Posts

Showing posts from July, 2017

Checkpoint – Automatic NAT vs Manual NAT

Image
Subscribe Our Youtube page: 


Checkpoint Automatic NAT vs Manual NAT


NAT (Network Address Translation) is configured in CP firewall in two ways:
Manual or Automatic Automatic NAT To configure the automatic NAT, the SERVER object properties has a NAT section.

Node-----> General Properties--------> NAT----------> Check the box (Add Automatic address Translation)

So for example, if we want our host with internal private IP 192.168.75.4  to be published o the Internet with public IP 172.16.2.4:

(I we only wanted to apply outbound IP masquerading, we should have applied hide NAT type.
In this example, we are also trying to publish to Internet to receive incoming connections, so static NAT type.) This NAT configuration automatically performs 2 actions: 1. Creation of the corresponding NAT rule Original Packet

Checkpoint Firewall Policy installation flow process

Image
Policy installation flow process
Solution Policy installation flow:
Assuming the initiation was made by the SmartDashboard, as opposed to using command line options, such as fwm load (on Management Server) or fw fetch (on Security Gateway), the Check Point Management Interface (CPMI) policy installation command is sent to FWM process on the Management Server where the verification and compilation takes place.FWM process is responsible for code generation and compilation.FWM process invokes the Check Point Policy Transfer Agent (CPTA) command that sends the policy to all applicable Security Gateways.CPD process on the Security Gateway receives the policy and verifies its integrity.FWD process on the Security Gateway updates all of the user-mode processes responsible for enforcement aspects. These include VPND process for VPN issues, FWSSD processes for Security Server issues, and so on. Once complete, the CPD process then initiates the update for Check Point kernel.The new policy is pre…
CHECKPOINT ADVANCED FIREWALL #1 – INFRASTRUCTURE, KERNEL & PROCESSES

A Quick Recap CheckPoint security revolves around 3 key components GUI Clients – This is is mainly SmartConsole and it’s contained applications such as Update, Tracker and Dashboard. All release candidates for this are a separate track to the main product suite and HFAs for this set are independent of the main software release. These are effectively the software configuration and interaction between the user and the SMS/Gateways/ReportingSecurity Management – Responsible for all management of the CheckPoint system. It interacts in User-Mode Processes (Explained later) in order to configure all product suites and relies on the following (most significant) processesFWMFWDCPDFWSSDCPWDGateway – The gateway is the device that enforces your security policy. It is really just a computer running software including an OS as normal (IPSO, SPLAT,GAIA etc.) and as such is technically vulnerable. To get around this the firewal…

Download IOS Image for Router

Image
Download IOS Image for Router 


In order to perform CCNA and CCNP hands-on lab exercises, either you need the physical devices or a simulator. Since arranging physical devices, such as Cisco routers and switches is probably not possible for everyone. Fortunately, there are various simulators such as Cisco Packet Tracer and GNS3 that you can use to perform CCNA/CCNP and other hands-on lab exercises. In this post, you will get the direct links to download GNS3 IOS images for Cisco routers, ASA, switches, and even for Juniper routers.
One of the great features of GNS3 simulator is that it allows you to perform real-life hands-on lab exercises. However, you need to download IOS images for GNS3 before you can perform the hands-on lab exercises. Click Below link to download GNS3 images: 

Download GNS3 IOS Images


IP Subnet Calculator

Subnet Mask Cheat Sheet See also RFC 1878. Addresses Hosts Netmask Amount of a Class C /30 4 2 255.255.255.252 1/64 /29 8 6 255.255.255.248 1/32 /28 16 14 255.255.255.240 1/16 /27 32 30 255.255.255.224 1/8 /26 64 62 255.255.255.192 1/4 /25 128 126 255.255.255.128 1/2 /24 256 254 255.255.255.0 1 /23 512 510 255.255.254.0 2 /22 1024 1022 255.255.252.0 4 /21 2048 2046 255.255.248.0 8 /20 4096 4094 255.255.240.0 16 /19 8192 8190 255.255.224.0 32 /18 16384 16382 255.255.192.0 64 /17 32768 32766 255.255.128.0 128 /16 65536 65534 255.255.0.0 256 Guide to sub-class C blocks /25 -- 2 Subnets -- 126 Hosts/Subnet Network # IP Range Broadcast .0 .1-.126 .127 .128 .129-.254 .255 /30 -- 64 Subnets -- 2 Hosts/Subnet Network # IP Range Broadcast .0 .1-.2 .3 .4 .5-.6 .7 .8 .9-.10 .11 .12 .13-.14 .15 .16 .17-.18 .19 .20 .21-.22 .23 .24 .25-.26 .27 .28 .29-.30 .31 .32 .33-.34 .35 .36 .37-.38 .39 .40 .41-.42 .43 .44 .45-.46 .47 .48 .49-.50 .51 .52 .53-.54 .55 .56 .57-.58 .59 .60 .61-.62 .63 .64 .6…

Download CheckPoint IOS Image for Lab

To Download Checkpoint Firewall IOS image for Lab. Just Click on below link:


Check_Point_R77.10_T151_Install_and_Upgrade.Gaia (Server 1)

Check_Point_R77.10_T151_Install_and_Upgrade.Gaia (Server 2)







Subscribe Our YouTube Channel Just Click Below Subscribe Icon:



ASA Firewall Interview Question with Answer

Image

Cannot send or receive e-mail messages behind a Cisco PIX or Cisco ASA firewall

Cannot send or receive e-mail messages behind a Cisco PIX or Cisco ASA firewall
Symptoms You may experience one or more of the following behaviors: 
You cannot receive Internet-based e-mail messages.You cannot send e-mail messages with attachments.You cannot establish a telnet session with the Microsoft Exchange server on port 25.When you send an EHLO command to the Exchange server, you receive a "Command unrecognized" or an "OK" response.You cannot send or receive mail on specific domains.Problems with Post Office Protocol version 3 (POP3) authentication - 550 5.7.1 relaying denied from local server.Problems with duplicate e-mail messages being sent (sometimes five to six times).You receive duplicate incoming Simple Mail Transfer Protocol (SMTP) messages.Microsoft Outlook clients or Microsoft Outlook Express clients report an 0x800CCC79 error when trying to send e-mail.There are problems with binary mime (8bitmime). You receive the following text in a non-delivery…

Network Data Related Question

JUNIPER SCREENOS
Q.1      What are the series of ScreenOS boxes?  Q.2      What is the latest version ScreenOS?  Q.3      Juniper Packet Flow.  Q.4      What is Screen Check? How to configure Screen Check in Juniper?  Q.5      What is DIP, MIP and VIP?  Q.6      How to configure Cluster in Juniper? 



ROUTING
Q.1      Difference between Static and Dynamic Routing? Q.2     Different between AD Value and Metric? And what is the AD value of EIGRP,  OSPF, RIP and BGP? Ans.   
AD: - The administrative distance is helpful to select best between two or more routing Protocols. For example best route selection between OSPF and RIP.
Metric: - Metrics are only helpful to select route inside a routing protocol. For example best route inside the RIP. 
Administrative Distance Valuse             Connected Interface = 0             Static Route =  1             EIGRP Summery Route = 5             External BGP = 20             Internal EIGRP = 90             IGRP = 100             OSPF = 110             IS-IS = 115          …