Top 26 Checkpoint Firewall Interview Questions
Q1. How To Install Checkpoint Firewall Ngx On Secureplatform?
@Insert the Checkpoint CD into the computer systems CD Drive.
@You will see a Welcome to Checkpoint SecurePlatform screen. It will set off you to press any key. Press any key to begin the installation,in any other case it will abort the installation.
Three.You will now acquire a message pronouncing that your hardware changed into scanned and observed appropriate for putting in secureplatform. Do you wish to continue with the set up of Checkpoint SecurePlatform.
Of the 4 options given, pick out OK, to maintain.
4.You could be given a preference of those :
SecurePlatform
SecurePlatform Pro
Select Secureplatform Pro and enter adequate to preserve.
5.Next it's going to give you the option to select the keyboard kind. Select your Keyboard type (default is US) and enter OK to retain.
6.The subsequent alternative is the Networking Device. It will come up with the interfaces of your machine and you may pick the interface of your choice.
7.The subsequent alternative is the Network Interface Configuration. Enter the IP deal with, subnet masks and the default gateway.
For this educational, we will set this IP cope with as 1.1.1.1 255.255.255.Zero and the default gateway as 1.1.1.2 in an effort to be the IP cope with of your upstream router or Layer three tool.
Eight.The next choice is the HTTPS Server Configuration. Leave the default and enter OK.
Nine.Now you may see the Confirmation screen. It will say that the next level of the set up process will format your difficult drives. Press OK to Continue.
10.Sit back and loosen up because the difficult disk is formated and the documents are being copied.
Once it is performed with the formatting and copying of picture documents, it'll spark off you reboot the machine and importantly REMOVE THE INSTALLATION CD. Press Enter to Reboot.
Note: Secureplatform disables your Num Lock by over riding System BIOS settings, so that you press Num LOck to enable your Num Lock.
For the FIRST Time Login, the login name is admin and the password is likewise admin.
11.Start the firewall in Normal Mode.
12.Configuring Initial Login:
Enter the user name and password as admin, admin.
It will activate you for a new password. Chose a password.
Enter new password: check$123
Enter new password once more: test$123
You can also pick out a distinct consumer name:
Enter a user call:fwadmin
Now it will activate you with the [cpmodule]# spark off.
@The subsequent step is to launch the configuration wizard. To start the configuration wizard, kind “sysconfig”.
You should enter n for subsequent and q for Quit. Enter n for next.
14.Configuring Host call: Press 1 to go into a number call. Press 1 again to set the host call.
Enter host call: checkpointfw
You can either enter an ip cope with of leave it clean to partner an IP cope with with this hostname. Leave it blank for now.
Press 2 to show host name. It now displays the name of the firewall as checkpointfw.
Press e to get out of that section.
15.Configuring the Domain call.
Press 2 to enter the config mode for configuring the domain mode. Press 1 to set the domain call.
Enter domain call:yourdomain.Com
Example:
Enter area name: checkpointfw.Com
You can press 2 to expose the domain call.
@Configuring Domain Name Servers.
You can press 1 to feature a new area name server.
Enter IP Address of the domain name srever to add: Enter your domain name server IP Address HERE.
Press e to go out.
Network Connections.
@Press four to go into the Network Connections parameter.
Enter 2 to Configure a new connection.
Your Choice:
eth0
eth1
eth2
eth3
Press 2 to configure eth@(We will configure this interface because the inner interface with an IP address of 192.168.1.1 and a subnet masks of 255.255.255.@The default gateway might be configured as 1.1.1.1.)
Press 1) Change IP settings.
Enter IP cope with for eth1 (press c to cancel): 192.168.1.1
Enter network Mask for interface eth2 (press c to cancel): 255.255.255.Zero
Enter broadcast cope with of the interface eth2 (leave empty for default): Enter
Pres Enter to continue….
Similarly configure the eth2 interface, so one can be appearing as a DMZ in this example with 10.10.10.1 255.255.255.0.
Press e to exit the configuration menu.
18.Configuring the Default Gateway Configuration.
Enter 5 that's the Routing segment to enter statistics at the default gateway configuration.
Set default gateway.
Show default gateway.
Press 1 to go into the default gateway configuration.
