1)From which was the first version of Checkpoint you worked?

Answer: From R65

2)What is the difference between CP NG and CP NGX?

Answer:

3)In how many mode we can install the checkpoint?

4)What is architecture of Checkpoint?

Answer:

5)What is SIC ?

Answer: Secure Internal Communication

6)What is NAT and how many type of NAT supported by CP explain ?

Answer: NAT is a short form of Network Address Trans

7)What is the unicast and multicast?

8)What is the rules define Stealth and Clean up rule ?

Answer: Stealth Rule is on the top of the policy and explicitly blocks access to firewall. Clean up rule is
placed at the bottom of the policy and explicitly drops and logs all the traffic that has not matched the
other rules

9)Can we configure rules above stealth rule?

Answer: Yes, Like to allow access for administrator

10)What is the purpose of clean up rule ?

Answer: Clean up rule is placed at the bottom of the policy and explicitly drops and logs all the traffic
that has not matched the other rules

11)How you can configure smart view client in new pc?

12)How you are taking backup of CP?

13)How you can take manual backup and which folders are necessary ?

Answer: Backups, Config, Logs,upgrade_export(1ce a week),Snapshot. $FWDIR/config(Contains all the

rules, user, objects etc.), $FWDIR/log

14)How you can configure Log server and where in CP we configure it?

15)How you use smart view tracker tell about three pannes of it.

16)Have you ever configure smart defence if yes tell us the few feature of it.

17)What are the important communication ports of the checkpoint ?

18)Tell me about licence part of the CP and types of it.

19)How you can integrate gateway boxes with CP like Nokia and Nortel or UTM boxes?

20)How you can bring up Nokia box integration with CP server.

21)Have you configure Cluster in CP if yes then tell us process?

22)What is VRRP? (Accept packets from Nokia VRRP cluster member within from Global Properties)

23)What is FW monitor ?

24)Try to give 5 important CLI commands which are helpful for CP admin ?
25)Have you done CCSA if yes then what is the career path for it and how many question were there .

26)What is Bi directional NAT?

27)If log folder is crossed the threshold value which you had defined in CP server then what will happen?

28)What is the use of database revision control?

29)Have you ever configure VPN if yes then tell us about Site to Site with IPSEC in CP?

30)Have you ever upgrade the R60 to R62 or R65 if yes then tell us the process?

31)What is FW unloadlocal

32)If log tracker is showing green means accepted even though defined rule is not working then what

causes might be tell us.?

33)What is SYNC in cluster ?

35)What is statefull inspection technology ?

36)Apart from Statefull which other technology firewall belongs too?

37)Difference between ASA and Checkpoint firewall?

38)What is ICMP default setting in global properties of CP?

39)How you can reconfigure SIC password ?

40)If you restarted the remote gateway then what will happen in CP network ?

41) What is implied and explicit rules ?

Implied rules are defined by checkpoint firewall for its internal communication related rules. Explicit
rules are defined by administrator.

Interview Question

I would like to cover some important and frequently asked Q&A in this Page. You all are also invited to
share your replies and suggestions. I hope this page will be useful for all the Network and Network
Security Domain Students, Job-Seekers, Professionals, Trainers, etc.

CHECKPOINT

Q.1 What is Checkpoint Architecture?

Ans.

Check Point has developed a Unified Security Architecture that is implemented throughout all of its
security products. This Unified Security Architecture enables all Check Point products to be managed and
monitored from a single administrative console, and provides a consistent level of security.

The Check Point Unified Security Architecture is comprised of four main components:

Core Technologies: - Check Point uses a common set of core technologies, such as INSPECT for security
inspection, across multiple layers of security.

Central Management: - All Check Point products can be managed and monitored from a single
administrative console.

