CheckPoint Firewall Interview Questions And Answers

CheckPoint Interview Questions. Here Coding compiler sharing a list of 51 CheckPoint Firewall Interview Questions And Answers. These Checkpoint questions and answers were asked in various CheckPoint interviews. This list will help you to crack your next CheckPoint job interview. All the best for future and happy learning.

CheckPoint Interview Questions

  1.  What is firewall?
  2.  What are Check Point Software Blades?
  3.  What is Check Point Firewall?
  4.  What are the primary components of the Check Point solution?
  5.  What is dual stack network?
  6.  Does Check Point support dual stack network?
  7.  Can you explain about Access Control and the Rule Base in firewall?
  8.  What is the use of Firewall Rule Base?
  9.  How do you manage the Firewall Rule Base?
  10.  What are Explicit and Implied Rules in Rule Base?
  11.  What is Order of Rule Enforcement in Rule Base?
  12.  What are the Basic Access Control Rules for all Rule Bases?
  13.  How do you define Security Zones?
  14.  What are the key elements in Security Zones?
  15.  What is Perimeter?

CheckPoint Firewall Interview Questions And Answers

1) What is firewall?

A) Firewalls control the traffic between the internal and external networks and are the core of a strong network security policy.

2) What are Check Point Software Blades?

A) Check Point Software Blades are a set of security features that makes sure that the Security Gateway or Security Management Server gives the correct functionality and performance.

Checkpoint Interview Questions # 3) What is Check Point Firewall?

A) The Check Point Firewall is part of the Software Blade architecture that supplies “next-generation” firewall features, including:

  • VPN and mobile device connectivity
  • Identity and computer awareness
  • Internet access and filtering
  • Application control
  • Intrusion and threat prevention
  • Data Loss Prevention

4) What are the primary components of the Check Point solution?

A) These are the primary components of a Check Point solution:

  • Security Gateway – The engine that enforces the organization’s security policy, is an entry point to the LAN, and is managed by the Security Management Server.
  • Security Management Server – The application that manages, stores, and distributes the security policy to Security Gateways.
  • SmartDashboard – A Check Point client used to create and manage the security policy.

Checkpoint Interview Questions # 5) What is dual stack network?

A) A dual stack network is a network in which all of the nodes are both IPv4 and IPv6 enabled.

6) Does Check Point support dual stack network?

A) Yes, Check Point support a dual stack network that uses IPv4 and IPv6 addresses.

7) Can you explain about Access Control and the Rule Base in firewall?

A) A primary goal of a firewall is to control access and traffic to and from the internal and external networks. The Firewall lets system administrators securely control access to computers, clients, servers and applications. The Firewall Rule Base defines the quality of the access control and network performance. Rules that are designed correctly make sure that a network:

  • Only allows authorized connections and prevents vulnerabilities in a network
  • Gives authorized users access to the correct internal networks
  • Optimizes network performance and efficiently inspects connections
  • CheckPoint Interview Questions – Creating Firewall Security Policy

Checkpoint Interview Questions # 8) What is the use of Firewall Rule Base?

A) The firewall is the core of a well-defined network security policy. The goal of the Check Point Firewall Rule Base is to create rules that only allow the specified connections.

9) How do you manage the Firewall Rule Base?

A) Use SmartDashboard to easily create and configure Firewall rules for a strong security policy.

10) What are Explicit and Implied Rules in Rule Base?

A) These are the types of rules in the Rule Base:

Explicit rules – Rules that you create to configure which connections the Firewall allows
Implied rules – Rules that are based on settings in the Global Properties menu

11) What is Order of Rule Enforcement in Rule Base?

A) The Firewall inspects connections and enforces the Rule Base in a sequential manner. The Firewall inspects each connection that comes to the network and compares the data (source, destination, service, etc.) to the first rule. If the connection matches the rule, the Firewall applies the action of that rule. If the connection does not match the rule, the Firewall continues with the next rule in the Rule Base.

12) What are the Basic Access Control Rules for all Rule Bases?

A) These are basic access control rules we recommend for all Rule Bases:

Stealth rule that prevents direct access to the Security Gateway.
Cleanup rule that drops all traffic that is not allowed by the earlier rules.
There is also an implied rule that drops all traffic, but you can use the Cleanup rule to log the traffic.

Checkpoint Interview Questions # 13) How do you define Security Zones?

