Chec
k Po
int S
ecu
rity
Chec
k Po
int S
ecu
rity
Adm
inis
trat
ion
Adm
inis
trat
ion
Mo
dule
2:
M
odu
le 2:
Se
curit
y Po
licy
Secu
rity
Polic
y
Au
tho
rize
d D
istri
buto
r in
Vi
etn
am
Ngu
yn
N
guy
n N
hN
hB
ng
B
ng
Secu
rity
Adm
inis
trat
ion
Secu
rity
Adm
inis
trat
ion
Cou
rse
Map
Cou
rse
Map
Mo
dule
1:
Mo
dule
1:
VPN
VPN
--1
NG
X A
rchi
tect
ure
1 N
GX
Arc
hite
ctu
re
Mo
dule
2:
Mo
dule
2:
Secu
rity
Polic
ySe
curit
y Po
licy
Mo
dule
3:
Mo
dule
3:
Net
wo
rk A
ddre
ss Tr
ansl
atio
nN
etw
ork
A
ddre
ss Tr
ansl
atio
n
Mo
dule
4:
Mo
dule
4:
Mo
nito
ring
Mo
nito
ring
Mo
dule
4:
Mo
dule
4:
Mo
nito
ring
Mo
nito
ring
Mo
dule
5:
M
odu
le 5:
D
isas
ter
Rec
over
yD
isas
ter
Rec
over
y
Mo
dule
2:
Mo
dule
2:
Secu
rity
Polic
ySe
curit
y Po
licy
Intr
odu
ctio
nIn
tro
duct
ion
Obje
ctiv
esO
bject
ives
Ex
plai
n th
e fu
nct
ion
Ex
plai
n th
e fu
nct
ion
an
d o
pera
tion
o
f a Se
curit
y an
d o
pera
tion
o
f a Se
curit
y Po
licy.
Polic
y.
Crea
te an
d m
odi
fy po
licy,
ru
les,
o
bject
sCr
eate
an
d m
odi
fy po
licy,
ru
les,
o
bject
s
Crea
te an
d m
odi
fy po
licy,
ru
les,
o
bject
sCr
eate
an
d m
odi
fy po
licy,
ru
les,
o
bject
s
M
odi
fy
Mo
dify
G
loba
leG
loba
lePr
ope
rtie
sPr
ope
rtie
s
Us
e co
mm
and
Use
com
man
d
line
line
Us
e o
bject
s cl
on
ing
to cr
eate
an
d cl
on
e o
bject
sUs
e o
bject
s cl
on
ing
to cr
eate
an
d cl
on
e o
bject
s
Co
nfig
ure
an
tiCo
nfig
ure
an
ti--sp
oo
fing
spo
ofin
g o
n th
e fir
ewal
lo
n th
e fir
ewal
l..
Use
Dat
abas
e R
evis
ion
Co
ntr
ol
Use
Dat
abas
e R
evis
ion
Co
ntr
ol
Us
e Po
licy
Pack
age
Man
agem
ent.
Use
Polic
y Pa
ckag
e M
anag
emen
t.
Secu
rity
Polic
y D
efin
edSe
curit
y Po
licy
Def
ined
Wha
t W
hat i
s a
Secu
rity
Polic
y?is
a
Secu
rity
Polic
y?a
set o
f ru
les
that
de
fines
n
etw
ork
se
curit
ya
set o
f ru
les
that
de
fines
n
etw
ork
se
curit
yCo
nsi
dera
tion
sCo
nsi
dera
tion
sw
hat k
ind
of s
ervic
es,
incl
udi
ng
wha
t kin
d o
f ser
vic
es,
incl
udi
ng
cust
om
ised
cust
om
ised
serv
ices
an
d se
ssio
ns
are
serv
ices
an
d se
ssio
ns
are
cust
om
ised
cust
om
ised
serv
ices
an
d se
ssio
ns
are
serv
ices
an
d se
ssio
ns
are
allo
wed
ac
ross
th
e n
etw
ork
allo
wed
ac
ross
th
e n
etw
ork
wha
t use
rs pe
rmis
sio
ns
and
wha
t use
rs pe
rmis
sio
ns
and
auth
entic
atio
n sc
hem
es ar
e n
eede
dau
then
ticat
ion
sc
hem
es ar
e n
eede
dw
hat o
bject
s ar
e in
th
e n
etw
ork
e.