Enter default gateway IP address: 1.1.1.2
@Choose a time and date configuration item.
Press n to configure the timezone, date and local time.
This element is self explanatory so you can do it yourself.
The next activate is the Import Checkpoint Products Configuration. You can n for subsequent to bypass this part because it isn't always needed for clean installs.
2@Next is the license settlement.You have the choice of V for assessment product, U for purchased product and N for subsequent. If you enter n for subsequent. Press n for next.
Press Y and accept the license settlement.
21.The subsequent phase could show you the product Selection and Installation option menu.
Select Checkpoint Enterprise/Pro.
Press N to preserve.
2@Select New Installation from the menu.
Press N to preserve.
2@Next menu could show you the goods to be set up.
Since that is a standalone installation configuration example, choose
VPN Pro and
Smartcenter
Press N for subsequent
24.Next menu offers you the choice to choose the Smartcenter kind you would really like to put in.
Select Primary Smartcenter.
Press n for subsequent.
A validation display screen might be seen displaying the subsequent products:
VPN-1 Pro and Primary Smartcenter.
Press n for subsequent to keep.
Now the installation of VPN-1 Pro NGX R60 will begin.
2@The set of menu is as follows:
Do you want to add license (y/n)
You can enter Y which is the default and enter your license statistics.
2@The subsequent set off will ask you to add an administrator. You can add an administrator.
27.The next set off will ask you to feature a GUI Client. Enter the IP Address of the gadget from where you want to control this firewall.
2@The very last manner of installation is advent of the ICA. It will promtp you for the creation of the ICA and comply with the steps. The ICA may be created. Once the random is configured ( you dont need to do something), the ICA is initialized.
After the ICA initialized, the fingerprint is displayed. You can save this fingerprint due to the fact this will be later used even as connecting to the smartcenter via the GUI. The two fingerprints ought to fit. This is a protection feature.
The next step is reboot. Reboot the firewall.
Q2. Which Of The Applications In Check Point Technology Can Be Used To Configure Security Objects?
SmartDashboard
Q3. What Is Anti-spoofing?
Anti-Spoofing is the function of Checkpoint Firewall. Which is protect from attacker who generate IP Packet with Fake or Spoof source cope with. Its decide that whether visitors is legitimate or no longer. If visitors isn't always legitimate then firewall block that site visitors on interface of firewall.
Q4. What Is Nat?
NAT stand for Network Address Trlation. Its used to map non-public IP deal with with Public IP Address and Public IP cope with map with Private IP Address. Mainly its used for Provide Security to the Internal Network and Servers from Internet. NAT is likewise used to connect Internet with Private IP Address. Because Private IP now not course capable on Internet.
Q5. What Is Stealth Rule In Checkpoint Firewall?
Stealth Rule Protect Checkpoint firewall from direct get entry to any visitors. Its rule need to be location on the top of Security rule base. In this rule administrator denied all site visitors to access checkpoint firewall.
Q6. Which Of The Applications In Check Point Technology Can Be Used To View Who And What The Administrator Do To The Security Policy?
SmartView Tracker
Q7. What Is The Main Different Between Cpstop/cpstart And Fwstop/fwstart?
Using cpstop after which cpstart will restart all Check Point components, along with the SVN basis. Using fwstop after which fwstart will only restart VPN-1/FireWall-1.
Q8. What Is Smart Dashboard?
Its tool of smart console. Its used to Configure Rule, Policy item, Create NAT Policy, Configure VPN and Cluster.
Q9. What Is Ip Sec?
IP Sec (IP Security) is a hard and fast of protocol. Which is answerable for make comfortable communication between two host device, or community over public network such as Internet. IPSec Protocol offer Confidentiality , Integrity, Authenticity and Anti Replay safety. There is IPSec protocol which provide safety
ESP (Encapsulation Security Payload)
AH (Authentication Header).
Q10. What Is Asymmetric Encryption?
In Asymmetric Encryption there's two distinct key used for encrypt and decrypt to packet. Me that one key used for Encrypt packet, and 2d key used to for decrypt packet. Same key can not encrypt and decrypt.
Q11. What Is Hide Nat?
