Check Point Certified Security Administrator (CCSA) R77.30

3 Day Course
Hands On
Official Check Point Curriculum
Code CKT_CCSA_R77.30

Book Now - 1 Delivery Method Available:

Scheduled Online Onsite

Overview

Validate your understanding and skills necessary to configure and optimally manage Check Point Next Generation Firewalls.

Objectives

•    Design and install a distributed environment and install a Security Gateway
•    Create and configure network, host, and gateway objects
•    Verify SIC establishment
•    Create a basic rulebase in SmartDashboard
•    Evaluate existing policies and optimize the rules
•    Maintain the Security Management Server
•    Use queries to monitor IPS and network traffic
•    Use packet data to generate reports, troubleshoot system and security issues, and ensure network functionality
•    Use SmartView Monitor to configure alerts
•    Configure NAT rules on Web and Gateway servers
•    Monitor remote Gateways using SmartUpdate
•    Upgrade and attach product licenses using SmartUpdate
•    Manage users and user access to the corporate LAN
•    Use Identity Awareness to provide granular level access to network resources
•    Acquire user information used by the Security Gateway to control access
•    Define Access Roles for use in an Identity Awareness rule
•    Implement Identity Awareness in the Firewall rulebase
•    Configure certificate-based, site-to-site VPNs
•    Configure permanent tunnels for remote access
•    Configure VPN tunnel sharing
•    Review the foundation of a query and build a custom query•    Design and install a distributed environment and install a Security Gateway
•    Create and configure network, host, and gateway objects
•    Verify SIC establishment
•    Create a basic rulebase in SmartDashboard
•    Evaluate existing policies and optimize the rules
•    Maintain the Security Management Server
•    Use queries to monitor IPS and network traffic
•    Use packet data to generate reports, troubleshoot system and security issues, and ensure network functionality
•    Use SmartView Monitor to configure alerts
•    Configure NAT rules on Web and Gateway servers
•    Monitor remote Gateways using SmartUpdate
•    Upgrade and attach product licenses using SmartUpdate
•    Manage users and user access to the corporate LAN
•    Use Identity Awareness to provide granular level access to network resources
•    Acquire user information used by the Security Gateway to control access
•    Define Access Roles for use in an Identity Awareness rule
•    Implement Identity Awareness in the Firewall rulebase
•    Configure certificate-based, site-to-site VPNs
•    Configure permanent tunnels for remote access
•    Configure VPN tunnel sharing
•    Review the foundation of a query and build a custom query

Target Audience

Technical persons who support, install, deploy or administer Check Point Software Blades should attend this course. This could include the following:

  • System Administrators
  • Support Analysts
  • Security Managers
  • Network Engineers
  • Anyone seeking CCSA certification

Training Partners

We work with the following best of breed training partners using our bulk buying power to bring you a wider range of dates, locations and prices.

Modules

Hide all

Introduction to Check Point Technology (3 topics)

  • Describe Check Point's unified approach to network management and the key elements of this architecture
  • Design a distributed environment using the network detailed in the course topology
  • Install the Security Gateway version R75 in a distributed environment using the network detailed in the course topology

Deployment Platforms (3 topics)

  • Given network specifications, perform a backup and restore the current Gateway installation from the command line
  • Identify critical files needed to purge or backup, import and export users and groups and add or delete administrators from the command line
  • Deploy Gateways using sysconfig and cpconfig from the Gateway command line

Introduction to the Security Policy (6 topics)

  • Given the network topology, create and configure network, host and gateway objects
  • Verify SIC establishment between the Security Management Server and the Gateway using SmartDashboard
  • Create a basic Rule Base in SmartDashboard that includes permissions for administrative users, external services, and LAN outbound use
  • Configure NAT rules on Web and Gateway servers
  • Evaluate existing policies and optimize the rules based on current corporate requirements
  • Maintain the Security Management Server with scheduled backups and policy versions to ensure seamless upgrades with minimal downtime

Monitoring Traffic and Connections (3 topics)

  • Use Queries in SmartView Tracker to monitor IPS and common network traffic and troubleshoot events using packet data
  • Using packet data on a given corporate network, generate reports, troubleshoot system and security issues, and ensure network functionality
  • Using SmartView Monitor, configure alerts and traffic counters, view a Gateway's status, monitor suspicious activity rules, analyze tunnel activity and monitor remote user access based on corporate requirements

Using SmartUpdate (3 topics)

  • Monitor remote Gateways using SmartUpdate to evaluate the need for upgrades, new installations, and license modifications
  • Use SmartUpdate to apply upgrade packages to single or multiple VPN-1 Gateways
  • Upgrade and attach product licenses using SmartUpdate

User Management and Authentication (2 topics)

  • Centrally manage users to ensure only authenticated users securely access the corporate network either locally or remotely
  • Manage users to access the corporate LAN by using external databases

Identity Awareness (4 topics)

  • Use Identity Awareness to provide granular level access to network resources
  • Acquire user information used by the Security Gateway to control access
  • Define Access Roles for use in an Identity Awareness rule
  • Implement Identity Awareness in the Firewall Rule Base

Introduction to Check Point VPNs (3 topics)

  • Configure a pre-shared secret site-to-site VPN with partner sites
  • Configure permanent tunnels for remote access to corporate resources
  • Configure VPN tunnel sharing, given the difference between host-based, subunit-based and gateway-based tunnels

Lab Exercises (12 topics)

  • Install and configure Security Management Servers and Security Gateways
  • Apply commands in the Command Line Interface
  • Working with Administrators and performing backups.
  • Creating objects and rules
  • Saving, installing and testing a Security Policy
  • Defining new policies and combining them
  • Creating DMZ related objects and rules
  • Working with SmartView Tracker and SmartView Monitor
  • Configuring and testing Hide and Static NAT
  • Configuring and testing Identify Awareness
  • Defining VPN domains and testing encryption
  • Working with queries in SmartLog

Prerequisites

Persons attending this course should have general knowledge of TCP/IP, and working knowledge of Windows, UNIX, network technology and the internet.

Relevant Certifications

or call:408-759-5074

Course PDF

Print

Share this Course

+1
Share

Recommend this Course

Sections