G ai a_technical_v11
-
Upload
jihoon-lim -
Category
Art & Photos
-
view
424 -
download
4
description
Transcript of G ai a_technical_v11
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved.©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties
GAiA Technical Overview
2©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
GAiA Technical Agenda
1 What is GAiA?
Management2
Networking3
Installation and Upgrade4
3©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Today’s IT Security Challenges
More Efficient IT Infrastructure and Management
More Efficient IT Infrastructure and Management
Increased Network Complexity and Performance
Increased Network Complexity and Performance
Growing Multi-Vector Security Threats
Growing Multi-Vector Security Threats
4©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
GAiA Technical Agenda
1 What is GAiA?
Management2
Networking3
Installation and Upgrade4
5©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
New Cutting-Edge Security Gateway Platform
Increase Operational Efficiency with Wide Range of New Features
Combining the Best Features of IPSO and SecurePlatform (SPLAT)
Secure Platform for the Most Demanding Environments
6©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Feature-Rich Web GUI
64-Bit
IPv6 Security
Fast Gateway Replication
Auto-SoftwareUpdate
Role-BasedAdmin
5 Multicasting Protocols
5 DynamicRouting Protocols
VRRP & SecureXL
Single image
Gateway Virtualization
Powerful New
Features
New Cutting-Edge Security Gateway Platform
7©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Foundation for All Software Blades
Consolidate Any Software Blade You NeedNow Also on IP-Series Appliances
DLPApplication
ControlIPSFirewall& VPN
URLFilteringAnti-Bot
Identity Awareness Antivirus
2012 Models Power-1 IP-Series
8©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Open Servers VMWare
One Security Platform
2200 4000 12000 21400 61000
Power-1 UTM-1 Smart-1
IP Series
9©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
GAiA Technical Agenda
1 What is GAiA?
Management2
Networking3
Installation and Upgrade4
10©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Ease of Management
Role Based Administration
Automatic Software Update
Increase Operational Efficiency with Wide Range of New Features
11©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Intuitive Web GUI Experience
CPOS_Web
All CommandsAll Commands
SearchSearch
DashboardDashboard
Shell EmulatorShell Emulator
12©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
SuperShell
Over 1,000 GAiA Commands
SPLAT & IPSO Backward Compatibility
Full Auditing
Define Your Own SuperShell Commands
Feature Parity with GAiA WebUI
Feature-Rich Commands
13©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
GAiA Management Architecture
passwd:admin tpasswd:admin:gid 0passwd:admin:homedir /home/adminpasswd:admin:lastchg 1257897600passwd:admin:passwd bPVk$XAbF2fm87Gti5ETmYFVon0passwd:admin:shell /etc/cli.shpasswd:admin:uid 0interface:eth0 tinterface:eth0:state oninterface:eth0:ipaddr:192.168.1.1 tinterface:eth0:ipaddr:192.168.1.1:mask 24timezone:zoneinfo America/New_Yorktimezone:region New_Yorktimezone:area Americahosts:GAiA thosts:GAiA:address 192.168.1.1
Database
One Database Facilitates Replication and System Backups
14©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Intelligent Backend
confd
shell
web /config/active
SyntacticValidation
Semantic Validation and
Database Coherency
Database
Ensures that Data is Accurate, Valid and Consistent
15©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Gateway Configuration Replication
Export Configuration to Other Gateways
Backup and Restore and Fast Cloning
Export and Revert the Entire Gateway Image in Minutes
Replicate & Revert Your Gateway
Database
16©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Different Admins, Different Privileges
Master Admin
Networking Edit Monitoring Only
Role-Based Administration
17©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Role-Based Administration
Granular Control of Users and Roles
95 Features:Groups of Related Commands
48 Extended Commands:OS or Gateway Utilities
18©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Industry Standard Authentication
RADIUS and TACACS+
Up to 15 privilege levels using TACACS+ “enable” mechanism
TACACS+ and RADIUS groups can be linked to Role Based Access
Used by ISPs and Enterprises to Manage Access
19©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
2XFaster
Download
Less than5 Seconds
Install
5XFaster
Rollback
Backup & Provisioning Efficient Auto Software Update
Background Software* Download & Installation
The Only Security Gateway withFull Software Update Automation
Schedule Update Download and Install
Validate and Inform Updates Process Status
*Hot Fix and Hot Fix Aggregation
20©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Software Updates Status
Conflicts Display
Status Explanation
