Frequently Asked Questions.
Preface.
How This Book Came to Be.What This Book Is and Is
Not.Conventions.Acknowledgments.
1. Introduction to Firewalls.
What Is a Firewall?What a Firewall Cannot Do.An Overview of
Firewall Security Technologies.What Kind of Firewall Is
FireWall-1?Do You Really Need FireWall-1?More Information.
2. Planning Your FireWall-1 Installation.
Network Topology.Developing a Site-Wide Security Policy.Fun with
Check Point Licensing.Summary.
3. Installing FireWall-1.
Selecting an Operating System.Installing the Operating
System.Beginning the FireWall-1 Installation.Upgrading from
FireWall-1 4.1.Summary.
4. Building Your Rulebase.
The Management GUIs.The Rulebase Components.The Rulebase.Making
Your First Rulebase.Frequently Asked
Questions.Troubleshooting.Summary.
5. Logging and Alerting.
SmartView Status.SmartView Tracker.Alerts.Log
Maintenance.Summary.
6. Common Issues.
Common Configuration Questions.Common Error Messages in the System
Log.Service-Related Questions.Problems with Stateful Inspection of
TCP Connections.Problems with FTP.Summary.
7. Remote Management.
The Components.Secure Internal Communication.Special Remote
Management Conditions.What You Can Do with Remote Management.Moving
Management Modules.Highly Available Management
Modules.Troubleshooting Remote Management Issues.Large-Scale
Management Issues.Security Policies.Summary.
8. User Authentication.
Passwords.How Users Authenticate.Setting Up Authentication.Setting
Up User Authentication.Setting Up Session Authentication.Setting Up
Client Authentication.Integrating External Authentication
Servers.Clientless VPN.Frequently Asked Questions.Troubleshooting
Authentication Problems.Summary.Sample Configurations.
9. Content Security.
The Security Servers.The HTTP Security Server.The FTP Security
Server.The SMTP Security Server.The TCP Security Server.General
Questions about the Security Servers.Debugging the Security
Servers.SummarySample Configurations.
10. Network Address Translation.
Introduction to Address Translation.RFC1918 and Link-Local
Addresses.How NAT Works in FireWall-1.Implementing NAT: A
Step-by-Step Example.Limitations of NAT.Troubleshooting NAT with a
Packet Sniffer.Summary.Sample Configurations.
11. Site-to-Site VPN.
Introduction to a VPN.A Word about Licensing.FWZ, IPSec, and
IKE.How to Configure Encryption.Frequently Asked Questions about
VPNs in FireWall-1.Troubleshooting VPN Problems.Summary.Sample
Configurations.
12. SecuRemote and SecureClient.
Introduction to SecuRemote and SecureClient.A Word about
Licensing.Configuring SecuRemote on FireWall-1.Office
Mode.Microsoft L2TP Clients.High-Availability and Multiple Entry
Point Configurations.Microsoft Networking and
SecureClient.SecureClient Packaging Tool.Frequently Asked
Questions.Troubleshooting.No Response for Desktop Policy
Server.Summary.Sample Configurations.
13. High Availability.
State Synchronization's Role in High Availability.Implementing High
Availability.Frequently Asked Questions Regarding State
Synchronization.Error Messages That Occur with ClusterXL or State
Synchronization.Summary.
14. INSPECT.
What Is INSPECT?Basic INSPECT Syntax 5How Your Rulebase Is
Converted to INSPECT.Sample INSPECT Code.Summary.
Appendix A. Securing Your Bastion Host.
Securing Solaris.Securing Windows NT.Securing Windows 2000.Securing
Linux.
Appendix B. Sample Acceptable Usage Policy.
Appendix C. firewall-1.conf File for Use with OpenLDAP
v1.
Appendix D. firewal1.schema File for Use with OpenLDAP
v2.
Appendix E. Performance Tuning.
Number of Entries Permitted in Tables.Memory Used for State
Tables.Tweaks for Specific Operating Systems.
Appendix F. Sample defaultfilter.pf File.
Appendix G. Other Resources.
Internet Resources.Software.
Appendix H. Further Reading.
Index.
This book explains how to build, implement, and maintain Check Point FireWall-1 NG, the follow-on to the world's best-selling firewall product. It's packed with tools, tricks, tips, and checklists not found anywhere else. Every major feature of FireWall-1 NG is covered. Filled with screen shots and sample configurations, this book features step-by-step instructions that can be replicated easily on standard equipment. "Phoneboy has made a name for himself in the Firewall industry in relation to Check Point. People will buy his book because he is a good resource, and they appreciate his knowledge base."--Jed Daniels, support engineer, Nokia"This book is an update to an already classic work. Dameon has taken his original definitive guide and updated it thoroughly for NG. No other book on the market is informed by his depth of experience with Check Point. Accept no substitutes!"--Matthew Gast, Trapeze Networks
Dameon D. Welch-Abernathy, a.k.a. "PhoneBoy," has been supporting, deploying, and teaching Check Point FireWall-1(R) since 1996. He has assisted and instructed thousands of network professionals and currently maintains the largest industry FAQ site on FireWall-1(R) NG at http://blog.phoneboy.com/. Dameon works for Product Line Support at Nokia. 0321180615AB10212003
![]() |
Ask a Question About this Product More... |
![]() |