Help understanding Checkpoint

[pluto]

Hi there,

Looking for some help understanding the following as the checkpoint docs are not very clear and searching the posts im not convinced i have the answers to my questions:

1 - Am i correct in saying a packet is first checked for anti-spoofing the NAT and then Security and finally routing? There are no clear details on this. I have tried to use fw monitor but not clear from that either. I want to understand exactly what happens when a packet hit FW-1 and when it leave inlcuding the INSPECT process.

2 - Are there any guidelines as to how a solaris box should be built for a smartcentre or Provider-1 use?

3 - What advantages are there of using SPLAT over Nokia's?

4 - How do you apply HFA's to windows, SPLAT, Nokia and Solaris (modules and managers)

Sorry for the general questions... just trying to clear things in my head...

Thanks
Paul

[Bob_Zimmerman]

Quote:

Originally Posted by pluto

1 - Am i correct in saying a packet is first checked for anti-spoofing the NAT and then Security and finally routing? There are no clear details on this. I have tried to use fw monitor but not clear from that either. I want to understand exactly what happens when a packet hit FW-1 and when it leave inlcuding the INSPECT process.

Take a look at the 'fw monitor -p all' command and ... 'fw ctl chain', I think it is. That gives a much more detailed list of what's going on. Very generally speaking, stateless TCP verifications tend to be first (things like stripping IP Options), then antispoofing. Security and translation seem to be applied simultaneously, since both are done by the firewall kernel, though NAT normally only happens on the inbound or the outbound leg for a given connection. Occasionally, you'll see NAT on both the i-I and the o-O transition.

Routing is done between I and o in an fw monitor. Then it goes through the firewall kernel again.

Quote:

Originally Posted by pluto

3 - What advantages are there of using SPLAT over Nokia's?

The big advantage would be that there's one vendor for both the OS and the application you're running on it. Then again, with Nokia boxes or that sort of thing, you have one vendor for the hardware and the OS, so there aren't really driver issues. Everything is built to work together.

I use SecurePlatform, because I like how if I have a catastrophic hardware failure, I can dig up enough spare hardware to build a new box, install SecurePlatform on it, and get it back up and running in under an hour.

Quote:

Originally Posted by pluto

4 - How do you apply HFA's to windows, SPLAT, Nokia and Solaris (modules and managers)

That would be described in the individual HFA's release notes. Unfortunately, the method of application sometimes changes.

Quote:

Originally Posted by pluto

Sorry for the general questions... just trying to clear things in my head...

Thanks
Paul

Not a problem. Hopefully someone else can help you with number 2, because I don't have any specific documentation on that.

[pluto]

Thanks Bob....

Hopefully someone can clarify the recommended way of building solaris boxes inorder to run a FW manager or Provider-1

Cheers
Paul