SECURE IT SOLUTIONS

WE SECURE IT
.Perimeter .Intranet .Internet

1.888.544.6757

Products

Services

Training

Resources

Contact

About

training @wcpinc.com

	Training Course Detail
	» NGX I » NGX II » NGX I&II » NGX III » Boot Camp » Provider-1 » Integrity
	Register
	Testimonials
	Referral Program


	Need training at your location? Please call us at 1.888.544.6757 and we will be happy to assist you.

CCSE- CheckPoint Certified Security Bundle NGX I & II (R65)

	Class	Duration	Price	Promotion	Cert	Prereq
	NGX I&II	5 Days	$3,495	Free Hotel	CCSA CCSE	Basic TCP/IP

Course Overview
This course covers NGX I and NGX II and is offered as a Bundle. NGX I is a foundation course for the Check Point's flagship product, VPN-1/FireWall-1. This course covers configuring VPN-1/FireWall-1, and provides hands-on training managing a VPN-1/FireWall-1 installation.

Check Point Security Administration NGX II builds upon on NGX I course and offers advanced training on VPN-1/FireWall-1, and delivers in-depth information on VPN and encryption technologies.

This course is designed for Security Administrators and resellers, who require in-depth knowledge of VPN-1/FireWall-1 that goes beyond basic installation, setup, and methodologies.

Who Should Attend
Systems administrator, security manager, network engineer who manages VPN-1/FireWall-1 gateway deployments and individuals seeking to earn Check Point Certified Security Administrator (CCSA & CCSE) NGX certification.

NGX I- Course Contents

Chapter 1 VPN-1 Fundamentals

Check Point’s Security Gateway
Bridge Mode
Bridge Mode and STP
VPN-1 Gateway Inspection Architecture

Security Policy Management

SmartConsole Components

VPN-1 SmartCenter Server

Basic Concepts and Terminology
Using Management Plug-Ins
Securing Channels of Communication
Administrative Login Using SIC

SmartUpdate and Managing Licenses

Understanding SmartUpdate
Overview of Managing Licenses
Contracts/Services
Service Contracts
Working with Contract Files

Lab 1: VPN-1 Distributed Installation

Review

Chapter 2 Introduction to SecurePlatform

SecurePlatform Hardware Requirements and Setup

Hardware Compatibility Testing Tool

Using the Command Line

Basic Linux Commands
Backup and Restore
Viewing Scheduling Status in the WebUI
Restoring the Backup via the Command Line
Restoring Older Versions of SecurePlatform
Scheduling a Backup in the WebUI
Viewing the Backup Log in the WebUI
Generating CPInfo
Critical Check Point Directories
Log Files
objects.C and objects_5_0.C
rulebases_5_0.fws
fwauth.NDB
Exporting User Database Only
Backing Up Using upgrade_export

Managing Your SecurePlatform System

Connecting to SecurePlatform Using Secure Shell
User Management

SecurePlatform Command Shell

SecurePlatform Command Shell
Management Commands
Documentation Commands
System Commands
Snapshot-Image Management
System-Diagnostic Commands
Check Point Commands
Network-Diagnostic Commands
Network-Configuration Commands
User and Administrative Commands

Lab 2: Configuring VPN-1 Using the CLI

Review

Chapter 3 Introduction to the Security Policy

Security Policy Basics

The Rule Base

Managing Objects in SmartDashboard

SmartDashboard and Objects
Managing Objects
Changing the View in the Objects Tree

Lab 3: Creating Objects, Establishing Trust and Configuring SmartMap

Creating the Rule Base

Basic Rule Base Concepts
Default Rule
Basic Rules
Implicit/Explicit Rules
Control Connections
Completing the Rule Base
Understanding Rule Base Order

Rule Base Management

Review
Useful Tips

Policy Management and Revision Control

Policy-Management Overview

Policy Packages
Installation Targets
Querying and Sorting Rules and Objects

Database Revision Control

Implementing Database Revision Control

Lab 4: Configuring the Security Policy

Network Address Translation

IP Addressing.
Dynamic (Hide) NAT
Static NAT
Hide Versus Static
Choosing the Hide Address in Hide NAT
Configuring NAT
Dynamic NAT Object Configuration
Manual NAT

Lab 5: Configuring Static NAT

Enabling VoIP Traffic

Supported Protocols
Session Initiation Protocol
H.323

Detecting IP Spoofing

Configuring Anti-Spoofing
Multicasting
Configuring Multicast Access Control

Review

Chapter 4 Monitoring Traffic and Connections

SmartView Tracker

SmartView Tracker Login
Log Types
SmartView Tracker Tabs
Action Icons
Log-File Management
Administrator Auditing
Global Logging and Alerting
Time Settings

