LernIX Solutions

Course Overview

The 2-day Check Point Certified Troubleshooting Expert (CCTE) provides advanced troubleshooting skills to investigate and resolve more complex issues that may occur while managing your Check Point security environment.

Course Objectives

• Demonstrate understanding how to use advanced troubleshooting tools and techniques including: Interpreting diagnostic data with CPInfo, Collecting and reading statistical data using CPView, and Advanced troubleshooting risks.

• Describe the use of Logs and SmartEvent in troubleshooting.

• Describe the log indexing system and issues that can occur.

• Discuss methods to troubleshoot log indexing in SmartLog and SmartEvent.

• Explain the databases used in Security Management operations.

• Identify common troubleshooting database issues.

• Discuss Management Processes.

• Demonstrate understanding of advance troubleshooting tools and techniques including:

o How the kernel handles traffic,

o How to troubleshoot issues using chain modules,

o How to use the two main procedures for debugging the Firewall kernel, and

o How the two main procedures for debugging the Firewall kernel differ.

• Demonstrate understanding of user mode debugging, including collecting and interpreting process debugs.

• Debug user mode processes.

• Discuss advanced Identity awareness troubleshooting.

• Learn to run debugs on Identity Awareness.

• Explain Unified Access Control flow and processes.

• Explain Access Control kernel debugs.

• Describe Access Control process debugs.

• Explain basic and advanced Site-to-Site VPN troubleshooting tools and techniques, including:

o Packet captures, IKE debugs, and VPN process debugs.

• Explain Client-to-Site VPN troubleshooting tools and techniques, including:

o Remote access troubleshooting and Mobile access troubleshooting.

Course Content

Course Topics:

• Advanced Troubleshooting Techniques

• Advanced Logs and and Monitoring

• Management Database and Processes

• Advanced Kernel Debugging

• User Mode Troubleshooting

• Advanced Identity Awareness Troubleshooting

• Advanced Access Control

• Site-to-Site VPN Troubleshooting

• Client-to-Site VPN Troubleshooting

Lab Exercises:

• Collecting and Reading CPInfo

• Collecting and Reading CPView Data

• Troubleshooting SmartLog

• Troubleshooting SmartEvent

• Troubleshooting Database Issues

• Debugging Security Gateway Kernel

• Debugging User Mode Processes

• Debugging Identity Awareness

• Debugging Unified Policy Inspection

• Troubleshooting Site-to-Site VPN

• Debugging Remote Access VPN

Course Overview

The Check Point Certified Troubleshooting Administrator (CCTA) provides an understanding of the concepts and skills necessary to troubleshoot issues that may occur when managing the Check Point Security Management architecture and Security Gateways.

Course Objectives

• Identify online resources for Check Point security products and solutions.

• Demonstrate understanding of capture packet technologies.

• Demonstrate understanding of Firewall chain modules, Kernel and User Mode, and Kernel and User Space.

• Use Linux and Check Point utilities to review processes and system information.

• Troubleshoot log collection issues and interrupted communications.

• Monitor network activity and traffic flow.

• Demonstrate understanding of Check Point SmartConsole and Policy installation.

• Investigate and troubleshoot issues with Check Point SmartConsole and Policy installation.

• Demonstrate understanding of Check Point Identity Awareness.

• Investigate and troubleshoot issues with Check Point Identity Awareness.

• Demonstrate understanding of Check Point Application Control and URL Filtering.

• Investigate and troubleshoot issues with Check Point Application Control and URL Filtering.

• Demonstrate understanding of Check Point Network Address Translation.

• Investigate and troubleshoot issues with Check Point Network Address Translation.

• Demonstrate understanding of Check Point Threat Prevention.

• Investigate and troubleshoot issues with Check Point Threat Prevention.

• Demonstrate understanding of Check Point licenses and contracts.

• Investigate and troubleshoot Check Point licenses and contracts.

