very informative. i'm working to become CCNP Security certified but i'm noticing that a lot of the jobs associated with this certification want you to have check point knowledge before they will hire you. Your video was very straight forward and easy to understand. Thank you for taking the time to make this video.
Thank you for taking the time to make the video Jafer. I was researching Check Point firewalls and looking for videos to illustrate the GUI and how easy it is to navigate and create rules...so this was perfect!
Great video and this has taught me ALOT about CP FWs. I too have a ASA background and CP is in high demand and I appreciate you sharing your knowledge!!
Thank you. Yes you are right, many jobs require some level of knowledge on Check Point, for two reasons in my opinion. First is because Check Point being the leaders in next generation firewalls have a lot of gateways deployed out there. Second reason, and this is mainly from a professional services/deployment point of view, you need to have in depth knowledge on Check Point migrations and upgrade, which I have recently mastered myself. I may do some videos soon around this area :-)
Hi, the stealth rule will block anything to the gateway itself, any rule created going through the gateway will work fine regardless of the stealth rule, hope that makes sense, thanks. :-)
right jafer, anyone trying to ping, ssh, ftp, sftp, etc to the firewall's physical (or logical) interface address will be denied. This rule should be very high in the rulebase. You're more likely getting dropped by the 'cleanup' rule generally configured at the end of the rulebase. This will happen when you have not configured a rule specifically for the traffic you are being dropped on
@jafer125 I come from Cisco ASA/PIX background. I am trying to make sense out of adding policy. When you add a policy, are you adding an ACL to given interface, if so, how do you specify which interface you are adding the ACL ?
yep, but, hmm how to discern from a "normal" firewall W11, if maybe it's been manipulated....so every time I restore default, I restore "others" default and not W11...? the right proper firewall from scratch.. :) is? thanks a lot in advance.
I have already instsalled Elastix on the virtual machine box. I also configured the soft phones. I'd like to know how one can securise Elastix against attacks. Thanks a lot for your help.
You are right... I am finding ALOT of Enterprises use CP as stateful FWs. I am from the Cisco side of the house with ASAs and the CPs seem to be the better solution... IMO
Nice Video -- seems very intuitive to set up checkpoint FW, instead of looking through the drop down menu, could you not just type the protocol in the search box?
Hi,i have one dote.. we created stealth rule on above video but below that rule won't work because stealth rule come first and it reject all the request....am i right..
Nice video, My thought.... The rule 2 hides the rule 5. Ping from 10.10.X.X is allowed in rule 1. If want to allow ping through it should be motioned inside management label. :)
please i watched a video of site to site vpn and the ping failed and i don't know what to add from this video for successing the ping sorry for my english please answer me
Thanks Ajay :)The only ones I use are the official manuals from Check Point which are good. The training guides would be useful but quite expensive as well.
Hi Jafer, your video is very helpful, I'm CCNP, I need to use Checkpoint for my next job, I didn't know it before. Let me know about all material for beginners ( your video, guide etc.. ) Thank you , Davide from Italy
your videos are very helpful, please make some videos on Smart reporter and smart event if you get a chance, those are rare to find. Thank you very much.
Nice video, anyway I agree with Martin Z that rule number 3 (number 4 before re-arrengements) is not Internet rule, you have limited only services, but any destination means you can also reach prrivate IP ranges. And my personal tip, please use searchbox for objects like service etc, it will significantly shorten time amount for picikng them. Anyway thanks for posting!
You are correct, when the destination is any that's telling that source it can go anywhere INTERNAL as well as external. I would suggest removing the "Any" as the destination and either add his internal/dmz addresses as the destination and mark it as negate or easier just add all RFC 1918 addresses and mark it negate and that way all the traffic from that source will go to the internet and everything else will be dropped
we actually never look at the comment for a specific rule. It should be logically named....... some people have random custom services masquerading as regular ones. Just name things properly.............. i recommend "Reasonforcustomproto_port#" or something
very informative. i'm working to become CCNP Security certified but i'm noticing that a lot of the jobs associated with this certification want you to have check point knowledge before they will hire you. Your video was very straight forward and easy to understand. Thank you for taking the time to make this video.
Thank you for taking the time to make the video Jafer. I was researching Check Point firewalls and looking for videos to illustrate the GUI and how easy it is to navigate and create rules...so this was perfect!
Great video and this has taught me ALOT about CP FWs. I too have a ASA background and CP is in high demand and I appreciate you sharing your knowledge!!
Brilliant, short and concise, very very useful indeed.
Thank you. Yes you are right, many jobs require some level of knowledge on Check Point, for two reasons in my opinion.
First is because Check Point being the leaders in next generation firewalls have a lot of gateways deployed out there.
Second reason, and this is mainly from a professional services/deployment point of view, you need to have in depth knowledge on Check Point migrations and upgrade, which I have recently mastered myself.
I may do some videos soon around this area :-)
Thank you and good luck 👍
its awsome dear ... i have downloaded all the video for self study.... realy its a big help
+ratneshwar singh Good to hear ratneshwar, thanks for comment :)
I'm glad it was useful, thanks for the comment. :-)
Awesome tutorial. But won’t all those logs kill the cpu?
