SECURE IT SOLUTIONS

WE SECURE IT
.Perimeter .Intranet .Internet

1.888.544.6757

Products

Services

Training

Resources

Contact

About

training @wcpinc.com

	Training Course Detail
	» NGX I » NGX II » NGX I&II » NGX III » Boot Camp » Provider-1 » Integrity
	Register
	Testimonials
	Referral Program


	Need training at your location? Please call us at 1.888.544.6757 and we will be happy to assist you.

CCSA- CheckPoint Certified Security Administrator NGX I (R65)

	Class	Duration	Price	Promotion	Cert	Prereq
	NGX I	2 Days	$1,995	Free Hotel	CCSA	Basic TCP/IP

Course Overview
Check Point Security Administration NGX I is a foundation course for Check Point's flagship product, VPN-1/FireWall-1. This course covers configuring VPN-1/FireWall-1, and provides hands-on training managing a VPN-1/FireWall-1 installation.

Who Should Attend
Systems administrators, security managers, and network engineers who manage VPN-1/FireWall-1 Gateway deployments, and individuals seeking the Check Point Certified Security Administrator (CCSA) NG certification.

Prerequisites

Working knowledge of Windows NT and/or UNIX
Basic networking knowledge
Experience with TCP/IP and the Internet

Course Contents

Chapter 1 VPN-1 Fundamentals

Check Point’s Security Gateway
Bridge Mode
Bridge Mode and STP
VPN-1 Gateway Inspection Architecture

Security Policy Management

SmartConsole Components

VPN-1 SmartCenter Server

Basic Concepts and Terminology
Using Management Plug-Ins
Securing Channels of Communication
Administrative Login Using SIC

SmartUpdate and Managing Licenses

Understanding SmartUpdate
Overview of Managing Licenses
Contracts/Services
Service Contracts
Working with Contract Files

Lab 1: VPN-1 Distributed Installation

Review

Chapter 2 Introduction to SecurePlatform

SecurePlatform Hardware Requirements and Setup

Hardware Compatibility Testing Tool

Using the Command Line

Basic Linux Commands
Backup and Restore
Viewing Scheduling Status in the WebUI
Restoring the Backup via the Command Line
Restoring Older Versions of SecurePlatform
Scheduling a Backup in the WebUI
Viewing the Backup Log in the WebUI
Generating CPInfo
Critical Check Point Directories
Log Files
objects.C and objects_5_0.C
rulebases_5_0.fws
fwauth.NDB
Exporting User Database Only
Backing Up Using upgrade_export

Managing Your SecurePlatform System

Connecting to SecurePlatform Using Secure Shell
User Management

SecurePlatform Command Shell

SecurePlatform Command Shell
Management Commands
Documentation Commands
System Commands
Snapshot-Image Management
System-Diagnostic Commands
Check Point Commands
Network-Diagnostic Commands
Network-Configuration Commands
User and Administrative Commands

Lab 2: Configuring VPN-1 Using the CLI

Review

Chapter 3 Introduction to the Security Policy

Security Policy Basics

The Rule Base

Managing Objects in SmartDashboard

SmartDashboard and Objects
Managing Objects
Changing the View in the Objects Tree

Lab 3: Creating Objects, Establishing Trust and Configuring SmartMap

Creating the Rule Base

Basic Rule Base Concepts
Default Rule
Basic Rules
Implicit/Explicit Rules
Control Connections
Completing the Rule Base
Understanding Rule Base Order

Rule Base Management

Review
Useful Tips

Policy Management and Revision Control

Policy-Management Overview

Policy Packages
Installation Targets
Querying and Sorting Rules and Objects

Database Revision Control

Implementing Database Revision Control

Lab 4: Configuring the Security Policy

Network Address Translation

IP Addressing.
Dynamic (Hide) NAT
Static NAT
Hide Versus Static
Choosing the Hide Address in Hide NAT
Configuring NAT
Dynamic NAT Object Configuration
Manual NAT

Lab 5: Configuring Static NAT

Enabling VoIP Traffic

Supported Protocols
Session Initiation Protocol
H.323

Detecting IP Spoofing

Configuring Anti-Spoofing
Multicasting
Configuring Multicast Access Control

Review

Chapter 4 Monitoring Traffic and Connections

SmartView Tracker

SmartView Tracker Login
Log Types
SmartView Tracker Tabs
Action Icons
Log-File Management
Administrator Auditing
Global Logging and Alerting
Time Settings

Blocking Connections

Terminating and Blocking Active Connections
SmartView Monitor
SmartView Monitor Login
Customizable Views
Monitoring Suspicious Activity Rules
Monitoring Alerts
SmartView Tracker vs. SmartView Monitor

Eventia Reporter

Report Types
Predefined Reports
Customizing Predefined Reports
Eventia Reporter Considerations
Eventia Reporter Licensing

Lab 6: Blocking Intruder Connections

Lab 7: Configuring Suspicious Activity Rule in SmartView Monitor

Review

Chapter 5 User Management and Authentication

Creating Users and Groups in SmartDashboard

Introduction to VPN-1 Authentication

Introduction to Authentication Methods
Authentication Schemes

Authentication Methods

User Authentication
Configuring User Authentication
Session Authentication
Configuring Session Authentication
Client Authentication
Configuring Client Authentication
Resolving Access Conflicts
Configuring Authentication Tracking

LDAP User Management with SmartDirectory

LDAP Features
Multiple LDAP Servers
Using an Existing LDAP Server
Configuring Entities to Work with VPN-1
Managing Users
SmartDirectory Group

Lab 8: Configuring Client Authentication

Lab 9: Configuring LDAP Authentication with SmartDirectory

Review

Chapter 6 Check Point QoS

Check Point QoS Overview

Stateful Inspection
Intelligent Queuing Engine
Weighted Flow Random Early Drop
Retransmission Detection Early Drop

Check Point QoS Architecture

Basic Architecture
QoS SmartCenter Server.
QoS SmartConsole
The Security Gateway

Deploying QoS

Check Point QoS Topology Restrictions
Check Point QoS Rule Base
Bandwidth Allocation and Rules
Traditional and Express Modes
QoS Action Properties
Bandwidth Allocation and Subrules
Implementing the Rule Base
QoS Rule Considerations

Differentiated Services

DiffServ Marks for IPSec Packets
Interaction Between DiffServ Rules and Other Rules

Low Latency Queuing

Low Latency Classes
Low Latency Class Priorities
When to Use Low Latency Queuing

Authenticated QoS

Monitoring QoS Policy

SmartView Tracker
SmartView Monitor
Eventia Reporter
Optimizing Check Point QoS

Lab 10: Configuring Check Point QoS Policy

Review

Chapter 7 Basic SmartDefense and Content Inspection

Introducing SmartDefense

Networks and Application Intelligence
Web Intelligence
Online Updates
Monitor Only Mode

Network Security

Denial-of-Service
IP and ICMP
TCP
Fingerprint Scrambling
Successive Events
DShield Storm Center
Port Scanning

Application Intelligence

Mail
FTP
Microsoft Networks
Peer-to-Peer
Instant Messaging
DNS
VoIP
SNMP

Web Intelligence

Web Intelligence Protections
Web Intelligence License Enforcement

SmartDefense Services

Download Updates Tab
Advisories Tab
Security Best Practices Tab

Content Inspection

Introduction to Integrated Antivirus and Web-Filtering Technologies
Database Updates
Antivirus-Scan Settings
Web Filtering

Lab 11: Configuring SmartDefense

Lab 12: Configuring Web-Filtering and Antivirus Settings

Review