本站已运行 14年358天23小时8分13秒

攻城狮论坛

作者: 有空了就来了
查看: 10046|回复: 119

主题标签Tag

more +今日重磅推荐Recommend No.1

所有IT类厂商认证考试题库下载所有IT类厂商认证考试题库下载

more +随机图赏Gallery

【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器

[Check Point] CheckPoint 防火墙实施指南UTM-1&Power-1+V2.0防火墙项目实施指南

  [复制链接]
查看: 10046|回复: 119
开通VIP 免金币+免回帖+批量下载+无广告

CheckPoint 防火墙实施指南UTM-1&Power-1+V2.0防火墙项目实施指南

CheckPoint 防火墙实施指南UTM-1&Power-1+V2.0防火墙项目实施指南

CheckPoint 防火墙实施指南UTM-1&Power-1+V2.0防火墙项目实施指南

CheckPoint 防火墙实施指南UTM-1&Power-1+V2.0防火墙项目实施指南

CheckPoint 防火墙实施指南UTM-1&Power-1+V2.0防火墙项目实施指南

CheckPoint 防火墙实施指南UTM-1&Power-1+V2.0防火墙项目实施指南


课程介绍:

目 录
CHECK POINT防火墙项目实施指南 ....................................................................................................................... 1
1 .防火墙介绍 .................................................................................................................................................. 9
1.1 UTM-1 ........................................................................................................................................ 9
1.1.1 UTM-1功能特性 .............................................................................................................. 9
1.1.2 UTM-1防火墙面板接口说明 ........................................................................................ 10
1.2 POWER-1 .................................................................................................................................... 10
1.2.1 Power-1功能特性 .......................................................................................................... 10
1.2.2 Power-1面板接口说明 .................................................................................................. 11
1.3 术语介绍 ............................................................................................................................. 12
1.4 UTM-1/ POWER-1产品区别 ...................................................................................................... 13
1.4.1 市场定位的区别 ............................................................................................................ 13
2 防火墙系统配置指南 .................................................................................................................................. 13
2.1 初始化防火墙系统配置 ..................................................................................................... 13
2.1.1 支持的Check Point软件版本........................................................................................ 13
2.1.2 UTM-1/Power-1防火墙系统初始化 ............................................................................. 13
2.2 初始化管理服务器系统配置 ............................................................................................. 22
2.2.1 管理服务器的安装 ........................................................................................................ 23
2.2.2 初始化管理服务器系统 ................................................................................................ 25
2.2.3 管理服务器的高可用性配置 ........................................................................................ 33
2.2.4 防火墙管理客户端安装 ................................................................................................ 37
2.3 系统和网络配置 ................................................................................................................. 40
2.3.1 系统层配置 .................................................................................................................... 40
2.3.2 接口配置 ........................................................................................................................ 43
2.3.3 路由配置 ........................................................................................................................ 49
2.4 防火墙HA配置 .................................................................................................................. 55
2.4.1 SmartCenter配置ClusterXL属性 .................................................................................. 55
2.5 防火墙对象和策略配置 ..................................................................................................... 60 攻城狮论坛 bbs.vlan5.com #^_^# 版 权 归 原 作 者 所 有 本 资 料 仅.供试读
©2011 Check Point Software Technologies Ltd. All rights reserved
.
第 4 页
2.5.1 配置网络对象 ................................................................................................................ 60
2.5.2 配置服务对象 ................................................................................................................ 79
2.5.3 防火墙策略配置 ............................................................................................................ 81
2.5.4 配置网络地址转换(NAT) ............................................................................................... 85
2.5.5 配置OPSEC类型对象 .................................................................................................... 89
2.5.6 限制用户连接数 ............................................................................................................ 97
2.5.7 配置防火墙最大并发连接 ............................................................................................ 98
2.5.8 会话老化时间配置 ........................................................................................................ 98
2.6 POWER-1 多核(COREXL)配置 ..................................................................................................... 99
2.6.1 设置处理防火墙进程CPU的数量 .............................................................................. 100
2.6.2 设置处理防火墙接口的CPU数量 .............................................................................. 101
2.7 SYSLOG转发SMARTCENTER日志 ............................................................................................... 103
3 入侵防护(IPS)策略的配置 ......................................................................................................................... 105
3.1 IPS浏览 .................................................................................................................................. 105
3.2 IPS配置 .................................................................................................................................. 106
3.2.1 定义执行IPS的防火墙 ............................................................................................... 106
3.2.2 定义IPS Profile ............................................................................................................. 108
3.2.3 配置Protections ........................................................................................................... 111
3.2.4 配置Geo Protection ..................................................................................................... 112
3.2.5 配置Network Exceptions ............................................................................................. 113
3.2.6 IPS安全更新 ................................................................................................................ 114
3.2.7 Follow Up选项 ............................................................................................................. 115
3.2.8 Advanced选项 ............................................................................................................. 116
3.3 禁用IPS ............................................................................................................................. 116
