7. NGFW para pequeñas empresas. Tuning y recomendaciones generales

1. NGFW SMB (CPU, RAM, HDD), SD-, , .

2. . Gaia 80.20 Embedded , CLI Expert 

   # ifconfig

   

   , . NGFW, .

3. Gaia :

   > show diag

   .  , 80.20 Embedded , SNMP-traps:

   Interface disconnected
   VLAN removed	Vlan
   High memory utilization	RAM
   Low disk space	HDD
   High CPU utilization	CPU
   High CPU interrupts rate
   High connection rate
   High concurrent connections
   High Firewall throughput	Firewall
   High accepted packet rate
   Cluster member state changed
   Connection with log server error	Log-Server

4. RAM. Gaia (Linux OC) , RAM 70-80% .

   SMB- SWAP-, Check Point. , Linux <vm.swapsiness>, SWAP.

1. SecureXL

   # fwaccel stat

   

2. # fw ctl multik stat

   

3. ().

   # fw ctl pstat

   

4. *

   # cphaprob stat

   

5. Linux- TOP

1. ( , Gaia)

   # tail -f /var/log/messages2

   

2. C ( )

   # tail -f /var/log/log/sfwd.elg

   

3. .

   # dmesg

   

• ANY, ANY (Source, Destination).

• URL- : (^|..)checkpoint.com

• (UserCheck).

• , “SecureXL”. accelerated / medium path. ( Hits ).

, 70-80% HTTPS-, , . , HTTPS-Inspection IPS, Antivirus, Antibot.

80.40 HTTPS- Legacy Dashboard, :

• Bypass (Destination).

• Bypass URL-.

• Bypass IP c (Source).

• Inspect ,

• Bypass .

* HTTPS HTTPS Proxy, Any. Inspect.

IPS NGFW , . Check Point, SMB IPS.

, :

1. Optimized “Optimized SMB” ( ).

2. , IPS → Pre R80.Settings Server Protections.

   

3. CVE 2010, , . , Profile→ IPS→ Additional Activation → Protections to deactivate list