WE SECURE IT 
.Perimeter  .Intranet  .Internet
       

 1.888.544.6757
Products Services Training Resources Contact About

training @wcpinc.com
  
Training
    
Course Detail
   
 » NGX I
 » NGX II
 » NGX I&II
 » NGX III
 » Boot Camp
 » Provider-1
 » Integrity
  
Register
  
Testimonials
  

Referral Program

   
    
  
 Need training at your location?

Please call us at  1.888.544.6757 
and we will be 
happy to assist you.
    
  
   
  
  
  
  
  

 CCSE- CheckPoint Certified Security Expert NGX II (R65)
   

  Class Duration Price Promotion Cert Prereq
  NGX II  3 Days $1,995 Free Hotel     CCSE   NGX I    
  
Course Overview
Designed for more experienced security professionals, CCSE NGX certification is one of the most highly recognized and respected vendor-specific security certifications available.

CCSE NGX is an advanced Core security certification built on CCSA NGX, confirming in-depth skills and expertise in managing and supporting Check Point products. Proficiencies include configuring and managing VPN-1/FireWall-1 as an Internet security solution and virtual private network (VPN), using encryption technologies to implement site-to-site and remote access VPNs, and configuring content security by enabling Java blocking and anti-virus checking.

Take this class if:
  • You are a systems administrator, security manager, or network engineer implementing VPN-1/FireWall-1 for VPN deployments
  • Want to earn Check Point Certified Security Expert (CCSE NGX) NGX certification
Prerequisites
Check Point Security Administration NGX I, or equivalent knowledge and experience
  
Course Contents
   

Chapter 1 SmartUpdate 

Introduction to SmartUpdate

  • SmartUpdate Architecture 

Upgrading Packages

  • Prerequisites for Remote Upgrades

  • Retrieving Data From VPN-1 Gateways 

  • Adding New Packages to the Package Repository 

  • Verifying the Viability of a Distribution 

  • Transferring Files to Remote Devices 

  • Upgrading Edge Firmware with SmartUpdate 

  • Rebooting the VPN-1 Gateway

  • Recovering From a Failed Upgrade

  • Deleting Packages From the Package Repository

  • Managing Licenses.

