Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 175 views

    Checkpoint Firewall Interview Question and Answer Part 1

    Uploaded by

    Files Down
    The document discusses various concepts related to Checkpoint firewalls including: - Anti-spoofing prevents attackers from generating IP packets with fake source addresses. - Asymmetric encryption uses two different keys for encrypting and decrypting packets. - Stealth and cleanup rules are placed at the top and bottom of the rule base to deny direct access and drop unmatched traffic. - NAT translates private IP addresses to public IP addresses for security and internet access.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Checkpoint Firewall Interview Question and Answer Part 1

    Uploaded by

    Files Down
    175 views4 pages
    The document discusses various concepts related to Checkpoint firewalls including: - Anti-spoofing prevents attackers from generating IP packets with fake source addresses. - Asymmetric encryption uses two different keys for encrypting and decrypting packets. - Stealth and cleanup rules are placed at the top and bottom of the rule base to deny direct access and drop unmatched traffic. - NAT translates private IP addresses to public IP addresses for security and internet access.

    Original Description:

    Checkpoint Firewall Interview Question and Answer

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses various concepts related to Checkpoint firewalls including: - Anti-spoofing prevents attackers from generating IP packets with fake source addresses. - Asymmetric encryption uses two different keys for encrypting and decrypting packets. - Stealth and cleanup rules are placed at the top and bottom of the rule base to deny direct access and drop unmatched traffic. - NAT translates private IP addresses to public IP addresses for security and internet access.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    175 views4 pages

    Checkpoint Firewall Interview Question and Answer Part 1

    Uploaded by

    Files Down
    The document discusses various concepts related to Checkpoint firewalls including: - Anti-spoofing prevents attackers from generating IP packets with fake source addresses. - Asymmetric encryption uses two different keys for encrypting and decrypting packets. - Stealth and cleanup rules are placed at the top and bottom of the rule base to deny direct access and drop unmatched traffic. - NAT translates private IP addresses to public IP addresses for security and internet access.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 4
    At a glance
    Powered by AI
    Some key takeaways from the document are that Checkpoint firewall provides features like anti-spoofing, NAT, and stealth rules to enhance network security

    The three main components of Checkpoint firewall architecture are the SmartConsole, Security Management Server, and Security Gateway

    The two main protocols used for IPSec VPN are ESP and AH. ESP provides encryption while AH provides authentication and integrity.

    Checkpoint Firewall Interview Question and Answer Part 1

    What is Anti-Spoofing?

    Ans- Anti-Spoofing is the feature of Checkpoint Firewall. which is protected from an attacker who
    generates IP Packet with the Fake or Spoof source address. Its determine that whether traffic is
    legitimate or not. If traffic is not legitimate then firewall block that traffic on the interface of the firewall.

    2. What is Asymmetric Encryption?

    Ans – In Asymmetric Encryption, there is two different key used for encrypting and decrypt to the
    packet. Means that one key used for Encrypt packet, and second key used to for decrypt packet. The
    Same key can not encrypt and decrypt.

    3. What is Stealth Rule in checkpoint firewall?

    Ans – Stealth Rule Protect Checkpoint firewall from direct access any traffic. Its rule should be placed on
    the top of Security rule base. In this rule, administrator denied all traffic to access checkpoint firewall.

    4. What is Cleanup rule In Checkpoint Firewall?

    Ans – Cleanup rule place at last of the security rule base, Its used to drop all traffic which not match with
    above rule and Logged. Cleanup rule mainly created for log purpose. In this rule, administrator denied all
    the traffic and enable log.

    5. What is NAT?

    Ans- NAT stand for Network Address Translation. Its used to map private IP address with Public IP
    Address and Public IP address map with Private IP Address. Mainly its used for Provide Security to the
    Internal Network and Servers from the Internet. NAT is also used to connect the Internet with Private IP
    Address. Because Private IP not route-able on the Internet.

    6. What is Source NAT?

    Ans- Source NAT used to initiate traffic from internal network to external network. In source NAT only
    source IP will be translated into public IP address.

    7. What is VPN (Virtual Private Network)?

    Ans – VPN (Virtual Private Network) is used to create a secure connection between two private
    networks over Internet. It's used Encryption authentication to secure data during transmission. There
    are two type of VPN

    Site to Site VPN.

    Remote Access VPN.


    8. What is IP Sec?

    Ans – IP Sec (IP Security) is a set of protocol. which is responsible for making secure communication
    between two host machine, or network over a public network such as the Internet. IPSec Protocol
    provides Confidentiality, Integrity, Authenticity and Anti-Replay protection. There is two IPSec protocol
    which provides security 1. ESP (Encapsulation Security Payload) and 2. AH (Authentication Header).

    9. What is Difference between ESP and AH IPSec Protocol?

    Ans-

    ESP – ESP Protocol is a part of IPsec suit, Its provide Confidentiality, Integrity, and Authenticity. Its used
    in two mode Transport mode and Tunnel mode.

    AH – Its is also part of an IPsec suit, Its provide only Authentication and Integrity, It does not provide
    Encryption. It also used to two mode Transport mode and Tunnel mode.

    10. What is Explicit rule In Checkpoint Firewall?

    Ans – Its a rule in ruse base which is manually created by network security administrator that called
    Explicit rule.

    Checkpoint Firewall Interview Question and Answer

    11. What is Hide NAT?

    Ans – Hide NAT used to translate multiple private IP or Network with single public IP address. Means
    many to one translation. It can only be used in source NAT translation. Hide NAT can not be used in
    Destination NAT.

    12. What is Destination NAT?

    Ans – When a request to translate Destination IP address for connecting with Internal Private network
    from Public IP address. Only static NAT can be used in Destination NAT.

    13. Difference between Automatic NAT and Manual NAT.

    Ans

    Automatic NAT

    Manual NAT

    Automatically created by Firewall

    Manually Created by Network Security Administrator

    Can not modify

    Can be Modify

    Can not create “No NAT” rule


    Can be Create “No NAT” rule

    Can not create Dual NAT

    Can be Create Dual NAT

    Port forwarding, not possible

    Port forwarding possible

    Proxy ARP by default enabled

    Proxy ARP by default not enable

    14. What is SAM Database?

    Ans-

    15. What is the difference between standalone deployment distributed deployment?

    Standalone deployment – In the standalone deployment, Security Gateway and Security management
    server installed on the same Machine.

    Distributed deployment – In Distributed deployment, Security Gateway and Security Management


    Server installed on the different machine.

    16. What is SIC?

    SIC – SIC stand for “Secure Internal Communication”. Its a checkpoint firewall feature that is used to
    make secure communication between Checkpoint firewall component. It used when Security Gateway
    and Security management server installed in Distributed deployment. Its Authentication and Encryption
    for secure communication.

    17. What is 3 trier architecture component of Checkpoint Firewall?

    Smart Console.

    Security Management.

    Security Gateway.
    18. What is the Packet Flow of Checkpoint firewall?

    SAM Database.

    Address Spoofing.

    Session Lookup.

    Policy Lookup.

    Destination NAT.

    Route Lookup.

    Source NAT.

    Layer 7 Inspection.

    VPN.

    Routing.

    19. What Advantage of NAT.

    Save Public IP to save cost.

    Security with hiding Internal Network.

    Avoid Routing.

    Publish Server over the Internet.

    Overlapping Network.

    Access Internet from Private IP address.

    20. What is Smart Dashboard?

    Ans– Its tool of the smart console. Its used to Configure Rule, Policy object, Create NAT Policy, Configure
    VPN and Cluster etc.

    You might also like