4 avg. rating (80% score) - 1 votes
Searching for a CheckPoint Firewall job? Wisdomjobs interview questions will be useful for all the Job-Seekers, Professionals, Trainers, etc. CheckPoint has designed a Unified Security Architecture that is implemented all through its security products. This combined security architecture allows all Check Point products to be maintained and monitored from a single administrative console, and supply a reliable level of security. There are no. of CheckPoint Firewall jobs in the market for various positions like Network Security Engineer, Network Security Administrator, System Engineer, Network Security Specialist, Security Analyst, System Administrator, IT Analyst, Technical Specialist etc. please refer our interview questions with answers in CheckPoint Firewall job interview questions and answers page to help job seekers to land the best job.
Anti-Spoofing is the feature of Checkpoint Firewall. which is protect from attacker who generate IP Packet with Fake or Spoof source address. Its determine that whether traffic is legitimate or not. If traffic is not legitimate then firewall block that traffic on interface of firewall.
In Asymmetric Encryption there is two different key used for encrypt and decrypt to packet. Means that one key used for Encrypt packet, and second key used to for decrypt packet. Same key can not encrypt and decrypt.
Stealth Rule Protect Checkpoint firewall from direct access any traffic. Its rule should be place on the top of Security rule base. In this rule administrator denied all traffic to access checkpoint firewall.
Cleanup rule place at last of the security rule base, Its used to drop all traffic which not match with above rule and Logged. Cleanup rule mainly created for log purpose. In this rule administrator denied all the traffic and enable log.
NAT stand for Network Address Translation. Its used to map private IP address with Public IP Address and Public IP address map with Private IP Address. Mainly its used for Provide Security to the Internal Network and Servers from Internet. NAT is also used to connect Internet with Private IP Address. Because Private IP not route able on Internet.
Source NAT used to initiate traffic from internal network to external network. In source NAT only source IP will translated in public IP address.
VPN (Virtual Private Network) is used to create secure connection between two private network over Internet. Its used Encryption authentication to secure data during transmission. There are two type of VPN
IP Sec (IP Security) is a set of protocol. which is responsible for make secure communication between two host machine, or network over public network such as Internet. IPSec Protocol provide Confidentiality , Integrity, Authenticity and Anti Replay protection. There is two IPSec protocol which provide security
ESP:ESP Protocol is a part of IPsec suit , Its provide Confidentiality, Integrity and Authenticity. Its used in two mode Transport mode and Tunnel mode.
AH:Its is also part of a IPsec suit, Its provide only Authentication and Integrity, Its does not provide Encryption. Its also used to two mode Transport mode and Tunnel mode.
It's a rule in ruse base which is manually created by network security administrator that called Explicit rule.
Hide NAT used to translate multiple private IP or Network with single public IP address. Means many to one translation. Its can only be used in source NAT translation. Hide NAT can not be used in Destination NAT.
When request to translate Destination IP address for connect with Internal Private network from Public IP address. Only static NAT can be used in Destination NAT.
Standalone deployment : In standalone deployment, Security Gateway and Security management server installed on same Machine.
Distributed deployment: In Distributed deployment, Security Gateway and Security Management Server installed on different machine.
SIC stand for “Secure Internal Communication”. Its a checkpoint firewall feature that is used to make secure communication between Checkpoint firewall component. Its used when Security Gateway and Security management server installed in Distributed deployment. Its Authentication and Encryption for secure communication.
Its tool of smart console. Its used to Configure Rule, Policy object, Create NAT Policy, Configure VPN and Cluster.
Central and Local licenses: Central licenses are the new licensing model for NG and are bound to the SmartCenter server. Local licenses are the legacy licensing model and are bound to the enforcement module.
Using cpstop and then cpstart will restart all Check Point components, including the SVN foundation. Using fwstop and then fwstart will only restart VPN-1/FireWall-1.
CPD :CPD is a high in the hierarchichal chain and helps to execute many services, such as Secure Internal Communcation (SIC), Licensing and status report.
FWM: The FWM process is responsible for the execution of the database activities of the SmartCenter server. It is; therefore, responsible for Policy installation, Management High Availability (HA) Synchronization, saving the Policy, Database Read/Write action, Log Display, etc.
FWD:The FWD process is responsible for logging. It is executed in relation to logging, Security Servers and communication with OPSEC applications.
Static Mode and manually defined
1. Insert the Checkpoint CD into the computers CD Drive.
2. You will see a Welcome to Checkpoint SecurePlatform screen. It will prompt you to press any key. Press any key to start the installation,otherwise it will abort the installation.
3.You will now receive a message saying that your hardware was scanned and found suitable for installing secureplatform. Do you wish to proceed with the installation of Checkpoint SecurePlatform.
Of the four options given, select OK, to continue.
4.You will be given a choice of these two:
Select Secureplatform Pro and enter ok to continue.
5.Next it will give you the option to select the keyboard type. Select your Keyboard type (default is US) and enter OK to continue.
6.The next option is the Networking Device. It will give you the interfaces of your machine and you can select the interface of your choice.
7.The next option is the Network Interface Configuration. Enter the IP address, subnet mask and the default gateway.
