Configuring Implied Rules or Kernel Tables for Security Gateways

Introduction

An administrator configures Security Policy Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. and other inspection settings in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..

During a policy installation, the Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. creates the applicable files and transfers them to the target Security Gateways.

The Management Server creates these files based on:

Security Policy in SmartConsole
Global properties in SmartConsole
Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. properties
Multiple configuration files on the Management Server that control the inspection of various network protocols

It is possible to modify these configuration files on the Management Server to fine-tune the inspection in your network (in Check Point INSPECT language).

There are two main categories of these configuration files:

Files for Security Gateways that have the same software version as the Management Server.
Files for Security Gateways that have the a lower software version than the Management Server. This category is called "Backward Compatibility".

Configuration files

File Name	Controls	Location
`user.def`	User-defined implied rules.	See Location of 'user.def' Files on the Management Server
`implied_rules.def`	Default implied rules.	See Location of 'implied_rules.def' Files on the Management Server
`table.def`	Definitions of various kernel tables.	See Location of 'table.def' Files on the Management Server
`crypt.def`	VPN encryption macros.	See Location of 'crypt.def' Files on the Management Server
`vpn_table.def`	Definitions for various kernel tables that hold VPN data. For example, VPN timeouts, number of VPN tunnels, whether a specific kernel table should be synchronized between cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. members, and others.	See Location of 'vpn_table.def' Files on the Management Server
`communities.def`	VPN encryption macros for X11 server (X Window System) traffic.	See Location of 'communities.def' Files on the Management Server
`base.def`	Definitions of packet inspection for various network protocols.	See Location of 'base.def' Files on the Management Server
`dhcp.def`	Definitions of packet inspection for DHCP traffic - DHCP Request, DHCP Reply, and DHCP Relay.	See Location of 'dhcp.def' Files on the Management Server
`gtp.def`	Definitions of packet inspection for GTP (GPRS Tunnelling Protocol) traffic.	See Location of 'gtp.def' Files on the Management Server

Configuration Procedure

Connect to the command line on the Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server..
Log in to the Expert mode.

Back up the current file:

cp -v /<Full Path to File>/<File Name>{,_BKP}

Example:

cp -v $FWDIR/conf/user.def.FW1{,_BKP}

Edit the current file:

vi /<Full Path to File>/<File Name>

Example:

vi $FWDIR/conf/user.def.FW1

Make the applicable changes as described in the applicable SK article, or as instructed by Check Point Support.
Save the changes in the file and exit the editor.
Connect with SmartConsole to the Security Management Server.
In SmartConsole, install the Access Control Policy on the applicable Security Gateway or Cluster object.