The process ___________ is responsible for all other security server processes run on the Gateway.

The process ___________ is responsible for all other security server processes run on the
Gateway.

The process ___________ is responsible for all other security server processes run on the
Gateway.

A.
CPD

B.
FWM

C.
FWD

D.
FWSSD



Leave a Reply 9

Your email address will not be published. Required fields are marked *


Tim

Tim

A

Tim

Tim

Ooops, I would actually say it’s CPWD since this is responsible for cpd, fwm, fwd…etc

Wording of the question might not be grammatically correct. No surprise with Check Point. Many of their sk’s and admin guides are riddled with typos

imran haider

imran haider

cpwd checkpoint watchdog

b77

b77

Given that the question refers specifically to ‘security server processes’, I would assume that it should be D – FWSSD.

(The best reference I can find is step 5 in sk101226).

DatDude

DatDude

Right, the answer is D

Eddye

Eddye

According to sk101226 and sksk97638(mentioned by b77) I think the correct answer is FWD.

CPD – Generic process (add-ons container) for many Check Point services, such as installing and fetching policy, and online updates.

FWM – Runs on Management Server.

FWD – On the Security Gateway updates all of the user-mode processes responsible for enforcement aspects. These include VPND process, FWSSD processes, and so on.

FWSSD – It deals only the problems relating to the security server that is sent by FWD. It doesn´t run another process.

In my understanding, the FWSSD is just a child process that depends on the information passed by FWD. Without it FWSSD, vpnd, and others do not function. So I consider that FWD is the correct answer.

Feel free to make more comments and considerations.

kam

kam

Policy Install flow process

1. Assuming the initiation was made by a Smart Console application, as opposed to using command line options such as fmw load or fw fetch, the Check Point Management Interface (CPMI) policy installation command is sent to FMW on the management server where the verification and compilation takes place.

2. FWM forwards the command to CPD for code generation and compilation.

3. CPD invokes the Checkpoint policy transfer agent (CPTA) command which sends the policy to all applicable security gateways.

4. CPD on the security gateway receives the policy and verifies it’s integrity.

5. FWD on the security gateway updates all of the user-mode processes responsible for enforcement aspects. These include VPND for VPN issues, FWSSD processes for security server issues and so on. Once complete, the CPD then initiates the kernel replacement.

6. The new policy is prepared, and the kernel halts the traffic and starts queuing all incoming traffic.

7. The Atomic load takes place. This process should take a fraction of a second.

8. The queue is released and all of the packets are handled by the new policy.

Note step 5 says FWD is responsible for enforcement aspects and updates all the other user-mode processes.

vpn123

vpn123

Correct answer is C – FWD.

fwd allows other processes, including the Kernel, to forward logs to external log servers as well as the SMS. It is related to policy installation and used to communicate with the Kernel using command line tools such as fw commands, Kernel varables or using Kernel control commands.