security mgmt.pdf - 28 April 2019 SECURITY MANAGEMENT R80.10(PART OF CHECK POINT INFINITY Classification[Protected Administration Guide CHAPTE R 1 2019

security mgmt.pdf - 28 April 2019 SECURITY MANAGEMENT...

This preview shows page 1 out of 305 pages.

You've reached the end of your free preview.

Want to read all 305 pages?

Unformatted text preview: 28 April 2019 SECURITY MANAGEMENT R80.10 (PART OF CHECK POINT INFINITY) Classification: [Protected] Administration Guide CHAPTE R 1 2019 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page for a list of our trademarks. Refer to the Third Party copyright notices for a list of relevant copyrights and third-party licenses. Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Check Point R80.10 For more about this release, see the R80.10 home page . Latest Version of this Document Download the latest version of this document . To learn more, visit the Check Point Support Center . Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments mailto:[email protected]?subject=Feedback on Security Management R80.10 (Part of Check Point Infinity) Administration Guide. Searching in Multiple PDFs To search for text in all the R80.10 PDF documents, download and extract the complete R80.10 documentation package . Use Shift-Control-F in Adobe Reader or Foxit reader. Revision History Date Description 28 April 2019 Updated Sharing Layers (on page 83) Updated: The High Availability Environment (on page 225) 27 Novemebr 2018 Updated High Availability Disaster Recovery (on page 230) 23 October 2018 Updated Security Management Server Commands (on page 246) Updated Initializing Trust (on page 43) 07 Aug 2018 Updated cplic (on page 257) 14 May 2018 Updated Restricting Administrator Login Attempts (on page 36) Updated Unlocking Administrators (on page 36) Improved formatting and document layout 11 December 2017 Added Security Management Server Commands (on page 246) Added - Cannot have two network objects with the same name (on page 52) Date Description 16 May 2017 First release of this document Contents Important Information................................................................................................... 3 Terms .......................................................................................................................... 12 Welcome ..................................................................................................................... 14 Getting Started ............................................................................................................ 15 Understanding SmartConsole ................................................................................. 15 SmartConsole ................................................................................................................15 SmartConsole Toolbars .................................................................................................17 Search Engine ...............................................................................................................19 Access and Threat Tools ................................................................................................21 Shared Policies..............................................................................................................22 API Command Line Interface .........................................................................................22 Connecting to the Security Management Server through SmartConsole ............... 23 Setting Up for Security Management ...................................................................... 24 Setting up for Team Work ....................................................................................... 25 Managing Security through API and CLI.................................................................. 25 Configuring the API Server ............................................................................................25 Management API Settings .............................................................................................25 Planning Security Management .............................................................................. 27 Managing Administrator Accounts .............................................................................. 28 Creating and Changing an Administrator Account .................................................. 28 Creating a Certificate for Logging in to SmartConsole ........................................... 29 Configuring Default Expiration for Administrators ................................................. 30 Setting SmartConsole Timeout ............................................................................... 30 Deleting an Administrator ....................................................................................... 31 Revoking Administrator Certificate......................................................................... 31 Assigning Permission Profiles to Administrators ................................................... 31 Changing and Creating Permission Profiles ..................................................................31 Configuring Customized Permissions............................................................................32 Configuring Permissions for Access Control Layers .....................................................33 Configuring Permissions for Access Control and Threat Prevention .............................34 Configuring Permissions for Monitoring, Logging, Events, and Reports........................34 Defining Trusted Clients ......................................................................................... 35 Configuring Trusted Clients...........................................................................................35 Restricting Administrator Login Attempts .............................................................. 36 Unlocking Administrators ....................................................................................... 36 Administrator Collaboration ................................................................................... 37 Publishing .....................................................................................................................37 Validation Errors ...........................................................................................................37 Working with Sessions ..................................................................................................37 Configuring Authentication Methods for Administrators ........................................ 38 Configuring Check Point Password Authentication for Administrators .........................38 Configuring OS Password Authentication for Administrators ........................................39 Configuring a RADIUS Server for Administrators ..........................................................39 Configuring a SecurID Server for Administrators ..........................................................40 Configuring a TACACS Server for Administrators..........................................................41 Managing Gateways .................................................................................................... 42 Creating a New Security Gateway ........................................................................... 42 Updating the Gateway Topology .............................................................................. 43 Secure Internal Communication (SIC) ..................................................................... 43 Initializing Trust ............................................................................................................43 SIC Status ......................................................................................................................44 Trust State .....................................................................................................................44 Troubleshooting SIC ......................................................................................................45 Understanding the Check Point Internal Certificate Authority (ICA) ..............................45 ICA Clients .....................................................................................................................45 SIC Certificate Management ..........................................................................................46 Managing Software Blade Licenses ........................................................................ 46 Configuring a Proxy gateway .........................................................................................47 Viewing Licenses in SmartConsole ................................................................................47 Monitoring Licenses in SmartConsole ...........................................................................49 Managing Objects ........................................................................................................ 51 Object Categories .................................................................................................... 51 Adding, Editing, Cloning, Deleting, and Replacing Objects ..................................... 52 Object Tags .............................................................................................................. 52 Network Object Types ............................................................................................. 