very informative. i'm working to become CCNP Security certified but i'm noticing that a lot of the jobs associated with this certification want you to have check point knowledge before they will hire you. Your video was very straight forward and easy to understand. Thank you for taking the time to make this video.
Thank you for taking the time to make the video Jafer. I was researching Check Point firewalls and looking for videos to illustrate the GUI and how easy it is to navigate and create rules...so this was perfect!
Nice video, My thought.... The rule 2 hides the rule 5. Ping from 10.10.X.X is allowed in rule 1. If want to allow ping through it should be motioned inside management label. :)
Hi, the stealth rule will block anything to the gateway itself, any rule created going through the gateway will work fine regardless of the stealth rule, hope that makes sense, thanks. :-)
Nice Video -- seems very intuitive to set up checkpoint FW, instead of looking through the drop down menu, could you not just type the protocol in the search box?
right jafer, anyone trying to ping, ssh, ftp, sftp, etc to the firewall's physical (or logical) interface address will be denied. This rule should be very high in the rulebase. You're more likely getting dropped by the 'cleanup' rule generally configured at the end of the rulebase. This will happen when you have not configured a rule specifically for the traffic you are being dropped on
I have already instsalled Elastix on the virtual machine box. I also configured the soft phones. I'd like to know how one can securise Elastix against attacks. Thanks a lot for your help.
Great video and this has taught me ALOT about CP FWs. I too have a ASA background and CP is in high demand and I appreciate you sharing your knowledge!!
yep, but, hmm how to discern from a "normal" firewall W11, if maybe it's been manipulated....so every time I restore default, I restore "others" default and not W11...? the right proper firewall from scratch.. :) is? thanks a lot in advance.
Hi Jafer, your video is very helpful, I'm CCNP, I need to use Checkpoint for my next job, I didn't know it before. Let me know about all material for beginners ( your video, guide etc.. ) Thank you , Davide from Italy
You are right... I am finding ALOT of Enterprises use CP as stateful FWs. I am from the Cisco side of the house with ASAs and the CPs seem to be the better solution... IMO
Thank you. Yes you are right, many jobs require some level of knowledge on Check Point, for two reasons in my opinion. First is because Check Point being the leaders in next generation firewalls have a lot of gateways deployed out there. Second reason, and this is mainly from a professional services/deployment point of view, you need to have in depth knowledge on Check Point migrations and upgrade, which I have recently mastered myself. I may do some videos soon around this area :-)
Nice video, anyway I agree with Martin Z that rule number 3 (number 4 before re-arrengements) is not Internet rule, you have limited only services, but any destination means you can also reach prrivate IP ranges. And my personal tip, please use searchbox for objects like service etc, it will significantly shorten time amount for picikng them. Anyway thanks for posting!
your videos are very helpful, please make some videos on Smart reporter and smart event if you get a chance, those are rare to find. Thank you very much.
Hi,i have one dote.. we created stealth rule on above video but below that rule won't work because stealth rule come first and it reject all the request....am i right..
@jafer125 I come from Cisco ASA/PIX background. I am trying to make sense out of adding policy. When you add a policy, are you adding an ACL to given interface, if so, how do you specify which interface you are adding the ACL ?
please i watched a video of site to site vpn and the ping failed and i don't know what to add from this video for successing the ping sorry for my english please answer me
Thanks Ajay :)The only ones I use are the official manuals from Check Point which are good. The training guides would be useful but quite expensive as well.
You are correct, when the destination is any that's telling that source it can go anywhere INTERNAL as well as external. I would suggest removing the "Any" as the destination and either add his internal/dmz addresses as the destination and mark it as negate or easier just add all RFC 1918 addresses and mark it negate and that way all the traffic from that source will go to the internet and everything else will be dropped
we actually never look at the comment for a specific rule. It should be logically named....... some people have random custom services masquerading as regular ones. Just name things properly.............. i recommend "Reasonforcustomproto_port#" or something
very informative. i'm working to become CCNP Security certified but i'm noticing that a lot of the jobs associated with this certification want you to have check point knowledge before they will hire you. Your video was very straight forward and easy to understand. Thank you for taking the time to make this video.
Thank you for taking the time to make the video Jafer. I was researching Check Point firewalls and looking for videos to illustrate the GUI and how easy it is to navigate and create rules...so this was perfect!
Nice video, My thought.... The rule 2 hides the rule 5. Ping from 10.10.X.X is allowed in rule 1. If want to allow ping through it should be motioned inside management label. :)
Hi, the stealth rule will block anything to the gateway itself, any rule created going through the gateway will work fine regardless of the stealth rule, hope that makes sense, thanks. :-)
Nice Video -- seems very intuitive to set up checkpoint FW, instead of looking through the drop down menu, could you not just type the protocol in the search box?
Brilliant, short and concise, very very useful indeed.
right jafer, anyone trying to ping, ssh, ftp, sftp, etc to the firewall's physical (or logical) interface address will be denied. This rule should be very high in the rulebase. You're more likely getting dropped by the 'cleanup' rule generally configured at the end of the rulebase. This will happen when you have not configured a rule specifically for the traffic you are being dropped on
Awesome tutorial. But won’t all those logs kill the cpu?
