Duration: 5 Days
This course covers of the basic concepts and skills necessary to configure Check Point Security Gateway and Management Software Blades. You will configure a Security Policy and learn about managing and monitoring a secure network, upgrading and configuring a Security Gateway, and implementing a virtual private network (VPN).
Certification:
This course helps prepare you for the CCSA exam #156-215.13 and CCSE exam #156-315.13, which are available at VUE test centers. Each test contains 90 multiple-choice, scenario-based questions. A passing score is 70% or higher and you are given 120 minutes to complete the exam. The exam is based on 80% course materials and 20% hands-on experience with Check Point products. You should have at least six months of experience with Check Point products before taking the exam.
What You Will Learn
- Check Point technology
- Deployment platforms
- Security policy
- Monitoring traffic and connections
- SmartUpdate
- User management and authentication
- Identity awareness
- Check Point VPNs
- Check Point firewall technology
- Troubleshooting Check Point firewall technology
- Advanced upgrading concepts and practices
- Clustering firewall, management concepts and practices
- Software acceleration features
- Advanced VPN concepts and implementations
- Reporting tools, deployment options, and features
Audience
- Check Point Software Blades technical professionals
- System administrators
- Support analysts
- Security managers
- Network engineers
- Anyone seeking CCSA and CCSE certifications
Prerequistes
- General knowledge of TCP/IP
- Working knowledge of Windows, UNIX, network technology, and the Internet
Course Outline
1. Check Point's key elements and unified approach to network management
2. Design a distributed environment
3. Install the Security gateway in a distributed environment
4. Perform a backup and restore the current gateway installation from the command line
5. Identify critical files needed to purge or backup, import and export users and groups, and add or delete administrators from the command line
6. Deploy gateways using the Gaia web interface
7. Create and configure network, host, and gateway objects
8. Verify SIC establishment between the Security Management Server and the gateway using SmartDashboard
9. Create a basic Rule Base in SmartDashboard that includes permissions for administrative users, external services, and LAN outbound use
10. Configure NAT rules on Web and Gateway servers
11. Evaluate existing policies and optimize the rules based on corporate requirements
12. Maintain the Security Management Server with scheduled backups and policy versions to ensure seamless pgrades with minimal downtime
13. Use Queries in SmartView Tracker to monitor IPS and common network traffic and troubleshoot events using packet data
14. Use packet data to generate reports, troubleshoot system and security issues, and ensure network functionality
15. Using SmartView Monitor, configure alerts and traffic counters, view a gateway's status, monitor suspicious activity rules, analyze tunnel activity and monitor remote user access
16. Monitor remote gateways using SmartUpdate to evaluate the need for upgrades, new installations, and license modifications
17. Use SmartUpdate go apply upgrade packages to single or multiple VPN-1 gateways
18. Upgrade and attach product licenses using SmartUpdate
19. Centrally manage users to ensure only authenticated users securely access the corporate network either locally or remotely
20. Manage users to access the corporate LAN by using external databases
21. Use Identity Awareness to provide granular-level access to network resources
22. Acquire user information used by the security gateway to control access
23. Define access roles for use in an Identity Awareness rule
24. Implement Identity Awareness in the Firewall Rule Base
25. Configure a pre-shared secret site-to-site VPN with partner sites
26. Configure permanent tunnels for remote access to corporate resources
27. Configure VPN tunnel sharing, given the difference between host-based, subunit-based, and gateway- based tunnels
28. Perform a backup of a security gateway and Management Server using your understanding of the differences between backups, snapshots and update-exports
29. Upgrade and troubleshoot a Management Server using a database migration
30. Upgrade and troubleshoot a clustered Security Gateway deployment
31. Use knowledge of Security Gateway infrastructures, chain modules, packet flow, and kernel tables to perform debugs on firewall processes
32. Build, test, and troubleshoot a ClusterXL Load Sharing deployment on an enterprise network
33. Build, test, and troubleshoot a ClusterXL High Availability deployment on an enterprise network
34. Build, test, and troubleshoot a management HA deployment on an enterprise network
35. Configure, maintain, and troubleshoot SecureXL and CoreXL acceleration solutions on the corporate network traffic to ensure noted performance enhancement
36. Using an external user database such as LDAP, configure User Directory to incorporate user information for authentication services on the network
37. Manage internal and external user access to resources for remote access or across a VPN
38. Troubleshoot user-access issues found when implementing Identity Awareness
39. Troubleshoot a site-to-site or certificate-based VPN on a corporate gateway using IKE View, VPN log files, and command-line debug tools
40. Optimize VPN performance and availability by using Link Selection and Multiple Entry Point solutions
41. Manage and test corporate VPN tunnels to allow for greater monitoring and scalability with multiple tunnels defined in a community including other VPN providers
42. Create events or use existing event definitions to generate reports on specific network traffic using SmartReporter and SmartEvent to provide industry compliance information to management
43. Troubleshoot report generation given command-line tools and debug-file information
Course Labs
Lab 1: Distributed Installations
Lab 2: Stand-Alone Security Gateway Installations
Lab 3: Common Tools
Lab 4: Building a Security Policy
Lab 5: Configure the DMZ
Lab 6: Configure NAT
Lab 7: Monitor with SmartView Tracker
Lab 8: Client Authentication
Lab 9: Identity Awareness
Lab 10: Site-to-Site VPN between Corporate and Branch Office
Lab 11: Upgrade to Check Point R76
Lab 12: Core CLI Elements of Firewall Administration
Lab 13: Migrate to a Clustering Solution
Lab 14: Configure SmartDashboard to Interface with Active Directory
Lab 15: Configure Site-to-Site VPNS with Third-Party Certificates
Lab 16: Remote Access with Endpoint Security VPN
Lab 17: SmartEvent and SmartReporter