A) Networks use different security zones to protect very important resources and to defend against malware. Create rules that allow only the applicable traffic in and out of a security zone. Make sure that there are different rules in the Firewall Rule Base that define traffic to and from the security zones.

14) What are the key elements in Security Zones?

A) These are the key elements that define security zones:

  • External network – Insecure data, such as the Internet
  • Internal network – Company data that is only used by trusted and authenticated users
  • Perimeter – The border between the internal and external networks.
  • DMZ – Company servers that can be accessed from insecure sources, such as the Internet

Checkpoint Interview Questions # 15) What is Perimeter?

A) The Firewall on the perimeter of the network is responsible for all the incoming and outgoing traffic.

16) What kind of connections are allowed by a firewall on the perimeter?

A) These are some of the connections that are usually allowed by a Firewall on the perimeter:

  • Outgoing connections to the Internet
  • Connections to the DNS server
  • Specified external connections
  • Connections to servers in the DMZ
  • Connections from the internal network to the internal network
  • VPN connections

17) What is DMZ (Demilitarized Zone)?

A) Servers that are accessed by the Internet are usually located in a DMZ (demilitarized zone). The DMZ makes sure that these servers cannot connect to the internal network. Make sure that the Rule Base contains rules for DMZ traffic. For example, these are rules for a web server in the DMZ:

A rule that allows HTTP and HTTPs traffic to the DMZ network object
A rule that allows traffic from the internal network group object to any destination (the destination includes the DMZ)

18) How do you prevent IP Spoofing?

A) Attackers use IP spoofing to make the IP address of a packet appear to be from a trusted source. This can bypass the Firewall to introduce malicious content and actions (malware and bot downloads, DoS attacks, unauthorized access, and so on) to your network.

Anti-Spoofing detects if a packet with an IP address that is, according to the topology, behind one interface, actually arrives from a different interface. For example, if a packet from an external network has an internal IP address, Anti-Spoofing blocks the packet.

19) How do you configure Anti-Spoofing?

A) Use the Topology page to configure Anti-Spoofing for the external and internal interfaces on the Security Gateway. Configure Anti-Spoofing protection on all the interfaces of the Security Gateway, including internal interfaces.

Checkpoint Interview Questions – Configuring the NAT Policy

20) What is NAT (Network Address Translation)?

A) NAT (Network Address Translation) is a feature of the Firewall Software Blade and replaces IPv4 and IPv6 addresses to add more security. You can enable NAT for all SmartDashboard objects to help manage network traffic. NAT protects the identity of a network and does not show internal IP addresses to the Internet.

21) How Security Gateways Translate Traffic?

A) A Security Gateway can use these procedures to translate IP addresses in your network:

Static NAT – Each internal IP address is translated to a different public IP address. The Firewall can allow external traffic to access internal resources.

Hide NAT – The Firewall uses port numbers to translate all specified internal IP addresses to a single public IP address and hides the internal IP structure. Connections can only start from internal computers, external computers CANNOT access internal servers. The Firewall can translate up to 50,000 connections at the same time from external computers and servers.

Hide NAT with Port Translation – Use one IP address and let external users access multiple application servers in a hidden network. The Firewall uses the requested service (or destination port) to send the traffic to the correct server. A typical configuration can use these ports: FTP server (port 21), SMTP server (port 25) and an HTTP server (port 80). It is necessary to create manual NAT rules to use Port Translation.

Checkpoint Interview Questions # 22) Can you explain about NAT Rule Base?

A) The NAT Rule Base has two sections that specify how the IP addresses are translated:

Original Packet
Translated Packet

Each section in the NAT Rule Base is divided into cells that define the Source, Destination, and Service for the traffic.

23) What are Automatic and Manual NAT Rules?

A) There are two types of NAT rules for network objects:

Rules that SmartDashboard automatically creates and adds to the NAT Rule Base
Rules that you manually create and then add to the NAT Rule Base

When you create manual NAT rules, it can be necessary to create the translated NAT objects for the rule.

24) When do you use Automatic Rules?

A) You can enable automatic NAT rules for these SmartDashboard objects:

  • Security Gateways
  • Nodes
  • Networks
  • Address Ranges

25) Can you explain about Automatic and Proxy ARP?

A) Giving a machine in the internal network an external IP address using NAT makes that machine appear to the Internet to be on the external network, or the Internet side of the firewall. When NAT is configured automatically, the Security Gateway replies on behalf of translated network objects to ARP requests from the Internet router for the address of the internal machine.

26) Why do we use NAT and Anti-Spoofing together?

A) NAT is performed after Anti-Spoofing checks, which are performed only on the source IP address of the packet. This means that spoofing protection is configured on the interfaces of the Security Gateway in the same way as NAT.

27) How do you disableg NAT in a VPN Tunnel?

A) When communicating within a VPN, it is normally not necessary to perform NAT. You can disable NAT in a VPN tunnel with a single click in the VPN community object. Disabling NAT in a VPN tunnel by defining a NAT rule slows down the performance of the VPN.

Checkpoint Firewall Interview Questions # 28) What is IP Pool NAT?

A) An IP Pool is a range of IP addresses (an address range, a network or a group of one of these objects) that is routable to the gateway. IP Pool NAT ensures proper routing for encrypted connections for the following two connection scenarios:

SecuRemote client / SecureClient to MEP (Multiple Entry Point) gateways
Gateway to MEP gateways

29) How do you reuse IP Pool Addresses For Different Destinations?

A) IP Pool addresses can be reused for different destinations, which makes more efficient use of the addresses in the pool. If a pool contains N addresses, then any number of clients can be assigned an IP from the pool as long as there are no more than N clients per server.

Check Point Remote Access Interview Questions

30) What is Check Point Mobile Access Security Gateway?

A) Check Point Mobile Access Software Blade extends the functionality of a Firewall and lets remote users easily and securely use the Internet to connect to internal networks. Remote users start a standard HTTPS request to the Mobile Access Security Gateway. They can then authenticate with multiple options such as: user name/password, certificates, or SecurID.

31) What is the difference between Client-Based vs Clientless?

A) Check Point remote access solutions use IPsec and SSL encryption protocols to create secure connections. All Check Point clients can work through NAT devices, hotspots, and proxies in situations with complex topologies, such as airports or hotels. These are the types of installations for remote access solutions:

Client-based – Client application installed on endpoint computers and devices. Clients are usually installed on a managed device, such as a company-owned computer. The client supplies access to most types of corporate resources according to the access privileges of the user.

Clientless – Users connect through a web browser and use HTTPS connections. Clientless solutions usually supply access to web-based corporate resources.

On demand client – Users connect through a web browser and a client is installed when necessary. The client supplies access to most types of corporate resources according to the access privileges of the user.

Checkpoint Firewall Interview Questions # 32) What is SSL Network Extender?

A) SSL Network Extender is an on-demand SSL VPN client and is installed on the computer or mobile device from an Internet browser. It supplies secure access to internal network resources.

33) How do you connect to a Citrix Server?

A) The Mobile Access Software Blade integrates the Firewall Citrix clients and services. It is not necessary to use STA (Secure Ticketing Authority) servers in a Mobile Access Security Gateway deployment because Mobile Access uses its own STA engine. You can also use Mobile Access in a deployment with STA and CSG (Citrix Secure Gateway) servers.

The Mobile Access server certificate must use a FQDN (Fully Qualified Domain Name) that is issued to the FQDN of the Mobile Access Security Gateway.

CheckPoint Firewall Interview Questions – Creating VPN Policies

34) How do you configure VPN connections between Security Gateways and remote devices?

A) The IPsec VPN Software Blade lets the Firewall encrypt and decrypt traffic to and from external networks and clients. Use SmartDashboard to easily configure VPN connections between Security Gateways and remote devices. You can configure Star and Mesh topologies for large-scale VPN networks that include third-party gateways. The VPN tunnel guarantees:

Authenticity – Uses standard authentication methods
Privacy – All VPN data is encrypted
Integrity – Uses industry-standard integrity assurance methods

Checkpoint Firewall Interview Questions # 35) What is IKE and IPsec?

A) The Check Point VPN solution uses these secure VPN protocols to manage encryption keys, and send encrypted packets. IKE (Internet Key Exchange) is a standard key management protocol that is used to create the VPN tunnels. IPsec is protocol that supports secure IP communications that are authenticated and encrypted on private or public networks.

36) What is Domain Based VPN?

A) The VPN traffic is routed according to the VPN domains that are defined in SmartDashboard. Use domain based routing to let satellite Security Gateways send VPN traffic to each other. The center Security Gateway creates VPN tunnels to each satellite and the traffic is routed to the correct VPN domain.

Checkpoint Firewall Interview Questions # 37) What is Route Based VPN?

