CP_R80.10_SecurityManagement_AdminGuide.pdf - 12 December 2017 SECURITY MANAGEMENT R80.10 Classification[Protected Administration Guide \u00a9 2017 Check

CP_R80.10_SecurityManagement_AdminGuide.pdf - 12 December...

This preview shows page 1 out of 307 pages.

You've reached the end of your free preview.

Want to read all 307 pages?

Unformatted text preview: 12 December 2017 SECURITY MANAGEMENT R80.10 Classification: [Protected] Administration Guide © 2017 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page for a list of our trademarks. Refer to the Third Party copyright notices for a list of relevant copyrights and third-party licenses. Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Check Point R80.10 For more about this release, see the R80.10 home page . Latest Version of this Document Download the latest version of this document . To learn more, visit the Check Point Support Center . Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments mailto:[email protected]?subject=Feedback on Security Management R80.10 Administration Guide. Searching in Multiple PDFs To search for text in all the R80.10 PDF documents, download and extract the complete R80.10 documentation package . Use Shift-Control-F in Adobe Reader or Foxit reader. Revision History Date Description 11 December 2017 Added CLI commands (see "The Security Management Server CLI" on page 256). Added - Cannot have two network objects with the same name ("Adding, Editing, Cloning, Deleting, and Replacing Objects" on page 50). 16 May 2017 First release of this document Contents Important Information................................................................................................... 3 Terms .......................................................................................................................... 11 Welcome ..................................................................................................................... 13 Getting Started ............................................................................................................ 14 Understanding SmartConsole ................................................................................. 14 SmartConsole ................................................................................................................14 SmartConsole Toolbars .................................................................................................16 Search Engine ...............................................................................................................19 Access and Threat Tools ................................................................................................20 Shared Policies..............................................................................................................21 API Command Line Interface .........................................................................................22 Connecting to the Security Management Server through SmartConsole ............... 22 Setting Up for Security Management ...................................................................... 23 Setting up for Team Work ....................................................................................... 24 Managing Security through API and CLI.................................................................. 24 Configuring the API Server ............................................................................................24 Management API Settings .............................................................................................25 Planning Security Management .............................................................................. 25 Managing Administrator Accounts .............................................................................. 27 Creating and Changing an Administrator Account .................................................. 27 Creating a Certificate for Logging in to SmartConsole ........................................... 28 Configuring Default Expiration for Administrators ................................................. 29 Setting SmartConsole Timeout ............................................................................... 29 Deleting an Administrator ....................................................................................... 30 Revoking Administrator Certificate......................................................................... 30 Assigning Permission Profiles to Administrators ................................................... 30 Changing and Creating Permission Profiles ..................................................................30 Configuring Customized Permissions............................................................................32 Configuring Permissions for Access Control Layers .....................................................32 Configuring Permissions for Access Control and Threat Prevention .............................33 Configuring Permissions for Monitoring, Logging, Events, and Reports........................33 Defining Trusted Clients ......................................................................................... 34 Configuring Trusted Clients...........................................................................................34 Restricting Administrator Login.............................................................................. 35 Unlocking Administrators ....................................................................................... 35 Administrator Collaboration ................................................................................... 36 Publishing .....................................................................................................................36 Validation Errors ...........................................................................................................37 Working with Sessions ..................................................................................................37 Configuring Authentication Methods for Administrators ........................................ 37 Configuring Check Point Password Authentication for Administrators .........................37 Configuring OS Password Authentication for Administrators ........................................38 Configuring a RADIUS Server for Administrators ..........................................................38 Configuring a SecurID Server for Administrators ..........................................................39 Configuring a TACACS Server for Administrators..........................................................39 Managing Gateways .................................................................................................... 41 Creating a New Security Gateway ........................................................................... 41 Updating the Gateway Topology .............................................................................. 42 Secure Internal Communication (SIC) ..................................................................... 42 Initializing Trust ............................................................................................................42 SIC Status ......................................................................................................................43 Trust State .....................................................................................................................43 Troubleshooting SIC ......................................................................................................44 Understanding the Check Point Internal Certificate Authority (ICA) ..............................44 ICA Clients .....................................................................................................................44 SIC Certificate Management ..........................................................................................45 Managing Software Blade Licenses ........................................................................ 45 Configuring a Proxy gateway .........................................................................................46 Viewing Licenses ...........................................................................................................46 Monitoring Licenses ......................................................................................................47 Managing Objects ........................................................................................................ 49 Object Categories .................................................................................................... 49 Adding, Editing, Cloning, Deleting, and Replacing Objects ..................................... 50 Object Tags .............................................................................................................. 51 Network Object Types ............................................................................................. 51 Networks .......................................................................................................................51 Network Groups ............................................................................................................51 Check Point Hosts .........................................................................................................52 Gateway Cluster ............................................................................................................52 More Network Object Types...........................................................................................52 Managing Policies ....................................................................................................... 