ProHoster > Blog > Administration > 7. Check Point Getting Started R80.20. Access control

7. Check Point Getting Started R80.20. Access control

7. Check Point Getting Started R80.20. Access control

Welcome to lesson 7, where we will already start working with security policies. Today we will install the policy on our gateway for the first time, i.e. finally let's do "install policy". After that, traffic will be able to go through the gateway!
In general, policies, from the point of view of Check Point, are a rather broad concept. Security Policies can be divided into 3 types:

  1. Access Control. This includes such blades as: Firewall, Application Control, URL Filtering, Content Awareness, Mobile Access, VPN. Those. everything related to allowing or restricting traffic.
  2. Threat Prevention. Blades are used here: IPS, Anti-Virus, Anti-Bot, Threat Emulation, Threat Extraction. Those. functions that check the content of traffic or content that has already passed through the Access Control.
  3. desktop security. These are already Endpoint agent management policies (i.e. protection of workstations). In principle, we will not touch on this topic within the framework of the course.

In this lesson, we will start talking about Access Control policies.

Composition of Access Control

Access Control is the first policy to be installed on the gateway. Without this policy, others (Threat Prevention, Desktop Security) simply won't install. As mentioned earlier, Access Control policies include several blades at once:

  • Firewall;
  • Application & URL Filtering;
  • Content Awareness;
  • Mobile Access;
  • NAT.

To begin with, we will consider only one - Firewall.

Four steps to configure Firewall

To install the policy on the gateway, we MUST complete the following steps:

  1. Define the gateway interfaces in the appropriate security zone (be it Internal, External, DMZ, etc.)
  2. Tune Anti-spoofing;
  3. Create network objects (Networks, Hosts, Servers etc.) This is important! As I said, Check Point only works with objects. Inserting an ip-address into an access list simply will not work;
  4. Create Access List-s (at least one).

Without these settings, the policies simply won't install!

Video tutorial

As usual, we are attaching a video tutorial where we will perform the basic Access-Control setup procedure and form the recommended access lists.

Stay tuned for more and join us YouTube channel : )

Source: habr.com

Add a comment