Course Content

Topics

• Introduction to Troubleshooting Fundamentals

• Fundamentals of Traffic Monitoring

• SmartConsole and Policy Management Troubleshooting

• Identity Awareness Troubleshooting

• Access Control Troubleshooting

• Troubleshooting Issues with NAT

• Understanding Threat Prevention

• License and Contract Troubleshooting

Exercises

• Using tcpdump and Wireshark

• Viewing Firewall Chain Modules

• Using Basic Linux and Check Point Commands

• Troubleshooting Logging Communication Issues

• Analyzing Traffic Captures

• Troubleshooting SmartConsole and Using SmartConsole Tools

• Troubleshooting Identity Awareness

• Troubleshooting Application Control and URL Filtering

• Investigating Network Address Translation Issues

• Evaluating Advanced Threat Prevention Products

• Verifying Licenses

Course Overview

This core course covers the fundamentals needed to deploy, configure, and manage daily operations of Check Point Security Gateways and Management Software Blades that run on the Gaia operating system.

Learn advanced concepts and develop skills necessary to design, deploy, and upgrade Check Point Security environments.

Course Objectives

• Identify basic interfaces used to manage the Check Point environment.

• Identify the types of technologies that Check Point supports for automation.

• Explain the purpose of the Check Management High Availability (HA) deployment.

• Identify the workflow followed to deploy a Primary and solution Secondary servers.

• Explain the basic concepts of Clustering and ClusterXL, including protocols, synchronization, connection stickyness.

• Identify how to exclude services from synchronizing or delaying synchronization.

• Explain the policy installation flow.

• Explain the purpose of dynamic objects, updatable objects, and network feeds.

• Understand how to manage user access for internal and external users.

• Describe the Identity Awareness components and configurations.

• Describe different Check Point Threat Prevention solutions.

• Articulate how the Intrusion Prevention System is configured.

• Obtain knowledge about Check Point’s IoT Protect.

• Explain the purpose of Domain-based VPNs.

• Describe situations where externally managed certificate authentication is used.

• Describe how client security can be provided by Remote Access.

• Discuss the Mobile Access Software Blade.

• Explain how to determine if the configuration is compliant with the best practices.

• Define performance tuning solutions and basic configuration workflow.

• Identify supported upgrade and migration methods and procedures for Security Management Servers and dedicated Log and SmartEvent Servers.

• Identify supported upgrade methods and procedures for Security Gateways.

Course Content

Topics:

• Advanced Deployments

• Management High Availability

• Advanced Gateway Deployment

• Advanced Policy Configuration

• Advanced User Access Management

• Custom Threat Protection

• Advanced Site-to-Site VPN

• Remote Access VPN

• Mobile Access VPN

• Advanced Security Monitoring

• Performance Tuning

• Advanced Security Maintenance

Exercises:

• Navigating the Environment and Using the Management API

• Deploying Secondary Security Management Server

• Configuring a Dedicated Log Server

• Deploying SmartEvent

• Configuring a High Availability Security Gateway Cluster

• Working with ClusterXL

• Configuring Dynamic and Updateable Objects

• Verifying Accelerated Policy Installation and Monitoring Status

• Elevating Security with HTTPS Inspection

• Deploying Identity Awareness

• Customizing Threat Prevention

• Configuring a Site-to-Site VPN with an Interoperable Device

• Deploying Remote Access VPN

• Configuring Mobile Access VPN

• Monitoring Policy Compliance

• Reporting SmartEvent Statistics

• Tuning Security Gateway Performance

Course Overview

This 5 day bundle course covers the following two Check Point training courses:

Check Point Certified Security Expert (CCSE) R81.10 – 3 days

and

Check Point Certified Troubleshooting Expert (CCTE) R81.10 – 2 days

This advanced CCSE part of the course (Monday to Wednesday) teaches how to build, modify, deploy and troubleshoot Check Point Security Systems on the GAiA operating system. Hands-on lab exercises teach how to debug firewall processes, optimize VPN performance and upgrade Management Servers.

