[Date Prev][Date Next][Thread Prev][Thread Next][Thread Index]
Re: [fw1-gurus] Query regarding CheckPoint VSX
- Subject: Re: [fw1-gurus] Query regarding CheckPoint VSX
- From: Dameon Welch-Abernathy <[email protected]>
- To: FireWall-1 Gurus Mailinglist <[email protected]>
- Date: Wed, 11 Mar 2009 20:57:00 -0700
On Wed, Mar 11, 2009 at 3:25 AM, krishna gopi <[email protected]> wrote:
> Hi Gurus,
> I've following set of questions regarding CheckPoint
> VSX. Any information regarding the below questions would really helps me.
> Q> Which transport communication is supported by CheckPoint(like XML over
> HTTP)?? To communicate with the device and configure some setting from the
> external environment..
Check Point uses a proprietary mechanism to communicate configuration
information to the devices and information from the devices (e.g.
logging). The communication is encrypted with SSL.
> Q> When we create the ACL's and Virtual Systems, how does it applied to the
> interfaces. is there any specific physical Interface to which they apply
> this. Is there any specific name for the interface like 'security interface
> in Cisco ASA'.
Check Point, in general, treats the security gateway as a discrete
object with only one security policy. The only exception to this rule
is anti-spoofing, which is an interface-specific setting. Otherwise,
all interfaces enforce the same security policy.
In the VSX case, each interface will only enforce the rules that are
specific to the virtual system they are a part of. Beyond changing
what interfaces are in each virtual system, you cannot control what
interfaces get a particular policy.
fw1-gurus mailing list