All of the following are steps for implementing UFP, EXCEPT:
A.
While the UFP Server is analyzing the requests, the Enforcement Module HTTP Proxy Server
initiates a request to the destination. The HTTP Proxy server then waits for a response from the
UFP Server before allowing the request.
B.
The client invokes a connection through the VPN-1/FireWall-1 Enforcement Module.
C.
The Content Server inspects the URLs and returns the validation result message to the
Enforcement Module.
D.
The Enforcement Module takes the action defined in the Rule Base for the resource.
E.
The Security Server uses UFP to send the URL to a third-party UFP Server categorization.
Explanation:
Content-Filtering Protocols
As mentioned earlier, Check Point utilizes two different protocols to filter
the content of HTTP, FTP, SMTP, and TCP traffic: CVP and UFP. Each protocol
runs on a specific port and offers a different functionality, as described
in the following sections. The Application Program Interface (API) information
for each of these protocols can be found at www.opsec.com
. CheckPoint encourages vendors to program their content filtering products to
interface with FireWall-1.
Content Vectoring Protocol (CVP)
Content Vectoring Protocol (CVP)
allows FireWall-1 to send a connection
on port 18181 to a CVP server to perform content checking. This API scans
HTTP, FTP, SMTP, or other TCP data streams for viruses and malicious
Java and ActiveX code. Some of the products also perform security for
e-mail message content, but the CVP’s main function is virus scanning.URL Filtering Protocol (UFP)
URL Filtering Protocol (UFP) allows FireWall-1 to send data on port 18182 to
a UFP server to perform URL filtering. This API allows organizations to monitor
and/or eliminate network traffic to Internet sites deemed inappropriate or
otherwise undesirable, as well as control the content viewed by the end user.