A) VPN traffic is routed according to the routing settings (static or dynamic) of the Security Gateway operating system. The Security Gateway uses a VTI (VPN Tunnel Interface) to send the VPN traffic as if it were a physical interface. The VTIs of Security Gateways in a VPN community connect and can support dynamic routing protocols.

38) Describe about Granular Routing Control?

A) Granular Routing Control is used to granular control of the VPN traffic in the network. Granular Routing Control feature is used to enable the Security Gateway to:

  • Find the best possible route for VPN traffic
  • Select the interfaces that are used for VPN traffic to internal and external networks
  • Configure the IP addresses that are used for VPN traffic
  • Use route probing to select available VPN tunnels
  • Use Load Sharing for Link Selection to equally distribute VPN traffic to VPN tunnels

39) What is the use of Identity Awareness Software Blade?

A) The Identity Awareness Software Blade lets you configure the Firewall to enforce access control for individual users and groups. You can use Identity Sources to get information about users and groups to create flexibility and additional security for the Rule Base. Identity Awareness lets you create rules that are for the specified users for these Rule Bases:

  • Firewall
  • URL Filtering and Application Control
  • DLP
  • Anti-Bot

Checkpoint Firewall Interview Questions # 40) What is AD Query?

A) The Security Gateway registers to receive security event logs from the AD domain controllers when the security policy is installed. When a user authenticates with AD credentials, these event logs are generated and are sent to the Security Gateway.

The Firewall identifies the user based on the AD security event log. The user sends traffic that matches an Identity Awareness rule in the security policy. The Firewall can enforce the user-based rule on the traffic.

41) How Check Point Firewall can use the URL Filtering and Application Control Software Blades?

A) Use URL Filtering and Application Control to:

Create a Granular Policy – Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels. You can also create an HTTPS policy that enables the Security Gateway to inspect HTTPS traffic to prevent security risks related to the SSL protocol.

Manage Bandwidth Consumption – Configure the rules to limit the available network bandwidth for specified users or groups. You can make separate limits for uploading and downloading.

Keep Your Policies Updated – The Application Database is updated regularly and makes sure that your Internet security policy has the newest applications and website categories. The Security Gateway connects to the Check Point Online Web Service to identify new social networking widgets and website categories for URLs.

Communicate with Users – UserCheck objects add flexibility to URL Filtering and Application Control and let the Security Gateway communicate with users. UserCheck helps users understand that certain websites are against the company’s security policy. It also tells users about the changing Internet policy for websites and applications.

Create Custom Objects – In addition to the hundreds of default objects, create new objects to manage Internet use for your network. You can create objects for applications, websites, categories and groups. Use these custom objects in rules to meet your organization’s requirements.

Checkpoint Firewall Interview Questions # 42) What is UserCheck?

A) UserCheck works with the URL Filtering and Application Control Software Blades and lets the Security Gateway send messages to users about possible non-compliant or dangerous Internet browsing. Create rules and UserCheck objects in the URL Filtering and Application Control Rule Base to communicate with the users. These actions use UserCheck objects:


43) What is the use of Check Point IPS Software Blade?

A) Check Point IPS Software Blade analyzes traffic for possible risks, to enhance network security of your organization. The IPS detection engine has multiple defense layers, detects and prevents against known threats, and often protects against future ones.

44) Can you explain about Anti-Bot and Anti-Virus Rule Bases?

A) There is a different Rule Base for Anti-Bot and Anti-Virus. The Anti-Bot and Anti-Virus rules use the Malware database and network objects. Security Gateways that have Identity Awareness enabled can also use Access Role objects as the Protected Scope in a rule. The Access Role objects let you easily make rules for individuals or different groups of users.

The first Anti-Bot or Anti-Virus rule that matches the traffic is applied. There are no implied rules in this Rule Base, all traffic is allowed unless it is explicitly blocked. A rule that is set to the Prevent action, blocks activity and communication for that malware.

Checkpoint Firewall Interview Questions # 45) What is Check Point DLP?

A) The Check Point Data Loss Prevention Software Blade (DLP) lets you use the Firewall to prevent users from sending sensitive data to external networks. DLP helps you implement an automated corporate policy that catches sensitive and protected data before it leaves your organization.

Check Point Firewall Interview Questions And Answers

46) What are the features of Data Loss Prevention (DLP)?

A) These are the features that the Data Loss Prevention Software Blade uses:

UserCheck – Lets users handle data loss incidents with automated user notification and the unique Ask User mode. Each person in your organization learns the best practices to prevent future accidental leaks. These are the majority of DLP incidents and they can be handled quickly with the DLP Self Incident Handling Portal or the UserCheck client.