g.
wha
t obje
cts
are
in th
e n
etw
ork
e.
g.
gate
way
s, ho
sts,
n
etw
ork
s, ro
ute
rs an
d ga
tew
ays,
ho
sts,
n
etw
ork
s, ro
ute
rs an
d do
mai
ns
dom
ain
s
Lau
nch
ing
the
Lau
nch
ing
the
Smar
tDas
hbo
ard
Smar
tDas
hbo
ard
Lau
nch
ing
the
Lau
nch
ing
the
Smar
tDas
hbo
ard
Smar
tDas
hbo
ard
Chec
k Po
int
Chec
k Po
int S
mar
tDas
hbo
ard
Smar
tDas
hbo
ard
enab
les
adm
inis
trat
ors
to
de
fine
secu
rity
enab
les
adm
inis
trat
ors
to
de
fine
secu
rity
polic
ypo
licy
on
ly o
ne
adm
inis
trat
or
with
re
ad/w
rite
on
ly o
ne
adm
inis
trat
or
with
re
ad/w
rite
perm
issi
on
s ca
n be
lo
gged
in
at
an
y o
ne
time
perm
issi
on
s ca
n be
lo
gged
in
at
an
y o
ne
time
Star
t St
art \\
Pro
gram
s Pr
ogr
ams
\\Che
ck Po
int
Chec
k Po
int S
mar
tCo
nso
leSm
artC
on
sole
R65
R65
\\Sm
artD
ashb
oar
dSm
artD
ashb
oar
d
Def
inin
g B
asic
O
bject
sD
efin
ing
Bas
ic O
bject
s
Def
inin
g B
asic
O
bject
sD
efin
ing
Bas
ic O
bject
s
Def
inin
g B
asic
O
bject
sD
efin
ing
Bas
ic O
bject
s
Def
inin
g N
ode
O
bject
Def
inin
g N
ode
O
bject
Def
inin
g N
etw
ork
O
bject
Def
inin
g N
etw
ork
O
bject
Def
inin
g A
ddre
ss ra
nge
O
bject
Def
inin
g A
ddre
ss ra
nge
O
bject
Def
inin
g G
rou
p O
bject
Def
inin
g G
rou
p O
bject
An
tiA
nti--
spo
ofin
gsp
oo
fing
Spo
ofin
g is
a
tech
niq
ue
use
d by
Sp
oo
fing
is a
tech
niq
ue
use
d by
intr
ude
rs at
tem
ptin
g to
ga
in
intr
ude
rs at
tem
ptin
g to
ga
in
un
auth
oris
edu
nau
tho
rised
acce
ssac
cess
a pa
cket
s
sou
rce
IP ad
dres
s is
al
tere
d to
a
pack
ets
sou
rce
IP ad
dres
s is
al
tere
d to
appe
ar to
co
me
from
a
part
o
f the
n
etw
ork
ap
pear
to
co
me
from
a
part
o
f the
n
etw
ork
with
hi
gher
pr
ivile
ges
with
hi
gher
pr
ivile
ges
with
hi
gher
pr
ivile
ges
with
hi
gher
pr
ivile
ges
An
tiA
nti--
spo
ofin
g v
erifi
es th
at pa
cket
s ar
e sp
oo
fing
ver
ifies
th
at pa
cket
s ar
e co
min
g fro
m,
and
goin
g to
, th
e co
rrec
t co
min
g fro
m,
and
goin
g to
, th
e co
rrec
t in
terfa
ces
on
th
e ga
tew
ay
inte
rface
s o
n th
e ga
tew
ay
i.e. pa
cket
s cl
aim
ing
to o
rigin
ate
in th
e i.e
. pa
cket
s cl
aim
ing
to o
rigin
ate
in th
e in
tern
al n
etw
ork
, ac
tual
ly D
O co
me
from
in
tern
al n
etw
ork
, ac
tual
ly D
O co
me
from
that
n
etw
ork
that
n
etw
ork
An
tiA
nti--
Spo
ofin
gSp
oo
fing
Con
figu
ring
An
tiCo
nfig
urin
g A
nti--
Spo
ofin
gSp
oo
fing
Net
wo
rks
Net
wo
rks
reac
habl
e fro
m an
in
terfa
ce
reac
habl
