What is the correct policy installation process order?
1.Verification
2.Code generation and compilation
3.Initiation
4.Commit
5. Conversion
6. CPTA
A.
1, 2, 3, 4, 5, 6
B.
3, 1, 5, 2, 6, 4
C.
4, 2, 3, 5, 6, 1
D.
6, 5, 4, 3, 2, 1
What is the correct policy installation process order?
What is the correct policy installation process order?
1.Verification
2.Code generation and compilation
3.Initiation
4.Commit
5. Conversion
6. CPTA
CPTA = Check Point Policy Transfer Agent
if someone does not know it (like me 😉
Thanks
nice one!
During the process commonly called “install policy” the following steps occur:
ï‚· Initiation – Policy installation is initiated with dedicated dialog window from SmartDashboard GUI (or
from CLI). The information is passed from Smart Dashboard to the SmartCenter.
ï‚· Verification – The information in the database is verified to comply with a number of rules specific to the
application and package, for which policy installation is requested. If this verification fails, the process
ends here and an error message is passed to the initiator.
ï‚· Conversion – The information in the database is converted from its initial format to the format,
understandable by further participants (GUI, SmartCenter, GWs, etc.). During conversion, rules that
constitute security policy are put into result file named .W. This file, like the rest of
converted and waiting for code generation data, resides in the conf sub-directory of the relevant
compatibility package
ï‚· Code generation and compilation – Policy is translated to the INSPECT language and compiled with
INSPECT compiler. The result of the code generation is a long string, containing resulting INSPECT
source code, which is added into file named .pf, which also resides in the conf subdirectory
of the relevant compatibility package.
ï‚· The next step is creating “state directories” which is a file system directory where files are ready to be
transferred to the module. A dedicated process compiles the $FWDIR/conf/*.pf with all the relevant
$FWDIR/lib/*.def files and create a temporary file called *.cpp which is transferred to the “state
directories”.
 CPTA – Policy files are transferred (from the temporary state directories) and saved on the gateway side
in the gateway’s temporary state directory. Policy is transferred to the firewall gateway using SIC. It
reads files from state directories into internal buffers and starts policy transfer to all the involved
gateways.
ï‚· Commit – When all the files are transferred successfully, process called “commit” is initiated – firewall
software is instructed to read the new security policy and start to use it. If everything went OK, cpd
process on the gateway side saves the policy in the gateway’s permanent state directory.
Easy question. We begin with Initiation, so the only possible answer is B 🙂
B. 3, 1, 5, 2, 6, 4