CCSE

This course is designed for students who are new to Checkpoint firewall and looking to expand their skill sets in network and security domain. Candidates should have basic understanding on ip addressing, routing and switching technologies.

Upon completion of this course, students will be able to:

Explain the features and advantages of the checkpoint firewall architecture
Perform the basic & advance configuration of the firewall including:
- Configuring interfaces, security policies
- Setting up detailed operation of NAT
- Enable IPSEC and SSL VPN
- Troubleshooting via TCPDUMP and FW Monitor
- Configure an Active-Backup and Active-Active Cluster
- Overview of checkpoint virtualization and centralized security management (porivder-1)

Course content

Module 0 – Security basics & firewall technologies overview

Network security concepts explained
Enterprise security architecture – defense in depth / layered security architecture
Understanding various firewall technologies likes of :
- Packet filter firewall
- Application gateway firewall
- Stateful Inspection
- Next generation firewall
Basic understanding on Various application protocols including HTTP, FTP, DNS & DHCP
Overview of PKI infrastructure

Module 1 – Checkpoint platform Architecture

Understanding on 3-tier architecture
- Security Gateway
- Security Management
- Smart Console tools
Secure internal communication (SIC)
Design consideration with checkpoint security solution
Detailed checkpoint Packet flow

Module2 – Installation and Administration

Understanding standalone and distributed deployment architecture
Understanding IP address spoofing and security gateway topology
Understanding checkpoint security rule base
- Implicit security policies
- Explicit security policies
- Rule base order
- Security policy designing best practices
Controlling multiple policy packages via single Security Management

Module3 – Network Address Translation

Overview on NAT requirements
Network address translation
- Source NAT
- Destination NAT
- Static NAT
- Dual NAT
- Persistence NAT , Full con & Half con NAT
Design consideration while using automatic and manual NAT
- NAT Specific traffic flow
- Overlapping network communication using NAT
- Applications affected by NAT
Understanding and implementation of NAT policies

Module 4 – VPN

Overview of VPN technologies
- SSL VPN
- IPsec VPN
Understanding on policy based vpn and its limitations
Route based VPN
Implementing VPN with dynamic routing on Checkpoint firewall
Understanding on NAT-T in IPSEC VPN
Advance understanding of mobility requirements and checkpoint SSL VPN technology
- Network mode, application mode, thin client
- Split tunneling , full tunneling
- End point security
- Secure desktop
Designing of complex VPN infrastructure with VPN failover

Module 5 – High Availability

Overview of Cluster XL and VRRP in checkpoint
understanding on active-active and active-standby cluster
High Availability, load sharing , load balancing
Unicast mode
Multicast mode
Concept of Magic MAC
understanding and managing split brain condition
Failover Conditions
Understanding of complexities involved in cluster with asymmetric routing

Module 6– Troubleshooting

Overview of troubleshooting methodology on Checkpoint firewall
Troubleshooting of address spoofing issues
Troubleshooting security policies and NAT
Checkpoint tools
- VPN debugging using IKE View tool
- Using GUIDB edit to edit database files
- Debugging and maintaining SIC
- Diagnosing Cluster & logging issues
Packet level troubleshooting with TCPDUMP and FW Monitor
Troubleshooting using pcap files – overview of wireshark tool
File management in checkpoint
- c
- ndb
- Modifying .def files using GUIDBedit tool

Module 7 – Identity Awareness

Overview of Identity awareness to configure network access rules
Integration with Active Directory/ LDAP
Understanding on different Identity Awareness scenarios
Acquiring identities for AD users
Acquiring identities with Browser based authentication
Acquiring identities with Endpoint identity Agents

Module 8 – Advanced administration & Configuration

Backup of Security gateway and Security management
- Crating snapshots
- Import export tool
- Database revision control
- Understanding file checkpoint file structure
Understanding checkpoint licensing using smart update
Understanding checkpoint auditing and reporting tools
- Smart view tracker
- Smart event
- Smart reporter
Upgrade a clustered security gateway deployment
Consolidate multiple firewalls to single management platform
Understanding checkpoint command line operation
- CPCONFIG utility
- Debug commands
- ClusterXL, VPN , NAT, interface specific command utility
- Policy operation through CLI
- Checkpoint troubleshooting commands