Blocking Connections

Terminating and Blocking Active Connections
SmartView Monitor
SmartView Monitor Login
Customizable Views
Monitoring Suspicious Activity Rules
Monitoring Alerts
SmartView Tracker vs. SmartView Monitor

Eventia Reporter

Report Types
Predefined Reports
Customizing Predefined Reports
Eventia Reporter Considerations
Eventia Reporter Licensing

Lab 6: Blocking Intruder Connections

Lab 7: Configuring Suspicious Activity Rule in SmartView Monitor

Review

Chapter 5 User Management and Authentication

Creating Users and Groups in SmartDashboard

Introduction to VPN-1 Authentication

Introduction to Authentication Methods
Authentication Schemes

Authentication Methods

User Authentication
Configuring User Authentication
Session Authentication
Configuring Session Authentication
Client Authentication
Configuring Client Authentication
Resolving Access Conflicts
Configuring Authentication Tracking

LDAP User Management with SmartDirectory

LDAP Features
Multiple LDAP Servers
Using an Existing LDAP Server
Configuring Entities to Work with VPN-1
Managing Users
SmartDirectory Group

Lab 8: Configuring Client Authentication

Lab 9: Configuring LDAP Authentication with SmartDirectory

Review

Chapter 6 Check Point QoS

Check Point QoS Overview

Stateful Inspection
Intelligent Queuing Engine
Weighted Flow Random Early Drop
Retransmission Detection Early Drop

Check Point QoS Architecture

Basic Architecture
QoS SmartCenter Server.
QoS SmartConsole
The Security Gateway

Deploying QoS

Check Point QoS Topology Restrictions
Check Point QoS Rule Base
Bandwidth Allocation and Rules
Traditional and Express Modes
QoS Action Properties
Bandwidth Allocation and Subrules
Implementing the Rule Base
QoS Rule Considerations

Differentiated Services

DiffServ Marks for IPSec Packets
Interaction Between DiffServ Rules and Other Rules

Low Latency Queuing

Low Latency Classes
Low Latency Class Priorities
When to Use Low Latency Queuing

Authenticated QoS

Monitoring QoS Policy

SmartView Tracker
SmartView Monitor
Eventia Reporter
Optimizing Check Point QoS

Lab 10: Configuring Check Point QoS Policy

Review

Chapter 7 Basic SmartDefense and Content Inspection

Introducing SmartDefense

Networks and Application Intelligence
Web Intelligence
Online Updates
Monitor Only Mode

Network Security

Denial-of-Service
IP and ICMP
TCP
Fingerprint Scrambling
Successive Events
DShield Storm Center
Port Scanning

Application Intelligence

Mail
FTP
Microsoft Networks
Peer-to-Peer
Instant Messaging
DNS
VoIP
SNMP

Web Intelligence

Web Intelligence Protections
Web Intelligence License Enforcement

SmartDefense Services

Download Updates Tab
Advisories Tab
Security Best Practices Tab

Content Inspection

Introduction to Integrated Antivirus and Web-Filtering Technologies
Database Updates
Antivirus-Scan Settings
Web Filtering

Lab 11: Configuring SmartDefense

Lab 12: Configuring Web-Filtering and Antivirus Settings

Review

NGX II - Course Contents

Chapter 1 SmartUpdate

Introduction to SmartUpdate

SmartUpdate Architecture

Upgrading Packages

Prerequisites for Remote Upgrades
Retrieving Data From VPN-1 Gateways
Adding New Packages to the Package Repository
Verifying the Viability of a Distribution
Transferring Files to Remote Devices
Upgrading Edge Firmware with SmartUpdate
Rebooting the VPN-1 Gateway
Recovering From a Failed Upgrade
Deleting Packages From the Package Repository
Managing Licenses.
License Upgrade
Retrieving License Data From VPN-1 Gateways
CPInfo
SmartUpdate Command Line

Lab 1: Updating an Installation with SmartUpdate

Review

Chapter 2 Upgrading VPN-1

Preinstallation Configuration

Distributed Installation

Upgrading to VPN-1 NGX R65

Upgrade Guidelines
Upgrade Order
Upgrade Export/Import
Upgrading via SmartUpdate

VPN-1 Backward Compatibility

Supported Versions

Licensing VPN-1

Obtaining Licenses
Supported Upgrade Paths
Contract Verification
Performing License Upgrade
Pre-Upgrade Considerations
Pre-Upgrade Verification Tool
Web Intelligence License Enforcement

