Thread: Help understanding Checkpoint
View Single Post
  #2 (permalink)  
Old 2007-09-23
Bob_Zimmerman Bob_Zimmerman is offline
Junior Member
  
Join Date: 2007-03-30
Location: DFW, TX
Posts: 25
Rep Power: 0
Bob_Zimmerman has an average reputation (10+)
Send a message via AIM to Bob_Zimmerman
Default Re: Help understanding Checkpoint
Quote:
Originally Posted by pluto View Post
1 - Am i correct in saying a packet is first checked for anti-spoofing the NAT and then Security and finally routing? There are no clear details on this. I have tried to use fw monitor but not clear from that either. I want to understand exactly what happens when a packet hit FW-1 and when it leave inlcuding the INSPECT process.
Take a look at the 'fw monitor -p all' command and ... 'fw ctl chain', I think it is. That gives a much more detailed list of what's going on. Very generally speaking, stateless TCP verifications tend to be first (things like stripping IP Options), then antispoofing. Security and translation seem to be applied simultaneously, since both are done by the firewall kernel, though NAT normally only happens on the inbound or the outbound leg for a given connection. Occasionally, you'll see NAT on both the i-I and the o-O transition.

Routing is done between I and o in an fw monitor. Then it goes through the firewall kernel again.

Quote:
Originally Posted by pluto View Post
3 - What advantages are there of using SPLAT over Nokia's?
The big advantage would be that there's one vendor for both the OS and the application you're running on it. Then again, with Nokia boxes or that sort of thing, you have one vendor for the hardware and the OS, so there aren't really driver issues. Everything is built to work together.

I use SecurePlatform, because I like how if I have a catastrophic hardware failure, I can dig up enough spare hardware to build a new box, install SecurePlatform on it, and get it back up and running in under an hour.

Quote:
Originally Posted by pluto View Post
4 - How do you apply HFA's to windows, SPLAT, Nokia and Solaris (modules and managers)
That would be described in the individual HFA's release notes. Unfortunately, the method of application sometimes changes.

Quote:
Originally Posted by pluto View Post
Sorry for the general questions... just trying to clear things in my head...

Thanks
Paul
Not a problem. Hopefully someone else can help you with number 2, because I don't have any specific documentation on that.
__________________
Robert Zimmerman
Reply With Quote