CheckPoint Firewall Interview Questions & Answers

CheckPoint Firewall Interview Questions

Searching for a CheckPoint Firewall job? Wisdomjobs interview questions will be useful for all the Job-Seekers, Professionals, Trainers, etc. CheckPoint has designed a Unified Security Architecture that is implemented all through its security products. This combined security architecture allows all Check Point products to be maintained and monitored from a single administrative console, and supply a reliable level of security. There are no. of CheckPoint Firewall jobs in the market for various positions like Network Security Engineer, Network Security Administrator, System Engineer, Network Security Specialist, Security Analyst, System Administrator, IT Analyst, Technical Specialist etc. please refer our interview questions with answers in CheckPoint Firewall job interview questions and answers page to help job seekers to land the best job.

CheckPoint Firewall Interview Questions And Answers

CheckPoint Firewall Interview Questions
    1. Question 1. What Is Anti-spoofing?

      Answer :

      Anti-Spoofing is the feature of Checkpoint Firewall. which is protect from attacker who generate IP Packet with Fake or Spoof source address. Its determine that whether traffic is legitimate or not. If traffic is not legitimate then firewall block that traffic on interface of firewall.

    2. Question 2. What Is Asymmetric Encryption?

      Answer :

      In Asymmetric Encryption there is two different key used for encrypt and decrypt to packet. Means that one key used for Encrypt packet, and second key used to for decrypt packet. Same key can not encrypt and decrypt.

    3. Question 3. What Is Stealth Rule In Checkpoint Firewall?

      Answer :

      Stealth Rule Protect Checkpoint firewall from direct access any traffic. Its rule should be place on the top of Security rule base. In this rule administrator denied all traffic to access checkpoint firewall.

    4. Question 4. What Is Cleanup Rule In Checkpoint Firewall?

      Answer :

      Cleanup rule place at last of the security rule base, Its used to drop all traffic which not match with above rule and Logged. Cleanup rule mainly created for log purpose. In this rule administrator denied all the traffic and enable log.

    5. Question 5. What Is Nat?

      Answer :

      NAT stand for Network Address Translation. Its used to map private IP address with Public IP Address and Public IP address map with Private IP Address. Mainly its used for Provide Security to the Internal Network and Servers from Internet. NAT is also used to connect Internet with Private IP Address. Because Private IP not route able on Internet.

    6. Question 6. What Is Source Nat?

      Answer :

      Source NAT used to initiate traffic from internal network to external network. In source NAT only source IP will translated in public IP address.

    7. Question 7. What Is Vpn (virtual Private Network)?

      Answer :

      VPN (Virtual Private Network) is used to create secure connection between two private network over Internet. Its used Encryption authentication to secure data during transmission. There are two type of VPN

      • Site to Site VPN.
      • Remote Access VPN.

    8. Question 8. What Is Ip Sec?

      Answer :

      IP Sec (IP Security) is a set of protocol. which is responsible for make secure communication between two host machine, or network over public network such as Internet. IPSec Protocol provide Confidentiality , Integrity, Authenticity and Anti Replay protection. There is two IPSec protocol which provide security

      1. ESP (Encapsulation Security Payload)
      2. AH (Authentication Header).

    9. Question 9. What Is Difference Between Esp And Ah Ipsec Protocol?

      Answer :

      ESP:ESP Protocol is a part of IPsec suit , Its provide Confidentiality, Integrity and Authenticity. Its used in two mode Transport mode and Tunnel mode.

      AH:Its is also part of a IPsec suit, Its provide only Authentication and Integrity, Its does not provide Encryption. Its also used to two mode Transport mode and Tunnel mode.

    10. Question 10. What Is Explicit Rule In Checkpoint Firewall?

      Answer :

      It's a rule in ruse base which is manually created by network security administrator that called Explicit rule.

    11. Question 11. What Is Hide Nat?

      Answer :

      Hide NAT used to translate multiple private IP or Network with single public IP address. Means many to one translation. Its can only be used in source NAT translation. Hide NAT can not be used in Destination NAT.

    12. Question 12. What Is Destination Nat?

      Answer :

      When request to translate Destination IP address for connect with Internal Private network from Public IP address. Only static NAT can be used in Destination NAT.

    13. Question 13. Difference Between Automatic Nat And Manual Nat?

      Answer :

      Automatic NAT:                 

      • Automatic created by Firewall Network Security Administrator
      • Can not modify                  
      • Can not create “No NAT” rule  
      • Can not create Dual NAT
      • Port forwarding not possible
      • Proxy ARP by default enabled

      Manual NAT:

      • Manually Created by Network Security
      • Can be Modify  
      • Can be Create “No NAT” rule
      • Can be Create Dual NAT  
      • Port forwarding possible
      • Proxy ARP by default not enable 

    14. Question 14. What Is Difference Between Standalone Deployment Distributed Deployment?

      Answer :

      Standalone deployment : In standalone deployment, Security Gateway and Security management server installed on same Machine.

