Introduction to Check Point (CCSA)
Create snapshots after every lab in case something breaks
Lab Topology
Check Point Three-Tier Architecture
Three Primary components
SmartConsole
Application that connects to the controller
Create and manage:
Security policies, user and administrator accounts, management servers, gateways, other devices and settings for Check Point environment
Monitor
Logs and events, performance, regulation compliance
Maintain
Licenses, update products
Security Management Server (SMS)
Controller
Database
Hosts a centrailezed PostgreSQL database
Internal Certificate Authority (ICA)
Used for Secure Internal Communication (SIC) [Security GWs <> SMS <> Others ]
VPN certificates for Gateways
Users (authentication)
Log Server
Acts as a log server by default, but can be installed on a separate server
Licenses and Contracts Repository
View all Check Point licenses and contracts
Monitoring
Hardware statistics
Security Automation
Used for APIs and Script creation
Security Gateway
The actual Firewall itself
SmartConsole
The SmartConsole is an application that runs on a computer. It connects to the management server (SMS). Changes to the SMS database can be made with this application. It is used to manage the configurations in the SMS which will then tell the firewall what to do.
Can be used as a Desktop Client or in a Web UI (not all features included) [https://SMS IP/smartconsole]
Security Management Server (SMS)
The SMS is able to manage multiple firewalls at multiple sites. The SMS will contain a DB with a bunch of configurations and information.
The SMS commits these configurations and policies to the firewall.
All of the changes are stored in a policy. Objects exist in policies which then get "committed" (pushed) to the firewall. These can be restored from "backup" policies.
The committing will be done manually after validation. It is possible to use an API to automate some tasks (won't be covered in the course)
The SMS creates and uses Certificates to connect to the Security Gateway (firewall). It acts as a Certificate Authority (CA) to create these certificates.
SMS Options
Quantum Smart-1 Applicaiances
A server bought from Check Point with the Gaia OS pre-installed on it. Lots of support
Open Servers
Regular server with the Gaia OS installed on the hardware. If the hardware is not verified by Check Point then you won't get any support for it
Quantum Smart-1 Cloud
Installed on a server in the cloud (e.g. AWS, Azure, etc.) This can also be used for Cloud Firewalls
Security Gateway
This is the actual firewall itself. The policies and configurations are enforced upon the network by the firewall.
Standalone Deployment
Both the SMS and the Security Gateway can be installed on a single server for small companies
Distrubuted Deployment
For bigger networks multiple devices should be used.
All together
Practice Questions
Misc. Threat Prevention Intro
Check Point Cloud Concept
When breaches occur with new emerging threats, companies have the option to tell Check Point so they can add the signature/threat to their database. This will then get pushed as an update to all other firewalls.
Sandblast & Threat Emulation
Sandblast is a Sandbox when files are suspicious. First it will check with the cloud service, then it will send it to the Sandblast, run it in a sandbox to see if it's malicious and then the Admin has the option in what to do with it. If it ends up as being malicious, it will push the signature to the cloud service so it can be stopped immediately when it pops up on other firewalls
Last updated
Was this helpful?