Boot Security
|
Important - This section does not apply to Scalable Platforms (Maestro and Chassis). |
The Boot Security protects the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. and its networks, during the boot:
-
Disables the IP Forwarding in Linux OS kernel
-
Loads the Default Filter Policy
|
Important - In a Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing., you must configure all the Cluster Members in the same way. |
The Default Filter Policy (defaultfilter
) protects the Security Gateway from the time it boots up until it installs the user-defined Security Policy Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection..
Boot Security disables IP Forwarding and loads the Default Filter Policy.
There are three Default Filters templates on the Security Gateway:
Default Filter Mode |
Default Filter Policy File |
Description |
||
---|---|---|---|---|
Boot Filter |
|
This filter:
|
||
Drop Filter |
|
This filter drops all inbound and outbound packets on the Security Gateway.
|
||
Filter for Dynamically Assigned Gateways (DAG) |
|
This filter for Security Gateways with Dynamically Assigned IP address:
|
Step |
Instructions |
|||
---|---|---|---|---|
1 |
Make sure to configure and install a Security Policy on the Security Gateway. |
|||
2 |
Connect to the command line on the Security Gateway. |
|||
3 |
Log in to the Expert mode. |
|||
4 |
Back up the current Default Filter Policy file:
|
|||
5 |
Create a new Default Filter Policy file.
|
|||
6 |
Compile the new Default Filter file:
|
|||
7 |
Get the path of the Default Filter Policy file:
Example:
|
|||
8 |
Copy new complied Default Filter file to the path of the Default Filter Policy file.
|
|||
9 |
Make sure to connect to the Security Gateway over a serial console.
|
|||
10 |
Reboot the Security Gateway. |
Administrators with Check Point INSPECT language knowledge can define customized Default Filters.
|
Important - Make sure your customized Default Filter policy does not interfere with the Security Gateway boot process. |
Step |
Instructions |
|||
---|---|---|---|---|
1 |
Make sure to configure and install a Security Policy on the Security Gateway. |
|||
2 |
Connect to the command line on the Security Gateway. |
|||
3 |
Log in to the Expert mode. |
|||
4 |
Back up the current Default Filter Policy file:
|
|||
5 |
Create a new Default Filter Policy file.
|
|||
6 |
Edit the new Default Filter Policy file to include the applicable INSPECT code.
|
|||
7 |
Compile the new Default Filter file:
|
|||
8 |
Get the path of the Default Filter Policy file:
Example:
|
|||
9 |
Copy new complied Default Filter file to the path of the Default Filter Policy file.
|
|||
10 |
Make sure to connect to the Security Gateway over a serial console.
|
|||
11 |
Reboot the Security Gateway. |
It is sometimes necessary to stop the Security Gateway for maintenance. It is not always practical to disconnect the Security Gateway from the network (for example, if the Security Gateway is on a remote site).
To stop the Security Gateway for maintenance and maintain security, you can run:
Command |
Description |
|||
---|---|---|---|---|
|
|
|||
|
|