This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Don_Paterson
Advisor
‎2017-12-12 07:10 AM

Security Servers

Hello,

I am trying to understand the difference between content security/Threat Prevention and the legacy security servers.

Are security servers (fwssd - in.ahhtpd etc.) still used anywhere in the modern R80.10 NGTP gateway - where AV, AB, TE and/or TEX?

The NGTP pdf Moty shared on the community is a bit high level.

Also interested in the access control blades that might use fwssd or details on what they use.

SK88020 implies that there are kernel modules in use (APPI and RAD_KERNEL).

Does that mean that it is not fwssd but a more efficient process attached to the fw kernel? Perhaps Resource Advisor running in kernel memory and as a kernel module/process? Same for the NGTP engine/s?

Thanks,

Don

0 Kudos
3 Replies
Timothy_Hall
Champion Champion
Champion
‎2017-12-12 09:45 AM

The security server daemons you specifically named (in.aXXXXd) are not really used on a modern gateway.  However your question touches on what kind of processes are used on a firewall to handle/scan traffic outside the kernel.  There is a brand new chapter in the second edition of my book that covers this aspect in detail.  Key processes are rad, dlpu, and dlpda.  Bit tough to summarize it all here as the chapter ended up being over 20 pages, but some insight into this area is forthcoming...

--
My Book "Max Power: Check Point Firewall Performance Optimization"
Second Edition Coming Soon

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
PhoneBoy
Admin
Admin
‎2017-12-14 10:04 AM

The only place Security Servers *might* still be in use is DLP, and even there I believe we have moved away from using them.

They are largely deprecated in R80.x.

Don_Paterson
Advisor
‎2017-12-18 03:33 AM

Thanks guys. Good info.

Obviously with such a large customer install base things like FWSSDs and Legacy Auth will be in use in places and that could persist for some time.

BTW. Part of the question is to get an understanding not only technically but also related to the CCSE training content and besides certification exam and real-world training how to properly describe the FWSSDs in the context of the NGTP (and NGTX) gateway.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Thu 25 Apr 2024 @ 10:00 AM (CEST)

    The Anatomy of a Cloud Hack by NotSoSecure - EMEA Session

    Thu 25 Apr 2024 @ 06:00 PM (IDT)

    The Anatomy of a Cloud Hack by NotSoSecure - America Session
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    Virtual

    Thu 02 May 2024 @ 05:00 PM (CEST)

    SASE Masters: Deploying Harmony SASE for a 6,000-Strong Workforce in a Single Weekend
    CheckMates Events