Network Interview Questions

Network Interview Questions posted based on my readings

Priv acy

Wednesday, April 28, 2010

Interview Questions for Check Point Firewall Technology ROUTING

Question 1 Which of the applications in C heck Point technology can be C ommon

used to configure security objects? EIGRP
OSPF
Answer:
SmartDashboard

Question 2 Which of the applications in C heck Point technology can be

used to view who and what the administrator do to the security policy? Blog Archive
Answer:
SmartView Tracker 2011 (1)
Question 3 What are the two types of C heck Point NG licenses? 2010 (4)
Answer: July (1)
C entral and Local licenses June (1)
C entral licenses are the new licensing model for NG and are bound to the
April (2)
SmartC enter server. Local licenses are the legacy licensing model and are
bound to the enforcement module. Interview Questions for C heck Point
Firewall Techn...
Question 4 What is the main different between cpstop/cpstart and Interview Questions Related with
fwstop/fwstart? network security
Answer:
2009 (2)
Using cpstop and then cpstart will restart all C heck Point components,
including the SVN foundation. Using fwstop and then fwstart will only restart 2008 (2)
VPN-1/FireWall-1.

Question 5 What are the functions of C PD, FWM, and FWD processes?
Answer: About Me
C PD C PD is a high in the hierarchichal chain and helps to execute many
services, such as Secure Tirumala Babu
Internal C ommuncation (SIC ), Licensing and status report.
FWM The FWM process is responsible for the execution of the database Having more than 20 years of IT
activities of the experience and 10+ years of network and
SmartC enter server. It is; therefore, responsible for Policy installation, security support
Management High View my complete profile
Availability (HA) Synchronization, saving the Policy, Database Read/Write
action, Log
Display, etc.
FWD The FWD process is responsible for logging. It is executed in relation Total Pageviews
to logging, Security
Servers and communication with OPSEC applications.
49,103
Question 6 How to Install C heckpoint Firewall NGX on SecurePlatform?
Answer:
1. Insert the C heckpoint C D into the computers C D Drive.

2. You will see a Welcome to C heckpoint SecurePlatform screen. It will

prompt you to press any key. Press any key to start the installation,otherwise
it will abort the installation.

3.You will now receive a message saying that your hardware was scanned
and found suitable for installing secureplatform. Do you wish to proceed with
the installation of C heckpoint SecurePlatform.

Of the four options given, select OK, to continue.

4.You will be given a choice of these two:

SecurePlatform
SecurePlatform Pro

Select Secureplatform Pro and enter ok to continue.

5.Next it will give you the option to select the keyboard type. Select your
Keyboard type (default is US) and enter OK to continue.

6.The next option is the Networking Device. It will give you the interfaces of
your machine and you can select the interface of your choice.

7.The next option is the Network Interface C onfiguration. Enter the IP

address, subnet mask and the default gateway.

For this tutorial, we will set this IP address as 1.1.1.1 255.255.255.0 and the
default gateway as 1.1.1.2 which will be the IP address of your upstream
router or Layer 3 device.

8.The next option is the HTTPS Server C onfiguration. Leave the default and
enter OK.

9.Now you will see the C onfirmation screen. It will say that the next stage of
the installation process will format your hard drives. Press OK to C ontinue.

10.Sit back and relax as the hard disk is formated and the files are being
copied.

Once it is done with the formatting and copying of image files, it will prompt
you reboot the machine and importantly REMOVE THE INSTALLATION C D.
Press Enter to Reboot.

Note: Secureplatform disables your Num Lock by over riding System BIOS
settings, so you press Num LOck to enable your Num Lock.

For the FIRST Time Login, the login name is admin and the password is also
admin.

11.Start the firewall in Normal Mode.

12.C onfiguring Initial Login:

Enter the user name and password as admin, admin.

It will prompt you for a new password. C hose a password.

Enter new password: check$123

Enter new password again: check$123

You may choose a different user name:

Enter a user name:fwadmin

Now it will prompt you with the [cpmodule]# prompt.