e fro
m an
in
terfa
ce
nee
d to
be
de
fined
ap
pro
pria
tely
nee
d to
be
de
fined
ap
pro
pria
tely
Sho
uld
Sh
ou
ld be
co
nfig
ure
d o
n al
l in
terfa
ces
be co
nfig
ure
d o
n al
l in
terfa
ces
Spo
of
Spo
of t
rack
ing
is re
com
men
ded
trac
kin
g is
re
com
men
ded
Spo
of
Spo
of t
rack
ing
is re
com
men
ded
trac
kin
g is
re
com
men
ded
An
tiA
nti--
spo
ofin
g sp
oo
fing
rule
s ar
e en
forc
ed
rule
s ar
e en
forc
ed
befo
re an
y ru
le in
th
e Se
curit
y Po
licy
befo
re an
y ru
le in
th
e Se
curit
y Po
licy
rule
ba
seru
le ba
se
Con
figu
ring
An
tiCo
nfig
urin
g A
nti--
Spo
ofin
gSp
oo
fing
Con
figu
ring
An
tiCo
nfig
urin
g A
nti--
Spo
ofin
gSp
oo
fing
Ru
le B
ase
Def
ined
Ru
le B
ase
Def
ined
Ru
le B
ase
Ru
le B
ase
Elem
ents
Elem
ents
-N
o.
-So
urc
e
-D
estin
atio
n
-V
PN-
Serv
ices
-A
ctio
n
-Tr
ack
-In
stal
l on
-Ti
me
-Co
mm
ent
-Se
rvic
es-
Com
men
t
Crea
ting
the
Ru
le B
ase
Crea
ting
the
Ru
le B
ase
The
The
defa
ult
rule
defa
ult
rule
adde
d w
hen
yo
u ad
d a
rule
to
th
e R
ule
ad
ded
whe
n yo
u ad
d a
rule
to
th
e R
ule
Bas
eB
ase
The
Bas
ic R
ule
sTh
e B
asic
R
ule
s
Clea
nu
p Cl
ean
up
Ru
leR
ule
CP fo
llow
s th
e pr
inci
ple
th
at w
hich
is
n
ot
CP fo
llow
s th
e pr
inci
ple
th
at w
hich
is
n
ot
expr
essl
y pe
rmitt
ed,
is pr
ohi
bite
dex
pres
sly
perm
itted
, is
pr
ohi
bite
dal
l co
mm
un
icat
ion
at
tem
pts
no
t mat
chin
g a
all c
om
mu
nic
atio
n at
tem
pts
no
t mat
chin
g a
rule
w
ill be
dr
opp
edru
le w
ill be
dr
opp
edth
e cl
ean
up
rule
dr
ops
al
l the
co
mm
un
icat
ion
th
e cl
ean
up
rule
dr
ops
al
l the
co
mm
un
icat
ion
but a
llow
s sp
ecifi
c lo
ggin
gbu
t allo
ws
spec
ific
logg
ing
The
Bas
ic R
ule
sTh
e B
asic
R
ule
s
The
Stea
lth R
ule
The
Stea
lth R
ule
prev
ents
u
sers
fro
m co
nn
ectin
g di
rect
ly to
pr
even
ts u
sers
fro
m co
nn
ectin
g di
rect
ly to
the
firew
all
the
firew
all
Impl
icit,
Ex
plic
it R
ule
s an
d
Impl
icit,
Ex
plic
it R
ule
s an
d
NG
X cr
eate
s im
plic
it ru
les
from
N
GX
crea
tes
impl
icit
rule
s fro
m
Glo
bal P
rope
rtie
sG
loba
l Pro
pert
ies
Expl
icit
rule
cr
eate
d by
A
dmin
istr
ato
r Ex
plic
it ru
le cr
eate
d by
A
dmin
istr
ato
r in
th
e in
th
e Sm
artD
ashb
oar
dSm
artD
ashb
oar
dCo
ntr
ol
Con
tro
l Co
nec
tion
sCo
nec
tion
sVP
NVP
N--1
NG
X cr
eate
s a
gro
up
of i
mpl
icit
1 N
GX
crea
tes
a gr
ou
p o
f im
plic
it ru
les
that
it
plac
es fir
st, la
st o
r be
fore
ru
les
that
it
plac
es fir
