If a packet is part of an existing conversation, it can pass. As traffic arrives at the firewall, Check Point examines it and compares it to the set of existing, and allowed, network conversations already underway. This kind of scalability is why many large organizations with extremely complicated networks-GTE Internetworking, for instance-use Check Point for their security needs.įireWall-1 blocks traffic by means of technology that Check Point calls stateful inspection. You can then install the applicable parts of that security policy for each of your enforcement points. To accomplish this with Check Point, you must still develop a single security policy on your management server. In a case such as this, you may want as many as four enforcement points, one for each connection. For example, suppose you have several wide area network (WAN) connections: one to the Internet, two more to satellite offices, and another to a business partner's network. Check Point's approach is unique in that it lets you define more than one enforcement point. In general, most firewalls perform a similar combination of functions-storing, implementing, and logging violations of a security policy. In smaller implementations, the management server resides on the same box as the enforcement point. Check Point's GUI displays security policies and provides a simple mechanism for installing them on a gateway.Ĭheck Point divides the implementation of its network security policy into three components: a graphical interface for administration (see Figure A) a management server that stores security policies and logs and an enforcement point-a network gateway that actually implements that policy, blocking or allowing traffic where appropriate.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |