Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
60 Cards in this Set
- Front
- Back
|
All the functionality of the management server is implemented in what processes? |
User-mode processes |
|
|
The most significant processes are what? |
FWM (management) FWD (daemons) CPD CPWD (checkpoint watch dog) |
|
|
To mitigate rish, some of the firewall functionality is implemented in what? |
The OS Kernel. This allows the traffic to be inspected before even getting to the OS IP stack. |
|
|
The firewall kernel is responsible for the majority of what? |
security enforcement, encryption/decryption NAT, etc... |
|
|
What two mechanisms allow the user and kernel proceses to communicate? |
IOctl(input/output controls) traps ( changes a value in registry key) |
|
|
IOctl |
When a usermode entity needs to write information to a kernel process, it uses IOctl, which is an infrastructure allowing the entity to call a function in the kernel and supply the requierd parameters. |
|
|
CPD allows for what? |
SIC functionality (ports 18xxx) Status -pull amon status from the GW/management using smartevent Transferring messages from FW-1 processes Policy installation - Recieves the policy and pushes it forward to relevant processes and the Kernel |
|
|
what does fwm do? |
GUI client communications DB manipulation - all actions performed on the MGMT, such as object creation, rules, and users Policy compilation Management HA sync |
|
|
fwd |
Allows other processes including the kernel to forward logs to evernal log server as well as the MGMT. Used to communicate with the kernel using command line tools such as the fw commansd; for example, when setting kernel variables or using kernel control commands |
|
|
fwssd |
child process of fwd responsible for maintaining the MGMT serveres. |
|
|
cpwd |
WatchDog. Process that invokes and monitors critical processes such as CP daemons on the local machine, and attempts to restart them if they fail. Some processes monitored are fwd, fwm. |
|
|
cpwd_admin |
shows the status of the processes, and to configure cpwd |
|
|
For wire-mode configuration, chaim modules are marked with what? |
1 |
|
|
For stateful mode, the chain modules are marked with what? |
2 |
|
|
Chain moduels marked with what to apply to all traffic? |
3 |
|
|
Stateful inspection acts between what two layers? |
Data and Network, but is capable of processing data from layers 4 - 7 |
|
|
How to view all the existing Kernel tables? |
fw tab - t <tablename> |
|
|
To view only table names and get a perspective on the number of Kernel tables available, type what? |
fw tab | grep -e "---" | more or fw tab -s |
|
|
Most traffic related information is saved in the what? |
Kernel Tables |
|
|
Connections table |
Essentially an approved-connections list |
|
|
Connections Table Stateful features are? |
Streaming base applications Sequence verification and translation Hide NAT logging, accounting, monitor, etc. Client and server identification Data Connections |
|
|
Once a packet is matched against the rule base, a log is generated and sent where? |
From the kernel to the user-mode process, FWD, located in the security gateway |
|
|
What does the FWD process on the gateway do with logs it recieves from the kernel? |
Sends the logs to the FWD on the MGMT server, where it is forwarded to FWM via CPD |
|
|
Where must a packet go through the Firewall kernel? |
On the both the inbound and outbound interfaces |
|
|
Policy Installation Flow |
1. Policy is defined in the SmartDashboard GUI 2. When the policy is saved, the new file in created called $WFDIR/conf/*.W. 3. fwm_gen complines the *.W into a machine language create a new files called $FWDIR/conf/*.pf |
|
|
$FWDIR/conf/*.pf is actually what? |
the input from the $FWDIR/conf/objects.C file |
|
|
$FWDIR/conf/*.W is actually the exact same information defined in the GUI, just what? |
In a text format |
|
|
object.C file contains what? |
information relevant to the policy installation only |
|
|
objects_5_0.c file contains what? |
all the objects defines int he GUI |
|
|
$FWDIR/conf/objects_5_0.C is stored where? |
On the management server, and is important only to the MGMT server. |
|
|
$FWDIR/database/objects.C is relvant to what? |
the Gatway only. |
|
|
CPMI |
Check Point management Interface |
|
|
What is bi-directional NAT |
The ability to match two NAT rules on the same connection. Only applies to automatic rules |
|
|
Where is source NAT translated? |
Server side |
|
|
CPsuite-R76 |
Manages firewall modules. CPsuite in the generic installation |
|
|
CPshrd-R76 |
Stores what used to be called SVN foundation including CPD database, licenses, registry and generic low level Check Point infrastruction |
|
|
FWvsxngxcmp |
For managing VSX |
|
|
CPedgecmp |
For managing Edge devices |
|
|
$FWDIR/lib/*.def |
include rulebase and protocol definitions |
|
|
$FWDIR/conf/fwauth.NDB |
Users definitions are stored here |
|
|
$FWDIR/conf/fwauthd.conf |
Security server configuration settings |
|
|
$FWDIR/conf/classes.C |
defines fields for each object used in the objects_5_0.C such as color, num/string, and default value. |
|
|
$FWDIR/database/ |
Specific object entries are stored for that particular gateway |
|
|
cpconfig |
Used to run a command line version of the CP configuration tool, and to configure or reconfigure a gateway/MGMT installation |
|
|
cplic print |
Located in $FWDIR/bin...prints the details of CP licenses on teh local machine. |
|
|
cplic print -x |
prints the licenses with signatures |
|
|
cplic del |
deletes the licenses |
|
|
cpstart |
used to start all CP processes and applications running on a machine |
|
|
cpstop |
used to stop all CP proccesses and applications |
|
|
cpstart and cp stop are actually calling what scripts? |
fwstop and fwtart in $FWDIR/bin |
|
|
What layers does fw monitor work at? |
layers 3 and above |
|
|
VRRP |
A cluster solution where two ormore Gaia based gateways work together as one gateway. You can configure your VRRP cluster for high availability or load sharing |
|
|
Monitored-Circuit VRRP |
prevents black holes cause by asymmetric routes create when only one interface on master route fails. Gaia releases priority over all interfaces on a virtual router to let failover occur |
|
|
Advantages of using ClusterXL |
Provides HA and load sharing Transparent failover Higher performance Easy deployment Cost-effectiveA |
|
|
dvantages of using VRRP |
Minimezes failover time (black Holes) and bandwidth overhead when a primary router becomes unavailable Supports up to 255 virtual routers Minimizes service disruptions during failover Provides for election of multiple virtual routers Addresses failover problems at the router level instead of on the network edge Avoids the need to make configuration changes in the end nodes Eliminates the need for router discover protocols |
|
|
You can configure VRRP using one of two procedures... |
Simple Monitored Curiuity VRRP Advanced VRRP |
|
|
How does Gaia eliminate Black Holes? |
By reducing the priority over all of theinterfaces in the virtual router to allow the backup to take over entirely |
|
|
How would you enable traces for VRRP? |
1. WebUI -> Routing-> Routing Options 2. In teh trace options sections, select VRRP 3. Select an option and click activate |
|
|
All routers of a VRRP group must ahve teh same what? |
Hello Interval |
|
|
What is the multicast domain for VRRP? |
224.0.0.18 |