st, la
st o
r be
fore
last
la
st
Ru
le B
ase
Ord
erR
ule
B
ase
Ord
er
VPN
VPN
--1
NG
X en
forc
es th
e ru
le ba
se in
1
NG
X en
forc
es th
e ru
le ba
se in
follo
win
g o
rder
:fo
llow
ing
ord
er:
IP sp
oo
fing
IP sp
oo
fing
NA
TN
AT
Secu
rity
Polic
y Fi
rst
ru
leSe
curit
y Po
licy
Fi
rst
ru
leSe
curit
y Po
licy
Fi
rst
ru
leSe
curit
y Po
licy
Fi
rst
ru
leA
dmin
istr
ato
r de
fined
ru
le ba
seA
dmin
istr
ato
r de
fined
ru
le ba
se
Secu
rity
Polic
y be
fore
la
st ru
leSe
curit
y Po
licy
be
fore
la
st ru
leCl
ean
up
rule
o
r Se
curit
y Po
licy
la
st ru
leCl
ean
up
rule
o
r Se
curit
y Po
licy
la
st ru
le
Def
inin
g ba
sic
polic
yD
efin
ing
basi
c po
licy
Crea
te n
ew po
licy
Crea
te n
ew po
licy
Add
n
ew ru
le in
to po
licy
Add
n
ew ru
le in
to po
licy
Add
o
bject
in
to ru
leA
dd o
bject
in
to ru
le
Bas
ic Po
licy
Bas
ic Po
licy
Verif
y / I
nst
all a
nd
Unin
stal
l a
Verif
y / I
nst
all a
nd
Unin
stal
l a
Secu
rity
Polic
ySe
curit
y Po
licy
Verif
y a
Secu
rity
Polic
yVe
rify
a Se
curit
y Po
licy
Se
lect
Po
licy
Sele
ct Po
licy
\\Ver
ify
Verif
y fro
m th
e fro
m th
e Sm
artD
ashb
oar
dSm
artD
ashb
oar
d
Clic
k O
KCl
ick
OK
Inst
all/U
nin
stal
l a Se
curit
y Po
licy
Inst
all/U
nin
stal
l a Se
curit
y Po
licy
Se
lect
Po
licy
Sele
ct Po
licy
\\In
stal
l (o
r Un
inst
all) f
rom
th
e In
stal
l (o
r Un
inst
all) f
rom
th
e
Sele
ct Po
licy
Sele
ct Po
licy
\\In
stal
l (o
r Un
inst
all) f
rom
th
e In
stal
l (o
r Un
inst
all) f
rom
th
e Sm
artD
ashb
oar
dSm
artD
ashb
oar
d
Clic
k Cl
ick
Sele
ct A
ll to
se
lect
al
l ite
ms
on
th
e Se
lect
A
ll to
se
lect
al
l ite
ms
on
th
e sc
reen
(sp
ecifi
c ite
ms
may
be
de
sele
cted
)sc
reen
(sp
ecifi
c ite
ms
may
be
de
sele
cted
)
Clic
k Cl
ick
OK
OK
Inst
all P
olic
yIn
stal
l Po
licy
Adv
ance
d Se
curit
y Po
licy
Adv
ance
d Se
curit
y Po
licy
Hid
e/Un
hide
H
ide/
Unhi
de ru
leru
leEn
able
/Dis
able
En
able
/Dis
able
ru
leru
leA
dd
Add
se
ctio
n
sect
ion
tit
letit
leO
bject
Cl
on
ing
Obje
ct Cl
on
ing
32
Obje
ct Cl
on
ing
Obje
ct Cl
on
ing
Mas
kin
g R
ule
sM
aski
ng
Ru
les
Ru
les
in a
rule
ba
se ca
n be
hi
dden
to
al
low
R
ule
s in
a
rule
ba
se ca
n be
hi
dden
to
al
low
easi
er re
adin
g o
f a co
mpl
ex
easi
er re
adin
g o
f a co
mpl
ex ru
leba
seru
leba
se(m
aski
ng
rule
s)(m
aski
ng
rule
s)A
ll o
ther
ru
les
will
be
vis
ible
ho
wev
er th
eir
All
oth
er ru
les
will
be
vis
ible
ho
wev
er th
eir
nu
mbe
rs w
on
t cha
nge
nu
mbe
rs w
on
t cha
nge
Hid
den
ru
les
are
still
en
forc
ed o
n th
e H
idde
n ru
les
are
still
en
forc
ed o
n th
e H
idde
n ru
les
are
still
en
forc
ed o
n th
e H
idde
n ru
les
are
still
en
forc
ed o
n th
e ga
tew
ayga
tew
ayVi
ewin
g H
idde
n R
ule
sVi
ewin
g H
idde
n R
ule
sif
View
H
idde
n in
th
e R
ule
s>H
ide
men
u is
if
View
H
idde
n in
th
e R
ule
s>H
ide
men
u is
chec
ked,
al
l ru
les
set a
s hi
dden
ar
e di
spla
yed
chec
ked,
al
l ru
les
set a
s hi
dden
ar
e di
spla
yed
Unhi
din
gUn
hidi
ng
Hid
den
R
ule
sH
idde
n R
ule
sse
lect
Un
hide
A
ll fro
m th
e R
ule
s>hi
de m
enu
sele
ct Un
hide
A
ll fro
m th
e R
ule
s>hi
de m
enu
Hid
e/Un
hide
ru
leH
ide/
Unhi
de ru
le
Dis
ablin
g R
ule
sD
isab
ling
Ru
les
Dis
ablin
g R
ule
sD
isab
ling
Ru
les
a di
sabl
ed ru
le w
ill o
nly
ta
ke ef
fect
af
ter
a di
sabl
ed ru
le w
ill o
nly
ta
ke ef
fect
af
ter
the
secu
rity
polic
y is
re
inst
alle
dth
e se
curit
y po
licy
is re
inst
alle
dth
e ru
le w
ill st
ill be
di
spla
yed
in
the
rule
w
ill st
ill be
di
spla
yed
in th
e th
e ru
leba
seru
leba
seru
leba
seru
leba
se
Enab
ling
a D
isab
led
Ru
leEn
ablin
g a
Dis
able
d R
ule
sele
ct th
e di
sabl
ed ru
le an
d rig
ht cl
ick
sele
ct th
e di
sabl
ed ru
le an
d rig
ht cl
ick
sele
ct D
isab
le R
ule
to
de
sele
ctse
lect
D
isab
le R
ule
to
de
sele
ctre
mem
ber
to re
inst
all t
he po
licy
rem
embe
r to
re
inst
all t
he po
licy
Enab
le/D
isab
le ru
leEn
able
/Dis
able
ru
le
Add
se
ctio
n tit
leA
dd se
ctio
n tit
le
Add
se
ctio
n tit
le (co
ntin
ue
)A
dd se
ctio
n tit
le (co
ntin
ue
)
Obje
ct Cl
on
ing
Obje
ct Cl
on
ing
Obje
ct Cl
on
ing
Obje
ct Cl
on
ing
Com
man
d Li
ne
Opt
ion
s fo
r th
e Co
mm
and
Lin
e O
ptio
ns
for
the
Secu
rity
Polic
ySe
curit
y Po
licy
Bas
ic
Bas
ic O
ptio
ns
Opt
ion
scp
start
cpst
art//
cpst
op
cpst
op
star
ts an
d st
ops
al
l CP
star
ts an
d st
ops
al
l CP
appl
icat
ion
s ru
nn
ing
on
th
e m
achi
ne
appl
icat
ion
s ru
nn
ing
on
th
e m
achi
ne
cpre
start
cpre
start
issu
es a
issu
es a
cpst
op
cpst
op
and
a an
d a
cpst
art
cpst
art
cplic
cplic
prin
t pr
int d
ispl
ays
the
deta
ils o
f the
di
spla
ys th
e de
tails
o
f the
N
GX
NG
X cp
liccp
licpr
int
prin
t dis
play
s th
e de
tails
o
f the
di
spla
ys th
e de
tails
o
f the
N
GX
NG
X lic
ense
slic
ense
s
fwfwve
rve
r,
, fw
mfw
mve
rve
r: di
spla
ys ver
sio
n:
disp
lays
ver
sio
n
fwfwunlo
adl
oca
lunlo
adl
oca
l: u
nin
stal
ls cu
rren
t po
licy
of
: u
nin
stal
ls cu
rren
t po
licy
of
loca
l Gat
eway
loca
l Gat
eway
Impr
ovin
g Pe
rform
ance
Impr
ovin
g Pe
rform
ance
Smar
tCen
ter
Smar
tCen
ter
listin
g m
achi
ne
nam
es an
d IP
ad
dres
ses
listin
g m
achi
ne
nam
es an
d IP
ad
dres
ses
in a
host
s fil
e w
ill de
crea
se in
stal
latio
n
in a
host
s fil
e w
ill de
crea
se in
stal
latio
n
time
for
crea
ted
net
wo
rk o
bject
stim
e fo
r cr
eate
d n
etw
ork
o
bject
s
/etc
/ho
sts
(So
laris
)/e
tc/h
ost
s (S
ola
ris)
/e
tc/h
ost
s (S
ola
ris)
/etc
/ho
sts
(So
laris
)
\\win
nt
win
nt\\s
yste
m32
syst
em32
\\driv
ers
driv
ers\\
host
s (W
indo
ws)
host
s (W
indo
ws)
Impr
ovin
g Pe
rform
ance
Im
pro
vin
g Pe
rform
ance
Secu
rity
Gat
ewa
ySe
curit
y G
atew
ay
Kee
p th
e K
eep
the
rule
base
rule
base
sim
ple
sim
ple
Posi
tion
th
e m
ost
fre
quen
tly u
sed
rule
s at
Po
sitio
n th
e m
ost
fre
quen
tly u
sed
rule
s at
the
top
of t
he
the
top
of t
he ru
leba
seru
leba
se
Do
nt l
og
un
nec
essa
ry co
nn
ectio
ns
Do
nt l
og
un
nec
essa
ry co
nn
ectio
ns
Do
nt l
og
un
nec
essa
ry co
nn
ectio
ns
Do
nt l
og
un
nec
essa
ry co
nn
ectio
ns
Lim
it th
e u
se R
eject
ac
tion
in
ru
les
Lim
it th
e u
se R
eject
ac
tion
in
ru
les
Use
a n
etw
ork
o
bject
in
pl
ace
of m
any
Use
a n
etw
ork
o
bject
in
pl
ace
of m
any
no
de o
bject
sn
ode
o
bject
s
Use
IP ad
dres
s ra
nge
s in
ru
les
inst
ead
of
Use
IP ad
dres
s ra
nge
s in
ru
les
inst
ead
of
a se
t of n
ode
sa
set o
f no
des
Dat
abas
e re
vis
ion
co
ntr
ol a
nd
Polic
y D
atab
ase
revis
ion
co
ntr
ol a
nd
Polic
y pa
ckag
e m
anag
emen
tpa
ckag
e m
anag
emen
t
Dat
abas
e re
vis
ion
co
ntr
ol
Dat
abas
e re
vis
ion
co
ntr
ol
DR
C gi
ves
th
e ad
min
to
cr
eate
fa
llbac
k D
RC
gives
th
e ad
min
to
cr
eate
fa
llbac
k co
nfig
ura
tion
s w
hen
im
plem
entin
g n
ew
con
figu
ratio
ns
whe
n im
plem
entin
g n
ew
obje
cts
or
rule
so
bject
s o
r ru
les
Polic
y pa
ckag
e m
anag
emen
tPo
licy
pack
age
man
agem
ent
Polic
y pa
ckag
e m
anag
emen
tPo
licy
pack
age
man
agem
ent
PPM
gi
ves
th
e ad
min
to
cr
eate
m
ulti
ple
PPM
gi
ves
th
e ad
min
to
cr
eate
m
ulti
ple
ver
sio
ns
of a
Se
curit
y Po
licy
but t
he
ver
sio
ns
of a
Se
curit
y Po
licy
but t
he
obje
cts
nee
ds to
st
ay th
e sa
me
obje
cts
nee
ds to
st
ay th
e sa
me
Usin
g D
atab
ase
Rev
isio
n Co
ntr
ol
Usin
g D
atab
ase
Rev
isio
n Co
ntr
ol
Usin
g D
atab
ase
Rev
isio
n Co
ntr
ol
Usin
g D
atab
ase
Rev
isio
n Co
ntr
ol