4 身份识别控制(IDENTIFY AWARENESS) ...................................................................................................... 117
4.1 CAPTIVE PORTAL 设置 ............................................................................................................... 120
4.2 测试用户的访问控制(IDENTITY ACCESS) .............................................................................. 121
4.3 创建访问对象(ACCESS ROLES) ............................................................................................. 122 攻城狮论坛 bbs.vlan5.com #^_^# 版 权 归 原 作 者 所 有 本 资 料 仅.供试读
©2011 Check Point Software Technologies Ltd. All rights reserved
.
第 5 页
4.4 识别同一IP地址的多用户访问记录 .............................................................................. 123
4.5 使用CAPTIVE PORTAL认证 .................................................................................................. 125
5 SMARTEVENT事件分析器 ......................................................................................................................... 128
6 应用程序控制与URL过滤(APP CONTROL & URL FILTERING) .................................................................... 132
6.1 初始化APPLICATION CONTROL .............................................................................................. 132
6.2 创建 USERCHECK策略的动作 ............................................................................................ 134
6.3 初始化URL FILTERING ......................................................................................................... 136
7 对HTTPS 协议的检查 ............................................................................................................................... 138
7.1 为什么要检查HTTPS ........................................................................................................ 138
7.2 启用HTTPS INSPECTION ....................................................................................................... 138
7.3 BYPASS HTTPS INSPECTION .......................................................................................................... 138
8 数据防泄密测试(DLP) ............................................................................................................................... 139
8.1 DLP部署方案的条件: ......................................................................................................... 139
8.2 DLP部署环境的选择: ......................................................................................................... 139
8.2.1 使用集成DLP Blade的防火墙网关部署 .................................................................... 139
8.2.2 使用专业DLP硬件的部署方案 .................................................................................. 139
8.2.3 专用DLP网关部署到火墙后部 .................................................................................. 139
8.3 DLP部署的注意事项:............................................................................................................ 140
8.4 DLP数据防泄密测试 ............................................................................................................. 140
8.4.1 HTTP协议的数据防泄密测试 ..................................................................................... 141
8.4.2 SMTP发送关键字数据防泄密的测试 ........................................................................ 145
8.4.3 FTP文件上传数据防泄密测试 .................................................................................... 149
9 防垃圾邮件与防病毒 ................................................................................................................................ 151
9.1 开启防病毒与邮件安全模块 ........................................................................................... 151
9.2 配置防病毒与邮件安全策略 ........................................................................................... 151
9.3 下发防病毒与邮件安全策略 ........................................................................................... 152
9.4 测试邮件过滤功能 ........................................................................................................... 153
9.5 测试防病毒功能 ............................................................................................................... 154 攻城狮论坛 bbs.vlan5.com #^_^# 版 权 归 原 作 者 所 有 本 资 料 仅.供试读
©2011 Check Point Software Technologies Ltd. All rights reserved
.
第 6 页
10 僵尸网络防御(ANTI-BOT&ANTI-VIRUS) ..................................................................................................... 155
10.1 什么是僵尸网络 ............................................................................................................... 155
10.2 僵尸网络防御策略 ........................................................................................................... 155
11 防火墙维护和监控 .................................................................................................................................... 157
11.1 SMARTDASHBOARD ................................................................................................................ 157
11.1.1 使用Data Base Reversion Control ........................................................................... 157
11.2 SMARTVIEW TRACKER ............................................................................................................. 163
11.2.1 SmartView Tracker Mode ............................................................................................. 164
11.2.2 工具栏介绍 ............................................................................................................. 165
11.2.3 使用Filter过滤日志 ............................................................................................... 165
11.2.4 配置策略Track ........................................................................................................ 166
11.3 SMARTVIEW MONITOR ........................................................................................................... 167
11.3.1 配置Monitor ........................................................................................................... 167
11.3.2 监控Gateway 状态 ................................................................................................ 168
11.3.3 监控Traffic .............................................................................................................. 169
11.3.4 监控System Counters .............................................................................................. 170
11.3.5 监控Tunnels ............................................................................................................ 170
11.3.6 监控Remote Users .................................................................................................. 171
11.3.7 SmartUpdate ................................................................................................................ 172
11.3.8 安装安全更新 ......................................................................................................... 173
11.3.9 管理License ............................................................................................................. 174
12 防火墙备份与恢复 .................................................................................................................................... 176
12.1 SECUREPLATEFORM备份和恢复 ........................................................................................... 176
12.2 SMARTCENTER备份和恢复(UPGRADE_TOOLS) ........................................................................ 177
13 故障排查步骤............................................................................................................................................ 180
13.1 硬件故障排查: ............................................................................................................... 180
13.1.1 使用Hardware Diagnostic Tool ............................................................................... 180
13.1.2 电源与风扇状态检查.............................................................................................. 181 攻城狮论坛 bbs.vlan5.com #^_^# 版 权 归 原 作 者 所 有 本 资 料 仅.供试读
©2011 Check Point Software Technologies Ltd. All rights reserved
.
第 7 页
13.1.3 系统由于I/O错误无法启动 .................................................................................. 181
13.1.4 硬盘故障检查 ......................................................................................................... 181
13.1.5 网卡故障检查 ......................................................................................................... 181
13.2 软件故障排查 ................................................................................................................... 181
13.3 防火墙故障信息收集 ....................................................................................................... 182
13.3.1 登陆防火墙收集系统文件信息 .............................................................................. 182
13.3.2 Coredump文件的搜集................................................................................................. 182
13.3.3 收集debug .............................................................................................................. 182
13.3.4 使用 zdebug ............................................................................................................ 182
13.3.5 Debug FWD进程 .......................................................................................................... 183
13.4 故障排查步骤示例: ....................................................................................................... 184
13.4.1 问题现象 ................................................................................................................. 184
13.4.2 排查思路 ................................................................................................................. 184
13.4.3 排查结果分析 ......................................................................................................... 184
13.4.4 注意事项: ................................................................................................................ 185
14 常用命令 ................................................................................................................................................... 186
14.1 防火墙管理常用命令 ....................................................................................................... 186
14.2 系统管理常用命令 ........................................................................................................... 186
15 系统优化 ................................................................................................................................................... 187
15.1 对SMARTCENTER的优化 ..................................................................................................... 187
15.2 对防火墙模块的优化 ....................................................................................................... 188
15.2.1 关闭不需要的功能模块 .......................................................................................... 188
15.2.2 优化常用协议会话时长 .......................................................................................... 189
15.2.3 取消默认拒绝X11协议 ......................................................................................... 189
15.2.4 优化协议同步 ......................................................................................................... 190
15.2.5 其他优化建议 ......................................................................................................... 191
16 完整配置示例............................................................................................................................................ 193
16.1 分布式组网+OSPF+ECMP ................................................................................................. 193 攻城狮论坛 bbs.vlan5.com #^_^# 版 权 归 原 作 者 所 有 本 资 料 仅.供试读
©2011 Check Point Software Technologies Ltd. All rights reserved
.
第 8 页
16.1.1 网络规划及拓扑图 ................................................................................................. 193
16.1.2 IP地址规划 .................................................................................................................. 194
16.1.3 具体配置 ................................................................................................................. 194
16.2 分布式组网+STATIC+ECMP ................................................................................................ 201
16.2.1 网络规划及拓扑图 ................................................................................................. 201
16.2.2 IP地址规划 .................................................................................................................. 202
16.2.3 具体配置 ................................................................................................................. 202
16.3 HA组网+OSPF ................................................................................................................... 208
16.3.1 网络规划及拓扑图 ................................................................................................. 208
16.3.2 IP地址规划 .................................................................................................................. 209
16.3.3 具体配置 ................................................................................................................. 209
16.4 HA组网+STATIC路由 ......................................................................................................... 220
16.4.1 网络规划及拓扑图 ................................................................................................. 220
16.4.2 IP地址规划 .................................................................................................................. 221
16.4.3 具体配置 ................................................................................................................. 221
16.5 HA组网+OSPF+ECMP ....................................................................................................... 228
16.5.1 网络规划及拓扑图 ................................................................................................. 228
16.5.2 IP地址规划 .................................................................................................................. 229
16.5.3 具体配置 ................................................................................................................. 229
16.6 HA组网+STATIC+ECMP ...................................................................................................... 239
16.6.1 网络规划及拓扑图 ................................................................................................. 239
16.6.2 IP地址规划 .................................................................................................................. 240
16.6.3 具体配置 ................................................................................................................. 240


