How can we achieve below requirement in Checkpoint firewall.
|1.1||The solution should be a stateful firewall and must allow granular control of the state table|
|1.2||On a per-rule basis:|
a. Limit simultaneous client connections
b. Limit states per host
c. Limit new connections per second
d. Define state timeout
e. Define state type
|1.3||State types - the solution shall offer multiple options for state handling:|
a. Keep state - Works with all protocols. Default for all rules.
b. Sloppy state – shall work with all protocols. Less strict state tracking to support asymmetric routing.
c. Synproxy state - Proxies incoming TCP connections to protect servers from spoofed TCP SYN floods. Must include the option to keep state and modulate state combined.
|1.4||State table optimization options – at minimum table optimization shall have the options to:|
a. Normal - the default algorithm
b. High latency - Useful for high latency links, such as satellite connections. Expires idle connections later than normal.
c. Aggressive - Expires idle connections more quickly. More efficient use of hardware resources, but can drop legitimate connections.
d. Conservative - Tries to avoid dropping legitimate connections at the expense of increased memory usage and CPU utilization