Upgrading on SecurePlatform

Upgrading SmartCenter Server

Using the Pre-Upgrade Verification Tool

Gateway Upgrade

Gateway Upgrade with SmartUpdate

Review

Chapter 3 Encryption and VPNs

Securing Communication

Privacy
Symmetric Encryption
Symmetric Disadvantages
Asymmetric Encryption
Diffie-Hellman
Integrity
Authentication
Two Phases of Encryption
Encryption Algorithms

IKE

ISAKMP
Oakley
ISAKMP/Oakley
Phase 1 Phase 2
IKE Example
Tunneling-Mode Encryption

Certificate Authorities

Certificates
Multiple Certificate Authorities
Certificate Authority Hierarchy
Local Certificate Authority
CA Service via the Internet
Internal Certificate Authority
CA Public Keys
Creating Certificates

Review

Chapter 4 Introduction to VPNs

The Check Point VPN

How a VPN Works
Specifying Encryption

VPN Deployments

Site-to-Site VPNs
Remote-Access VPNs

VPN Implementation

Three Critical VPN Components
VPN Setup
How a VPN Works
VPN Communities
VPN Topologies
Choosing a Topology
Authentication Between Community Members
Dynamically Assigned IP Gateways
Routing Traffic Within a VPN Community
Access Control and VPN Communities
Excluded Services
Special Considerations for Planning a VPN Topology
Authorizing Control Connections in VPN Communities
Integrating VPNs into a Rule Base

Review

Chapter 5 Site-to-Site VPNs

Site-to-Site VPN

Domain-Based VPN
Route-Based VPN
VPN Routing Process for VTIs
Routing Multicast Packets Through VPN Tunnels
VPN Tunnel Management
Permanent Tunnels
VPN Tunnel Sharing
Wire Mode
Wire Mode in a MEP Configuration
Wire Mode with Route-Based VPN
Wire Mode Between Two VPN Communities
Directional VPN Enforcement
Directional Enforcement Between Communities

Multiple Entry Point VPNs

VPN High Availability with MEP

Traditional Mode VPNs

Lab 2: Two-Gateway IKE Encryption (Shared Secret)

Lab 3: Two-Gateway IKE Encryption (Certificates)

Review

Chapter 6 Remote Access VPNs

Remote Access VPN

Extending SecuRemote with SecureClient
Connect Mode
Establishing Remote Access — Workflow
Office Mode
How Office Mode Works
Office Mode Planning
IP Pool vs. DHCP
Routing-Table Modifications
Multiple External Interfaces
Before Configuring Office Mode
Desktop Security Policy
Policy Expiration and Renewal
Policy Server HA
Wireless Hotspot/Hotel Registration
Logging
SecureClient Mobile

VPN Routing — Remote Access

Hub Mode

SSL Network Extender

How SSL Network Extender Works
Prerequisites
Clientless VPN
Special Considerations for Clientless VPN
Configuring Clientless VPN
Creating Appropriate Rules in the Rule Base

Lab 4: Configuring Remote Access in an IKE VPN

Lab 5: Using SecuRemote in an IKE VPN

Lab 6: Remote Access and Office Mode

Lab 7: SSL Network Extender

Review

Chapter 7 High Availability and ClusterXL

Management High Availability

Management High Availability Environment
Synchronization Status

ClusterXL

Load Sharing
ClusterXL Modes
Legacy High Availability Mode
New High Availability Mode
Load Sharing Multicast Mode
Load Sharing Unicast (Pivot) Mode
Cluster Control Protocol
Synchronizing Clusters
The Synchronization Network
How State Synchronization Works
Synchronized-Cluster Restrictions
Sticky Connections
The Sticky Decision Function

CPHA Commands

cphastart
cphastop
cphaprob
cphaprob Example
fw hastat

Debugging ClusterXL Issues

fw ctl pstat Sync Output
ClusterXL Configuration Issues

Modes of ClusterXL Supporting SecureXL

Crossover-Cable Support

Lab 8: Deploying New Mode HA

Lab 9: Load Sharing Unicast (Pivot) Mode

Lab 10: Configuring Load Sharing Multicast Mode (Optional)

Review

[ Home|Products|Services|Training|Resources|Contact|About ]

Copyright © 1998- 2007 We Connect People Inc. All Rights Reserved