Hi, the stealth rule will block anything to the gateway itself, any rule created going through the gateway will work fine regardless of the stealth rule, hope that makes sense, thanks. :-)
WOW ... Great .. very helpful !
right jafer, anyone trying to ping, ssh, ftp, sftp, etc to the firewall's physical (or logical) interface address will be denied. This rule should be very high in the rulebase. You're more likely getting dropped by the 'cleanup' rule generally configured at the end of the rulebase. This will happen when you have not configured a rule specifically for the traffic you are being dropped on
Thank you for this video, Great job
Thank you
Very Helpful videos Jafer....Nice work
@jafer125
I come from Cisco ASA/PIX background. I am trying to make sense out of adding policy.
When you add a policy, are you adding an ACL to given interface, if so, how do you specify which interface you are adding the ACL ?
yep, but, hmm how to discern from a "normal" firewall W11, if maybe it's been manipulated....so every time I restore default, I restore "others" default and not W11...? the right proper firewall from scratch.. :) is? thanks a lot in advance.
I have already instsalled Elastix on the virtual machine box. I also configured the soft phones. I'd like to know how one can securise Elastix against attacks.
Thanks a lot for your help.
You are right... I am finding ALOT of Enterprises use CP as stateful FWs. I am from the Cisco side of the house with ASAs and the CPs seem to be the better solution... IMO
Excellent - really useful and a nice refresher!!
Hi Jafer , Great video , really helpful.
Hi Ygal, thank you for the kind words. :)
very nice video and useful. This help me a lot. I thank you a lot
I have questions if I deleted the management policy,I will loose the access to firewall,if my firewall is miles away ,what should I do?
Nice Video -- seems very intuitive to set up checkpoint FW, instead of looking through the drop down menu, could you not just type the protocol in the search box?
Hi,i have one dote..
we created stealth rule on above video but below that rule won't work because stealth rule come first and it reject all the request....am i right..
Nice video, My thought.... The rule 2 hides the rule 5. Ping from 10.10.X.X is allowed in rule 1. If want to allow ping through it should be motioned inside management label. :)
Thanks for this illustrative video
how to download the above mentioned video software?
Hi Sabir,
great videos , do you have more videos on R77, Thank you for sharing your knowledge.
If you have not set the rule to log will you be able to see how many times the rule was hit?
please i watched a video of site to site vpn and the ping failed and i don't know what to add from this video for successing the ping sorry for my english please answer me
Hi sir how to check service that is running at security gateway using smartdashboard thank you
can you give the advise of create access rule and block websites in R77.20.40
Thanks very much, great work.
i got it. thank you.. upload more videos it helpful for all..thank you for replaying.
Great, yes will do soon. :-)
You can just type the object or services into the box when adding to the rules instead of scrolling through the list.
Nice video Jafer..really helpful.!! Do u any soft study book for Checkpoint?
Thanks Ajay :)The only ones I use are the official manuals from Check Point which are good. The training guides would be useful but quite expensive as well.
Hi Jafer, your video is very helpful, I'm CCNP, I need to use Checkpoint for my next job, I didn't know it before. Let me know about all material for beginners ( your video, guide etc.. ) Thank you , Davide from Italy
Thank you for sharing ❤️🙏 Awesome 💕
your videos are very helpful, please make some videos on Smart reporter and smart event if you get a chance, those are rare to find.
Thank you very much.
Yes will do soon. :-)
Thank you very much it's nice tutorial
Thank you
great stuff, thank you
nice video.....
Can you make a video on Application and URL Filtering? Thanks
Great video , i am looking forward your next site to site vpn one ..Thanks
Will do, thanks
Nice video, anyway I agree with Martin Z that rule number 3 (number 4 before re-arrengements) is not Internet rule, you have limited only services, but any destination means you can also reach prrivate IP ranges. And my personal tip, please use searchbox for objects like service etc, it will significantly shorten time amount for picikng them. Anyway thanks for posting!
hefko Hi hefko, thanks for the feedback and sharing your knowledge with us, and yes good point on both.
thanks was useful
I cant block youtube, do the blocking category , but when using google chrome can see youtube.
with no firefox
IE no.
chrome yes
Were you blocking youtube using the app control blade? If so, https inspection would need to be enabled for it to work correctly.
Thanks
rule number 3 ...... its not an internet access because destination is any
You are correct, when the destination is any that's telling that source it can go anywhere INTERNAL as well as external. I would suggest removing the "Any" as the destination and either add his internal/dmz addresses as the destination and mark it as negate or easier just add all RFC 1918 addresses and mark it negate and that way all the traffic from that source will go to the internet and everything else will be dropped
pls forward to me that software link
Topic is superb but the video play first then Audio play next so here still confuse
we actually never look at the comment for a specific rule. It should be logically named....... some people have random custom services masquerading as regular ones. Just name things properly.............. i recommend "Reasonforcustomproto_port#" or something
It is for very begginer 'admins'...:(
Any one teach to me please
are you a partner or something, jafer125? What's ur SR # or user center email address :P