Check Point Security Administrator R70

Contact Akibia Sales

Check Point Security Administrator R70

Length: 5 days (recommended)

Campus: Westborough, MA
Scheduled Dates: Feb 22-26, 2010, May 24-28, 2010, July 26-30, 2010, Sept 20-24, 2010, Nov 29-Dec 3, 2010, and by request

For schedules and pricing, contact Gia Paquette at 800-818-8070 x4711 or email gpaquette@akibia.com. 

Prerequisites

Basic networking knowledge, knowledge of Windows Server and/or UNIX, and experience with TCP/IP and the Internet
Take this class if:

  • You are a systems administrator, security manager, or network engineer who manages R70 Security Gateway deployments on open servers, IP appliances, UTM-1 appliances, or Power-1 appliances.
  • Want to earn Check Point Certified Security Administrator (CCSA) R70 certification

Description

Check Point Security Administration R70 is a foundation course for Check Point's Security Management Systems, Security Gateway Systems, and deployment platforms. This course provides an understanding of basic concepts and skills necessary to configure Check Point Software Blades including Firewall, IPSEC VPN, IPS, Network Policy Management, Logging & Status, and Monitoring, URL Filtering, Antivirus & Anti-malware, Anti-spam & Email Security. During this course, students will configure a Security Policy, secure communications across the Internet, defend against network threats, and learn about managing and monitoring a secure network.

You Will Learn:

  • Design and install version R70 in a distributed environment
  • Perform a backup and restore the current installation.
  • Identify critical files
  • Deploy Gateways
  • Create and configure network, host and gateway objects.
  • Verify SIC establishment
  • Create a basic Rule Base
  • Configure NAT rules
  • Evaluate existing policies and optimize rules
  • Ensure seamless upgrades and minimal downtime.
  • Use queries to monitor IPS and common network traffic and troubleshoot events.
  • Generate reports, troubleshoot system and security issues, and ensure network functionality.
  • Configure alerts and traffic counters, monitor suspicious activity, analyze tunnel activity and monitor remote user access
  • Apply upgrade packages
  • Attach product licenses
  • Perform a pre-installation compatibility assessment
  • Centrally manage users and manage users’ access using external databases.
  • Configure a pre-shared secret site-to-site VPN.
  • Configure a certificate based site-to-site VPN using an internal CA or a third party CA.
  • Configure permanent tunnels for remote access.
  • Configure VPN tunnel sharing.
  • Configure Check Point Messaging Security to test IP Reputation, content based anti-spam, and zero hour virus detection.
  • Configure a Web-filtering and antivirus policy to filter and scan traffic.
  • Implement default or customized profiles to designated Gateways.
  • Create and install IPS policies.

Exercises

  • Distributed Installation
  • Install and configure the Security Management Server
  • Install SecurePlatform on the Security Gateway
  • Configure the Security Gateway using WebUI
  • Launch SmartDashboard

Branch Office Security Gateway Installation 

  • Configure Branch Gateway via WebUI

Command Line Interface (CLI) Tools 

  • Initialize the ICA
  • Set expert password
  • Add and delete administrators
  • Run backup and restore

Defining Basic Objects

  • Create Security Gateway Object
  • Create Rules for Corporate Gateway
  • Create the Remote Security Gateway Object

Configure DMZ 

  • Configure DMZ Interface on the Gateway
  • Create a DMZ Object

Configure NAT 

  • Configure Hide NAT
  • Configure Static NAT
  • Observe NAT using fw monitor

Monitoring with SmartView Tracker

  • Launch SmartView Tracker
  • Track by Source and Destination

Using SmartUpdate 

  • Get Gateway data and run Cpinfo
  • Download HFA Package

Upgrade a Security Gateway Locally 

Client Authentication 

  • Configure Manual Client Authentication with FTP and Local User
  • Configure Partially Automatic Client Authentication with LDAP
  • Test Active Directory Authentication
  • Create a Database revision

Configure a Site-to-Site VPN 

  • Define the VPN Domain
  • Create the VPN Community
  • Create VPN Rule
  • Test VPN Connection
  • VPN Troubleshooting

Configure Two Gateway IKE Encryption Using Certificates 

  • Save a Certificate for Export
  • Add Machine to VPN Community
  • Create a Certificate Authority
  • Modify Rule Base
  • Install and Verify Security Gateway Configuration
  • Test Encryption with Certificates
  • Revert to Standard Security Policy

Remote Access and Office Mode 

  • Create Remote Access Group
  • Configure Gateway for IKE Encryption and LDAP Authentication
  • Configure VPN Domain
  • Configure Office Mode IP Pool
  • Configure Remote Access Object
  • Modify Rule Base for Remote Access
  • Create a Site Using Site Wizard
  • Verifying Office Mode IP Assignment
  • Test Remote Connection

Messaging and Content Security 

  • Configure IPS for Preliminary Detection
  • Analyze Attacks
  • Reconfiguring IPS to Block Attacks
  • Review Logs