User Manual Part 1
Table Of Contents
- Check Point Safe@Office User Guide 8.0
- Copyright & Trademarks
- Contents
- About This Guide
- Introduction
- About Your Check Point Safe@Office Appliance
- Safe@Office 500 Product Family
- Product Features
- Wireless Features
- Optional Security Services
- Software Requirements
- Getting to Know Your Safe@Office 500 Appliance
- Getting to Know Your Safe@Office 500W Appliance
- Getting to Know Your Safe@Office 500 ADSL Appliance
- Getting to Know Your Safe@Office 500W ADSL Appliance
- Contacting Technical Support
- Safe@Office Security
- Installing and Setting Up Safe@Office
- Getting Started
- Configuring the Internet Connection
- Managing Your Network
- Using Bridges
- Configuring High Availability
- Using Traffic Shaper
- Working with Wireless Networks
- Viewing Reports
- Viewing Logs
- Setting Your Security Policy
The Safe@Office Firewall
44 Check Point Safe@Office User Guide
Firewall Technology Action
Stateful Inspection
Firewall
A Stateful Inspection firewall examines the FTP application-layer
data in an FTP session. When the client initiates a command
session, the firewall extracts the port number from the request. The
firewall then records both the client and server's IP addresses and
port numbers in an FTP-data pending request list. When the client
later attempts to initiate a data connection, the firewall compares the
connection request's parameters (ports and IP addresses) to the
information in the FTP-data pending request list, to determine
whether the connection attempt is legitimate.
Since the FTP-data pending request list is dynamic, the firewall can
ensure that only the required FTP ports open. When the session is
closed, the firewall immediately closes the ports, guaranteeing the
FTP server's continued security.
What Other Stateful Inspection Firewalls Cannot Do
The level of security that a stateful firewall provides is determined by the richness of data
tracked, and how thoroughly the data is analyzed. Treating traffic statefully requires
application awareness. Firewalls without application awareness must open a range of ports
for certain applications, which leads to exploitable holes in the firewall and violates
security “best practices”.
TCP packet reassembly on all services and applications is a fundamental requirement for
any Stateful Inspection firewall. Without this capability, fragmented packets of legitimate
connections may be dropped, or those carrying network attacks may be allowed to enter a
network. The implications in either case are potentially severe. When a truly stateful
firewall receives fragmented packets, the packets are reassembled into their original form.
The entire stream of data is analyzed for conformity to protocol definition and for packet-
payload validity.
True Stateful Inspection means tracking the state and context of all communications. This
requires a detailed level of application awareness. The Safe@Office appliance provides
true Stateful Inspection.