Course : Check Point R82, Network Security, Level 2
Practical course - 4d
- 28h00 - Ref. CPJ
|
Download in PDF format
Share this course by email
 | Understand the main processes on security management servers and security gateways |
| Use "Dynamic Layer" to add objects and rules directly to the gateway using the Gaia API |
| Describe how coreXL and secureXL technologies improve and optimize security gateway performance |
| Manage remote VPN access with the blade's "Mobile Access" options: IPSec and SSL |
| Implementing an ElasticXL cluster for high availability and load balancing |
Intended audience
System/network/security administrators and engineers, technicians.
Prerequisites
Good knowledge of TCP/IP, IS security and the main Check Point functions, or knowledge equivalent to that provided by the CPG course. Experience desirable.
Course schedule
1 Gaia advanced & API
- Gaia on the command line.
- API presentation.
- Create objects and rules via the API.
- Gaia upgrade methods.
- Centralized gateway upgrade/update.
Hands-on work
Installation du SMS et des GWs en R81.20. Utilisation de l’API pour créer des objets et règles de base.
Mise à niveau avancée du Management de R81.20 vers R82. Mise à niveau centralisée de la passerelle principale et distante.
2 Check Point processes
- Main Check Point processes.
- Commands for viewing Check Point processes.
- Scripts and SmartTasks.
Hands-on work
Configure SmartTasks.
3 Security policy installation
- Security policy installation process.
- Accelerated installation.
- Policy Packages & Layers.
- Dynamic objects.
- Updatable Objects.
- Introducing the Dynamic Layer concept.
- Communication with the gateway using the Rest API.
- Using the Gaia API "call", "set-dynamic-content".
Hands-on work
Check installation files. Create dynamic objects. Use the Dynamic Layer to create objects and rules directly in the main firewall.
4 Kernel operations & Traffic flow
- Package circulation inside the walkway.
- Module chains.
- The "fw monitor" tool.
- Management Data Plane Separation (MDPS).
Hands-on work
Using the "fw monitor" tool.
5 SecureXL & CoreXL
- SecureXL acceleration and templates.
- SecureXL commands.
- CoreXL and SND (Secure Network Distributor).
- CoreXL Affinity.
- Dynamic Balancing.
- Multi-Queue.
- The CoreXL Dynamic Dispatcher.
- Priority Queues (PrioQ).
- Hyperflow acceleration for SMB/CIFS/QUIC connections.
6 VPN and Routed Based
- VPN routing.
- VPN routing modes.
- Advantages of Routed Based VPN.
- VTI: Virtual Tunnel Interfaces.
- Supported protocols for dynamic VPN routing.
- Wire Mode.
- Directional VPN.
Hands-on work
Setting up route-based tunnels with static routing. Setting up route-based tunnels with dynamic routing (OSPF).
7 Remote access
- SSL VPN and IPSec VPN.
- Blade Mobile Access.
- Mobile Access type: "Remote Access".
- Mobile Access SSL: Clientless Applications and Native Applications.
- SSL Network Extender (SNX). Check Point Mobile portal.
- Layer 3 VPN clients.
- SAML authentication support.
Hands-on work
Set up a Remote Access VPN connection via the Check Point Mobile client for Active Directory users. Setting up a Mobile Access SSL VPN connection.
8 Advanced logging, monitoring and reporting
- Logs & Monitor tab overview.
- SmartEvent.
- Compliance.
- SmartEvent GUI Client.
- Suspicious Activity Monitoring (SAM).
- Introduction of the new "ConnView" tool.
Hands-on work
SmartEvent configuration.
9 Advanced user management/Identity Collector
- Authentication types.
- External identity providers.
- AD connection problems with AD Query.
- New Identity Cache Mode.
- Identity Collector.
- Identity Awareness command line.
Hands-on work
Installation and implementation of Identity Collector. Implement Identity Awareness debugging commands.
10 Clustering
- Firewall redundancy.
- ClusterXL High Availability (Active/Passive).
- ClusterXL Load Sharing.
- Load Sharing Multicast.
- ClusterXL High Availability (Active/Active).
- VMAC and ARP issues.
- High availability of the Management Server.
- ElasticXL cluster.
Hands-on work
Implementation of Load Sharing via ElasticXL (installation, configuration and testing).
PARTICIPANTS
System/network/security administrators and engineers, technicians.
PREREQUISITES
Good knowledge of TCP/IP, IS security and the main Check Point functions, or knowledge equivalent to that provided by the CPG course. Experience desirable.
TRAINER QUALIFICATIONS
The experts leading the training are specialists in the covered subjects. They have been approved by our instructional teams for both their professional knowledge and their teaching ability, for each course they teach. They have at least five to ten years of experience in their field and hold (or have held) decision-making positions in companies.
ASSESSMENT TERMS
The trainer evaluates each participant’s academic progress throughout the training using multiple choice, scenarios, hands-on work and more.
Participants also complete a placement test before and after the course to measure the skills they’ve developed.
TERMS AND DEADLINES
Registration must be completed 24 hours before the start of the training.
ACCESSIBILITY FOR PEOPLE WITH DISABILITIES
Do you need special accessibility accommodations? Contact Mrs. Fosse, Disability Manager, at psh-accueil@orsys.fr to review your request and its feasibility.
System/network/security administrators and engineers, technicians.
PREREQUISITES
Good knowledge of TCP/IP, IS security and the main Check Point functions, or knowledge equivalent to that provided by the CPG course. Experience desirable.
TRAINER QUALIFICATIONS
The experts leading the training are specialists in the covered subjects. They have been approved by our instructional teams for both their professional knowledge and their teaching ability, for each course they teach. They have at least five to ten years of experience in their field and hold (or have held) decision-making positions in companies.
ASSESSMENT TERMS
The trainer evaluates each participant’s academic progress throughout the training using multiple choice, scenarios, hands-on work and more.
Participants also complete a placement test before and after the course to measure the skills they’ve developed.
TEACHING AIDS AND TECHNICAL RESOURCES
• The main teaching aids and instructional methods used in the training are audiovisual aids, documentation and course material, hands-on application exercises and corrected exercises for practical training courses, case studies and coverage of real cases for training seminars.
• At the end of each course or seminar, ORSYS provides participants with a course evaluation questionnaire that is analysed by our instructional teams.
• A check-in sheet for each half-day of attendance is provided at the end of the training, along with a course completion certificate if the trainee attended the entire session.
• The main teaching aids and instructional methods used in the training are audiovisual aids, documentation and course material, hands-on application exercises and corrected exercises for practical training courses, case studies and coverage of real cases for training seminars.
• At the end of each course or seminar, ORSYS provides participants with a course evaluation questionnaire that is analysed by our instructional teams.
• A check-in sheet for each half-day of attendance is provided at the end of the training, along with a course completion certificate if the trainee attended the entire session.
TERMS AND DEADLINES
Registration must be completed 24 hours before the start of the training.
ACCESSIBILITY FOR PEOPLE WITH DISABILITIES
Do you need special accessibility accommodations? Contact Mrs. Fosse, Disability Manager, at psh-accueil@orsys.fr to review your request and its feasibility.
Dates and locations
Select your location or opt for the remote class then choose your date.
Remote class
Dernières places
Date garantie en présentiel ou à distance
Session garantie