Tools
Check Point Enterprise Management Client is the suite of management tools that you need to manage the ASFs. Within the Check Point Management software, there are three main modules that deal with different operational aspects of the ASF:
- Check Point Policy Editor
- Check Point Log Viewer
- Check Point System Status Viewer
These modules are described in the following sections.
Check Point Policy Editor
The Check Point Policy Editor provides comprehensive management of the Check Point Firewall engine that runs on the ASFs. The Policy Editor enables the security administrator to perform a wide range of functions, including:
- Create, delete, and edit security policies on the ASF cluster
- Create, delete, define, and edit objects, protocols, servers, and users within the firewalls
- Install and uninstall the security policies assigned to the ASF clusters
- Create, delete, and edit address translation rules from the ASF clusters
Check Point Log Viewer
The Log Viewer provides administrators a visual representation of the traffic flow through the ASFs. Security policies define which traffic to add to the Log Viewer, so communications that don’t specify logging aren’t logged. The Log Viewer is capable of displaying the following information for each communication:
- Date and time
- Interface on which the traffic entered
- The action taken on the communication
- The rule number
- Encryption and address translation details
The Log Viewer has the ability to filter on each of the information categories above to focus on any element of the logs. It has three modes: log, account, and active. The log mode shows each connection as it’s created. The account mode shows information pertinent to accounting, such as the duration of the connection and the number of bytes transferred. The active mode lists all the connections currently open through the ASF. When the active mode is enabled, the administrator can block any connection (which can be very useful when policing the security domain).
Check Point System Status Viewer
The System Status Viewer gives a graphical view of the working state of each firewall, and provides information on how many packets have been accepted, logged, and dropped. You can also use this tool to summarize the policy for a particular firewall. In addition, the System Status Viewer is the system monitoring interface that allows the generation of alerts under security administrator–defined conditions.
No comments:
Post a Comment