Check Point Security Administrator & Security Engineer Bundle (CCSA & CCSE) | Kudelski Security

Check Point Security Administrator & Security Engineer Bundle (CCSA & CCSE)

View Available Sessions »

Validate your skills on the GAiA operating system: This course provides an understanding of the basic concepts and skills necessary to configure Check Point Security Gateway and Management Software Blades. During this course you will configure a Security Policy and learn about managing and monitoring a secure network – upgrading and configuring a Security Gateway and implementing a virtual private network.

Course Description

Who Should Attend? Technical professionals – who support – install – deploy or administer Check Point Software Blades.

  • System Administrators
  • Support Analysts
  • Security Managers
  • Network Engineers
  • Anyone seeking CCSA and CCSE certification

PrerequisitesStudents should have general knowledge of TCP/IP – and
working knowledge of Windows – UNIX – network technology and the
internet.Description:Course Topics

  • Introduction to Check Point Technology
  • Deployment Platforms
  • Introduction to the Security Policy
  • Monitoring Traffic and Connections
  • Using SmartUpdate
  • User Management and Authentication
  • Identity Awareness
  • Introduction to Check Point VPNs
  • Advanced and in-depth explanation of Check Point firewall technology
  • Key tips and techniques for troubleshooting Check Point firewall technology
  • Advanced upgrading concepts and practices
  • Clustering firewall – management concepts – and practices
  • Software acceleration features
  • Advanced VPN concepts and implementations
  • Reporting tools – deployment options and features

Course Objectives Include:

  • Describe Check Points unified approach to network management – and the key elements of it.
  • Design a distributed environment.
  • Install the Security Gateway in a distributed environment.
  • Perform a backup and restore the current Gateway installation from the command line.
  • Identify critical files needed to purge or backup – import and
    export users and groups and add or delete administrators from the
    command line.
  • Deploy Gateways using the Gaia web interface.
  • Create and configure network – host and gateway objects.
  • Verify SIC establishment between the Security Management Server and the Gateway using SmartDashboard.
  • Create a Basic Rule Base in SmartDashboard that includes permissions
    for administrative users – external services – and LAN outbound use.
  • Configure NAT rules on Web and Gateway servers.
  • Evaluate existing policies and optimize the rules based on current corporate requirements.
  • Maintain the Security Management Server with scheduled backups and
    policy versions to ensure seamless upgrades with minimal downtime.
  • Use Queries in SmartView Tracker to monitor IPS and common network traffic and troubleshoot events using packet data.
  • Use packet data to generate reports – troubleshoot system and security issues – and ensure network functionality.
  • Using SmartView Monitor – configure alerts and traffic counters –
    view a Gateways status – monitor suspicious activity rules – analyze
    tunnel activity and monitor remote user access.
  • Monitor remote gateways using SmartUpdate to evaluate the need for upgrades – new installations – and license modifications.
  • Use SmartUpdate go apply upgrade packages to single or multiple VPN-1 Gateways.
  • Upgrade and attach product licenses using SmartUpdate.
  • Centrally manage users to ensure only authenticated users securely access the corporate network either locally or remotely.
  • Manage users to access the corporate LAN by using external databases.
  • Use Identity Awareness to provide granular level access to network resources.
  • Acquire user information used by the Security Gateway to control access.
  • Define Access Roles for use in an Identity Awareness rule.
  • Implement Identity Awareness in the Firewall Rule Base.
  • Configure a pre-shared secret site-to-site VPN with partner sites.
  • Configure permanent tunnels for remote access to corporate resources.
  • Configure VPN tunnel sharing – given the difference between host-based – subunit-based and gateway- based tunnels.
  • Perform a backup of a Security Gateway and Management Server using
    your understanding of the differences between backups – snapshots and
    update-exports.
  • Upgrade and troubleshoot a Management Server using a database migration.
  • Upgrade and troubleshoot a clustered Security Gateway deployment.
  • Use knowledge of Security Gateway infrastructures – chain modules –
    packet flow and kernel tables to perform debugs on firewall processes.
  • Build – test and troubleshoot a ClusterXL Load Sharing deployment on an enterprise network.
  • Build – test and troubleshoot a ClusterXL High Availability deployment on an enterprise network.
  • Build – test and troubleshoot a management HA deployment on an enterprise network.
  • Configure – maintain and troubleshoot SecureXL and CoreXL
    acceleration solutions on the corporate network traffic to ensure noted
    performance enhancement.
  • Using an external user database such as LDAP – configure User
    Directory to incorporate user information for authentication services on
    the network.
  • Manage internal and external user access to resources for Remote Access or across a VPN.
  • Troubleshoot user access issues found when implementing Identity Awareness.
  • Troubleshoot a site-to-site or certificate-based VPN on a corporate
    gateway using IKE View – VPN log files and command-line debug tools.
  • Optimize VPN performance and availability by using Link Selection and Multiple Entry Point solutions.
  • Manage and test corporate VPN tunnels to allow for greater
    monitoring and scalability with multiple tunnels defined in a community
    including other VPN providers.
  • Create events or use existing event definitions to generate reports
    on specific network traffic using SmartReporter and SmartEvent to
    provide industry compliance information to management.
  • Troubleshoot report generation given command-line tools and debug-file information.

Lab Exercises Include:

  • Distributed Installations
  • Stand-alone Security Gateway Installations
  • Common Tools
  • Building a Security Policy
  • Configure the DMZ
  • Configure NAT
  • Monitor with SmartView Tracker
  • Client Authentication
  • Identity Awareness
  • Site-to-Site VPN between corporate and branch office
  • Upgrade to Check Point R77
  • Core CLI elements of firewall administration
  • Migrate to a clustering solution
  • Configure SmartDashboard to interface with Active Directory
  • Configure site-to-site VPNS with third-party certificates
  • Remote access with Endpoint Security VPN
  • SmartEvent and SmartReporter

Certification Information: This course helps prepare you for the CCSA
exam #156-215.77 and CCSE exam #156-315.77 exams that are available at
VUE test centers www.vue.com/checkpoint. Each test contains 90
multiple-choice – scenario-based questions. A passing score is 70% or
higher in 120 minutes. The exam is based on 80% course materials and 20%
hands-on experience with Check Point products. Students should have at
least 6 months experience with Check Point products before challenging
the exam.



Check Point

Course Sessions

Dallas
2017/08/21
Open
Denver
2017/07/31

Canceled.

Washington DC
2017/07/31

Canceled.

Virtual
2017/08/21

Guaranteed to run

Herndon
2017/10/16
Open
Phoenix
2017/10/16
Open
Denver
2017/09/18
Open
Minneapolis
2017/10/30
Open
Virtual
2017/10/30
Open
Chicago
2017/08/07
Open
Virtual
2017/08/14

Guaranteed to run

San Francisco
2017/08/28
Open
Herndon
2017/08/21

Guaranteed to run

Minneapolis
2017/10/02
Open
Atlanta
2017/10/02
Open
Tampa
2017/10/23
Open
Chicago
2017/10/09
Open
Houston
2017/09/11
Open
Phoenix
2017/08/07
Open
Atlanta
2017/08/14
Open
New York City
2017/09/11
Open
Atlanta
2017/10/30
Open
Virtual
2017/10/02

Guaranteed to run

Washington DC
2017/10/09
Open
Dallas
2017/09/18
Open
San Francisco
2017/10/23
Open
Tampa
2017/08/28
Open
Minneapolis
2017/08/14
Open
Virtual
2017/11/27
Open
Virtual
2017/12/18
Open

Ask a Question