7. Check Point Getting Started R80.20. Access control

  • Tutorial


Welcome to the 7th lesson, where we will already start working with security policies. Today, for the first time, we will install a policy on our gateway, i.e. finally do the install policy. After that, traffic can already go through the gateway!

In general, politicians, from the point of view of Check Point, are a rather broad concept. Security Policies can be divided into 3 types:

  1. Access Control . This includes blades such as: Firewall, Application Control, URL Filtering, Content Awareness, Mobile Access, VPN. Those. everything about allowing or restricting traffic.
  2. Threat Prevention . Blades are used here: IPS, Anti-Virus, Anti-Bot, Threat Emulation, Threat Extraction. Those. functions that check the contents of traffic or content that has already passed through Access Control.
  3. Security Desktop . These are endpoint agent management policies (i.e. workstation protection). In principle, we will not touch on this topic in the framework of the course.

In this lesson, we’ll start talking about Access Control policies.

Access Control Composition


Access Control is the first policy to be installed on the gateway. Without this policy, others (Threat Prevention, Desktop Security) simply cannot be installed. As mentioned earlier, Access Control policies include several blades at once:

  • Firewall
  • Application & URL Filtering;
  • Content Awareness
  • Mobile Access
  • NAT

To begin with, we will consider only one - Firewall.

Four steps to configure Firewall


To install the policy on the gateway, we MUST need to perform the following steps:

  1. Define gateway interfaces in the corresponding security zone (be it Internal, External, DMZ, etc.)
  2. Configure Anti-Spoofing ;
  3. Create network objects ( Networks, Hosts, Servers , etc.) This is important! As I said, Check Point only works with objects. Paste into the access list simply the IP address will not work;
  4. Create Access Lists (at least one).

Without these settings, policies simply cannot be established!

Video lesson


As usual, we attach a video lesson where we will perform the basic setup procedure for Access-Control and create the recommended access lists.



Stay tuned for more and join our YouTube channel :)

Also popular now: