7. Check Point Getting Started R80.20. Access control
Welcome to Lesson 7, where we will begin working with security policies. Today, for the first time we will establish a policy on our gateway, i.e. finally make the “install policy”. After that, traffic will be able to go through the gateway!
In general, politics, from the point of view of Check Point, is a rather broad concept. Security Policies can be divided into 3 types: ')
Access Control . This includes blades such as: Firewall, Application Control, URL Filtering, Content Awareness, Mobile Access, VPN. Those. All that concerns permission or restriction of traffic.
Threat Prevention . Blades are used here: IPS, Anti-Virus, Anti-Bot, Threat Emulation, Threat Extraction. Those. functions that check the contents of traffic or content that has already passed through the Access Control.
Desktop Security . These are already Endpoint agent management policies (i.e., workstation protection). In principle, we will not touch upon this topic within the course.
In this lesson, we’ll start talking about Access Control policies.
Composition Access Control
Access Control is the first policy to be installed on the gateway. Without this policy, others (Threat Prevention, Desktop Security) will simply not be installed. As mentioned earlier, Access Control policies include several blades at once:
Firewall;
Application & URL Filtering;
Content Awareness;
Mobile Access;
NAT.
We first consider only one - Firewall.
Four steps to configure Firewall
To install the policy on the gateway, we MUST need to do the following:
Define gateway interfaces in the appropriate security zone (be it Internal, External, DMZ, etc.)
Configure Anti-Spoofing ;
Create network objects ( Networks, Hosts, Servers , etc.) This is important! As I said, Check Point only works with objects. Paste in the access list just ip-address does not work;
Create Access-List (at least one).
Without these settings, the policies simply will not be established!
Video lesson
As usual, we apply a video tutorial, where we will perform the basic setup of Access-Control and create the recommended access lists.