Open Architecture: - Check Point has built its security architecture to be open and interoperable in a
heterogeneous environment. For example, Check Point products can interoperate with other network
and security equipment from third-party vendors to enable cooperative enforcement of Security Policies.
Universal-update Ability: - Check Point has consolidated multiple security-alert and update functions to
ease update procedures and help Administrators ensure that security is always up-to-date.

Q.2 How Checkpoint Component communicate and Syns with each other?

Ans.

Secure Internal Communications (SIC) is the Check Point feature that ensures components, such as
Security Gateways, SmartCenter Server, SmartConsole, etc. can communicate with each other freely and
securely using a simple communication-initialization process.

Q.3 What are the major differences between SPLAT and GAIA?

Ans.

Gaia is the latest version of Checkpoint which is a combination of SPLAT and IPSO. Here are some
benefits of Gaia as compare to SPLAT/IPSO.

1. Web-Based user interface with Search Navigation

2. Full Software Blade support

3. High connection capacity

4. Role-Based administrative Access

5. Intelligent Software updates

6. Native IPv4 and IPv6 Support

7. ClusterXL or VRRP Clusters

8. Manageable Dynamic Routing Suite

9. Full Compatibility with IPSO and SecurePlatform.

For more information you can checkpoint official page on this topic:
http://www.checkpoint.com/products/check-point-gaia/

Q.4 What are the different different Checkpoint Ports and purpose of these ports?

