The process ________________ compiles $FWDIR/conf/*.W files into machine language.
A.
fw gen
B.
cpd
C.
fwd
D.
fwm
The process ________________ compiles $FWDIR/conf/*.W files into machine language.
The process ________________ compiles $FWDIR/conf/*.W files into machine language.
A.
fw gen
B.
cpd
C.
fwd
D.
fwm
fw gen doesn´t exist the answer is the letter B
sorry D
The course notes say that the PROCESS is “fwm_gen”, which is not listed.
“fw gen” doesn’t seem to exist, and “fwm” is a command that can be used.
I suspect this is a photography / OCR issue from the original exam, and answer A should read “fwm_gen” 🙂
On a website i found:
fw gen
Generate a *.pf file from a *.W file
http://www.scribd.com/doc/2675225/Checkpoint-Firewall-Cheat-Sheet
So i still think A is right. But i need to check in the office tomorrow.
Also on this site fw gen is explained: http://www.symantec.com/connect/articles/check-point-firewall-1-linux-part-three
ans is A:
fwm_gen which is responsible for policy compilation.
uses $FWDIR/conf/*.W files along with $FWDIR/conf/Objects_5_0.C
resultant file is policyname.pf
which is passed to CPP for another object name resolution
fwm_gen is a command and not a process. The question refers to the process and that should be “fwm” (page 30 of the CCSE R75 student manual).
p37 in the R76 student manual says the following:
fwm_gen compiles the $FWDIR/conf/*.W into a machine language creating a new file called $FWDIR/conf/*.pf
So the answer is definately not FWM but fwm_gen, if this literal question would be on the exam then fw gen is wrong and I suggest you choose fwm since it is responsible for policy compilation.
Answer should be D
sk101226
Policy installation flow:
1.Assuming the initiation was made by the SmartDashboard, as opposed to using command line options, such as fwm load (on Management Server) or fw fetch (on Security Gateway), the Web Service policy installation command is sent to the Check Point Management (CPM) on the Management Server, which then sends the command to the FWM process where the verification and compilation take place. (In case of failure, debug messages of cpm can be found in $MDS_FWDIR/log/install_policy.elg file.)
2.FWM process is responsible for code generation and compilation.
3.FWM process invokes the Check Point Policy Transfer Agent (CPTA) command that sends the policy to all applicable Security Gateways.
4.CPD process on the Security Gateway receives the policy and verifies its integrity.
5.FWD process on the Security Gateway updates all of the user-mode processes responsible for enforcement aspects. These include VPND process for VPN issues, FWSSD processes for Security Server issues, and so on. Once complete, the CPD process then initiates the update for Check Point kernel.
6.The new policy is prepared, and the Check Point kernel holds the current traffic and starts queuing all incoming traffic.
7.The Atomic Load takes place. This process should take a fraction of a second.
Note: During Atomic Load, SecureXL is disabled and re-enabled afterwards.
8.The traffic queue is released, and all of the packets are handled by the new security policy.