[Date Prev][Date Next][Thread Prev][Thread Next][Thread Index]

Re: [fw1-gurus] Query regarding CheckPoint VSX

On Wed, Mar 11, 2009 at 3:25 AM, krishna gopi <[email protected]> wrote:
> Hi Gurus,
>                     I've following set of questions regarding CheckPoint
> VSX. Any information regarding the below questions would really helps me.
> Q> Which transport communication is supported by CheckPoint(like XML over
> HTTP)?? To communicate with the device and configure some setting from the
> external environment..

Check Point uses a proprietary mechanism to communicate configuration
information to the devices and information from the devices (e.g.
logging). The communication is encrypted with SSL.

> Q> When we create the ACL's and Virtual Systems, how does it applied to the
> interfaces. is there any specific physical Interface to which they apply
> this. Is there any specific name for the interface like 'security interface
> in Cisco ASA'.

Check Point, in general, treats the security gateway as a discrete
object with only one security policy. The only exception to this rule
is anti-spoofing, which is an interface-specific setting. Otherwise,
all interfaces enforce the same security policy.

In the VSX case, each interface will only enforce the rules that are
specific to the virtual system they are a part of. Beyond changing
what interfaces are in each virtual system, you cannot control what
interfaces get a particular policy.

-- PhoneBoy
fw1-gurus mailing list
[email protected]