  • License Upgrade 

  • Retrieving License Data From VPN-1 Gateways 

  • CPInfo 

  • SmartUpdate Command Line 

Lab 1: Updating an Installation with SmartUpdate

Review
   

Chapter 2 Upgrading VPN-1

Preinstallation Configuration
  

Distributed Installation
   

Upgrading to VPN-1 NGX R65
   

  • Upgrade Guidelines

  • Upgrade Order 

  • Upgrade Export/Import

  • Upgrading via SmartUpdate

VPN-1 Backward Compatibility

  • Supported Versions

Licensing VPN-1

  • Obtaining Licenses

  • Supported Upgrade Paths

  • Contract Verification

  • Performing License Upgrade

  • Pre-Upgrade Considerations 

  • Pre-Upgrade Verification Tool

  • Web Intelligence License Enforcement

Upgrading on SecurePlatform

Upgrading SmartCenter Server

  • Using the Pre-Upgrade Verification Tool

Gateway Upgrade

  • Gateway Upgrade with SmartUpdate 

Review
   

Chapter 3 Encryption and VPNs

Securing Communication

  • Privacy

  • Symmetric Encryption 

  • Symmetric Disadvantages

  • Asymmetric Encryption

  • Diffie-Hellman

  • Integrity 

  • Authentication

  • Two Phases of Encryption

  • Encryption Algorithms

IKE

  • ISAKMP

  • Oakley

  • ISAKMP/Oakley 

  • Phase 1 Phase 2

  • IKE Example 

  • Tunneling-Mode Encryption

Certificate Authorities

  • Certificates

  • Multiple Certificate Authorities

  • Certificate Authority Hierarchy

  • Local Certificate Authority 

  • CA Service via the Internet

  • Internal Certificate Authority

  • CA Public Keys

  • Creating Certificates

Review
   

Chapter 4 Introduction to VPNs 

The Check Point VPN

  • How a VPN Works

  • Specifying Encryption

VPN Deployments

  • Site-to-Site VPNs

  • Remote-Access VPNs

VPN Implementation

  • Three Critical VPN Components

  • VPN Setup 

  • How a VPN Works

  • VPN Communities

  • VPN Topologies

  • Choosing a Topology 

  • Authentication Between Community Members

  • Dynamically Assigned IP Gateways 

  • Routing Traffic Within a VPN Community

  • Access Control and VPN Communities

  • Excluded Services 

  • Special Considerations for Planning a VPN Topology 

  • Authorizing Control Connections in VPN Communities 

  • Integrating VPNs into a Rule Base

Review
    

Chapter 5 Site-to-Site VPNs

Site-to-Site VPN

  • Domain-Based VPN 

  • Route-Based VPN 

  • VPN Routing Process for VTIs

  • Routing Multicast Packets Through VPN Tunnels 

  • VPN Tunnel Management

  • Permanent Tunnels 

  • VPN Tunnel Sharing

  • Wire Mode 

  • Wire Mode in a MEP Configuration 

  • Wire Mode with Route-Based VPN

  • Wire Mode Between Two VPN Communities

  • Directional VPN Enforcement 

  • Directional Enforcement Between Communities 

Multiple Entry Point VPNs 

  • VPN High Availability with MEP

Traditional Mode VPNs
  

Lab 2: Two-Gateway IKE Encryption (Shared Secret)

Lab 3: Two-Gateway IKE Encryption (Certificates)

 
Review
   

Chapter 6 Remote Access VPNs

Remote Access VPN 

  • Extending SecuRemote with SecureClient

  • Connect Mode

  • Establishing Remote Access — Workflow 

  • Office Mode

  • How Office Mode Works

  • Office Mode Planning 

  • IP Pool vs. DHCP

  • Routing-Table Modifications

  • Multiple External Interfaces

  • Before Configuring Office Mode

  • Desktop Security Policy

  • Policy Expiration and Renewal

  • Policy Server HA

  • Wireless Hotspot/Hotel Registration

  • Logging 

  • SecureClient Mobile

VPN Routing — Remote Access 

  • Hub Mode

SSL Network Extender

  • How SSL Network Extender Works

  • Prerequisites

  • Clientless VPN 

  • Special Considerations for Clientless VPN

  • Configuring Clientless VPN

  • Creating Appropriate Rules in the Rule Base

Lab 4: Configuring Remote Access in an IKE VPN

Lab 5: Using SecuRemote in an IKE VPN

Lab 6: Remote Access and Office Mode

Lab 7: SSL Network Extender
   

Review
   

Chapter 7 High Availability and ClusterXL 

Management High Availability

  • Management High Availability Environment 

  • Synchronization Status 

ClusterXL 

  • Load Sharing

  • ClusterXL Modes 

  • Legacy High Availability Mode 

  • New High Availability Mode

  • Load Sharing Multicast Mode

  • Load Sharing Unicast (Pivot) Mode 

  • Cluster Control Protocol 

  • Synchronizing Clusters 

  • The Synchronization Network

  • How State Synchronization Works

  • Synchronized-Cluster Restrictions 

  • Sticky Connections

  • The Sticky Decision Function 

CPHA Commands 

  • cphastart

  • cphastop

  • cphaprob

  • cphaprob Example

  • fw hastat

Debugging ClusterXL Issues

  • fw ctl pstat Sync Output

  • ClusterXL Configuration Issues

Modes of ClusterXL Supporting SecureXL

  • Crossover-Cable Support

Lab 8: Deploying New Mode HA

Lab 9: Load Sharing Unicast (Pivot) Mode

Lab 10: Configuring Load Sharing Multicast Mode (Optional)
   

Review

 

 

 

 
   
   

 

[ Home|Products|Services|Training|Resources|Contact|About ]

Copyright © 1998-2008 We Connect People Inc. All Rights Reserved 
setstats

setstats