Checkpoint Interview Questions

Q. What Is Anti-spoofing?

Anti-Spoofing is the feature of Checkpoint Firewall. which is protect from attacker who generate IP Packet with Fake or Spoof source address. Its determine that whether traffic is legitimate or not. If traffic is not legitimate then firewall block that traffic on interface of firewall.

Q. What Is Asymmetric Encryption?

In Asymmetric Encryption there is two different key used for encrypt and decrypt to packet. Means that one key used for Encrypt packet, and second key used to for decrypt packet. Same key can not encrypt and decrypt.

Q. What Is Stealth Rule In Checkpoint Firewall?

Stealth Rule Protect Checkpoint firewall from direct access any traffic. Its rule should be place on the top of Security rule base. In this rule administrator denied all traffic to access checkpoint firewall.

Q. Does Check Point support dual stack network?

Yes, Check Point support a dual stack network that uses IPv4 and IPv6 addresses.

5) Can you explain about Access Control and the Rule Base in firewall?

A primary goal of a firewall is to control access and traffic to and from the internal and external networks. The Firewall lets system administrators securely control access to computers, clients, servers and applications. The Firewall Rule Base defines the quality of the access control and network performance. Rules that are designed correctly make sure that a network:

Only allows authorized connections and prevents vulnerabilities in a network
Gives authorized users access to the correct internal networks
Optimizes network performance and efficiently inspects connections

Q. What is the use of Firewall Rule Base?

The firewall is the core of a well-defined network security policy. The goal of the Check Point Firewall Rule Base is to create rules that only allow the specified connections.

Q. How do you manage the Firewall Rule Base?

Use SmartDashboard to easily create and configure Firewall rules for a strong security policy.

Q. What are Explicit and Implied Rules in Rule Base?

These are the types of rules in the Rule Base:

Explicit rules – Rules that you create to configure which connections the Firewall allows
Implied rules – Rules that are based on settings in the Global Properties menu

Q. What is Order of Rule Enforcement in Rule Base?

The Firewall inspects connections and enforces the Rule Base in a sequential manner. The Firewall inspects each connection that comes to the network and compares the data (source, destination, service, etc.) to the first rule. If the connection matches the rule, the Firewall applies the action of that rule. If the connection does not match the rule, the Firewall continues with the next rule in the Rule Base.

Q. What are the Basic Access Control Rules for all Rule Bases?

These are basic access control rules we recommend for all Rule Bases:

Stealth rule that prevents direct access to the Security Gateway.
Cleanup rule that drops all traffic that is not allowed by the earlier rules.
There is also an implied rule that drops all traffic, but you can use the Cleanup rule to log the traffic.

Q. How do you define Security Zones?

Networks use different security zones to protect very important resources and to defend against malware. Create rules that allow only the applicable traffic in and out of a security zone. Make sure that there are different rules in the Firewall Rule Base that define traffic to and from the security zones.

Q. What are the key elements in Security Zones?

These are the key elements that define security zones:

External network – Insecure data, such as the Internet
Internal network – Company data that is only used by trusted and authenticated users
Perimeter – The border between the internal and external networks.
DMZ – Company servers that can be accessed from insecure sources, such as the Internet

Q. What is Perimeter?

The Firewall on the perimeter of the network is responsible for all the incoming and outgoing traffic.

Q. What kind of connections are allowed by a firewall on the perimeter?

These are some of the connections that are usually allowed by a Firewall on the perimeter:

  • Outgoing connections to the Internet
  • Connections to the DNS server
  • Specified external connections
  • Connections to servers in the DMZ
  • Connections from the internal network to the internal network
  • VPN connections

Q. What is DMZ (Demilitarized Zone)?

Servers that are accessed by the Internet are usually located in a DMZ (demilitarized zone). The DMZ makes sure that these servers cannot connect to the internal network. Make sure that the Rule Base contains rules for DMZ traffic. For example, these are rules for a web server in the DMZ:

A rule that allows HTTP and HTTPs traffic to the DMZ network object
A rule that allows traffic from the internal network group object to any destination (the destination includes the DMZ)

Q. When do you use Automatic Rules?

You can enable automatic NAT rules for these SmartDashboard objects:

  • Security Gateways
  • Nodes
  • Networks
  • Address Ranges

For more  Click Here