Customer Specific Hot Fix
21©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Software Updates Policy
Automate the Update Process
Set Policy
Auto Rollback
Improve Updates
22©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Mail Notification New Packages Download Status Install Status
Software Updates Notifications
Keep Informed of New Updates and Update Status
23©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
GAiA Technical Agenda
1 Introducing GAiA
Management2
Networking3
Installation and Upgrade4
24©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Increase Operational Efficiency with Wide Range of New Features
Combining the Best Features of IPSO and SecurePlatform (SPLAT)
Advanced Networking
60X Connection Capacity
IPv6 Network Security
Secure Platform for the Most Demanding Environments
25©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
IPv6 Support
Native IPv6 Protocol Suite
IPv6 Acceleration and Clustering
Dynamic Routing is on the Roadmap
VRRPv3 with IPv6 is on the Roadmap
Free IPv6License
26©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Integrating IPv4 and IPv6
* Not supported in the first GAiA release
Migration Examples
Run dual-stack in the United States Go completely to IPv6 in Japan Use tunneling in Europe
Transition Methods
Dual Stack – IPv4 & IPv6 run concurrently Tunneling – encapsulate IPv6 in IPv4 Translation – from IPv4 to IPv6 packets* IPv6
IPv4
27©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
IPv6 Basic Setup
GAiA Configuration
Enable IPv6
Configure the IPv4 & IPv6 interfaces
Add IPv4 & IPv6 routes
Firewall Configuration
Add IPv6 interfaces to the gateway object
Create IPv4, IPv6 hosts and network objects
Create some basic rules
29©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Advanced Networking Clustering
Two Modes of Redundancy:ClusterXL* and VRRP
* IPv6 HA
30©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Dynamic Routing
Well-known IPSO Dynamic Routing Stack– BGP– OSPF – RIP– PIM (Sparse Mode and Dense Mode) – IGMP
Manageable Dynamic Routing
32©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Advanced Networking – More
DHCP Relay Agent
DHCP Server
Link Aggregation with 802.3ad Support
Policy Based Routing
33©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
High Connection Capacity
High Connection Capacity on Select Appliance Models, via the Built-in 64-bit Firewall
Power-1 11000
4800
12600
21400
SecurePlatform/IPSO
GAiA
6GB 1.2M 2.5M
8GB 1.2M 3.3M
12GB 1.2M 5.0M
24GB 1.2M 10.0M
34©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Getting to 64 Bit
Standard Memory64 Bit Minimum
MemoryMaximumMemory
4800, 12200 4GB 8GB 8GB
12400 4GB 8GB 12GB
12600 6GB 6GB 12GB
21400 12GB 12GB 24GB
IP1280, IP2450 4GB 8GB 8GB
Open Servers Depends on model 6GB 24GB
35©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
GAiA Technical Agenda
1 Introducing GAiA
Management2
Networking3
Installation and Upgrade4
36©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
AdvancedNetworking
Better Security
From SPLAT to GAiA
SimplerManagement
Advanced Web GUI
Replicate Configuration
VRRP Clustering IPv6 Security High-Connection
Capacity (64-Bit)
Role-Based Admin
TACACS+ Integration
37©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Ease of Deployment
New Check Point Appliance
More Software Blades
Single Image of OS and Gateway
Simple Installation and Replication
One-Click Registration
Configuration Wizards
More Blades DLP Mobile Access Anti-Spam Anti-BotPlus IPv6 Security
From IPSO to GAiA
Same User Experience
Extended Functionality
Leverage New and More Powerful Check Point Appliances
12000
4000
2200
21400
38©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Upgrade to R75.40
R75 R75.10
R71 R71.10
R70R70 R70.10R70.10
R75.20
R71.20
R70.20R70.20
R75.30
R70.30R70.30
R71.30
R70.40R70.40
Upgrade to R75.40 and the GAiA OS
R71.40
R70.50R70.50
R75.40GAIA
IPSO
Upgrade supported from
version 6.2
39©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Upgrading SecurePlatform to GAiA
Upgrade the product licenses to R75 or higher
Connect a DVD drive to the USB port
Run: # patch add cd
Select the applicable upgrade option
Remove the CD and reboot
Install a policy
1
3
2
4
6
5
40©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
Upgrading IPSO to GAiA
Mount the GAiA iso
Install GAiA upgrade package
Run the upgrade package
Supply the backup location *
Supply the upgrade template *
Script runs automatically
1
3
2
4
6
5Console
Connection
FTP Server
IP Appliance
* Optional
41©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
First Time Installation
Configuration Template
Install Options
First Time Wizard
42©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |
What’s Next?
Acceleration Card
Port Based Routing
NetFlow
IPv6 Dynamic Routing
VRRPv3 – Support for IPv6
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved.©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties
Thank You!