59 Working with Policy Packages ................................................................................ 59 Creating a New Policy Package .....................................................................................61 Adding a Policy Type to an Existing Policy Package .......................................................61 Installing a Policy Package ............................................................................................62 Installing the User Database .........................................................................................62 Uninstalling a Policy Package ........................................................................................63 Viewing Rule Logs ................................................................................................... 63 Policy Installation History ....................................................................................... 64 Creating an Access Control Policy .............................................................................. 65 Introducing the Unified Access Control Policy ........................................................ 65 Creating a Basic Access Control Policy ................................................................... 66 Basic Rules ....................................................................................................................66 Use Case - Basic Access Control ...................................................................................67 Use Case - Inline Layer for Each Department ................................................................68 Creating Application Control and URL Filtering Rules ............................................ 69 Monitoring Applications .................................................................................................70 Blocking Applications and Informing Users ...................................................................70 Limiting Application Traffic ...........................................................................................71 Using Identity Awareness Features in Rules .................................................................72 Blocking Sites ................................................................................................................73 Blocking URL Categories ...............................................................................................74 Ordered Layers and Inline Layers ........................................................................... 75 The Need for Ordered Layers and Inline Layers ............................................................75 Order of Rule Enforcement in Inline Layers ..................................................................75 Order of Rule Enforcement in Ordered Layers ..............................................................76 Creating an Inline Layer ................................................................................................77 Creating a Ordered Layer ..............................................................................................77 Enabling Access Control Features .................................................................................79 Types of Rules in the Rule Base.....................................................................................80 Administrators for Access Control Layers .....................................................................82 Sharing Layers ..............................................................................................................82 Visual Division of the Rule Base with Sections ...............................................................82 Exporting Layer Rules to a .CSV File..............................................................................83 Managing Policies and Layers .......................................................................................83 The Columns of the Access Control Rule Base ....................................................... 84 Source and Destination Column ....................................................................................85 VPN Column ..................................................................................................................85 Services & Applications Column ....................................................................................86 Content Column.............................................................................................................89 Actions Column .............................................................................................................90 Tracking Column ...........................................................................................................92 Unified Rule Base Use Cases .................................................................................. 93 Use Case - Application Control and Content Awareness Ordered Layer ........................93 Use Case - Inline Layer for Web Traffic .........................................................................95 Use Case - Content Awareness Ordered Layer ..............................................................97 Use Case - Application Control and URL Filtering Ordered Layer..................................99 Rule Matching in the Access Control Policy .......................................................... 100 Examples of Rule Matching .........................................................................................100 Best Practices for Access Control Rules............................................................... 103 Installing the Access Control Policy ...................................................................... 104 Analyzing the Rule Base Hit Count ........................................................................ 105 Enabling or Disabling Hit Count ...................................................................................105 Configuring the Hit Count Display ................................................................................106 Preventing IP Spoofing .......................................................................................... 107 Configuring Anti-Spoofing ...........................................................................................107 Anti-Spoofing Options ..................................................................................................109 Multicast Access Control ...................................................................................... 109 Managing Pre-R80.10 Security Gateways ............................................................. 110 Configuring the NAT Policy ....................................................................................... 112 Translating IP Addresses (NAT)...................................................................................112 NAT Rule Base .............................................................................................................115 Configuring Static and Hide NAT..................................................................................116 Advanced NAT Settings................................................................................................122 Site to Site VPN ..................................................................................................... 133 VPN Communities........................................................................................................133 Sample Star Deployment .............................................................................................134 Sample Combination VPN Community .........................................................................136 Allowing VPN Connections...........................................................................................136 Sample VPN Access Control Rules ..............................................................................137 To Learn More About Site to Site VPN..........................................................................137 Remote Access VPN .............................................................................................. 137 VPN Connectivity Modes ..............................................................................................138 Sample Remote Access VPN Workflow........................................................................139 Configuring the Security Gateway for a Remote Access Community ........................... 139 To Learn More About Remote Access VPN ..................................................................140 Mobile Access to the Network ............................................................................... 140 Check Point Mobile Access Solutions ..........................................................................140 Configuring Mobile Access to Network Resources ......................................................141 Connecting to a Citrix Server .......................................................................................146 Compliance Check .......................................................................................................147 Secure Workspace.......................................................................................................149 To Learn More About Mobile...
View Full Document

  • Fall '19
  • TUNA

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes