Check Point Accelerated CCSE NGX R65 — A 2-day course

 Open Public Course Closed In-House Course

Synopsis

Accelerated CCSE NGX R65 is intended to provide an understanding of upgrading and advanced configuration of VPN-1 NGX R65.

Course Objectives

On completion of this course, delegates will be able to:

• Install and configuring the SmartCenter Server
• Install SecurePlatform on the Security Gateway
• Configure the Security Gateway using the WebUI
• Configure an interface as your management connection using the sysconfig utility
• Enable Static NAT on a network
• Simulate a malicious network intrusion, and block the attack
• Enforce the Suspicious Activity Rule with SmartView Monitor
• Configure SmartDefense to detect port scans and successive multiple-connection attempts
• Configure Web Intelligence to detect a simple worm signature
• Establish a VPN between two networks, encrypting traffic
• Deploy and test VPN-1 SecuRemote and Secure Server
• Configure an Office Mode IP Pool
• Connect and authenticate via Office Mode IP addressing using SecurClient
• Deploy and test Cluster XL

Suitable for

• Delegates who have Check Point CCSE NG, or CCSE NG with Application Intelligence professional
• Delegates who want to earn Check Point Certified Security Expert (CCSE NGX R65) certification

Prerequisites

• Delegates should hold either Check Point CCSE NG, CCSE NG with Application Intelligence or CCSE NGX certification.

Publicly scheduled dates, locations, and prices

Course Contents

Installing and Upgrading VPN-1

• Preinstallation Configuration
• Distributed Installation
• Upgrading to VPN-1 NGX R65
  • Upgrade Guidelines
  • Upgrade Order
  • Upgrade Export/Import
  • Upgrading via SmartUpdate
• VPN-1 Backward Compatibility and Supported Versions
• Licensing VPN-1
  • Obtaining Licenses
  • Supported Upgrade Paths
  • Contract Verification
• Performing License Upgrade
• Pre-Upgrade Considerations
  • Pre-Upgrade Verification Tool
  • Web Intelligence License Enforcement
  • Upgrading on SecurePlatform
• Upgrading SmartCenter Server
  • Using the Pre-Upgrade Verification Tool
• Gateway Upgrade with SmartUpdate

Introduction to SecurePlatform

• Introduction
• SecurePlatform Hardware Requirements and Setup
  • Hardware Compatibility Testing Tool
• Using the Command Line
  • Basic Linux Commands
  • Backup and Restore
  • Viewing Scheduling Status in the WebUI
  • Restoring the Backup via the Command Line
  • Restoring Older Versions of SecurePlatform
  • Scheduling a Backup in the WebUI
  • Viewing the Backup Log in the WebUI
  • Generating CPInfo
  • Critical Check Point Directories
  • Log Files
  • objects.C and objects_5_0.C
  • rulebases_5_0.fws
  • fwauth.NDB
  • Exporting User Database Only
  • Backing Up Using upgrade_export
• Managing Your SecurePlatform System
  • Connecting to SecurePlatform Using Secure Shell
  • User Management
• SecurePlatform Command Shell
  • Management Commands
  • Documentation Commands
  • System Commands
  • Snapshot-Image Management
  • System-Diagnostic Commands
  • Check Point Commands
  • Network-Diagnostic Commands
  • Network-Configuration Commands
  • User and Administrative Commands
• Lab: Configuring VPN-1 Using the CLI

SmartUpdate

• Introduction to SmartUpdate
  • SmartUpdate Architecture
• Upgrading Packages
  • Prerequisites for Remote Upgrades
  • Retrieving Data From VPN-1 Gateways
  • Adding New Packages to the Package Repository
  • Verifying the Viability of a Distribution
  • Transferring Files to Remote Devices
  • Upgrading Edge Firmware with SmartUpdate
  • Rebooting the VPN-1 Gateway
  • Recovering From a Failed Upgrade
  • Deleting Packages From the Package Repository
• Managing Licenses
  • License Upgrade
  • Retrieving License Data From VPN-1 Gateways
  • CPInfo
  • SmartUpdate Command Line
• Lab: Creating Objects, Establishing Trust and Configuring SmartMap
• Lab: Configuring the Security Policy

Monitoring Traffic and Connections

• SmartView Tracker
  • SmartView Tracker Login
  • Log Types
  • SmartView Tracker Tabs
  • Action Icons
  • Log-File Management
  • Administrator Auditing
  • Global Logging and Alerting
  • Time Settings
• Terminating and Blocking Active Connections
• SmartView Monitor
  • SmartView Monitor Login
  • Customizable Views
  • Monitoring Suspicious Activity Rules
  • Monitoring Alerts
  • SmartView Tracker vs. SmartView Monitor
• Eventia Reporter
  • Report Types
  • Predefined Reports
  • Customizing Predefined Reports
  • Eventia Reporter Considerations
  • Eventia Reporter Licensing
• Lab: Blocking Intruder Connections
• Lab: Configuring Suspicious Activity Rule in SmartView Monitor

Basic SmartDefense and Content Inspection

• Introducing SmartDefense
  • Networks and Application Intelligence
  • Web Intelligence
  • Online Updates
  • Monitor Only Mode
• Network Security
  • Denial-of-Service
  • IP and ICMP
  • TCP
  • Fingerprint Scrambling
  • Successive Events
  • DShield Storm Center
  • Port Scanning
• Application Intelligence
  • Mail
  • FTP
  • Microsoft Networks
  • Peer-to-Peer
  • Instant Messaging
  • DNS
  • VoIP
  • SNMP
• Web Intelligence
  • Web Intelligence Protections
  • Web Intelligence License Enforcement
• SmartDefense Services
  • Download Updates Tab
  • Advisories Tab
  • Security Best Practices Tab
• Content Inspection
  • Introduction to Integrated Antivirus and Web-Filtering Technologies
  • Database Updates
  • Antivirus-Scan Settings
  • Web Filtering
• Lab: Configuring SmartDefense
• Lab: Configuring Web-Filtering and Antivirus Settings

Site-to-Site VPNs

• Domain-Based VPN
• Route-Based VPN
• VPN Routing Process for VTIs
• Routing Multicast Packets Through VPN Tunnels
• VPN Tunnel Management
  • Permanent Tunnels
  • VPN Tunnel Sharing
• Wire Mode
  • Wire Mode in a MEP Configuration
  • Wire Mode with Route-Based VPN
  • Wire Mode Between Two VPN Communities
• Directional VPN Enforcement
• Multiple Entry Point VPNs
• Traditional Mode VPNs
• Lab: Two-Gateway IKE Encryption (Shared Secret)

Remote Access VPNs

• Extending SecuRemote with SecureClient
• Connect Mode
• Establishing Remote Access & Workflow
• Office Mode
• Office Mode Planning
  • IP Pool vs. DHCP
  • Routing-Table Modifications
  • Multiple External Interfaces
  • Before Configuring Office Mode
• Desktop Security Policy
  • Policy Expiration and Renewal
  • Policy Server HA
  • Wireless Hotspot/Hotel Registration
  • Logging
  • SecureClient Mobile
• VPN Routing & Remote Access
• SSL Network Extender
• Clientless VPN
  • Special Considerations for Clientless VPN
  • Configuring Clientless VPN
  • Creating Appropriate Rules in the Rule Base
• Lab: Configuring Remote Access in an IKE VPN

High Availability and ClusterXL

• Management High Availability
  • Management High Availability Environment
  • Synchronization Status
• ClusterXL
• ClusterXL Modes
  • Legacy High Availability Mode
  • New High Availability Mode
  • Load Sharing Multicast Mode
  • Load Sharing Unicast (Pivot) Mode
  • Cluster Control Protocol
• Synchronizing Clusters
  • The Synchronization Network
  • How State Synchronization Works
  • Synchronized-Cluster Restrictions
• Sticky Connections
• CPHA Commands
  • cphastart
  • cphastop
  • cphaprob
  • cphaprob Example
  • fw hastat
• Debugging ClusterXL Issues
• ClusterXL Configuration Issues
  • Modes of ClusterXL Supporting SecureXL
  • Crossover-Cable Support
• Lab: Deploying New Mode HA