详细目录:

1


资源批量下载地址: ---> http://bbs.vlan5.com/forum-94-1.html
更多精品资源,打包下载(可按知识点/发布日期/培训班/讲师等方式批量下载视频/文档/资料/电子书)

本贴附件下载链接:

购买主题 已有 38 人购买  本主题需向作者支付 30 金币 才能浏览
CCNA考试 官方正规报名 仅需1500元
回复 论坛版权

举报

我是谁 [Lv6 略有所成] 发表于 2017-7-23 17:20:07 | 显示全部楼层
啥也不说了,楼主就是给力,
回复 支持 反对

举报

Rockyw [Lv10 举世无双] 发表于 2017-7-23 17:40:40 | 显示全部楼层
攻城狮论坛一直为会员提供经典/最新的资料&视频&题库,一直为大家提供力所能及的服务和帮助
回复 支持 反对

举报

laojiansg151 [VIP@钻石] 发表于 2017-7-23 18:06:19 | 显示全部楼层
金币不够用?来这里看看吧~~10种方法轻松拿金币~~~ http://bbs.vlan5.com/thread-9184-1-1.html
回复 支持 反对

举报

lqy531274131 [Lv6 略有所成] 发表于 2017-7-26 00:08:09 | 显示全部楼层
金币不够用?来这里看看吧~~10种方法轻松拿金币~~~ http://bbs.vlan5.com/thread-9184-1-1.html
回复 支持 反对

举报

mdp [Lv10 举世无双] 发表于 2017-7-26 05:37:46 | 显示全部楼层
最新思科ccna(200-125)考试认证题库在这里下载 2016年最新更新http://bbs.vlan5.com/thread-15970-1-1.html
回复 支持 反对

举报

myth1 [Lv10 举世无双] 发表于 2017-7-26 06:22:30 | 显示全部楼层
攻城狮论坛弄的不错 请大家多多支持 http://bbs.vlan5.com
回复 支持 反对

举报

liugangpaul [Lv8 技术精悍] 发表于 2017-7-26 07:15:50 | 显示全部楼层
+8888金币奖励!加入论坛VIP学习组会员,马上拥有免回复+免积分+批量下载特权!!! http://bbs.vlan5.com/plugin.php?id=qmx8_buy_usergroup:vip
回复 支持 反对

举报

kao1981089 [Lv10 举世无双] 发表于 2017-7-26 07:35:12 | 显示全部楼层
最新思科ccna(200-125)考试认证题库在这里下载 2016年最新更新http://bbs.vlan5.com/thread-15970-1-1.html
回复 支持 反对

举报

hugo_26 [Lv10 举世无双] 发表于 2017-7-26 08:19:41 | 显示全部楼层
你知道么? 通过论坛客服报名CCNA,CCNP,CCIE 最高可省2000元培训费. 联系QQ 80766391
回复 支持 反对

举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|无图浏览|手机版|网站地图|攻城狮论坛

GMT+8, 2025-7-9 23:04 , Processed in 0.118792 second(s), 21 queries , Gzip On, MemCache On.

Powered by Discuz! X3.4 © 2001-2013 Comsenz Inc.

Designed by ARTERY.cn