Configuring Inspection Settings in SmartConsole

There are many Inspection Settings profiles in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. that add means of protection to your Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. and protect against malicious attacks. You can configure the Inspection Settings to:

• Identify attack signatures

• Identify protocol anomalies

• Ensure RFC compliance

• Inspect signaling protocols, verify header formats, and protocol call flow state

• Establish granular VoIP security for maximum flexibility

• Generate detailed logs with packet captures on VoIP security events with Detect Mod

  SmartConsole allows you to configure rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. exceptions. For example, if you add an exception that allows non-RFC compliant SIP traffic on a specified VoIP server, security is not compromised for all other VoIP traffic.

Inspection Settings can be configured for each profile and can prevent, detect, or be inactive.

To configure Inspection Settings for VoIP:

1. In the Manage & Settings tab, go to Blades > General, select Inspection Settings.

   The Inspection Settings window opens.

2. From the General page, in the search window, enter <your_protocol >.

3. Double-click the Setting you want to configure.

4. Double-click the applicable Inspection Profile.

5. On every page in this window, configure the applicable settings.

6. Click OK > Close.

7. Close the Inspection Settings window.

8. In SmartConsole, install the policy.

Note for MGCP:

The Security Gateway has a number of Inspection Settings for MGCP. The inspection settings identify attack signatures and packets with protocol anomalies . Strict compliance is enforced with RFC-2705, RFC-3435 (version 1.0), and ITU TGCP specification J.171. Additionally, all inspection settings network security capabilities are supported, such as inspection of fragmented packets, anti-spoofing, and protection against Denial of Service (DoS) attacks.

Note for H.323:

• Inspection Settings does these application layer checks for H.323:

• Strict protocol enforcement, including the order and direction of packets

• Message length restrictions

• Stateful checks on RAS messages

Configuring VoIP Ports in SmartConsole

Use SmartConsole to configure VoIP phone and proxy ports. The Security Gateway enforces security on that port. Each protocol uses port 5060 as a default port, but you can also configure new ports for your Security Gateway.

To configure VoIP on a port:

1. Open SmartConsole.

2. From the Objects Explorer, click More object types > Service.

3. Select <your_protocol >.

   The New Protocol Service window shows.

4. In the General tab, enter an object name.

   1. In the General section > Protocol, select <your_protocol >

   2. In the Match By section, enter either the Standard Port or Customize your port..

5. Click OK.