Validate your skills on the GAiA operating system: This course provides an understanding of the basic concepts and skills necessary to configure Check Point Security Gateway and Management Software Blades. During this course you will configure a Security Policy and learn about managing and monitoring a secure network – upgrading and configuring a Security Gateway and implementing a virtual private network.
Who Should Attend? Technical professionals – who support – install – deploy or administer Check Point Software Blades.
- System Administrators
- Support Analysts
- Security Managers
- Network Engineers
- Anyone seeking CCSA and CCSE certification
PrerequisitesStudents should have general knowledge of TCP/IP – and
working knowledge of Windows – UNIX – network technology and the
- Introduction to Check Point Technology
- Deployment Platforms
- Introduction to the Security Policy
- Monitoring Traffic and Connections
- Using SmartUpdate
- User Management and Authentication
- Identity Awareness
- Introduction to Check Point VPNs
- Advanced and in-depth explanation of Check Point firewall technology
- Key tips and techniques for troubleshooting Check Point firewall technology
- Advanced upgrading concepts and practices
- Clustering firewall – management concepts – and practices
- Software acceleration features
- Advanced VPN concepts and implementations
- Reporting tools – deployment options and features
Course Objectives Include:
- Describe Check Points unified approach to network management – and the key elements of it.
- Design a distributed environment.
- Install the Security Gateway in a distributed environment.
- Perform a backup and restore the current Gateway installation from the command line.
- Identify critical files needed to purge or backup – import and
export users and groups and add or delete administrators from the
- Deploy Gateways using the Gaia web interface.
- Create and configure network – host and gateway objects.
- Verify SIC establishment between the Security Management Server and the Gateway using SmartDashboard.
- Create a Basic Rule Base in SmartDashboard that includes permissions
for administrative users – external services – and LAN outbound use.
- Configure NAT rules on Web and Gateway servers.
- Evaluate existing policies and optimize the rules based on current corporate requirements.
- Maintain the Security Management Server with scheduled backups and
policy versions to ensure seamless upgrades with minimal downtime.
- Use Queries in SmartView Tracker to monitor IPS and common network traffic and troubleshoot events using packet data.
- Use packet data to generate reports – troubleshoot system and security issues – and ensure network functionality.
- Using SmartView Monitor – configure alerts and traffic counters –
view a Gateways status – monitor suspicious activity rules – analyze
tunnel activity and monitor remote user access.
- Monitor remote gateways using SmartUpdate to evaluate the need for upgrades – new installations – and license modifications.
- Use SmartUpdate go apply upgrade packages to single or multiple VPN-1 Gateways.
- Upgrade and attach product licenses using SmartUpdate.
- Centrally manage users to ensure only authenticated users securely access the corporate network either locally or remotely.
- Manage users to access the corporate LAN by using external databases.
- Use Identity Awareness to provide granular level access to network resources.
- Acquire user information used by the Security Gateway to control access.
- Define Access Roles for use in an Identity Awareness rule.
- Implement Identity Awareness in the Firewall Rule Base.
- Configure a pre-shared secret site-to-site VPN with partner sites.
- Configure permanent tunnels for remote access to corporate resources.
- Configure VPN tunnel sharing – given the difference between host-based – subunit-based and gateway- based tunnels.
- Perform a backup of a Security Gateway and Management Server using
your understanding of the differences between backups – snapshots and
- Upgrade and troubleshoot a Management Server using a database migration.
- Upgrade and troubleshoot a clustered Security Gateway deployment.
- Use knowledge of Security Gateway infrastructures – chain modules –
packet flow and kernel tables to perform debugs on firewall processes.
- Build – test and troubleshoot a ClusterXL Load Sharing deployment on an enterprise network.
- Build – test and troubleshoot a ClusterXL High Availability deployment on an enterprise network.
- Build – test and troubleshoot a management HA deployment on an enterprise network.
- Configure – maintain and troubleshoot SecureXL and CoreXL
acceleration solutions on the corporate network traffic to ensure noted
- Using an external user database such as LDAP – configure User
Directory to incorporate user information for authentication services on
- Manage internal and external user access to resources for Remote Access or across a VPN.
- Troubleshoot user access issues found when implementing Identity Awareness.
- Troubleshoot a site-to-site or certificate-based VPN on a corporate
gateway using IKE View – VPN log files and command-line debug tools.
- Optimize VPN performance and availability by using Link Selection and Multiple Entry Point solutions.
- Manage and test corporate VPN tunnels to allow for greater
monitoring and scalability with multiple tunnels defined in a community
including other VPN providers.
- Create events or use existing event definitions to generate reports
on specific network traffic using SmartReporter and SmartEvent to
provide industry compliance information to management.
- Troubleshoot report generation given command-line tools and debug-file information.
Lab Exercises Include:
- Distributed Installations
- Stand-alone Security Gateway Installations
- Common Tools
- Building a Security Policy
- Configure the DMZ
- Configure NAT
- Monitor with SmartView Tracker
- Client Authentication
- Identity Awareness
- Site-to-Site VPN between corporate and branch office
- Upgrade to Check Point R77
- Core CLI elements of firewall administration
- Migrate to a clustering solution
- Configure SmartDashboard to interface with Active Directory
- Configure site-to-site VPNS with third-party certificates
- Remote access with Endpoint Security VPN
- SmartEvent and SmartReporter
Certification Information: This course helps prepare you for the CCSA
exam #156-215.77 and CCSE exam #156-315.77 exams that are available at
VUE test centers www.vue.com/checkpoint. Each test contains 90
multiple-choice – scenario-based questions. A passing score is 70% or
higher in 120 minutes. The exam is based on 80% course materials and 20%
hands-on experience with Check Point products. Students should have at
least 6 months experience with Check Point products before challenging