What This Book Is and Is Not

What you are holding in your hands now is a book about Check Point FireWall-1 NG. It covers the essentials of the product. Each chapter discusses a major feature of the product or a specific topic that will help you plan for or maintain your FireWall-1 NG installation. You get step-by-step configuration instructions for many features in FireWall-1 complete with screenshots and several sample configurations you can try. The book also includes lots of information from my FireWall-1 Frequently Asked Questions (FAQs) on http://www.phoneboy.com.

Not every feature of FireWall-1 is covered in this text. The "essential" features I have chosen to cover are based on my experience as someone who has supported this product since 1996. Other peripheral topics, like encryption and network security, are covered briefly as they relate to FireWall-1 but are not covered in great detail. I feel that other authors do a better job of covering these topics?some examples are provided in Appendix H.

A summary of the chapters in this book follows. Note that where sample configurations are said to exist in a chapter, it means there are step-by-step examples you can follow to set up your own equipment, provided you have it.

Chapter 1, Introduction to Firewalls, briefly discusses firewalls in general, the different technologies used in today's firewalls, and how they are used in FireWall-1.

Chapter 2, Planning Your Firewall-1 Installation, talks about the issues that should be considered prior to installing a firewall, such as understanding your current network topology, establishing a formalized security policy, and reviewing the various types of licenses that exist in FireWall-1.

Chapter 3, Installing FireWall-1, walks you through the initial configuration of FireWall-1 when it is loaded for the first time. This chapter also covers the basics of preparing your system for a firewall installation.

Chapter 4, Building Your Rulebase, explains the basics of creating a security policy within FireWall-1 and includes how to use the Policy Editor application.

Chapter 5, Logging and Alerting, explains how logging and alerting work in FireWall-1. Details about how to use the Log Viewer and System Status Viewer applications are also provided.

Chapter 6, Common Issues, is a collection of FAQs that may come up once you have set up your firewall and become familiar with the SmartView Tracker/Log Viewer application. These FAQs are not specific to features covered in future sections of the book.

Chapter 7, Remote Management, explains how to manage multiple firewall modules from a single management console. Sample configurations are provided in this chapter.

Chapter 8, User Authentication, explains how you can provide access control for services based on individual users. Sample configurations are provided in this chapter.

Chapter 9, Content Security, explains how you can restrict the kind of content that enters or leaves your network via HTTP, FTP, and SMTP. Sample configurations are provided in this chapter.

Chapter 10, Network Address Translation (NAT), explains what NAT is, why it is a necessary evil, and how to configure NAT within FireWall-1. Sample configurations are provided in this chapter.

Chapter 11, Site-to-Site VPN, explains what a Virtual Private Network (VPN) is and how to configure FireWall-1 to support this feature. Sample configurations are provided in this chapter.

Chapter 12, SecuRemote and SecureClient, builds on Chapter 11. It explains how to establish client-to-site VPNs using Check Point's Windows-based VPN client called Secure Client, which is also known as SecuRemote. Sample configurations are provided in this chapter.

Chapter 13, High Availability, explains State Synchronization and how it plays a role in highly available firewalls. Also covered are the problems that arise when implementing multiple firewalls in parallel along with some ideas on how to overcome these problems.

Chapter 14, INSPECT, is an overview of the language that is the heart of Check Point FireWall-1. Several examples of working INSPECT code are provided in the chapter as well as in the appendixes.

The appendixes cover topics such as hardening an operating system, sample INSPECT code, performance tuning, recommended books, and Web sites on the Internet where you can obtain software and more information.