Index
A
B
C
D
E
F
G
H
I
J K
L
M
N
O
P
Q
R
S
T
U
V
W
X Y Z
A
Access Control and the Rule Base
Action
Activating Single Sign On
AD Query
Adding a Certificate
Adding an Access Role to a Rule
Adding an IPS Exception
Adding Data Owners
Adding Network Exceptions
Adding Users to the Rule Base
Adding Users to the Security Policy
Advanced NAT Settings
Allowing Mobile Connections
Allowing VPN Connections
Analyzing and Tracking DLP
Analyzing the Rule Base (Hit Count)
Anti-Bot
Anti-Bot and Anti-Virus
Anti-Bot and Anti-Virus Rule Base
Anti-Spam
Anti-Virus
APP Wiki
Applications/Sites
Authentication Tab
Automatic and Manual NAT Rules
Automatic and Proxy ARP
Automatic Hide NAT to External Networks
B
Basic Rules
Block
Blocking Specified Application Commands
Bot
Browser-Based Authentication
Browsing IPS Protections
C
CGNAT Rule Notes
Check Point Firewall Security Solution
Check Point Mobile Access Solutions
Check Point Software Acceleration Solutions
Citrix Services
Client-Based vs. Clientless
Communication Between an Internal Network and the Internet
Communication Between Internal Networks
Communication Examples
Compliance Check
Compliance Policy Rules
Components of the Check Point Solution
Configuring Alternate CRL Distribution Points
Configuring Anti-Spoofing
Configuring CGNAT
Configuring Citrix Services for Mobile Access
Configuring Compliance Settings for a Security Gateway
Configuring CoreXL
Configuring Fail Open When CRL is Unavailable
Configuring Fragmentation for IPSec Traffic
Configuring Gateways to Send Logs to Syslog Servers
Configuring Geo Protections
Configuring GSN Handover Group Limits
Configuring GTPv2 Support
Configuring HTTPS Inspection Rules
Configuring IP Pool NAT
Configuring LSV
Configuring New GTPv2 Message Types and Information Elements
Configuring Persistent VPN Kernel Parameters
Configuring Remote Access to Network Resources
Configuring SCTP Acceleration
Configuring SCTP Inspection
Configuring SCTP NAT
Configuring SecureXL
Configuring Security Gateways
Configuring Stateful NAT64
Configuring Static and Hide NAT
Configuring Subnet Range Selection for Quick Mode IDs
Configuring the GTP Signaling Rate Limit
Configuring the Hit Count Display
Configuring the NAT Policy
Configuring the Security Gateway Object
Configuring the Security Management Server Object
Connecting to a Citrix Server
Connecting Translated Objects on Different Interfaces
CoreXL
CoreXL
CoreXL
Creating a Compliance Policy
Creating a New AD Object
Creating a Secure Firewall Rule Base
Creating a Strong Firewall Security Policy
Creating an Account Unit
Creating Diameter Application Commands
Creating Diameter Applications
Creating Diameter SCTP Services
Creating Diameter TCP Services
Creating Reports
Creating VPN Policies
CSCF
D
Data Loss Prevention Features
DBedit
Deactivating Session Hijacking Protection
Defending Against Network Intrusions
Defining a NAT64 Rule
Defining Access to Applications
Defining an Internet Access Policy
Defining Security Zones
Defining Syslog Servers
Deploying User Directory
Deployment Configurations
Diameter
Diameter Application
Disabling IKEv2 Traffic Selector Narrowing
Disabling NAT in a VPN Tunnel
DLP
DLP Actions
DLP General Columns
DLP Restricted Columns
DLP Rule Actions
DLP Rule Base
DLP Rule Exceptions
DMZ
DPD
Drop
Dual Stack (IPv4 and IPv6) Network Configuration
E
Editing an Account Unit
Enabling Anti-Spam
Enabling Automatic NAT
Enabling DLP
Enabling HTTPS Inspection
Enabling Identity Awareness
Enabling IPS
Enabling Manual NAT
Enabling or Disabling Hit Count
Enabling SmartEvent
Enabling SmartLog
Enabling Syslog in Kernel
Enabling the Anti-Bot Software Blade
Enabling URL Filtering and Application Control
Enabling User Directory
Event
Examining Anti-Bot and Anti-Virus Protections
Excluding Specific Internal Addresses
Explicit and Implied Rules
F
Firewall R77 Versions Administration Guide
G
Gateway Configuration
General Tab
