Check Point Accelerated CCSA and CCSE R77

Overview

This 5 day accelerated course will cover both Check Point Security Administration R77 and Check Point Security Engineering R77 courses.

These courses will provide an understanding of the basic concepts and skills necessary to configure Check Point Security Gateway and Management Software Blades. During this course you will configure a Security Policy and learn about managing and monitoring a secure network, upgrading and configuring a Security Gateway and implementing a virtual private network. It will also cover how to effectively build, modify, deploy and troubleshoot Check Point Security systems on the Gaia OS. We will study firewall processes and take a close look at user and kernel processing and Stateful Inspection. Labs include configuring security gateways, implementing VPNs, and performing advanced troubleshooting tasks on the firewall.

Objectives

  • Introduction to Check Point Technology
  • Deployment Platforms
  • Introduction to the Security Policy
  • Monitoring Traffic and Connections
  • Network Address Translation
  • Using SmartUpdate
  • User Management and Authentication
  • Identity Awareness
  • Introduction to Check Point VPNs
  • Advanced and in-depth explanation of Check Point firewall technology
  • Key tips and techniques for troubleshooting Check Point firewall technology
  • Advanced upgrading concepts and practices
  • Clustering firewall, management concepts and practices
  • Software acceleration features
  • Advanced VPN concepts and implementations
  • Reporting tools, deployment options and features

Audience

Technical persons who support, install, deploy or administer Check Point Software Blades should attend this course. This could include the following:

  • System Administrators
  • Support Analysts
  • Security Managers
  • Network Engineers
  • Anyone seeking CCSA certification

Prerequisites

Persons attending this course should have general knowledge of TCP/IP, and working knowledge of Windows, UNIX, network technology and the internet

Syllabus

CCSA

  • Describe Check Point's unified approach to network management, and the key elements of it
  • Design a distributed environment
  • Install the Security Gateway in a distributed environment
  • Perform a backup and restore the current Gateway installation from the command line
  • Identify critical files needed to purge or backup, import and export users and groups and add or delete administrators from the command line
  • Deploy Gateways using the Gaia web interface
  • Create and configure network, host and gateway objects
  • Verify SIC establishment between the Security Management Server and the Gateway using SmartDashboard
  • Create a basic Rule Base in SmartDashboard that includes permissions for administrative users, external services, and LAN outbound use
  • Configure NAT rules on Web and Gateway servers
  • Evaluate existing policies and optimize the rules based on current corporate requirements
  • Maintain the Security Management
  • Server with scheduled backups and policy versions to ensure seamless upgrades with minimal downtime
  • Use Queries in SmartView Tracker to monitor IPS and common network traffic and trouble shoot events using packet data
  • Use packet data to generate reports, trouble shoot system and security issues, and ensure network functionality
  • Using SmartView Monitor, configure alerts and traffic counters, view a Gateway's status, monitor suspicious activity rules, analyze tunnel activity and monitor remote user access
  • Monitor remote Gateways using SmartUpdate to evaluate the need for upgrades, new installations, and license modifications
  • Use SmartUpdate to apply upgrade packages to single or multiple VPN-1 Gateways
  • Upgrade and attach product licenses using SmartUpdate
  • Centrally manage users to ensure only authenticated users securely access the corporate network either locally or remotely
  • Manage users to access the corporate LAN by using external databases
  • Use Identity Awareness to provide granular level access to network resources
  • Acquire user information used by the Security Gateway to control access
  • Define Access Roles for use in an Identity Awareness rule
  • Implement Identity Awareness in the Firewall Rule Base
  • Configure a pre-shared secret site-to-site VPN with partner sites
  • Configure permanent tunnels for remote access to corporate resources
  • Configure VPN tunnel sharing, given the difference between host-based, subunit-based and gateway-based tunnels

    CCSE

  • Perform a backup of a Security Gateway and Management Server using your understanding of the differences between backups, snapshots and update-exports
  • Upgrade and troubleshoot a Management Server using a database migration
  • Upgrade and troubleshoot a clustered Security Gateway deployment
  • Use knowledge of Security Gateway infrastructures, chain modules, packet flow and kernel tables to perform debugs on firewall processes
  • Build, test and troubleshoot a ClusterXL Load Sharing deployment on an enterprise network
  • Build, test and troubleshoot a ClusterXL High Availability deployment on an enterprise network
  • Build, test and troubleshoot a management HA deployment on an enterprise network
  • Configure, maintain and troubleshoot SecureXL and CoreXL acceleration solutions on the corporate network traffic to ensure noted performance enhancement
  • Using an external user database such as LDAP, configure User Directory to incorporate user information for authentication services on the network
  • Manage internal and external user access to resources for Remote Access or across a VPN
  • Troubleshoot user access issues found when implementing Identity Awareness
  • Troubleshoot a site-to-site or certificatebased VPN on a corporate gateway using IKE View, VPN log files and command-line debug tools
  • Optimize VPN performance and availability by using Link Selection and Multiple Entry Point solutions
  • Manage and test corporate VPN tunnels to allow for greater monitoring and scalability with multiple tunnels defined in a community including other VPN providers
  • Create events or use existing event definitions to generate reports on specific network traffic using SmartReporter and SmartEvent to provide industry compliance information to management
  • Troubleshoot report generation given command-line tools and debugfile information

    CERTIFICATION INFORMATION

    This course helps prepare for CCSA and CCSE exams #156-215.77 & #156-315.77 available at VUE test centers www.vue.com/checkpoint .
    Both exams contains 90 multiple-choice, scenario-based questions. A passing score is 70% or higher. The exam is based on 80% course
    materials and 20% hands-on experience with Check Point products. Students should have at least 6 months experience with Check Point products before challenging the exam.

  • Training provider

    Teaching mode: Classroom - Instructor Led
    Duration: 5 days
    Gooroo has partnered with the global leaders in IT training to give you access to quality training, personalised to you, targeted at increasing your job opportunities and salary.

    Our pricing

    We do not display pricing as Gooroo members qualify for special discounts not available elsewhere. You must enquire through Gooroo to get this benefit.

    New courses are happening all the time

    Our partner's expert training consultant will provide you with the times and all the details you need. Enquire today.

    Top skills covered in this course

    High availability
    Worldwide
    This skill has an average salary of
    US$106,550
    and is mentioned in
    0.35%
    of job ads.
    Lightweight Directory Access Protocol
    Worldwide
    This skill has an average salary of
    US$102,511
    and is mentioned in
    0.20%
    of job ads.
    Database
    Worldwide
    This skill has an average salary of
    US$79,140
    and is mentioned in
    11.13%
    of job ads.
    Debugging
    Worldwide
    This skill has an average salary of
    US$98,213
    and is mentioned in
    1.07%
    of job ads.