Check Point Security Expert R70/R71

Length

4 days (recommended)

Prerequisites

™CCSA R70 or CCSA R70 Upgrade training or certification or equivalent experience

Course teaches everything you need to maximize the performance of your Check Point Software Blade
deployment.

You will learn

™Set up multiple security gateway clusters

™Implement Provisioning
™Deploy High Availability and apply load balancing
™Apply Data Loss Prevention technology 1

How You Will Benefit

™Configure networks for advanced routing.

™Utilize advanced reporting and monitoring features.
™Identify and track network intrusions.
™Assess security acceleration requirements.
™Audit and approve Security Policy changes.
™Troubleshoot with advanced debugging techniques.

Exercises

™Lab 1: Environment Setup.

™Scenario
™Topics.
™Build the Management Server.
™Build Gateways.
™Install and Configure NTP.
™Establishing SIC.

Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
™Lab 2: Management Portal.
™Scenario
™Topics.
™Configure Management Portal on Corporate Site.
™Test Management Portal Access.
™Configure Management Portal Access on Partner Site.
™Test Management Portal with Read Only Access.
™Lab 3: SmartWorkflow.
™Scenario.
™Topics.
™Create a New Administrator.
™Configure SmartWorkflow.
™Open a Submit a Session for Approval.
™Disapprove the Session and Request a Modification.
™Repair Session 1.
™Approve the Session and Install the Policy.
™Install the Policy.
™Disable SmartWorkflow.
™Lab 4: SmartProvisioning.
™Scenario.
™Topics:
™Enable SmartProvisioning.
™Creating New Profile.
™Assign Profile to sgcorp.
™Push Policy to Gateway. 2
™Verify Profile Changes.
™Lab 5: SSL VPN.
™Scenario.
™Required Lab tools.
™Topics:
™Install SSL VPN.
™Mandatory Hotfix for R71 SSL VPN Tab.
™Enable SSL VPN in Smart Dashboard.
™Create a File-Share Application in the SSL VPN Tab.
™Create an Internal User.
™Assign File-Share Access to User Group.
™Verify Fileshare Access Through the User Portal.
™Configure Embedded RDP.
™Permit Access to Application.
™Configure Global Properties.
™Configure Server and Client.
™Test RDP Session.
™Lab 6: Secure XL.
™Scenario.
™Topics:
™Enable and Configure SecureXL on the Gateway.
™Open Connections and Verify Acceleration.

Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
™Lab 7: Deploying New Mode HA
™Scenario.
™Objectives.
™Topics
™Create and Configure a Secondary Cluster Member.
™Cluster and Member IP Addresses.
™Reconfigure Routing.
™Configure Gateway-Cluster Object.
™Configure ClusterXL Properties.
™Modify the Rule Base.
™Pass Traffic Through Cluster.
™Observe Cluster Status in SmartView Monitor.
™Test Failover.
™Method 1:
™Method 2:
™Method 3:
™Lab 8: Load Sharing Unicats (Pivot) and Multicast Modes
™Scenario.
™Topics.
™Configure Load Sharing Unicast Mode.
™Test Load Sharing Unicast Mode.
™Configure Load Sharing Multicast Mode.
™Test Load Sharing Multicast Mode.

™Lab 9: VPN with Sticky Decision Function. 3

™Topics: The following topics are covered in this lab.
™Configure VPN in a Cluster.
™Define the VPN Domain.
™Create the VPN Community.
™Create the VPN Rule and Modify the Rule Base.
™Test VPN Connection.
™View a Packet Capture of FTP Connections without Sticky Decision Function.
™View a Packet Capture of FTP Connections with Sticky Decision Function.
™Lab 10: Configuring Check Point QoS Policy.
™Scenario.
™Topics:
™Enable and Configure Check Point QoS.
™Enable Check Point QoS on Security Gateway.
™Configure Check Point QoS Global Properties.
™Configure QoS on the Gateway.
™Create Check Point QoS Rules and Adjust Rule Weights.
™Add Outbound Rule.
™Add Inbound Rule.
™Verify and Install Policy.
™Test QoS Policy
™Inbound Transfer Rate.
™Outbound Transfer Rate.

Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
™Lab 11: Implementing IPS
™Scenario.
™Topics:
™Modify the Gateway Properties.
™Modify DMZ Server Object.
™Configure IPS for Preliminary Detection.
™Create a News IPS Profile.
™Assign to Gateway.
™Generate an Attack.
™Analyze the Attack.
™Reconfigure IPS to Block Attacks.
™Review Logs.
™Lab 12: Data Loss Prevention.
™Synopsis.
™Topology Setup.
™Configure the DLP Gateway.
™Configure the DLP Object in SmartDashboard
™Modify the Rule Base.
™Test The Default Policy
™Employee Name
™Keyword Search.
™Template Exercise.
™Lab 13: SmartEvent.
™Scenario.
™Objective 4
™Topics.
™Configure the Network object in SmartDashboard
™Configuring Security Gateways to work with SmartEvent.
™Configure the WindowsEventToCPLog service.
™Monitoring Events with SmartEvent.
™Generate Reports Base on Activities.
™Lab 14: Kernel debugging, connection tables and the I/O chain.
™Scenario.
™Objectives:
™Topics:
™Examine changes to the Inbound and Outbound chains using fw ctl chain.
™Examine the connections table with fw tab –t connections.
™Debugging License Issues.
™Bad GUI Client Definition.
™Kernel Debugging Dropped Port.
™Debugging HIDE NAT.
™Comparing client side versus server side translation.
™Debugging Cluster XL.
™Debug the Kernel for Configuration Changes.
™Debug the Kernel for Status Changes.
™VPN Debug Exercise. Viewing the Phases in IKEView

Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
 Contents

™Preface Check Point Security Administrator R70

™Course Layout.
™Prerequisites.
™Certification Title.
™Sample Setup for Labs.
™Lab Terminology.
™R 70 – What´s New.
™R71 – What´s New.
™Training and Certification.
™CCMA
™Learn More.
™Practice Lab.
™Chapter 1 Management Portal.
™Web Based Administration.
™Deploying the Management Portal – Dedicated Server.
™Deploying the Management Portal – Security Management Server.
™Management Portal Commands and Configuration.
™Limiting Access to Specific IP Addresses.
™Management Portal Configuration.
™Client Side Requirements.
™Connecting to the Management Portal.
™Using the Management Portal. 5
™Practice Lab.
™Review.
™Chapter 2 Smart Workflow.
™Change Management.
™The Smart Workflow Environment.
™Task Flow.
™Smart Workflow Sessions With Role Segregation.
™Task Flow.
™SmartWorkflow Without Role Segregation Task Flow.
™SmartWorkflow Toolbar.
™The Smart Workflow Session Management Window.
™Working with SmartWorkflow.
™Assigning Permissions.
™Enabling SmartWorkflow.
™Configuring Smart Workflow.
™Working with Sessions.
™Submitting Sessions for Approval.
™Reviewing the Sessions.
™Comparing Policies
™Approving Sessions.
™Requesting Repairs to a Session.
™Installing the Security Policy
™Auditing Changes.
™Practice Lab.
™Review.

Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
™Chapter 3 SmartProvisioning.
™SmartProvisioning Overview.
™SmartProvisioning Management.
™Enabling SmartProvisioning.
™The Smart Provisioning Console.
™Tree Pane.
™Workspace Pane.
™Status View.
™The SmartProvisioning Wizard.
™SmartProvisioning Profiles.
™UTM-1 Edge-Only SmartProvisioning.
™Configuring a HotSpot for SmartProvisioning.
™Configuring RADIUS for SmartProvisioning.
™Security Gateway-Only SmartProvisioning.
™Configuring DNS for SmartProvisioning.
™Configuring Hosts for SmartProvisioning.
™Configuring Domain Name for SmartProvisioning.
™Configuring Backup Schedule.
™Gateway Management.
™Adding Gateways to SmartProvisioning.
™Gateway Edit Window.
™Real-Time Gateway Actions.
™Remotely Controlling Gateways.
™Updating Corporate Office Gateways.
™Editing Gateway Properties. 6
™Configuring Interfaces.
™Executing Commands
™Managing SmartLSM Security Gateways.
™Applying Dynamic Object Values.
™Getting Updated Security Policy.
™Changing Assigned SmartLSM Security Profile.
™Tracking.
™Log Servers.
™Configuring SmartLSM Security Gateway Topology.
™Converting SmartLSM Security Gateways to Gateways.
™Managing Security Gateways.
™Scheduling Backups.
™Configuring Hosts.
™Configuring the Domain.
™Configuring Host Name.
™Configuring Routing.
™Managing Software.
™The Package Repository.
™Distributing Packages.
™Security Gateway Actions
™Scripts.
™Security Gateway Backup.
™Applying Changes.
™Maintenance Mode.
™UTM-1 Edge Portal.
™UTM-1 Edge Ports.

Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
 ™Provisional Settings.
™Configuring Routing.
™RADIUS.
™Configuring a HotSpot.
™Understanding Dynamic Objects.
™Benefits of Dynamic Objects.
™Dynamic Object Types.
™Dynamic Object Values.
™Command Line.
™Practice Lab.
™Review.
™Chapter 4 SSL Portal-Based VPN.
™SSL VPN Software Blade Overview.
™Key Features.
™Simple Deployment – SSL VPN.
™Deploying SSL VPN – DMZ
™Cluster Deployment,
™SSL VPN Management.
™SSL Network Extender.
™SSL VPN Security Features.
™Configuration Workflow.
™The SSL VPN Wizard.
™Setting up the SSL VPN Portal.
™User Workflow.
™Managing Access to Applications. 7
™Protection Levels.
™Introduction to Applications.
™Web Application.
™File Shares.
™Citrix Services.
™Web Mail Services.
™Native Applications.
™Practice Lab.
™Review.
™Chapter 5 Acceleration.
™Check Point Acceleration and Clustering.
™SecureXL: Security Acceleration.
™What SecureXL Does.
™Throughput Acceleration.
™Connection Rate Acceleration.
™Masking the Source Port.
™Application Layer Protocol.
™HTTP 1.1.
™Other Application Layer Protocols.
™UDP Pseudo-Connections.
™Packet Flow.
™VPN Capabilities.
™CoreXL: Multicore Acceleration.
™Supported Platforms and Features.
™Default Configuration.
™Performance Tuning.

Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
 ™Processing Core Allocation.
™Packet Flows (When SecureXLis enabled)
™Allocating Processing Cores.
™Adding Processing Cores to the Hardware.
™Allocating and Additional Core to SND.
™Allocating a Core for Heavy Logging.
™Practice Lab.
™Review.
™Chapter 6 High Availability.
™Management High Availability.
™The Management High Availability Environment.
™Active vs Standby.
™What Data is Backed Up by the Standby Security Management servers?
™Synchronization Modes.
™Synchronization Status.
™Practice Lab.
™Review.
™Chapter 7 Clustering
™ClusterXL: Smart Load Balancing.
™Installing Cluster XL.
™Clustering Terms.
™Unicast Load Sharing.
™How Pivot Mode Works.
™How Packets Travel Through a Cluster.
™Cluster Control Protocol. 8
™Cluster Synchronization.
™Check Point State Synchronization.
™Synchronized-Cluster Restrictions.
™Sticky Connections.
™The Sticky Decision Function.
™ClusterXL Configuration Issues.
™Modes of ClusterXL Supporting SecureXL.
™Crossover-Cable Support.
™VRRP Overview.
™How VRRP Works.
™VRRP with Internal and External VRIDs.
™VRRP with Simultaneous Backup.
™Practice Lab.
™Review.
™Chapter 8 Advanced Networking – Routing.
™Advanced Networking Blade.
™Address and Prefix Formats.
™Preferences in Routing.
™Assigning Route Preferences.
™Check Point Dynamic Routing.
™Supported Protocols.
™Dynamic Routing Support.
™Tracing and Logging Options.
™Status Monitoring via SNMP.
™Backup and Restore.

Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
 ™The Command Line Interface.
™User Execution Mode.
™Privileged Execution Mode,
™Global Configuration Mode.
™Router Configuration Mode.
™Interface Configuration Mode.
™Interfaces.
™Kernel Interface.
™Martian Addresses.
™Border Gateway Protocol (BGP)
™BGP Decision Process.
™Dynamic Capabilities.
™Internet Control Message Protocol (ICMP)
™Open Shortest Path First.
™Router Discovery.
™SNMP Multiplexing (SMUX)
™Distance Vector Multicast Routing Protocol (DVMRP)
™Internet Group Management Protocol (IGMP)
™Protocol Independent Multicast.
™Access Lists.
™AS Paths and AS Path Lists.
™BGP Communities and Community Lists.
™Prefix Lists and Prefix Trees.
™Route Aggregation and Generation.
™Route Flap Damping.
™Route Maps. 9
™Multicast Access Control.
™Multicast Routing Protocols.
™Dynamic Registration Using IGMP.
™IP Multicast Group Addressing.
™Reserved Local Addresses.
™Per-Interface Multicast Restrictions.
™VPN Connections.
™Review.
™Chapter 9 Advanced Networking – Load Balancing.
™Why Load Balance?
™Connect Control.
™Methods of Load Balancing.
™ConnectControl Packet Flow.
™Logical Server Types.
™Packet Flow in an HTTP logical Server.
™Packet Flow in Other logical Server Types.
™Considering Logical Server Types.
™Persistent Server Mode.
™Persistency by Server.
™Persistency by Service.
™Persistent Server Timeout
™Server Availability.
™Load Measuring.
™Review.

Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
™Chapter 10 Advanced Networking – QoS
™Quality of Service.
™QoS Technology – Stateful Inspection.
™Intelligent Queuing Engine.
™WFRED (Weighted Flow Random Early Drop)
™RDED (Retransmit Detect Early Drop)
™QoS Architecture.
™QoS Gateway.
™QoS Kernel Drive.
™QoS Daemon (fgd50)
™QoS Security Management Server.
™QoS SmartConsole.
™QoS in SmartDashboard.
™QoS Configuration.
™Client/Server Interaction.
™QoS Policy Management.
™Connection Classification.
™Network Objects.
™User Groups.
™Services and Resources.
™Time Objects.
™Bandwidth Allocation and Rules.
™Weight.
™Guarantees.
™Limits.
™Default Rule. 10
™QoS Action Type.
™Example of a Rule Matching VPN Traffic.
™Bandwidth Allocation and Sub-Rules.
™Implementing the Rule Base.
™Deploying QoS.
™Sample Bandwidth Allocations.
™Practice Lab.
™Review.
™Chapter 11 Check Point IPS
™IPS Overview.
™New IPS Engine/Architecture.
™Flexible IPS Policy Management.
™IPS Event Manager.
™Configuring and Managing IPS.
™IPS Protection.
™IPS Profiles.
™Creating Profiles.
™Assigning Profiles.
™Protection Browser.
™Exporting the Protections List.
™Protection Parameters.
™Severity.
™Confidence Level.
™Performance Impact.
™Protection Type.

Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
 ™Protection Mode.
™Activating Protections.
™Automatically Activating Protections.
™Manually Activating Protections.
™Monitoring Traffic.
™Network Exceptions.
™Viewing Packet Information.
™Optimizing IPS.
™Performance Management.
™Gateway Protection Scope.
™Web Protection Scope.
™Bypass Under Load.
™Troubleshooting.
™Protect Internal Hosts Only.
™Tuning Protections.
™Separate Profiles by Segment.
™Separate Profiles by Gateway Version.
™IPS Policy Settings.
™Focus on High Severity Protections.
™Focus on High Confidence Level Protections.
™Focus on Low Performance Impact Protections.
™Enhancing System Performance.
™Updating Protections. –IPS Subscription.
™Managing IPS Subscription.
™Downloading Updates.
™Updating IPS Protections. 11
™IPS Software Blade Contracts (R71)
™Contract Requirements.
™License and Contract Coverage Status.
™Practice Lab.
™Review.
™Chapter 12 Data Loss Prevention
™The Need for Data Loss Prevention.
™DLP Gateway in a Network.
™What Happens on Rule Match?
™Deployment Options.
™DLP Platforms and Performance.
™DLP UserCheck.
™Installing, Connecting, Verifying Clients.
™Data Loss Prevention Portal.
™Data Loss Prevention Views.
™My Organization,
™DLP Policies.
™The Default Policy.
™DLP Policy vs. Security Policy.
™Data Loss Prevention Actions.
™Data Types.
™Protecting Data by Keyword.
™Protecting Documents by Template.
™Protecting Files.
™Protecting Data by Pattern.

Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
 ™Protecting Data by CPcode.
™Defining Compound Data Types.
™Data Type Groups.
™Practice Lab.
™Review.
™Chapter 13 Smart Event
™Learning Objectives.
™SmarEvent Architecture.
™SmartEvent Client.
™Event Queries.
™Predefined Queries.
™Event Log.
™Sorting and Searching Events.
™Grouping Events.
™Exporting Events.
™Event Statistics Pane.
™Event Details.
™Presenting Event Data – OverviewTab.
™Presenting Event Data – TimelineTab.
™Administrator Permissions.
™Tracking Event Resolution – Tickets.
™Checking Client Vulnerability.
™Practice Lab.
™Review.
™Chapter 14 SmartReporter. 12
™Learning Objectives.
™Introduction to SmartReporter.
™Log Consolidation.
™Predefined Reports.
™Standard Reports,
™Express Reports.
™Report Subjects.
™Planning for SmartReporter.
™Standalone vs. Distributed Deployment.
™Log Availability vs Log Storage and Processing.
™Record Availability vs Database Size.
™High Availability.
™Adapting Report Detail Level to Needs.
™Generating Only Selected Sections.
™Scheduling Reports.
™Report Filters.
™Report Output.
™Reporter Database Management.
™Tuning the Database.
™Modifying the Database.
™Predefined Consolidation Policy.
™Review.

Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
™SUPPLEMENT Troubleshooting and Debugging.
™Check Point Three-Tier Architecture.
™SMART Console Applications.
™SMART Center,
™Security Gateway.
™Firewall-1 Structure.
™FireWall-1 main Processes.
™Inbound and Outbound Chains.
™Inbound Chain Modules.
™Outbound Chain Modules.
™Chain Positions.
™Stateful inspection.
™The INSPECT Engine.
™FireWall-1 Technologies.
™Connections Table Format.
™Connection Table Formats Illustrated:
™fw tab – t usage:
™Packet Inspection Flow.
™Packet Inspection Flow (cont.)
™Policy Installation.
™Policy Install Overview.
™Policy Installation Flow in the 3 –Tier Architecture.
™FireWall-1 Configuration Files.
™User Mode Debugging.
™Running User Mode Debug.
™fw debug. 13
™FWM/FWD process debug:
™Some examples of debugs, WF ON VSX.
™Debugging stauses in SmartLSM.
™Debug Anti Virus update process:
™Analyzing Debug Output.
™Core Dumps.
™How to activate core file in SPLAT:
™How to open core files.
™Kernel Debug.
™Running Debug – Set Of Operations.
™Debugging Flags.
™Most Common Debugging Flags Explained.
™Debugging Flagsfor other Modules.
™ Kernel Debugging Tips.
™Cyclic Debug Files.
™General Guidelines
™Kernel Debugging Examples
™Debugging Unexplained Packet Loss.
™FW Monitor:Definition.
™The four default inspection points in FW Monitor.
™FW Monitor Traffic Flow Client > Server.
™FW Monitor Traffic Flow Server > Client.
™Using FW Monitor.
™fw ctl chain with fw monitor.
™Analyzing fw monitor output.
™VPN – 1 NAT Debugging: How NAT Works.

Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
 ™How NAT Works: Original Packet Actions.
™How Static NAT Works – Reply Packet.
™How Hide NAT Works – NAT Tables.
™Debugging NAT Issues.
™IP Pool Nat.
™Debugging ClusterXL.
™VPN Troubleshooting.
™The Troubleshooting process – step by step.
™Gleaning a Conclusion form the IKE.elg File:
™Analysing VPN.elg.
™Using fw monitor to Troubleshoot VPN Issues:
™The inbound Chain
™The Outbound Chain.
™VPN Kernel Debugging.
™VPN Kernel Debugging Commands.
™Troubleshhoting Site to Site VPNs Check List:
™SecureXL Troubleshhoting.
™fwaccel conns flags:
™Displaying Templates.
™Debugging SecureXL.
™Using fwaccel dbg:
™Available modules for feaccel dbg:
™Important flags for fwaccel dbg:
™Using sinmdgb.
™Practice Lab.
14
™APPENDIX Chapter Questions and Answers.

Fecha ultima de actualización: 22 de Diciembre de 2010

Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85