Stateful Firewall
Stateful technology was introduced by Check Point(1994). A stateful firewall keep the network information in table. This table called state table. A state table keep the information of network packet attributes.
Example:
Example:
Source IP
|
Source
Port
|
Destination IP
|
Destination
Port
|
192.168.1.251
|
1050
|
172.217.167.228
|
80
|
192.168.0.251
|
1080
|
172.217.167.228
|
80
|
192.168.1.244
|
1099
|
172.217.167.228
|
80
|
192.168.1.231
|
1030
|
172.217.167.228
|
80
|
Packet Flow of Check Point Firewall
A packet flow is set of basic steps for packet attribute inspection and packet delivery.In this topic we will discuses about Check Point Packet flow.
SAM(Suspicious Activity Monitoring) Database
SAM stands for Suspicious Activity Monitoring. SAM originally allows an Intrusion Detection System (IDS) to tell the firewall to block a source IP that was attacking in real time.
↓
Anti Spoofing
When spoof packet(IP and MAC address already connect in LAN) request from the global network to LAN then Check Point using anti-spoofing facility drop the spoof packet.
↓
Rule or Policy
A Policy is sat of security access credentials for secure network access by LAN users.
↓
Destination Network Address Translation
Destination NAT is performed on incoming packets, where the firewall translates a public destination address to a private address.
↓
Route Lookup
When a packet arrives on a router interface, the router examines the credentials, and proceeds through the router lookup process.
↓
Source Network Address Translation
Source NAT changes the source credentials in IP header of a packet. The typical usage is to change the a private credentials into a public credential for packets leaving your network.
↓
Virtual Private Network
A virtual private network is secure way of extend the private network over public network.
↓
Layer 7 Inspection
Deep inspection of IP packet in this level.
↓
Route
Throw out to destination.
Type Of Deployment
there are two type of deployment in Check Point.
1. Distributed Deployment
In this type of deployment we have two Check Point Security Box. One security box will work as Management Server and second security box work as gateway.
2. Standalone Deployment
In this type of deployment we have one security box and this security box works as management server and security gateway.
Three Layer Architecture Of Check Point
This is a basic terminology of Check Point.
1. Smart Management Server
Smart management server is very important part of security topology. By using Smart Management Server we can manage the security policy backup and routing on security gateway.
2. Security Gateway
The engine that enforces the organization's security policy, is an entry point to the LAN, and is managed by the Security Management Server.
3. Smart Console
Smart Console is sat of management configuration tools which use in Smart Management Server configuration.
Check Point Three Layer Architecture
License of Check Point
Check Point licence based on proprietary. In case of Smart Management Server does not requirement of licence but is case of security gateway we require licence for different type of secure software blade like IPS IDS software blade, URL and mobile application software blade, QoS blade etc.
Thanks
Himanshu
Thanks
Himanshu
No comments:
Post a Comment