Ans.
PORT TYPE SERVICE DESCRIPTION

21 TCP ftp File transfer Protocol (control)

21 UDP ftp File transfer Protocol (control)

22 Both ssh SSH remote login

25 Both SMTP Simple Mail transfer Protocol

50 Encryption IP protocols esp IPSEC Encapsulation Security Payload

51 Encryption IP protocols ah IPSEC Authentication Header Protocol

53 Both Domain Name Server

69 Both TFTP Trivial File Transfer Protocol

94 TCP Encryption IP protocols fwz_encapsulation (FW1_Eencapsulation)

137 Both Netbios-ns NETBIOS Name Service

138 Both netbios-dgm NETBIOS Datagram

139 Both netbios-ssn NETBIOS Session

256 TCP FW1 (fwd) policy install port FWD_SVC_PORT

257 TCP FW1_log FW1_log FWD_LOG_PORT

258 TCP FW1_mgmt FWM_SSVVC_PORT

259 TCP FW1_clientauth_telnet

259 UDP RDP Reliable Datagram Protocol

260 TCP sync

260 UDP FW1_snmp FWD_SNMP_PORT

261 TCP FW1_snauth Session Authentication Daemon

262 TCP MDQ mail dequer

263 TCP dbs

264 TCP FW1_topop Check Point SecureClient Topology Requests

265 TCP FW1_key Check Point VPN-1 Public key transfer protocol

389 Both LDAP Secure Client connecting to LDAP without SSL

443 SNX VPN can use 443 too

444 TCP SNX VPN SNX VPN tunnel in connectra only

500 UDP IPSEC IKE Protocol (formerly ISAKMP/Oakley)

500 TCP IKE over TCP

500 UDP ISAKMPD_SPORT & ISAKMPD_DPORT

514 UDP Syslog Syslog

636 LDAP Secure Client connecting to LDAP with SSL

900 TCP FW1_clntauth_http Client Authentication Daemon

981 Management https on the edge

1247

1494 TCP Winframe Citrix

1645 TCP Radius

1719 UDP VOIP

1720 TCP VOIP

2040 TCP MIP meta Ip admin server

2746 UDP UDP encapsualtion for SR VPN1_IPSEC_encapsulation VPN1_IPSEC encapsulation

2746 TCP CPUDPENCap

4000 Policy Server Port (Redmond)

4433 TCP Connectra Admin HTTPS Connectra admin port

4500 UDP NAT-T NAT Traversal

4532 TCP SNDAEMON_PORT sn_auth_trap: sn_auth daemon Sec.Serv comm,

5001 TCP Meta IP Web Connection, MIP

5002 TCP Meta IP DHCP Failover

5004 TCP Meta IP UAM

5005 TCP Meta IP SMC

6969 UDP KP_PORT KeyProt

8116 UDP Check Point HA SyncMode= CPHAP (new sync mode)

8116 UDP Connection table synchronization between firewalls

8989 TCP CPIS Messaging MSG_DEFAULT_PORT

8998 TCP MDS_SERVER_PORT

9000 Command Line Port for Secure Client

10001 TCP Default CPRSM listener port for coms with RealSecure Console

18181 TCP FW1_cvp Check Point OPSEC Content Vectoring Protocol

18182 TCP FW1_ufp Check Point OPSEC URL Filtering Protocol

18183 TCP FW1_sam Check Point OPSEC Suspicious Activity monitoring Proto (SAM API)

18184 TCP FW1_lea Check Point OPSEC Log Export API

18185 TCP FW1_omi Check Point OPSEC Objects Management Interface

18186 TCP FW1_omi-sic Check Point OPSEC Objects management Interface with Secure Internal
Communication

18187 TCP FW1_ela Check Point OPSEC Event Loging API

18190 TCP CPMI Check Point Management Interface

18191 TCP CPD Check Point Daemon Proto NG

18192 TCP CPD_amon Check Point Internal Application Monitoring NG

18193 TCP FW1_amon Check Point OPSEC Appication Monitoring NG

18201 TCP FGD_SVC_PORT

18202 TCP CP_rtm Check Point Real time Monitoring

18203 TCP FGD_RTMP_PORT

18204 TCP CE communication

18205 TCP CP_reporting Check Point Reporting Client Protocol

18207 TCP FW1_pslogon Check Point Policy Server logon Protocol

18208 TCP FW1_CPRID (SmartUpdate) Check Point remote Installation Protocol

18209 TCP FWM CA for establishing SIC communication

18210 TCP FW1_ica_pull Check Point Internal CA Pull Certificate Service

18211 TCP FW1_ica_pull Check Point Internal CA Push Certificate Service

18212 UDP Connect Control Load Agent port

18213 TCP cpinp: inp (admin server)

18214 TCP cpsmc: SMC

18214 UDP cpsmc: SMC Connectionless

18221 TCP CP_redundant Check Point Redundant Management Protocol NG

18231 TCP FW1_pslogon_NG Check Point NG Policy Server Logon Protocol

18231 TCP NG listens on this port by default dtps.exe

18232 TCP FW1_sds_logon Check Point SecuRemote Distribution Server Protocol

18233 UDP Check Point SecureClient Verification Keepalive Protocol FW1_scv_keep_alive

18241 UDP e2ecp

18262 TCP CP_Exnet_PK Check Point Public Key Resolution

18263 TCP CP_Exnet_resolve Check Point Extranet remote objects resolution

18264 TCP FW1_ica_services Check Point Internal CA Fetch CRL and User Registration Services

19190 TCP FW1_netso Check Point OPSEC User Authority Simple Protocol

19191 TCP FW1_uaa Check point OPSEC User Authority API

65524 FW1_sds_logon_NG Secure Client Distribution Server Protocol (VC and Higher)

Q.5 How SIC work? What are the different ports of SIC?

Ans.

Secure Internal Communication (SIC) lets Check Point platforms and products authenticate with each
other. The SIC procedure creates a trusted status between gateways, management servers and other
Check Point components. SIC is required to install polices on gateways and to send logs between
gateways and management servers.

These security measures make sure of the safety of SIC:

1. Certificates for authentication

2. Standards-based SSL for the creation of the secure channel

3. 3DES for encryption

The Internal Certificate Authority (ICA)

The ICA is created during the Security Management server installation process. The ICA is responsible for
issuing certificates for authentication. For example, ICA issues certificates such as SIC certificates for
authentication purposes to administrators and VPN certificates to users and gateways.