For this tutorial, we will set this IP address as 184.108.40.206 255.255.255.0 and the default gateway as 220.127.116.11 which will be the IP address of your upstream router or Layer 3 device.
8.The next option is the HTTPS Server Configuration. Leave the default and enter OK.
9.Now you will see the Confirmation screen. It will say that the next stage of the installation process will format your hard drives. Press OK to Continue.
10.Sit back and relax as the hard disk is formated and the files are being copied.
Once it is done with the formatting and copying of image files, it will prompt you reboot the machine and importantly REMOVE THE INSTALLATION CD. Press Enter to Reboot.
Note: Secureplatform disables your Num Lock by over riding System BIOS settings, so you press Num LOck to enable your Num Lock.
For the FIRST Time Login, the login name is admin and the password is also admin.
11.Start the firewall in Normal Mode.
12.Configuring Initial Login:
Enter the user name and password as admin, admin.
It will prompt you for a new password. Chose a password.
Enter new password: check$123
Enter new password again: check$123
You may choose a different user name:
Enter a user name:fwadmin
Now it will prompt you with the [cpmodule]# prompt.
13. The next step is to launch the configuration wizard. To start the configuration wizard, type “sysconfig”.
You have to enter n for next and q for Quit. Enter n for next.
14.Configuring Host name: Press 1 to enter a host name. Press 1 again to set the host name.
Enter host name: checkpointfw
You can either enter an ip address of leave it blank to associate an IP address with this hostname. Leave it blank for now.
Press 2 to show host name. It now displays the name of the firewall as checkpointfw.
Press e to get out of that section.
15.Configuring the Domain name.
Press 2 to enter the config mode for configuring the domain mode. Press 1 to set the domain name.
Enter domain name:yourdomain.com
Enter domain name: checkpointfw.com
You can press 2 to show the domain name.
16. Configuring Domain Name Servers.
You can press 1 to add a new domain name server.
Enter IP Address of the domain name srever to add: Enter your domain name server IP Address HERE.
Press e to exit.
17. Press 4 to enter the Network Connections parameter.
Enter 2 to Configure a new connection.
Press 2 to configure eth1. (We will configure this interface as the inside interface with an IP address of 192.168.1.1 and a subnet mask of 255.255.255.0. The default gateway will be configured as 18.104.22.168.)
Press 1) Change IP settings.
Enter IP address for eth1 (press c to cancel): 192.168.1.1
Enter network Mask for interface eth2 (press c to cancel): 255.255.255.0
Enter broadcast address of the interface eth2 (leave empty for default): Enter
Pres Enter to continue….
Similarly configure the eth2 interface, which will be acting as a DMZ in this case with 10.10.10.1 255.255.255.0.
Press e to exit the configuration menu.
18.Configuring the Default Gateway Configuration.
Enter 5 which is the Routing section to enter information on the default gateway configuration.
Press 1 to enter the default gateway configuration.
Enter default gateway IP address: 22.214.171.124
19. Choose a time and date configuration item.
Press n to configure the timezone, date and local time.
This part is self explanatory so you can do it yourself.
The next prompt is the Import Checkpoint Products Configuration. You can n for next to skip this part as it is not needed for fresh installs.
20. Next is the license agreement.You have the option of V for evaluation product, U for purchased product and N for next. If you enter n for next. Press n for next.
Press Y and accept the license agreement.
21.The next section would show you the product Selection and Installation option menu.
Select Checkpoint Enterprise/Pro.
Press N to continue.
22. Select New Installation from the menu.
Press N to continue.
23. Next menu would show you the products to be installed.
Since this is a standalone installation configuration example, select
VPN Pro and
Press N for next
24.Next menu gives you the option to select the Smartcenter type you would like to install.
Select Primary Smartcenter.
Press n for next.
A validation screen will be seen showing the following products:
VPN-1 Pro and Primary Smartcenter.
Press n for next to continue.
Now the installation of VPN-1 Pro NGX R60 will start.
25. The set of menu is as follows:
Do you want to add license (y/n)
You can enter Y which is the default and enter your license information.
26. The next prompt will ask you to add an administrator. You can add an administrator.
27.The next prompt will ask you to add a GUI Client. Enter the IP Address of the machine from where you want to manage this firewall.
28. The final process of installation is creation of the ICA. It will promtp you for the creation of the ICA and follow the steps. The ICA will be created. Once the random is configured ( you dont have to do anything), the ICA is initialized.
After the ICA initialized, the fingerprint is displayed. You can save this fingerprint because this will be later used while connecting to the smartcenter through the GUI. The two fingerprints should match. This is a security feature.
The next step is reboot. Reboot the firewall.
CheckPoint Firewall Related Tutorials
CheckPoint Firewall Related Interview Questions
|Networking Interview Questions||Computer Hardware Interview Questions|
|CCNA Interview Questions||Hardware and Networking Interview Questions|
|MCSE Interview Questions||CCNP Interview Questions|
|Microsoft Certified Solutions Associate (MCSA) Interview Questions||Cisco Interview Questions|
|Cisco Nexus switches Interview Questions||Cisco Network Engineer Interview Questions|
All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd
Wisdomjobs.com is one of the best job search sites in India.