Check Point CCSA Notes

CheckPoint is the largest pure-play security vendor globally, and has a long history of being a respected security solutions provider and the company’s devices are one of the most deployed firewalls in use today.

Till now, for eighteen consecutive years Check Point has been positioned in the “Leaders” quadrant in the Magic Quadrant for Enterprise Network Firewalls. Check Point is also positioned in the “Leaders” for Unified Threat Management (UTM) for five years till now. Gartner evaluates each vendor’s Enterprise Network Firewall offerings on a scale of completeness of vision and ability to execute.

Traffic Control Methods:

  • Packet Filtering in OSI Layer 3 (Network) and Layer 4 (Transport)
  • Stateful control by Inspect Engine, again at L3 and L4 but with more focus on L4
  • Application Awareness

Check Point Operating system:

We talk here about both Management Server and the Gateways (firewalls) OS.

  • IPSO was the initial version, based on BSD (Nokia’s IPSO).
  • SecurePlatform (SPLAT), based on Redhat
  • GAiA is the latest version!

Deployment Notes

With small environments, it’s possible to have the Management Server and Gateway on the same hardware. This is called Standalone deployment.

Continue reading “Check Point CCSA Notes”

Share this!

Advanced Cisco BGP features: Selective Next-hop

Below topology was used for this post, and all the configuration happened on two Cisco CSR1000v

topo-2routers-dual-link

BGP Selective Next-hop Route filtering

Imagine that you want to accept routes only from peers, which the route covering the next-hop passes specific conditions, such as prefix-length, or protocol.

In the following configuration I will only accept routes from peers, which the route covering the next-hop has a mask of less-equal to 24:

Let’s see the current BGP table:

Continue reading “Advanced Cisco BGP features: Selective Next-hop”

Share this!