COURSE OBJECTIVE
0
LAB
0
INSTRUCTOR KNOWLEDGE
0
COURSE CONTENT PLAN
0
Summary rating from 0 user's marks. You can set own marks for this article - just click on stars above and press "Accept".
0
This course is designed for students who are new to Checkpoint firewall and looking to expand their skill sets in network and security domain. Candidates should have basic understanding on ip addressing, routing and switching technologies.
Upon completion of this course, students will be able to:
- Explain the features and advantages of the checkpoint firewall architecture
- Perform the basic & advance configuration of the firewall including:
- Configuring interfaces, security policies
- Setting up detailed operation of NAT
- Enable IPSEC and SSL VPN
- Troubleshooting via TCPDUMP and FW Monitor
- Configure an Active-Backup and Active-Active Cluster
- Overview of checkpoint virtualization and centralized security management (porivder-1)
Course content
Module 0 – Security basics & firewall technologies overview
- Network security concepts explained
- Enterprise security architecture – defense in depth / layered security architecture
- Understanding various firewall technologies likes of :
- Packet filter firewall
- Application gateway firewall
- Stateful Inspection
- Next generation firewall
- Basic understanding on Various application protocols including HTTP, FTP, DNS & DHCP
- Overview of PKI infrastructure
Module 1 – Checkpoint platform Architecture
- Understanding on 3-tier architecture
- Security Gateway
- Security Management
- Smart Console tools
- Secure internal communication (SIC)
- Design consideration with checkpoint security solution
- Detailed checkpoint Packet flow
Module2 – Installation and Administration
- Understanding standalone and distributed deployment architecture
- Understanding IP address spoofing and security gateway topology
- Understanding checkpoint security rule base
- Implicit security policies
- Explicit security policies
- Rule base order
- Security policy designing best practices
- Controlling multiple policy packages via single Security Management
Module3 – Network Address Translation
- Overview on NAT requirements
- Network address translation
- Source NAT
- Destination NAT
- Static NAT
- Dual NAT
- Persistence NAT , Full con & Half con NAT
- Design consideration while using automatic and manual NAT
- NAT Specific traffic flow
- Overlapping network communication using NAT
- Applications affected by NAT
- Understanding and implementation of NAT policies
Module 4 – VPN
- Overview of VPN technologies
- SSL VPN
- IPsec VPN
- Understanding on policy based vpn and its limitations
- Route based VPN
- Implementing VPN with dynamic routing on Checkpoint firewall
- Understanding on NAT-T in IPSEC VPN
- Advance understanding of mobility requirements and checkpoint SSL VPN technology
- Network mode, application mode, thin client
- Split tunneling , full tunneling
- End point security
- Secure desktop
- Designing of complex VPN infrastructure with VPN failover
Module 5 – High Availability
- Overview of Cluster XL and VRRP in checkpoint
- understanding on active-active and active-standby cluster
- High Availability, load sharing , load balancing
- Unicast mode
- Multicast mode
- Concept of Magic MAC
- understanding and managing split brain condition
- Failover Conditions
- Understanding of complexities involved in cluster with asymmetric routing
Module 6– Troubleshooting
- Overview of troubleshooting methodology on Checkpoint firewall
- Troubleshooting of address spoofing issues
- Troubleshooting security policies and NAT
- Checkpoint tools
- VPN debugging using IKE View tool
- Using GUIDB edit to edit database files
- Debugging and maintaining SIC
- Diagnosing Cluster & logging issues
- Packet level troubleshooting with TCPDUMP and FW Monitor
- Troubleshooting using pcap files – overview of wireshark tool
- File management in checkpoint
- c
- ndb
- Modifying .def files using GUIDBedit tool
Module 7 – Identity Awareness
- Overview of Identity awareness to configure network access rules
- Integration with Active Directory/ LDAP
- Understanding on different Identity Awareness scenarios
- Acquiring identities for AD users
- Acquiring identities with Browser based authentication
- Acquiring identities with Endpoint identity Agents
Module 8 – Advanced administration & Configuration
- Backup of Security gateway and Security management
- Crating snapshots
- Import export tool
- Database revision control
- Understanding file checkpoint file structure
- Understanding checkpoint licensing using smart update
- Understanding checkpoint auditing and reporting tools
- Smart view tracker
- Smart event
- Smart reporter
- Upgrade a clustered security gateway deployment
- Consolidate multiple firewalls to single management platform
- Understanding checkpoint command line operation
- CPCONFIG utility
- Debug commands
- ClusterXL, VPN , NAT, interface specific command utility
- Policy operation through CLI
- Checkpoint troubleshooting commands
Bonus Module – Advanced checkpoint security and management functions
- Understanding on virtual firewall in checkpoint (VSX)
- Designing guidelines using virtual firewalls
- Understanding checkpoint next generation functionality
- Overview on advance persistence threat technology (APT) – threat prevention
- Overview of provider-1 security management tool