13. The next step is to launch the configuration wizard. To start the
configuration wizard, type sysconfig.

You have to enter n for next and q for Quit. Enter n for next.

14.C onfiguring Host name: Press 1 to enter a host name. Press 1 again to set
the host name.

Enter host name: checkpointfw

You can either enter an ip address of leave it blank to associate an IP
address with this hostname. Leave it blank for now.

Press 2 to show host name. It now displays the name of the firewall as
checkpointfw.

Press e to get out of that section.

15.C onfiguring the Domain name.

Press 2 to enter the config mode for configuring the domain mode. Press 1 to
set the domain name.

Enter domain name:yourdomain.com

Example:

Enter domain name: checkpointfw.com

You can press 2 to show the domain name.

16. C onfiguring Domain Name Servers.

You can press 1 to add a new domain name server.

Enter IP Address of the domain name srever to add: Enter your domain
name server IP Address HERE.

Press e to exit.

Network C onnections.

17. Press 4 to enter the Network C onnections parameter.

Enter 2 to C onfigure a new connection.

Your C hoice:

1) eth0
2) eth1
3) eth2
4) eth3

Press 2 to configure eth1. (We will configure this interface as the inside
interface with an IP address of 192.168.1.1 and a subnet mask of
255.255.255.0. The default gateway will be configured as 1.1.1.1.)

Press 1) C hange IP settings.

Enter IP address for eth1 (press c to cancel): 192.168.1.1

Enter network Mask for interface eth2 (press c to cancel): 255.255.255.0
Enter broadcast address of the interface eth2 (leave empty for default): Enter

Pres Enter to continue.

Similarly configure the eth2 interface, which will be acting as a DMZ in this
case with 10.10.10.1 255.255.255.0.

Press e to exit the configuration menu.

18.C onfiguring the Default Gateway C onfiguration.

Enter 5 which is the Routing section to enter information on the default

gateway configuration.

1.Set default gateway.

2.Show default gateway.

Press 1 to enter the default gateway configuration.

Enter default gateway IP address: 1.1.1.2

19. C hoose a time and date configuration item.

Press n to configure the timezone, date and local time.

This part is self explanatory so you can do it yourself.

The next prompt is the Import C heckpoint Products C onfiguration. You can n
for next to skip this part as it is not needed for fresh installs.

20. Next is the license agreement.You have the option of V for evaluation
product, U for purchased product and N for next. If you enter n for next.
Press n for next.

Press Y and accept the license agreement.

21.The next section would show you the product Selection and Installation
option menu.

Select C heckpoint Enterprise/Pro.

Press N to continue.

22. Select New Installation from the menu.

Press N to continue.

23. Next menu would show you the products to be installed.

Since this is a standalone installation configuration example, select

VPN Pro and

Smartcenter

Press N for next

24.Next menu gives you the option to select the Smartcenter type you would
like to install.

Select Primary Smartcenter.

Press n for next.

A validation screen will be seen showing the following products:

VPN-1 Pro and Primary Smartcenter.

Press n for next to continue.

Now the installation of VPN-1 Pro NGX R60 will start.

25. The set of menu is as follows:

Do you want to add license (y/n)

 You can enter Y which is the default and enter your license information.

26. The next prompt will ask you to add an administrator. You can add an
administrator.

27.The next prompt will ask you to add a GUI C lient. Enter the IP Address of
the machine from where you want to manage this firewall.

28. The final process of installation is creation of the IC A. It will promtp you
for the creation of the IC A and follow the steps. The IC A will be created.
Once the random is configured ( you dont have to do anything), the IC A is
initialized.

After the IC A initialized, the fingerprint is displayed. You can save this
fingerprint because this will be later used while connecting to the smartcenter
through the GUI. The two fingerprints should match. This is a security
feature.

The next step is reboot. Reboot the firewall.

Question 7 What are the types of NAT and how to configure it in C heck
Point Firewall?
Answer:
Static Mode manually defined

Posted by Tirumala Babu at 10:15 AM

No comments:

Post a C omment

Newer Post Home Older Post

Subscribe to: Post Comments (Atom)