I have already instsalled Elastix on the virtual machine box. I also configured the soft phones. I'd like to know how one can securise Elastix against attacks.
Thanks a lot for your help.
Great video and this has taught me ALOT about CP FWs. I too have a ASA background and CP is in high demand and I appreciate you sharing your knowledge!!
I have questions if I deleted the management policy,I will loose the access to firewall,if my firewall is miles away ,what should I do?
I'm glad it was useful, thanks for the comment. :-)
yep, but, hmm how to discern from a "normal" firewall W11, if maybe it's been manipulated....so every time I restore default, I restore "others" default and not W11...? the right proper firewall from scratch.. :) is? thanks a lot in advance.
If you have not set the rule to log will you be able to see how many times the rule was hit?
Hi Jafer, your video is very helpful, I'm CCNP, I need to use Checkpoint for my next job, I didn't know it before. Let me know about all material for beginners ( your video, guide etc.. ) Thank you , Davide from Italy
You are right... I am finding ALOT of Enterprises use CP as stateful FWs. I am from the Cisco side of the house with ASAs and the CPs seem to be the better solution... IMO
its awsome dear ... i have downloaded all the video for self study.... realy its a big help
+ratneshwar singh Good to hear ratneshwar, thanks for comment :)
Hi sir how to check service that is running at security gateway using smartdashboard thank you
Thank you. Yes you are right, many jobs require some level of knowledge on Check Point, for two reasons in my opinion.
First is because Check Point being the leaders in next generation firewalls have a lot of gateways deployed out there.
Second reason, and this is mainly from a professional services/deployment point of view, you need to have in depth knowledge on Check Point migrations and upgrade, which I have recently mastered myself.
I may do some videos soon around this area :-)
Thank you and good luck 👍
Hi Sabir,
great videos , do you have more videos on R77, Thank you for sharing your knowledge.
Nice video, anyway I agree with Martin Z that rule number 3 (number 4 before re-arrengements) is not Internet rule, you have limited only services, but any destination means you can also reach prrivate IP ranges. And my personal tip, please use searchbox for objects like service etc, it will significantly shorten time amount for picikng them. Anyway thanks for posting!
hefko Hi hefko, thanks for the feedback and sharing your knowledge with us, and yes good point on both.
You can just type the object or services into the box when adding to the rules instead of scrolling through the list.
your videos are very helpful, please make some videos on Smart reporter and smart event if you get a chance, those are rare to find.
Thank you very much.
Very Helpful videos Jafer....Nice work
very nice video and useful. This help me a lot. I thank you a lot
Hi,i have one dote..
we created stealth rule on above video but below that rule won't work because stealth rule come first and it reject all the request....am i right..
Thank you for this video, Great job
Thank you
@jafer125
I come from Cisco ASA/PIX background. I am trying to make sense out of adding policy.
When you add a policy, are you adding an ACL to given interface, if so, how do you specify which interface you are adding the ACL ?
can you give the advise of create access rule and block websites in R77.20.40
WOW ... Great .. very helpful !
please i watched a video of site to site vpn and the ping failed and i don't know what to add from this video for successing the ping sorry for my english please answer me
Excellent - really useful and a nice refresher!!
Can you make a video on Application and URL Filtering? Thanks
how to download the above mentioned video software?
Nice video Jafer..really helpful.!! Do u any soft study book for Checkpoint?
Thanks Ajay :)The only ones I use are the official manuals from Check Point which are good. The training guides would be useful but quite expensive as well.
Thank you very much it's nice tutorial
Thank you
Hi Jafer , Great video , really helpful.
Hi Ygal, thank you for the kind words. :)
Thanks for this illustrative video
i got it. thank you.. upload more videos it helpful for all..thank you for replaying.
Thank you for sharing ❤️🙏 Awesome 💕
Thanks very much, great work.
rule number 3 ...... its not an internet access because destination is any
You are correct, when the destination is any that's telling that source it can go anywhere INTERNAL as well as external. I would suggest removing the "Any" as the destination and either add his internal/dmz addresses as the destination and mark it as negate or easier just add all RFC 1918 addresses and mark it negate and that way all the traffic from that source will go to the internet and everything else will be dropped
Topic is superb but the video play first then Audio play next so here still confuse
Great video , i am looking forward your next site to site vpn one ..Thanks
Great, yes will do soon. :-)
nice video.....
I cant block youtube, do the blocking category , but when using google chrome can see youtube.
with no firefox
IE no.
chrome yes
Were you blocking youtube using the app control blade? If so, https inspection would need to be enabled for it to work correctly.
great stuff, thank you
Will do, thanks
Yes will do soon. :-)
thanks was useful
pls forward to me that software link
It is for very begginer 'admins'...:(
Thanks
we actually never look at the comment for a specific rule. It should be logically named....... some people have random custom services masquerading as regular ones. Just name things properly.............. i recommend "Reasonforcustomproto_port#" or something
Any one teach to me please
are you a partner or something, jafer125? What's ur SR # or user center email address :P