The CCTE of the course (Thursday to Friday) provides advanced troubleshooting skills to investigate and resolve more complex issues that may occur while managing your Check Point Security environment.

Course Objectives

CCSE:

• Articulate Gaia system management procedures

• Explain how to perform database migration procedures

• Articulate the purpose and function of Management High Availability

• Describe how to use Check Point API tools to perform management functions

• Articulate an understanding of Security Gateway cluster upgrade methods

• Discuss the process of Stateful Traffic inspection

• Articulate an understanding of the Check Point Firewall processes and debug procedures

• Describe advanced ClusterXL functions and deployment options

• Explain how the SecureXL acceleration technology enhances and optimizes Security Gateway performance

• Describe how the CoreXL acceleration technology enhances and improves Security Gateway performance

• Articulate how utilizing multiple traffic queues can make traffic handling more efficient

• Describe different Check Point Threat Prevention solutions for network attacks

• Explain how SandBlast, Threat Emulation, and Threat Extraction help to prevent security incidents

• Recognize alternative Check Point Site-to-Site deployment options

• Recognize Check Point Remote Access solutions and how they differ from each other

• Describe Mobile Access deployment options

CCTE:

• Understand how to use Check Point diagnostic tools to determine the status of a network.

• Understand how to use network packet analyzers and packet capturing tools to evaluate network traffic.

• Become familiar with more advanced Linux system commands.

• Obtain a deeper knowledge of the Security Management architecture.

• Understand how the Management database is structured and how objects are represented in the database.

• Understand key Security Management Server processes and their debugs.

• Understand how GuiDBedit operates.

• Understand how the kernel handles traffic and how to troubleshoot issues with chain modules.

• Understand how to use the two main procedures for debugging the Firewall kernel and how they differ.

• Recognize User mode processes and how to interpret their debugs.

• Discuss how to enable and use core dumps.

• Understand the processes and components used for policy installs and processing packets in Access Control policies.

• Understand how to troubleshoot and debug issues that may occur with App Control and URLF.

• Understand how to debug HTTPS Inspection-related issues.

• Understand how to troubleshoot and debug Content Awareness issues.

• Understand how IPS works and how to manage performance issues.

• Understand how to troubleshoot Anti-Bot and Antivirus.

• Recognize how to troubleshoot and debug Site-to-Site VPNrelated issues.

• Understand how to troubleshoot and debug Remote Access VPNs.

• Understand how troubleshoot Mobile Access VPN issues.

• Recognize how to use SecureXL features and commands to enable and disable accelerated traffic.

• Understand how the server hardware and operating system affects the performance of Security Gateways.

• Understand how to evaluate hardware configurations for optimal performance.

Course Content

CCSE –

Topics:

• Management Maintenance

• Management Migration

• Management

• High Availability

• Policy Automation

• Gateway Maintenance

• The Firewall Kernel

• User-Mode Processes

• ClusterXL

• Traffic Acceleration

• Core Acceleration

• Interface Acceleration

• Threat Prevention

• Threat Emulation

• Advanced Site-to-Site VPN

• Remote Access VPN

• Mobile Access

Lab Exercises:

• Perform an upgrade of a Security Management server in a distributed environment

• Use the migrate_export command to prepare to migrate a Security Management Server

• Deploy a Secondary Management Server

• Demonstrate how to define new network and group objects using the Check Point API

• Perform an upgrade of Security Gateways in a clustered environment

• Use Kernel table commands to evaluate the condition of a Security Gateway

• Use common commands to evaluate the condition of a Security Gateway

• Configure Virtual MAC

• Demonstrate how SecureXL affects traffic flow

• Describe how the CoreXL acceleration technology enhances and improves Security Gateway performance

• Demonstrate how to monitor and adjust interface traffic queues

• Identify specific threat protections used by Check Point Threat Prevention

• Demonstrate how to enable Mobile Access for remote users

CCTE –

Course Topics:

• Advanced Troubleshooting

• Management Database and Processes

• Advanced Kernel Debugging

• User Mode Troubleshooting

• Advanced Access Control

• Understanding Threat Prevention

• Advanced VPN Troubleshooting

• Acceleration and Performance Tuning

Lab Exercises:

• Monitoring Network Traffic

• Debugging Management Processes

• Exploring the Postgres and Solr Databases

• Troubleshooting Management Synchronization

• Analyzing Traffic Issues Using Kernel Debugs

• Debugging User Mode Processes

• Troubleshooting Application Control and URL Filtering

• Troubleshooting IPS

• Evaluating Threat Prevention Products

• Debugging Site-to-Site VPN

• Troubleshooting Remote Access VPN

• Testing Mobile Access VPN

• Evaluating SecureXL

• Modifying CoreXL

• Evaluating Hardware-related Performance

• Tuning and Software Optimization

Course Overview

This core course covers the fundamentals needed to deploy, configure, and manage daily operations of Check Point Security Gateways and Management Software Blades that run on the Gaia operating system.

Learn basic concepts and develop skills necessary to administer IT security fundamental tasks.

Course Objectives

• Describe the primary components of a Check Point Three-Tier Architecture and explain how they work together in the Check Point environment.

• Explain how communication is secured and how traffic is routed in the Check Point environment.

• Describe the basic functions of the Gaia operating system.

• Identify the basic workflow to install Security Management Server and Security Gateway for a single-domain solution.

• Create SmartConsole objects that correspond to the organization’s topology for use in policies and rules.

• Identify the tools available to manage Check Point licenses and contracts, including their purpose and use.

• Identify features and capabilities that enhance the configuration and management of the Security Policy.

• Explain how policy layers affect traffic inspection.

• Articulate how Network Address Translation affects traffic.

• Describe how to configure manual and automatic Network Address Translation (NAT).

• Demonstrate an understanding of Application Control & URL Filtering and Autonomous Threat Prevention capabilities and how to configure these solutions to meet an organization’s security requirements.

• Articulate how pre-shared keys and certificates can be configured to authenticate with third party and externally managed VPN Gateways.

• Describe how to analyze and interpret VPN tunnel traffic.

• Configure logging parameters.

• Use predefined and custom queries to filter log results.

• Identify how to monitor the health of supported Check Point hardware using the Gaia Portal and the command line.

• Describe the different methods for backing up Check Point system information and discuss best practices and recommendations for each method.

Course Content

Topics:

• Security Management

• SmartConsole

• Deployment

• Object Management

• Licenses and Contracts

• Policy Rule and Rulebase

• Policy Packages

• Policy Layers

• Traffic Inspection

• Network Address Translation

• Application Control

• URL Filtering

• Logging

• Snapshots

• Backup and Restore

• Gaia

• Permissions

• Policy Installation

Exercises:

• Deploying SmartConsole

• Installing a Security Management Server

• Installing a Security Gateway

• Configuring Objects in SmartConsole

• Establishing Secure Internal Communication

• Managing Administrator Access

• Managing Licenses

• Creating a Security Policy

• Configuring Order Layers

• Configuring a Shared Inline Layer

• Configuring NAT

• Integrating Security with a Unified Policy

• Elevating Security with Autonomous Threat Prevention

• Configuring a Locally Managed Site-to-Site VPN

• Elevating Traffic View

• Monitoring System States

• Maintaining the Security Environment

Course Overview

The Check Point Cybersecurity Boot Camp is a fast-paced course intended for Security Experts and other technical professionals with prior training and/or practical experience with Check Point Security Management Servers and Security Gateways running on the Gaia operating system.

This course is not for new users to Check Point – previous certification/experience is recommended.

Learn basic and advanced concepts and develop skills necessary to administer IT security fundamental and intermediate tasks.

Course Objectives

Security Administrator (CCSA)

• Describe the primary components of a Check Point Three-Tier Architecture and explain how they work together in the Check Point environment.

• Identify the basic workflow to install Security Management Server and Security Gateway for a single-domain solution.

• Create SmartConsole objects that correspond to the organization’s topology for use in policies and rules.

• Identify the tools available to manage Check Point licenses and contracts, including their purpose and use.

• Identify features and capabilities that enhance the configuration and management of the Security Policy.

• Demonstrate an understanding of Application Control & URL Filtering and Autonomous Threat Prevention capabilities and how to configure these solutions to meet an organization’s security requirements.

• Describe how to analyze and interpret VPN tunnel traffic.

• Identify how to monitor the health of supported Check Point hardware using the Gaia Portal and the command line.

• Describe the different methods for backing up Check Point system information and discuss best practices and recommendations for each method.

Security Expert (CCSE)

• Identify the types of technologies that Check Point supports for automation.

• Explain the purpose of the Check Management High Availability (HA) deployment.

• Explain the basic concepts of Clustering and ClusterXL, including protocols, synchronization, and connection stickyness.

• Explain the purpose of dynamic objects, updatable objects, and network feeds.

• Describe the Identity Awareness components and configurations.

• Describe different Check Point Threat Prevention solutions.

• Articulate how the Intrusion Prevention System is configured.

• Explain the purpose of Domain-based VPNs.

• Describe situations where externally managed certificate authentication is used.

• Describe how client security can be provided by Remote Access.

• Discuss the Mobile Access Software Blade.

• Define performance tuning solutions and basic configuration workflow.

• Identify supported upgrade methods and procedures for Security Gateways.

Course Content

Topics:

• Security Management

• SmartConsole

• Deployment

• Object Management

• Licenses and Contracts

• Policy Rules and Rulebase

• Policy Packages

• Policy Layers

• Traffic Inspection

• Network Address Translation

• Application Control

• URL Filtering

• Logging

• Snapshots

• Backup and Restore

• Gaia

• Permissions

• Policy Installation

• Advanced Deployments

• Management High Availability

• Advanced Gateway Deployment

• Advanced Policy Configuration

• Advanced User Access Management

• Custom Threat Protection

• Advanced Site-to-Site VPN

• Remote Access VPN

• Mobile Access VPN

• Advanced Security Monitoring

• Performance Tuning

• Advanced Security Maintenance

Security Administrator (CCSA)

• Deploy SmartConsole

• Install a Security Management Server

• Install a Security Gateway

• Configure Objects in SmartConsole

• Establish Secure Internal Communication

• Manage Administrator Access

• Manage Licenses

• Create a Security Policy

• Configure Order Layers

• Configure a Shared Inline Layer

• Configure NAT

• Integrate Security with a Unified Policy

• Elevate Security with Autonomous Threat Prevention

• Configure a Locally Managed Site-to-Site VPN

• Elevate Traffic View

• Monitor System States

• Maintain the Security Environment

Security Expert (CCSE)

• Navigate the Environment and Use the Management API

• Deploy Secondary Security Management Server

• Configure a Dedicated Log Server

• Deploy SmartEvent

• Configure a High Availability Security Gateway Cluster

• Work with ClusterXL

• Configure Dynamic and Updateable Objects

• Verify Accelerated Policy Installation and Monitoring Status

• Elevate Security with HTTPS Inspection

• Deploy Identity Awareness

• Customize Threat Prevention

• Configure a Site-to-Site VPN with an Interoperable Device

• Deploy Remote Access VPN

• Configure Mobile Access VPN

• Monitor Policy Compliance

• Report SmartEvent Statistics

• Tune Security Gateway Performance

Course Overview

This 5 day bundle course covers the following two Check Point training courses:

Check Point Certified Security Administrator (CCSA) R81.x – 3 days

and

Check Point Certified Troubleshooting Administrator (CCTA) R81.x – 2 days

The CCSA part of the course (Monday to Wednesday) covers everything you need to start-up, configure and manage daily operations of Check Point Security Gateway and Management Software Blades systems on the GAiA operating system.