      Distributed deployment: In Distributed deployment, Security Gateway and Security Management Server installed on different machine.

    15. Question 15. What Is Sic?

      Answer :

      SIC stand for “Secure Internal Communication”. Its a checkpoint firewall feature that is used to make secure communication between Checkpoint firewall component. Its used when Security Gateway and Security management server installed in Distributed deployment. Its Authentication and Encryption for secure communication.

    16. Question 16. What Is 3 Tier Architecture Component Of Checkpoint Firewall?

      Answer :

      • Smart Console.
      • Security Management.
      • Security Gateway.

    17. Question 17. What Is The Packet Flow Of Checkpoint Firewall?

      Answer :

      • SAM Database.
      • Address Spoofing.
      • Session Lookup.
      • Policy Lookup.
      • Destination NAT.
      • Route Lookup.
      • Source NAT.
      • Layer 7 Inspection.
      • VPN.
      • Routing.

    18. Question 18. What Advantage Of Nat?

      Answer :

      • Save Public IP to save cost.
      • Security with hide Internal Network.
      • Avoid Routing.
      • Publish Server over Internet.
      • Overlapping Network.
      • Access Internet from Private IP address.

    19. Question 19. What Is Smart Dashboard?

      Answer :

      Its tool of smart console. Its used to Configure Rule, Policy object, Create NAT Policy, Configure VPN and Cluster.

    20. Question 20. Which Of The Applications In Check Point Technology Can Be Used To Configure Security Objects?

      Answer :


    21. Question 21. Which Of The Applications In Check Point Technology Can Be Used To View Who And What The Administrator Do To The Security Policy?

      Answer :

      SmartView Tracker

    22. Question 22. What Are The Two Types Of Check Point Ng Licenses?

      Answer :

      Central and Local licenses: Central licenses are the new licensing model for NG and are bound to the SmartCenter server. Local licenses are the legacy licensing model and are bound to the enforcement module.

    23. Question 23. What Is The Main Different Between Cpstop/cpstart And Fwstop/fwstart?

      Answer :

      Using cpstop and then cpstart will restart all Check Point components, including the SVN foundation. Using fwstop and then fwstart will only restart VPN-1/FireWall-1.

    24. Question 24. What Are The Functions Of Cpd, Fwm, And Fwd Processes?

      Answer :

      CPD :CPD is a high in the hierarchichal chain and helps to execute many services, such as Secure Internal Communcation (SIC), Licensing and status report.

      FWM: The FWM process is responsible for the execution of the database activities of the SmartCenter server. It is; therefore, responsible for Policy installation, Management High Availability (HA) Synchronization, saving the Policy, Database Read/Write action, Log Display, etc.

      FWD:The FWD process is responsible for logging. It is executed in relation to logging, Security Servers and communication with OPSEC applications.

    25. Question 25. What Are The Types Of Nat And How To Configure It In Check Point Firewall?

      Answer :

      Static Mode and manually defined

    26. Question 26. How To Install Checkpoint Firewall Ngx On Secureplatform?

      Answer :

      1. Insert the Checkpoint CD into the computers CD Drive.

      2. You will see a Welcome to Checkpoint SecurePlatform screen. It will prompt you to press any key. Press any key to start the installation,otherwise it will abort the installation.

      3.You will now receive a message saying that your hardware was scanned and found suitable for installing secureplatform. Do you wish to proceed with the installation of Checkpoint SecurePlatform.

      Of the four options given, select OK, to continue.

      4.You will be given a choice of these two:

      • SecurePlatform
      • SecurePlatform Pro

      Select Secureplatform Pro and enter ok to continue.

      5.Next it will give you the option to select the keyboard type. Select your Keyboard type (default is US) and enter OK to continue.

      6.The next option is the Networking Device. It will give you the interfaces of your machine and you can select the interface of your choice.

      7.The next option is the Network Interface Configuration. Enter the IP address, subnet mask and the default gateway.

      For this tutorial, we will set this IP address as and the default gateway as which will be the IP address of your upstream router or Layer 3 device.

      8.The next option is the HTTPS Server Configuration. Leave the default and enter OK.

      9.Now you will see the Confirmation screen. It will say that the next stage of the installation process will format your hard drives. Press OK to Continue.