53 Networks .......................................................................................................................53 Network Groups ............................................................................................................53 Check Point Hosts .........................................................................................................54 Gateway Cluster ............................................................................................................54 More Network Object Types...........................................................................................54 Managing Policies ....................................................................................................... 61 Working with Policy Packages ................................................................................ 61 Creating a New Policy Package .....................................................................................63 Adding a Policy Type to an Existing Policy Package .......................................................63 Installing a Policy Package ............................................................................................64 Installing the User Database .........................................................................................64 Uninstalling a Policy Package ........................................................................................65 Viewing Rule Logs ................................................................................................... 65 Policy Installation History ....................................................................................... 66 Creating an Access Control Policy .............................................................................. 67 Introducing the Unified Access Control Policy ........................................................ 67 Creating a Basic Access Control Policy ................................................................... 68 Basic Rules ....................................................................................................................68 Use Case - Basic Access Control ...................................................................................68 Use Case - Inline Layer for Each Department ................................................................69 Creating Application Control and URL Filtering Rules ............................................ 71 Monitoring Applications .................................................................................................71 Blocking Applications and Informing Users ...................................................................72 Limiting Application Traffic ...........................................................................................72 Using Identity Awareness Features in Rules .................................................................73 Blocking Sites ................................................................................................................74 Blocking URL Categories ...............................................................................................75 Ordered Layers and Inline Layers ........................................................................... 76 The Need for Ordered Layers and Inline Layers ............................................................76 Order of Rule Enforcement in Inline Layers ..................................................................76 Order of Rule Enforcement in Ordered Layers ..............................................................77 Creating an Inline Layer ................................................................................................78 Creating a Ordered Layer ..............................................................................................78 Enabling Access Control Features .................................................................................79 Types of Rules in the Rule Base.....................................................................................81 Administrators for Access Control Layers .....................................................................83 Sharing Layers ..............................................................................................................83 Visual Division of the Rule Base with Sections ...............................................................84 Exporting Layer Rules to a .CSV File..............................................................................84 Managing Policies and Layers .......................................................................................84 The Columns of the Access Control Rule Base ....................................................... 85 Source and Destination Column ....................................................................................85 VPN Column ..................................................................................................................86 Services & Applications Column ....................................................................................87 Content Column.............................................................................................................90 Actions Column .............................................................................................................91 Tracking Column ...........................................................................................................92 Unified Rule Base Use Cases .................................................................................. 93 Use Case - Application Control and Content Awareness Ordered Layer ........................93 Use Case - Inline Layer for Web Traffic .........................................................................94 Use Case - Content Awareness Ordered Layer ..............................................................95 Use Case - Application & URL Filtering Ordered Layer .................................................97 Rule Matching in the Access Control Policy ............................................................ 98 Examples of Rule Matching ...........................................................................................98 Best Practices for Access Control Rules............................................................... 101 Installing the Access Control Policy ...................................................................... 102 Analyzing the Rule Base Hit Count ........................................................................ 102 Enabling or Disabling Hit Count ...................................................................................103 Configuring the Hit Count Display ................................................................................103 Preventing IP Spoofing .......................................................................................... 104 Configuring Anti-Spoofing ...........................................................................................105 Anti-Spoofing Options ..................................................................................................106 Multicast Access Control ...................................................................................... 107 Managing Pre-R80.10 Security Gateways ............................................................. 108 Configuring the NAT Policy ................................................................................... 109 Translating IP Addresses (NAT)...................................................................................109 NAT Rule Base .............................................................................................................112 Configuring Static and Hide NAT..................................................................................113 Advanced NAT Settings................................................................................................119 Site-to-Site VPN .................................................................................................... 128 Sample Site-to-Site VPN Deployment..........................................................................128 VPN Communities........................................................................................................129 Sample Star Deployment .............................................................................................130 Sample Combination VPN Community .........................................................................131 Allowing VPN Connections...........................................................................................131 Sample VPN Access Control Rules ..............................................................................132 To Learn More About Site to Site VPN..........................................................................132 Remote Access VPN .............................................................................................. 133 VPN Connectivity Modes ..............................................................................................133 Sample Remote Access VPN Workflow........................................................................134 Configuring the Security Gateway for a Remote Access Community ........................... 134 To Learn More About Remote Access VPN ..................................................................135 Mobile Access to the Network ............................................................................... 135 Check Point Mobile Access...
View Full Document

  • Fall '19
  • administrator, Security engineering

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture