment, Security Gateway and Security management server installed on same Machine.
Distributed deployment – In Distributed deployment, Security Gateway and Security Management Server installed on different machine.
SIC – SIC stand for “Secure Internal Communication”. Its a checkpoint firewall feature that is used to make secure communication between Checkpoint firewall component. Its used when Security Gateway and Security management server installed in Distributed deployment. Its Authentication and Encryption for secure communication.
What Advantage of NAT.
•Save Public IP to save cost.
•Security with hide Internal Network.
•Publish Server over Internet.
•Access Internet from Private IP address.
Q.1 Which protocol use in Checkpoint for Clustering?
Q.2 How Cluster_XL works? What the ports used by Cluster_XL?
Q.3 What are the New and Legacy Mode in Clustering?
Q.4 What are Delta and Full Mode in Clustering?
Q.5 Step by Step Process of configuring Checkpoint Cluster?
Q.6 How to use VRRP for Checkpoint Clustering?
Q.1 Difference between IPSec and SSL VPN?
Q.2 Difference between Domain Base and Route Base VPN?
Q.3 What are the protocols of IPSec? And what are the Protocol numbers of IPSec Protocols.?
Ans. IPSec use two Protocols AH (Authentication Header) and ESP (Encapsulated Security Payload). AH works on Protocol number 51 and ESP works on Protocol number 50.
Q.4 What is NAT traversal? Where it used?
Q.5 How use NAT in VPN Tunnel?
Q.6 What is Norm in IPSec?
Q.7 What the Phases of IPSec VPN? And many messages being exchanged in MAIN and QUICK Mode? What are these messages?
Q.8 What is Encryption Domain?
Q.9 IPSec works at which OSI layer?
Ans. IP Layer (Network Layer and provide security services Network Layer and above).
What is Anti-Boat?
How to block ICMP tunnel in checkpoint?
Difference between fwstop and cpstop?
What are the services which impacted during cpstop and spstart?
What is CPinfo? And why it is used?
What are Cluster_XL, Secure_XL and CORE_XL?
What is Provider1?
What is MDF Database?
How to configure SMC HA?
How to check License via Smartview Monitor?
How to configure perform DNAT before routing via Global Properties?