Introduction

This chapter covers an important topic, which is how to define a security policy. This is something you need to do early on so that you can find the right solution for your specific environment. Once you determine how you want to enforce security in your company, then you will know whether you really need to spend the time and effort involved in setting up user authentication, or whether you'd rather use your existing LDAP server, which would save you a lot of trouble. Once you have created a security policy for your company and have planned to introduce security into your network, then choosing your implementation strategy should be fairly straightforward.

We will then discuss how to implement your policy into the FireWall-1 policy editor. Of course, if you are using private IP addresses inside your firewall, then you may need to read the next chapter on Network Address Translation before you can put your firewall in place, but this chapter will get your firewall ready to enforce your policy and start passing packets in your network.

We will walk you through the setup of a Firewall object, and a step-by-step procedure of adding the services outlined in your Information Security Policy into the FireWall-1 Policy Editor interface. Then we'll discuss some additional ways in which to manipulate your rules as well as how to finally install your policy so that it is enforced.

Reasons for a Security Policy

You are probably deploying Check Point NG to protect...