MultiSpect – Unmatched accuracy to identify and prevent incidents. DLP uses multi-parameter correlation with different customizable data types and with CPcode.

Out of the Box Security – A rich set of defined data types recognizes sensitive forms, templates and data. DLP has a good out-of-the-box policy to make sure that the data stays in the internal network.

Data Owner Auditing – Data Owners are the users in the organization that control the information and files for their own area or department. They get timely automated notifications and reports that show how their data is being moved. Without Data Owner control, system administrators can frequently be placed in an awkward position between managers and employees.

CPcode – DLP supports fully customized data identification through the use of CPcode. You can define how email data matches DLP policies and rules.

47) What are Check Point Software Acceleration Solutions?

A) These are features that you can enable to increase the performance of the Firewall:

  • CoreXL
  • SecureXL (Performance Pack)
  • These are software based features that are included in the Check Point operating systems.

Checkpoint Firewall Interview Questions # 48) What is CoreXL?

A) In a Security Gateway with CoreXL enabled, the Firewall kernel is replicated multiple times. Each replicated instance runs on one processing core. These instances handle traffic concurrently and each instance is a complete Firewall kernel that inspects traffic. When CoreXL is enabled, all Firewall instances in the Security Gateway process traffic through the same interfaces and apply the same gateway security policy.

Checkpoint Firewall Interview Questions # 49) What is SecureXL?

A) SecureXL is an acceleration solution that maximizes performance of the Firewall and does not compromise security. When SecureXL is enabled on a Security Gateway, some CPU intensive operations are processed by virtualized software instead of the Firewall kernel.

The Firewall can inspect and process connections more efficiently and accelerate throughput and connection rates. These are the SecureXL traffic flows:

  • Slow path – Packets and connections that are inspected by the Firewall and are not processed by SecureXL.
  • Accelerated path – Packets and connections that are offloaded to SecureXL and are not processed by the Firewall.
  • Medium path – Packets that require deeper inspection cannot use the accelerated path. It is not necessary for the Firewall to inspect these packets, they can be offloaded and do not use the slow path.

50) What is the use of SmartEvent Software Blade?

A) The SmartEvent Software Blade is a unified security event management and analysis solution that delivers real-time, graphical threat management information. SmartEvent consolidates and shows all security events that are generated by these Software Blades:

  • Firewall
  • Identity Awareness, and URL Filtering
  • IPS
  • Application Control
  • Anti-Bot, Threat Emulation, and Anti-Virus

51) What is the use of SmartLog Software Blade?

A) The SmartLog Software Blade is a log management tool that reads logs from all Software Blades on Security Management Servers and Security Gateways. SmartLog works with the SmartLog Index Server that gets log files from different log servers and indexes them. SmartLog supplies these monitoring features:

  • Quickly search through billions of logs with simple search strings
  • Select from many default search queries to find the applicable logs
  • Monitor logs from administrator activity and connections in real-time
  • DLP
  • Administrators can quickly identify very important security events and do the necessary actions to prevent more attacks.


  1. Page Object Model Interview Questions
  2. Apache Pig Interview Questions
  3. Python Interview Questions And Answers
  4. Peoplesoft Integration Broker Interview Questions
  5. PeopleSoft Application Engine Interview Questions
  6. RSA enVision Interview Questions
  7. RSA SecurID Interview Questions
  8. Archer GRC Interview Questions
  9. RSA Archer Interview Questions
  10. Blockchain Interview Questions
  11. Commvault Interview Questions
  12. Peoplesoft Admin Interview Questions
  13. ZooKeeper Interview Questions
  14. Apache Kafka Interview Questions
  15. Couchbase Interview Questions
  16. IBM Bluemix Interview Questions
  17. Cloud Foundry Interview Questions
  18. Maven Interview Questions
  19. VirtualBox Interview Questions
  20. Laravel Interview Questions
  21. Logstash Interview Questions
  22. Elasticsearch Interview Questions
  23. Kibana Interview Questions
  24. JBehave Interview Questions
  25. Openshift Interview Questions
  26. Kubernetes Interview Questions
  27. Nagios Interview Questions
  28. Jenkins Interview Questions
  29. Chef Interview Questions
  30. Puppet Interview Questions
  31. RPA Interview Questions And Answers
  32. Demandware Interview Questions
  33. Visual Studio Interview Questions

Leave a Comment