Initializing the Trust Establishment Process

Communication Initialization establishes a trust between the Security Management server and the Check
Point gateways. This trust lets Check Point components communicate securely. Trust can only be
established when the gateways and the server have SIC certificates.

Note - For SIC to succeed, the clocks of the gateways and servers must be synchronized.

The Internal Certificate Authority (ICA) is created when the Security Management server is installed. The
ICA issues and delivers a certificate to the Security Management server.

To initialize SIC:

1. Decide on an alphanumeric Activation Key.

2. In SmartDashboard, open the gateway network object. In the General Properties page of the gateway,
click Communication to initialize the SIC procedure.

3. In the Communication window of the object, enter the Activation Key that you created in step 2.

4. Click Initialize.

The ICA signs and issues a certificate to the gateway. Trust state is Initialized but not trusted. The
certificate is issued for the gateway, but not yet delivered.

SSL negotiation takes place. The two communicating peers are authenticated with their Activation Key.

The certificate is downloaded securely and stored on the gateway.

After successful Initialization, the gateway can communicate with any Check Point node that possesses a
SIC certificate, signed by the same ICA. The Activation Key is deleted. The SIC process no longer requires
the Activation Key, only the SIC certificates.

Checkpoint SIC Ports

PORT TYPE SERVICE DESCRIPTION

18209 tcp NGX Gateways <> ICAs (status, issue, or revoke).

18210 tcp Pulls Certificates from an ICA.

18211 tcp Used by the cpd daemon (on the gateway) to receive Certificates.

Q.6 Checkpoint Packet flow for SNAT and DNAT?

Ans.

In case of SNAT

Antispoofing

Session lookup

Policy lookup

Routing

Netting
In case of DNAT

Antispoofing

Session lookup

Policy lookup

Netting

Routing

Q.7 What is the main different between cpstop/cpstart and fwstop/fwstart?

Ans.

Using cpstop and then cpstart will restart all Check Point components, including the SVN foundation.
Using fwstop and then fwstart will only restart VPN-1/FireWall-1.

Q.8 What are the functions of CPD, FWM, and FWD processes?

Ans.

CPD CPD is a high in the hierarchical chain and helps to execute many services, such as Secure Internal
Communication (SIC), Licensing and status report.

FWM The FWM process is responsible for the execution of the database activities of the SmartCenter
server. It is; therefore, responsible for Policy installation, Management High Availability (HA)
Synchronization, saving the Policy, Database Read/Write action, Log Display, etc.

FWD The FWD process is responsible for logging. It is executed in relation to logging, Security Servers
and communication with OPSEC applications.

Q.9 What is Anti-Boat?

Q.10 How to block ICMP tunnel in checkpoint?

Q.11 Difference between fwstop and cpstop?

Q.12 What are the services which impacted during cpstop and spstart?

Q.13 What is CPinfo? And why it is used?

Q.14 What are Cluster_XL, Secure_XL and CORE_XL?

Q.15 What is Provider1?

Q.16 What is MDF Database?

Q.17 How to configure SMC HA?

Q.18 How to check License via Smartview Monitor?

Q.19 How to configure perform DNAT before routing via Global Properties?

CHECKPOINT CLUSTER

Q.1 Which protocol use in Checkpoint for Clustering?

Q.2 How Cluster_XL works? What the ports used by Cluster_XL?

Q.3 What are the New and Legacy Mode in Clustering?

Q.4 What are Delta and Full Mode in Clustering?

Q.5 Step by Step Process of configuring Checkpoint Cluster?

Q.6 How to use VRRP for Checkpoint Clustering?

CHECKPOINT VPN

Q.1 Difference between IPSec and SSL VPN?

Q.2 Difference between Domain Base and Route Base VPN?

Q.3 What are the protocols of IPSec? And what are the Protocol numbers of IPSec Protocols.?

Ans. IPSec use two Protocols AH (Authentication Header) and ESP (Encapsulated Security Payload). AH
works on Protocol number 51 and ESP works on Protocol number 50.

