Duration – 5 Days
Pre-requisites
Basic networking knowledge, knowledge of Windows Server and/or UNIX, and experience with TCP/IP and the Internet
Audience
You are a systems administrator, security manager, or network engineer who manages R70 Security Gateway deployments on open servers, IP appliances, UTM-1 appliances, or Power-1 appliances.
Want to earn Check Point Certified Security Administrator (CCSA) R70 certification
Check Point Security Administration R70 is a foundation course for Check Point’s Security Management Systems, Security Gateway Systems, and deployment platforms. This course provides an understanding of basic concepts and skills necessary to configure Check Point Software Blades including Firewall, IPSEC VPN, IPS, Network Policy Management, Logging & Status, and Monitoring, URL Filtering, Antivirus & Anti-malware, Anti-spam & Email Security. During this course, students will configure a Security Policy, secure communications across the Internet, defend against network threats, and learn about managing and monitoring a secure network.
Objectives
Design and install version R70 in a distributed environment
Perform a backup and restore the current installation.
Identify critical files
Deploy Gateways
Create and configure network, host and gateway objects.
Verify SIC establishment
Create a basic Rule Base
Configure NAT rules
Evaluate existing policies and optimize rules
Ensure seamless upgrades and minimal downtime.
Use queries to monitor IPS and common network traffic and troubleshoot events.
Generate reports, troubleshoot system and security issues, and ensure network functionality.
Configure alerts and traffic counters, monitor suspicious activity, analyze tunnel activity and monitor remote user access
Apply upgrade packages
Attach product licenses
Perform a pre-installation compatibility assessment
Centrally manage users and manage users’ access using external databases.
Configure a pre-shared secret site-to-site VPN.
Configure a certificate based site-to-site VPN using an internal CA or a third party CA.
Configure permanent tunnels for remote access.
Configure VPN tunnel sharing.
Configure Check Point Messaging Security to test IP Reputation, content based anti-spam, and zero hour virus detection.
Configure a Web-filtering and antivirus policy to filter and scan traffic.
Implement default or customized profiles to designated Gateways.
Create and install IPS policies.
Exercises:
Distributed Installation
Install and configure the Security Management Server
Install SecurePlatform on the Security Gateway
Configure the Security Gateway using WebUI
Launch SmartDashboard
Branch Office Security Gateway Installation
Configure Branch Gateway via WebUI
Command Line Interface (CLI) Tools
Initialize the ICA
Set expert password
Add and delete administrators
Run backup and restore
Defining Basic Objects
Create Security Gateway Object
Create Rules for Corporate Gateway
Create the Remote Security Gateway Object
Configure DMZ
Configure DMZ Interface on the Gateway
Create a DMZ Object
Configure NAT
Configure Hide NAT
Configure Static NAT
Observe NAT using fw monitor
Monitoring with SmartView Tracker
Launch SmartView Tracker
Track by Source and Destination
Using SmartUpdate
Get Gateway data and run Cpinfo
Download HFA Package
Upgrade a Security Gateway Locally
Client Authentication
Configure Manual Client Authentication with FTP and Local User
Configure Partially AutomaticClient Authentication with LDAP
Test Active Directory Authentication
Create a Database Revision
Configure a Site-to-Site VPN
Define the VPN Domain
Create the VPN Community
Create VPN Rule
Test VPN ConnectionVPN
Troubleshooting
Configure Two Gateway IKE Encryption Using Certificates
Save a Certificate for Export
Add Machine to VPN Community
Create a Certificate Authority
Modify Rule Base
Install and Verify Security Gateway Configuration
Test Encryption with Certificates
Revert to Standard Security Policy
Remote Access and Office Mode
Create Remote Access Group
Configure Gateway for IKE Encryption and LDAP Authentication
Configure VPN Domain
Configure Office Mode IP Pool
Configure Remote Access Object
Modify Rule Base for Remote Access
Create a Site Using Site Wizard
Verifying Office Mode IP Assignment
Test Remote Connection
Messaging and Content Security
Configure IPS for Preliminary Detection
Analyze Attacks
Reconfiguring IPS to Block Attacks
Review Logs
Web Design by: 