Check Point Security Administrator provides an understanding of the basic concepts and skills necessary to configure Check Point Security Gateway and Management Software Blades. During this course you will configure a Security Policy and learn about managing and monitoring a secure network. In addition, you will upgrade and configure a Security Gateway to implement a virtual private network for both internal and external, remote users.
Netanium also adds custom content to cover the use of R77’s Application Control and DLP features.
Length | 3 days |
Prerequisites | Persons attending this course should have general knowledge of TCP/IP, and working knowledge of Windows, UNIX, network technology and the internet. |
Who should attend? | Technical persons who support, install, deploy or administer Check Point Software Blades should attend this course. This could include the following: • System Administrators • Support Analysts • Security Managers • Network Engineers • Anyone seeking CCSA certification |
Course topics | • Introduction to Check Point Technology • Deployment Platforms • Introduction to the Security Policy • Monitoring Traffic and Connections • Using SmartUpdate • User Management and Authentication • Identity Awareness • Introduction to Check Point VPNs |
Objectives include | • Describe Check Point’s unified approach to network management, and the key elements of it • Design a distributed environment • Install the Security Gateway version R77 in a distributed environment • Perform a backup and restore the current Gateway installation from the command line • Identify critical files needed to purge or backup, import and export users and groups and add or delete administrators from the command line • Deploy Gateways using sysconfig and cpconfig from the Gateway command line • Create and configure network, host and gateway objects • Verify SIC establishment between the Security Management Server and the Gateway using SmartDashboard • Create a basic Rule Base in SmartDashboard that includes permissions for administrative users, external services, and LAN outbound use • Configure NAT rules on Web and Gateway servers • Evaluate existing policies and optimize the rules based on current corporate requirements • Maintain the Security Management Server with scheduled backups and policy versions to ensure seamless upgrades with minimal downtime • Use Queries in SmartView Tracker to monitor IPS and common network traffic and troubleshoot events using packet data • Use packet data to generate reports, troubleshoot system and security issues, and ensure network functionality • Using SmartView Monitor, configure alerts and traffic counters, view a Gateway’s status, monitor suspicious activity rules, analyze tunnel activity and monitor remote user access • Monitor remote Gateways using SmartUpdate to evaluate the need for upgrades, new installations, and license modifications • Use SmartUpdate to apply upgrade packages to single or multiple VPN-1 Gateways • Upgrade and attach product licenses using SmartUpdate • Centrally manage users to ensure only authenticated users securely access the corporate network either locally or remotely • Manage users to access the corporate LAN by using external databases • Use Identity Awareness to provide granular level access to network resources • Acquire user information used by the Security Gateway to control access • Define Access Roles for use in an Identity Awareness rule • Implement Identity Awareness in the Firewall Rule Base • Configure a pre-shared secret site-to-site VPN with partner sites • Configure permanent tunnels for remote access to corporate resources • Configure VPN tunnel sharing, given the difference between host-based, subunit-based and gateway-based tunnels |
Exercises include | • Distributed Installations • Branch Office Security Gateway Installations • CLI Tools • Building a Security Policy • Configure the DMZ • Configure NAT • Monitor with SmartView Tracker • Client Authentication • Identity Awareness • Site-to-Site VPN between corporate and branch office |