Index

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Access Control and the Rule Base

Action

Activating Single Sign On

AD Query

Adding a Certificate

Adding an Access Role to a Rule

Adding an IPS Exception

Adding Data Owners

Adding Network Exceptions

Adding Users to the Rule Base

Adding Users to the Security Policy

Advanced NAT Settings

Allowing Mobile Connections

Allowing VPN Connections

Analyzing and Tracking DLP

Analyzing the Rule Base (Hit Count)

Anti-Bot and Anti-Virus

Anti-Bot and Anti-Virus Rule Base

Anti-Spam

Applications/Sites

Authentication Tab

Automatic and Manual NAT Rules

Automatic and Proxy ARP

Automatic Hide NAT to External Networks

Basic Rules

Browser-Based Authentication

Browsing IPS Protections

Check Point Firewall Security Solution

Check Point Mobile Access Solutions

Check Point Software Acceleration Solutions

Citrix Services

Client-Based vs. Clientless

Communication Between an Internal Network and the Internet

Communication Between Internal Networks

Communication Examples

Compliance Policy Rules

Components of the Check Point Solution

Configuring Anti-Spoofing

Configuring Citrix Services for Mobile Access

Configuring Compliance Settings for a Security Gateway

Configuring CoreXL

Configuring Geo Protections

Configuring HTTPS Inspection Rules

Configuring IP Pool NAT

Configuring Remote Access to Network Resources

Configuring SecureXL

Configuring Security Gateways

Configuring Static and Hide NAT

Configuring the Hit Count Display

Configuring the NAT Policy

Configuring the Security Gateway Object

Configuring the Security Management Server Object

Connecting to a Citrix Server

Connecting Translated Objects on Different Interfaces

CoreXL

Creating a New AD Object

Creating a Secure Firewall Rule Base

Creating a Strong Firewall Security Policy

Creating Access Roles

Creating an Account Unit

Creating an Endpoint Compliance Policy

Creating Reports

Creating VPN Policies

Data Loss Prevention Features

Defining Access to Applications

Defining an Internet Access Policy

Defining Security Zones

Deploying User Directory

Deployment Configurations

Disabling NAT in a VPN Tunnel

DLP Actions

DLP General Columns

DLP Restricted Columns

Dual Stack (IPv4 and IPv6) Network Configuration

Editing an Account Unit

Enabling Anti-Spam

Enabling Automatic NAT

Enabling DLP

Enabling HTTPS Inspection

Enabling Identity Awareness

Enabling IPS

Enabling Manual NAT

Enabling or Disabling Hit Count

Enabling SmartEvent

Enabling SmartLog

Enabling the Anti-Bot and Anti-Virus Software Blades

Enabling URL Filtering and Application Control

Enabling User Directory

Endpoint Compliance Check

Examining Anti-Bot and Anti-Virus Protections

Excluding Specific Internal Addresses

Explicit and Implied Rules

General Tab

Generating a New Certificate

Granular Routing Control

Hide NAT

Hide NAT for Address Range

How to Use this Guide

HTTPS Inspection

Identifying Bot Infected Computers

Identity Awareness and Remote Access

Identity Sources

Inbound Connections

Inspecting HTTPS Packets

Interface A

Interface B

Interface C

Internal Communication with Overlapping Addresses

IP Pool NAT

IP Pool NAT for Clusters

IP Pool Per Interface

IPS

IPS Protection Profiles

IPS Update Options

Learning about Malware

Managing LDAP Information

Managing the Anti-Bot and Anti-Virus Rule Base

Managing the DLP Rule Base

Managing the Firewall Rule Base

Managing URL Filtering and Application Control

Maximizing Network Performance

Mobile Access Clients

Mobile Access Web Portal

Monitoring and Logging

Monitoring Important Events with SmartEvent

Monitoring Traffic and Connections with SmartLog

Multi-Queue

NAT and Anti-Spoofing

NAT Priorities

NAT Rule Base

Network Configuration

Non-Corresponding Gateway Addresses

Notifying Data Owners

Object Database Configuration

Objects Management Tab

On Linux

On Windows

Order of NAT Rule Enforcement

Order of Rule Enforcement

Outbound Connections

Overview

Overview of Firewall Features

Perimeter

Preventing IP Spoofing

Protecting Networks from Bots

Protecting Networks from Viruses

Redirecting to a Captive Portal

Remote Access to the Network

Remote Access VPN

Reusing IP Pool Addresses For Different Destinations

Routing Considerations

Routing VPN Traffic

Sample Application and URL Filtering Event Analysis

Sample Automatic Rules

Sample Combination VPN Community

Sample Configuration

Sample Deployment (Manual Rules for Port Translation)

Sample Deployment (Static and Hide NAT)

Sample Deployment with Citrix Server

Sample DLP Deployment

Sample Firewall Rule Base

Sample Identity Awareness Rules

Sample Log Analysis

Sample Mail Relay Deployment

Sample Mobile Access Deployment

Sample Mobile Access Workflow

Sample NAT Deployments

Sample Remote Access VPN Workflow

Sample Rule Base

Sample Site to Site VPN Deployment

Sample Star Deployment

Sample URL Filtering and Application Control Rule Base

Sample VPN Firewall Rules

Securing Data

Security Management Behind NAT

Servers Tab

Site to Site VPN

SmartDashboard Toolbar

Special URL Filtering and Application Control Fields

SSL Network Extender

Static NAT

Static NAT for a Network Object

The Check Point Solution for Internet Browsing

Threat Prevention Policies

ThreatSpect Engine and ThreatCloud Repository

Translating IP Addresses

Updating IPS Protections

User Directory Features

UserCheck

UserCheck Actions

Using a Mail Relay and Mail Server

Using Automatic Rules

Using DLP with Microsoft Exchange

Using Hide NAT

Using Identity Awareness

Using Identity Awareness in the Firewall Rule Base

Using IPS Profiles

Using Remote Access VPN

Using Secure Workspace

Using SecureXL

Using Site to Site VPN

Using SmartEvent

Using SmartView Tracker

Using the Firewall Rule Base

Using the HTTPS Inspection Rule Base

Using the Identity Awareness Wizard

Using the Mobile Access Configuration Wizard

Using the URL Filtering and Application Control Rule Base

Using User Directory

VPN Communities

VPN Connectivity Modes