Introduction

In this chapter we will strive to give you some basic firewall administrator knowledge and show you how to administer this enterprise security software package, VPN-1/FireWall-1 Next Generation, so that it doesn't get too big for you to handle. It's very easy for several administrators to be involved in policy development and manipulation, but if you have too many people involved in a security system such as a firewall, then you need to keep strict vigilance and record who is making changes when and why. Otherwise, you could end up with a misconfigured firewall, which could compromise the security it is meant to provide.

Besides monitoring administrator activities, you should also keep software up-to-date. You should frequently check Check Point's Web site for the latest security patches and software updates. Sometimes these updates require you to modify configuration files or to stop and start your firewall services, and we will discuss how to go about doing that in this chapter.

We will cover performance related to your security policy and logs, and discuss what to do when you have multiple firewalls in various locations. Then we'll tell you about your firewall's log files, and give you some ways to administer your logs so that you don't run into disk space issues. We'll equip you with several command line options that you can use when performing maintenance or troubleshooting on your firewall.

As a Check Point NG administrator, you have three main goals with respect to administration. They are as...