      10.Sit back and relax as the hard disk is formated and the files are being copied.

      Once it is done with the formatting and copying of image files, it will prompt you reboot the machine and importantly REMOVE THE INSTALLATION CD. Press Enter to Reboot.

      Note: Secureplatform disables your Num Lock by over riding System BIOS settings, so you press Num LOck to enable your Num Lock.

      For the FIRST Time Login, the login name is admin and the password is also admin.

      11.Start the firewall in Normal Mode.

      12.Configuring Initial Login:

      Enter the user name and password as admin, admin.

      It will prompt you for a new password. Chose a password.

      Enter new password: check$123

      Enter new password again: check$123

      You may choose a different user name:

      Enter a user name:fwadmin

      Now it will prompt you with the [cpmodule]# prompt.

      13. The next step is to launch the configuration wizard. To start the configuration wizard, type “sysconfig”.

      You have to enter n for next and q for Quit. Enter n for next.

      14.Configuring Host name: Press 1 to enter a host name. Press 1 again to set the host name.

      Enter host name: checkpointfw

      You can either enter an ip address of leave it blank to associate an IP address with this hostname. Leave it blank for now.

      Press 2 to show host name. It now displays the name of the firewall as checkpointfw.

      Press e to get out of that section.

      15.Configuring the Domain name.

      Press 2 to enter the config mode for configuring the domain mode. Press 1 to set the domain name.

      Enter domain


      Enter domain name:

      You can press 2 to show the domain name.

      16. Configuring Domain Name Servers.

      You can press 1 to add a new domain name server.

      Enter IP Address of the domain name srever to add: Enter your domain name server IP Address HERE.

      Press e to exit.

      Network Connections.

      17. Press 4 to enter the Network Connections parameter.

      Enter 2 to Configure a new connection.

      Your Choice:

      1. eth0
      2. eth1
      3. eth2
      4. eth3

      Press 2 to configure eth1. (We will configure this interface as the inside interface with an IP address of and a subnet mask of The default gateway will be configured as

      Press 1) Change IP settings.

      Enter IP address for eth1 (press c to cancel):

      Enter network Mask for interface eth2 (press c to cancel):

      Enter broadcast address of the interface eth2 (leave empty for default): Enter

      Pres Enter to continue….

      Similarly configure the eth2 interface, which will be acting as a DMZ in this case with

      Press e to exit the configuration menu.

      18.Configuring the Default Gateway Configuration.

      Enter 5 which is the Routing section to enter information on the default gateway configuration.

      1. Set default gateway.
      2. Show default gateway.

      Press 1 to enter the default gateway configuration.

      Enter default gateway IP address:

      19. Choose a time and date configuration item.

      Press n to configure the timezone, date and local time.

      This part is self explanatory so you can do it yourself.

      The next prompt is the Import Checkpoint Products Configuration. You can n for next to skip this part as it is not needed for fresh installs.

      20. Next is the license agreement.You have the option of V for evaluation product, U for purchased product and N for next. If you enter n for next. Press n for next.

      Press Y and accept the license agreement.

      21.The next section would show you the product Selection and Installation option menu.

      Select Checkpoint Enterprise/Pro.

      Press N to continue.

      22. Select New Installation from the menu.

      Press N to continue.

      23. Next menu would show you the products to be installed.

      Since this is a standalone installation configuration example, select

      VPN Pro and


      Press N for next

      24.Next menu gives you the option to select the Smartcenter type you would like to install.

      Select Primary Smartcenter.

      Press n for next.

      A validation screen will be seen showing the following products:

      VPN-1 Pro and Primary Smartcenter.

      Press n for next to continue.

      Now the installation of VPN-1 Pro NGX R60 will start.

      25. The set of menu is as follows:

      Do you want to add license (y/n)

      You can enter Y which is the default and enter your license information.

      26. The next prompt will ask you to add an administrator. You can add an administrator.

      27.The next prompt will ask you to add a GUI Client. Enter the IP Address of the machine from where you want to manage this firewall.

      28. The final process of installation is creation of the ICA. It will promtp you for the creation of the ICA and follow the steps. The ICA will be created. Once the random is configured ( you dont have to do anything), the ICA is initialized.

      After the ICA initialized, the fingerprint is displayed. You can save this fingerprint because this will be later used while connecting to the smartcenter through the GUI. The two fingerprints should match. This is a security feature.

      The next step is reboot. Reboot the firewall.

Popular Interview Questions

All Interview Questions

Checkpoint Firewall Practice Test

All rights reserved © 2020 Wisdom IT Services India Pvt. Ltd Protection Status

Computer Security Tutorial