Generating a New Certificate
GGSN
GPRS
Granular Routing Control
GSM
GTP
GuiDBedit
H
Hide NAT
Hide NAT for Address Range
How to Use this Guide
HSPA
HTTPS Inspection
I
Identifying Bot Infected Computers
Identity Awareness and Remote Access
Identity Sources
IKE
Important Information
Inbound Connections
Inspecting HTTPS Packets
Interface A
Interface B
Interface C
Internal Communication with Overlapping Addresses
IP Pool NAT
IP Pool NAT for Clusters
IP Pool Per Interface
IPS
IPS Protection Profiles
IPS Update Options
IPv4 embedded IPv6 address
L
Large Scale VPN
Learning about Malware
Licenses
Logging
LTE
LTE
LTE
M
Managing LDAP Information
Managing the Anti-Bot and Anti-Virus Rule Base
Managing the DLP Rule Base
Managing the Firewall Rule Base
Managing URL Filtering and Application Control
Maximizing Network Performance
Mobile Access Clients
Mobile Access Web Portal
Monitoring and Logging
Monitoring GSN Handover Group Limits
Monitoring Important Events with SmartEvent
Monitoring LSV Peers and Tunnels
Monitoring Traffic and Connections with SmartLog
Multi-Queue
N
NAT and Anti-Spoofing
NAT Priorities
NAT Rule Base
Network Configuration
Non-Corresponding Gateway Addresses
Notifying Data Owners
O
Object Database Configuration
Objects Management Tab
On Linux
On Windows
Order of NAT Rule Enforcement
Order of Rule Enforcement
Other Settings
Outbound Connections
Overview
Overview
Overview
Overview
Overview of Firewall Features
Overview of IPS
P
PDP
Performance Pack
Perimeter
PLMN
Preventing IP Spoofing
Protecting Networks from Bots
Protecting Networks from Viruses
PSWT
R
Redirecting to a Captive Portal
Remote Access Community
Remote Access to the Network
Remote Access VPN
Remote Access VPN
Remote Access VPN
Reusing IP Pool Addresses For Different Destinations
Routing Considerations
Routing VPN Traffic
Rule
Rule Base
S
SA
Sample Application Control and URL Filtering Event Analysis
Sample Automatic Rules
Sample Combination VPN Community
Sample Configuration
Sample Deployment (Manual Rules for Port Translation)
Sample Deployment (Static and Hide NAT)
Sample Deployment with Citrix Server
Sample DLP Deployment
Sample Firewall Rule Base
Sample Identity Awareness Rules
Sample Log Analysis
Sample Mail Relay Deployment
Sample Mobile Access Deployment
Sample Mobile Access Workflow
Sample NAT Deployments
Sample Remote Access VPN Workflow
Sample Rule Base
Sample Rule Base
Sample Rule Base
Sample Site to Site VPN Deployment
Sample Star Deployment
Sample URL Filtering and Application Control Rule Base
Sample VPN Firewall Rules
SCTP
Securing Data
Security Gateway
Security Management Behind NAT
Security Management Server
Security Policy
Sending Check Point Logs to a Syslog Server
Servers Tab
SGSN
SIP
Site to Site VPN
SmartDashboard
SmartDashboard Toolbar
SmartEvent Server
Software Blade
Special URL Filtering and Application Control Fields
SSL Network Extender
Static NAT
Static NAT for a Network Object
T
The Check Point Solution for Internet Browsing
Threat Prevention Policies
ThreatCloud Repository
ThreatSpect Engine
ThreatSpect engine and ThreatCloud repository
Tracking CGNAT Rule Activity
Translating IP Addresses
U
Updating IPS Protections
User Directory Features
UserCheck
UserCheck
UserCheck
UserCheck Actions
Using a Mail Relay and Mail Server
Using Automatic Rules
Using Diameter Services in Rules
Using DLP with Microsoft Exchange
Using Hide NAT
Using Identity Awareness
Using Identity Awareness in the Firewall Rule Base
Using IPS Profiles
Using Remote Access VPN
Using Secure Workspace
Using SecureXL
Using Site to Site VPN
Using SmartEvent
Using SmartView Tracker
Using the Firewall Rule Base
Using the HTTPS Inspection Rule Base
Using the Identity Awareness Wizard
Using the Mobile Access Configuration Wizard
Using the URL Filtering and Application Control Rule Base
Using User Directory
UTMS
V
Verification
VPN Communities
VPN Connectivity Modes
W
Working with Access Roles