Q.4 What is NAT traversal? Where it used?

Q.5 How use NAT in VPN Tunnel?

Q.6 What is Norm in IPSec?

Q.7 What the Phases of IPSec VPN? And many messages being exchanged in MAIN and QUICK Mode?
What are these messages?

Q.8 What is Encryption Domain?

Q.9 IPSec works at which OSI layer?

Ans. IP Layer (Network Layer and provide security services Network Layer and above).

JUNIPER SCREENOS

Q.1 What are the series of ScreenOS boxes?

Q.2 What is the latest version ScreenOS?

Q.3 Juniper Packet Flow.

Q.4 What is Screen Check? How to configure Screen Check in Juniper?

Q.5 What is DIP, MIP and VIP?

Q.6 How to configure Cluster in Juniper?

ROUTING

Q.1 Difference between Static and Dynamic Routing?

Q.2 Different between AD Value and Metric? And what is the AD value of EIGRP, OSPF, RIP and BGP?

Ans.

AD: - The administrative distance is helpful to select best between two or more routing Protocols. For
example best route selection between OSPF and RIP.

Metric: - Metrics are only helpful to select route inside a routing protocol. For example best route inside
the RIP.

Administrative Distance Values

Connected Interface = 0

Static Route = 1

EIGRP Summery Route = 5

External BGP = 20

Internal EIGRP = 90

IGRP = 100

OSPF = 110

IS-IS = 115

RIP = 120

EGP = 140

On Demand Routing = 160

External EIGRP = 170

Internal BGP = 200

Unknown = 255

Q.3 How to configure Inter-VLAN routing in router?

Q.4 How to enable trunking in router?

SWITCHING

Q.1 What is Private VLAN? What is extended or High VLAN range?

Q.2 What is Native VLAN?

Q.3 What is VTP?

Q.4 What is Transparent Mode in VTP and how it works? If we create new VLAN on Transparent Switch
that will be advertise or not?

Q.5 What is 802.1x standard?

PROTOCOLS

Q.1 What are different ports of FTP? What is the use of FTP different ports?

Ans. A Client makes a TCP connection to the server port 21. This connection remains open for the
duration of the session and thus it is called a control session. Then another connection is opened on Port
20 and it is called the data connection. The control connection is used for authenticating, command and
administrating exchanged between the client and the server.
Q.2 What are the modes of FTP?

Ans. There are two types of FTP.

Passive FTP: - In passive mode, the client establishes both channels (Data and control). In that case, the
server tells the client which port should be used for the data channel.

Active FTP: - In active mode, the client establishes the control channel but the server establishes the
data channel.

Q.3 Why FTP not work with Packet Filter Firewall?

Q.4 What are the ports of DNS?

Ans. DNS use Port TCP & UDP 53.

Q.5 When DNS use port tcp_53?

Ans. UDP/53 is used when a host or a router wants to resolve a domain name to an IP address (or vice
versa).
 TCP/53 is used between two DNS servers when they want to sync or share their databases. Or If
the size of the response message is more than 512 bytes, a TCP connection is used.

Q.6 What is DHCP? What are the Ports of DHCP?

MCAFEE

Q.1 How to Installation and Configuration ePO sever?

Q.2 What is McAfee Agent Handler?

Q.3 How to restore ePO database?

Q.4 How to make policy in new ePO?

Q.5 What is default Console Port of ePO?

Q.6 What is the default Group of ePO?

Q.7 On which port ePO communication with client agent?

Q.8 What is Client Task?

RSA AUTHENTICATION MANAGER

Q.1 How Install and Configure RSA Authentication Manager?

Q.2 How to install and configure RSA Agent in Firewall or Windows Server?

Q.3 How to configure RADIUS in RSA?

Q.4 What are the RSA important files?

MISC QUESTION

Q.1 What is OSI stack? Explains all the OSI layers?