Hide NAT used to trlate multiple private IP or Network with single public IP cope with. Me many to one trlation. Its can only be used in source NAT trlation. Hide NAT can't be utilized in Destination NAT.
Q12. What Is Difference Between Standalone Deployment Distributed Deployment?
Standalone deployment : In standalone deployment, Security Gateway and Security control server established on equal Machine.
Distributed deployment: In Distributed deployment, Security Gateway and Security Management Server hooked up on distinct gadget.
Q13. What Are The Two Types Of Check Point Ng Licenses?
Central and Local licenses: Central licenses are the new licensing model for NG and are bound to the SmartCenter server. Local licenses are the legacy licensing version and are certain to the enforcement module.
Q14. What Are The Functions Of Cpd, Fwm, And Fwd Processes?
CPD :CPD is a high inside the hierarchichal chain and allows to execute many offerings, including Secure Internal Communcation (SIC), Licensing and status document.
FWM: The FWM manner is chargeable for the execution of the database activities of the SmartCenter server. It is; consequently, accountable for Policy installation, Management High Availability (HA) Synchronization, saving the Policy, Database Read/Write movement, Log Display, and so forth.
FWD:The FWD procedure is accountable for logging. It is accomplished with regards to logging, Security Servers and communication with OPSEC applications.
Q15. Difference Between Automatic Nat And Manual Nat?
Automatic NAT:
Automatic created with the aid of Firewall Network Security Administrator
Can no longer adjust
Can now not create “No NAT” rule
Can now not create Dual NAT
Port forwarding no longer viable
Proxy ARP through default enabled
Manual NAT:
Manually Created with the aid of Network Security
Can be Modify
Can be Create “No NAT” rule
Can be Create Dual NAT
Port forwarding viable
Proxy ARP by means of default no longer permit
Q16. What Is Difference Between Esp And Ah Ipsec Protocol?
ESP:ESP Protocol is part of IPsec in shape , Its offer Confidentiality, Integrity and Authenticity. Its used in mode Trport mode and Tunnel mode.
AH:Its is also a part of a IPsec match, Its offer most effective Authentication and Integrity, Its does not offer Encryption. Its extensively utilized to two mode Trport mode and Tunnel mode.
Q17. What Is Vpn (digital Private Network)?
VPN (Virtual Private Network) is used to create relaxed connection among two personal community over Internet. Its used Encryption authentication to at ease facts in the course of trmission. There are two type of VPN
Site to Site VPN.
Remote Access VPN.
Q18. What Is Destination Nat?
When request to trlate Destination IP deal with for connect with Internal Private community from Public IP cope with. Only static NAT can be utilized in Destination NAT.
Q19. What Is Source Nat?
Source NAT used to initiate site visitors from internal community to outside community. In supply NAT only source IP will trlated in public IP cope with.
Q20. What Is 3 Tier Architecture Component Of Checkpoint Firewall?
Smart Console.
Security Management.
Security Gateway.
Q21. What Advantage Of Nat?
Save Public IP to keep cost.
Security with disguise Internal Network.
Avoid Routing.
Publish Server over Internet.
Overlapping Network.
Access Internet from Private IP deal with.
Q22. What Is Cleanup Rule In Checkpoint Firewall?
Cleanup rule area at remaining of the security rule base, Its used to drop all site visitors which no longer in shape with above rule and Logged. Cleanup rule specifically created for log reason. In this rule administrator denied all the traffic and permit log.
Q23. What Is Sic?
SIC stand for “Secure Internal Communication”. Its a checkpoint firewall feature this is used to make at ease communique between Checkpoint firewall component. Its used while Security Gateway and Security control server installed in Distributed deployment. Its Authentication and Encryption for at ease communication.
Q24. What Is The Packet Flow Of Checkpoint Firewall?
SAM Database.
Address Spoofing.
Session Lookup.
Policy Lookup.
Destination NAT.
Route Lookup.
Source NAT.
Layer 7 Inspection.
VPN.
Routing.
Q25. What Is Explicit Rule In Checkpoint Firewall?
It's a rule in ruse base that is manually created via network protection administrator that known as Explicit rule.
Q26. What Are The Types Of Nat And How To Configure It In Check Point Firewall?
Static Mode and manually described