The CCTA part of the course (Thursday to Friday) provides an understanding of the concepts and skills necessary to troubleshoot issues that may occur when managing the Check Point Security Management architecture and Security Gateways.

Course Objectives

CCSA:

• Know how to perform periodic administrator tasks

• Describe the basic functions of the Gaia operating system

• Recognize SmartConsole features, functions, and tools

• Describe the Check Point Firewall infrastructure

• Understand how SmartConsole is used by administrators to grant permissions and user access

• Learn how Check Point security solutions and products work and how they protect networks

• Understand licensing and contract requirements for Check Point security products

• Describe the essential elements of a Security Policy

• Understand the Check Point policy layer concept

• Understand how to enable the Application Control and URL Filtering software blades to block access to various applications

• Describe how to configure manual and automatic NAT

• Identify tools designed to monitor data, determine threats and recognize opportunities for performance improvements

• Identify SmartEvent components used to store network activity logs and identify events

• Know how Site-to-Site and Remote Access VPN deployments and communities work

• Explain the basic concepts of ClusterXL technology and its advantages

CCTA:

• Understand how to use Check Point resources for support.

• Understand how to perform packet captures using tcmdump and FW Monitor command tools.

• Understand the basic process of kernel debugging, and how debug commands are structured.

• Recognize how to use various Linux commands for troubleshooting system issues.

• Recognize communication issues that may occur between SmartConsole and the SMS and how to resolve them.

• Understand how to troubleshoot SmartConsole login and authentication issues.

• Understand how to prevent and resolve licensing and contract issues.

• Understand how to troubleshoot issues that may occur during policy installation.

• Understand communication issues that may occur when collecting logs and how to resolve them.

• Recall various tools to use when analyzing issues with logs.

• Understand how to restore interrupted communications during heavy logging.

• Understand how NAT works and how to troubleshoot issues.

• Understand Client Side and Server Side NAT.

• Understand how the Access Control Policy functions and how the access control applications work together.

• Understand how to troubleshoot issues that may occur with Application Control and URL Filtering. • Understand how the HTTPS Inspection process works and how to resolve issues that may occur during the process.

• Understand how to troubleshoot Content Awareness issues.

• Recognize how to troubleshoot VPN-related issues.

• Understand how to monitor cluster status and work with critical devices.

• Recognize how to troubleshoot State Synchronization.

• Understand how to troubleshoot communication issues between Identity Sources and Security Gateways.

• Understand how to troubleshoot and debug issues with internal Identity Awareness processes.

Course Content

CCSA:

Topics –

• Security Architecture

• Admin Operations

• Deployment

• Licensing

• Gaia Portal

• Hide/Static NAT

• Firewall Basics

• Monitoring States

• ClusterXL

• Traffic Visibility

• Security Events

• Compliance Tasks

• Threat Detection

• Policy Layers

• Site-to-Site VPN

• Remote Access VPN

• User Access

Exercises –

• Identify key components and configurations

• Create and confirm administrator users for the domain

• Validate existing licenses for products installed on your network

• Create and modify Check Point Rule Base objects

• Demonstrate how to share a layer between Security Policies

• Analyze network traffic and use traffic visibility tools

• Monitor Management Server States using SmartConsole

• Demonstrate how to run specific SmartEvent reports

• Configure a SmartEvent server to monitor relevant patterns

• Configure and deploy a site-to-site VPN

• Configure and test ClusterXL with a High Availability configuration

• Understand how to use CPView to gather gateway information

• Perform periodic tasks as specified in administrator job descriptions

• Test VPN connection and analyze the tunnel traffic

• Demonstrate how to create custom reports

• Demonstrate how to configure event Alerts in SmartEvent

• Utilize various traffic visibility tools to maintain Check Point logs

CCTA:

Course Topics –

• An Introduction to Troubleshooting

• SmartConsole and Policy Management Troubleshooting

• Monitoring Logging Activity

• Troubleshooting Issues with NAT

• Understanding the Unified Access Control Policy

• Basic VPN Troubleshooting

• Monitoring ClusterXL Connections

• Understanding Identity Awareness

Lab Exercises –

• Monitoring Security Gateway Traffic

• Troubleshooting Issues with SmartConsole

• Troubleshooting Log Connectivity Issues

• Investigating Log Connectivity Issues

• Investigating NAT Issues

• Troubleshooting General Traffic Issues

• Evaluating HTTP and HTTPS Traffic Issues

• Troubleshooting Site-to-Site VPN Issues

• Troubleshooting Clustering Issues

• Troubleshooting Identity Awareness

• Configuring and Testing Identity Collector

Course Overview

This two-day course is designed for Security professionals who install, configure, and manage multiple security domains within their network security environment.

Gain advanced skills for effectively securing and managing a multi-domain enterprise security network. Apply understanding of open-source and Check Point troubleshooting tools and techniques to investigate and resolve complex issues.

It also helps candidates prepare for the Check Point Certified Multi-Domain Security Management Specialist (CCMS) exam.

Course Objectives

• List and describe the function of each component in the Check Point MDSM solution.

• Explain how these components work together to help administrators manage multiple network security environments within a large network.

• Demonstrate understanding of how to install and configure the MDSM environment.

• Summarize the steps required to migrate a Security Management Server into a Domain Management Server.

• Explain how to implement MDSM High Availability using Secondary Multi-Domain and Domain Management Servers.

• Explain how to configure and manage policies from a Secondary Domain Management Server.

• Explain the difference between the two types of Log Server options used to store logs in MDSM.

• List the different types of activity logs available when using SmartConsole.

• Describe how to view and manage Multi-Domain activity logs in SmartConsole

• Describe how a Global Policy works in a distributed network.

• Describe how to configure a Global Policy to manage rules for multiple domains.

• Summarize the steps required to deploy a Global Policy.

• Explain how to integrate SmartEvent into a Multi-Domain Environment.

• Explain how to perform configuration changes on an MDS.

• Describe how to use troubleshooting and debugging tools on an MDS.

• Describe the techniques used to investigate and resolve issues with the Check Point Security Management architecture and Security Gateways

Course Content

Course Topics:

• Multi-Domain Installation and Configuration

• Multi-Domain Security Management

• Multi-Domain Log Management

• Multi-Domain High Availability

• Global Domain

• Global Policy Management

• Multi-Domain Troubleshooting

Lab Exercises:

• Exploring the Multi-Domain Environment

• Migrating an SMS to a Domain Management Server

• Implementing Multi-Domain Management High Availability

• Deploying a Multi-Domain Log Server

• Deploying a Global Security Policy

• Integrating SmartEvent into a Multi-Domain Environment

• Performing Multi-Domain CLI Diagnostics

• Troubleshooting Multi-Domain Security Management Servers

Course Overview

The Check Point Certified Maestro Expert course is intended to provide you with the theoretical knowledge and practical skills needed to deploy, manage, and troubleshoot the Check Point Maestro environment.

Course Objectives

• Describe the demand for scalable platforms.

• Explain how Maestro uses the hyperscale technology.

• Identify the primary features and components of the Maestro system.

• Communicate the purpose of Maestro SecurityGroups (SGs), the Single Management Object (SMO), and the SMOMaster.

• Identify the types of interfaces found in Maestro deployment.

• Give examples of VLAN configuration enhancements for uplink ports.

• Identify basic steps in an initial maestro implementation.

• Discuss how to distribute files to all components and to specific components.

• Explain why verifying changes by using self-tests is important

• Demonstrate understanding of Maestro traffic distribution and flow.

• Describe a scenario in which you would keep Layer 4 Distribution enabled.

• List the four core diagnostic tools and what each of them is used for.

• Describe how to use audit trails to troubleshoot problems in the system.

• Describe different troubleshooting tools used at different OSI Layers.

• Identify the benefits of a Dual Orchestrator environment.

• Explain how Dual Orchestrators work with Multiple Security Groups.

• Describe the procedures used to install an upgrade on Maestro.

• Describe the ways to verify the installation is installed correctly.

Course Content

Course Topics:

• Scalability and Hyperscale

• Maestro Security Groups and the Single Management Object

• Administrator Operations

• Traffic Flow

• System Diagnostics and Tracking Changes

• Troubleshooting

• Dual Orchestrator Environment

• Dual Site Environment

• Upgrades

Lab Exercises:

• Creating Security Groups and the Single Management Object.

• Working with Security Groups.

• Analyzing the Distribution Layer.

• Collecting System Diagnostics.

• Troubleshooting Maestro Environments.

• Deploying Dual Orchestrators.

Course Overview

Demonstrate an understanding of the Check Point Harmony Endpoint solution, including its features and capabilities. Apply knowledge and skills gained during training to manage and protect a Harmony Endpoint solution.

Course Objectives

• Describe Check Point Infinity’s Consolidated Security Architecture.

• Explain the difference between the Harmony Endpoint On-Premises and Cloud management environments.

• Identify the main components of the Harmony Endpoint Security Architecture.

• Identity the basic workflow for Harmony Endpoint Security Management.

• Give examples of useful resources for Harmony Endpoint Security Management.

• Log in to the Web Management Console.

• Navigate the Web Management interface to gain a basic understanding of the features and capabilities Harmony Endpoint provides for security management.

• Discuss situations where it might be necessary to change default policy rules.

• Identify recommended releases for a Harmony Endpoint Client deployment.

• Identify deployment prerequisites.

• Given a deployment scenario, identify deployment methods, Endpoint Client packages, and the basic workflow.

• Recognize the different types of data security available to deploy.

• Describe how Full Disk Encryption protects and recovers data that is accessed and stored on Endpoint computers.

• Identify how to secure removable media devices and protect ports.

• Identify remote help and recovery capabilities.

• Discuss the challenges of threat prevention.

• Identify how Harmony Endpoint defends networks against advanced threats.

• Identify the key components in Harmony Endpoint simplified and large-scale deployments.

• Identify sizing guidelines for Harmony Endpoint deployments.

• Give examples of how to expand the solution with Super Nodes and External Policy Servers.

• Identify the additional capabilities that High Availability (HA) and Active Directory configurations support.

• Identify useful resources for basic troubleshooting.

• Give examples of potential problems or issues that might occur when using Harmony Endpoint.

• Investigate and troubleshoot basic Harmony Endpoint troubleshooting scenarios.

• Define Harmony Endpoint Management as a Service.

• Explain the set-up process for Harmony Endpoint Management as a Service.

• Discuss the workflow when migrating from Endpoint On-Premises to Endpoint Management as a Service.

Course Content

Topics

Introduction to Harmony Endpoint

Harmony Endpoint Security Management

Deploying Harmony Endpoint

Data Security Protection

Advanced Threat Prevention

Large-Scale Harmony Endpoint Deployment

Troubleshooting

Harmony Endpoint Management as a Service

Exercises

Install the Endpoint Security Management Server

Deploy an Endpoint Security Management Server

Configure Endpoint for Deployment

Deploy Endpoint Security Clients to Hosts

Test and Analyze Threat Response

Configure LDAP Strong Authentication

Deploy a Secondary Endpoint Security Management Server

Troubleshoot Endpoint Communication Issues

Migrate from On-Premises to Endpoint Management as a Service (Optional)

Connect Existing Hosts to Endpoint Management as a Service (Optional)