- Check Point's unified approach to network management and key components
- Design a distributed environment and Install the Security Gateway in it
- Perform a backup and restore the current gateway installation from the command line
- Identify critical files needed to purge or backup, import and export users and groups, and add or delete administrators from the command line
- Deploy gateways using the Gaia web interface
- Create & configure network, host, and gateway objects
- Using SmartDashboard verify SIC establishment between the Security Management Server and the gateway
- Create a basic Rule Base in SmartDashboard that includes permissions for administrative users, external services, and LAN outbound use
- Configure NAT rules on Web and Gateway servers
- Evaluate existing policies and optimize the rules based on corporate requirements
- Maintain the Security Management Server with scheduled backups and policy versions to ensure seamless pgrades with minimal downtime
- Use Queries in SmartView Tracker to monitor IPS and common network traffic and troubleshoot events using packet data
- Use packet data to generate reports, troubleshoot system and security issues, and ensure network functionality
- Using SmartView Monitor, configure alerts & traffic counters, view a gateway's status, monitor suspicious activity rules, analyze tunnel activity and monitor remote user access
- Monitor remote gateways using SmartUpdate to evaluate the need for upgrades, new installations, and license modifications
- Use SmartUpdate go apply upgrade packages to single or multiple VPN-1 gateways
- Upgrade and attach product licenses using SmartUpdate
- Centrally manage users to ensure only authenticated users securely access the corporate network either locally or remotely
- Manage users to access the corporate LAN by using external databases
- Provide granular-level access to network resources using Identity Awareness
- Acquire user information used by the security gateway to control access
- Define access roles for use in an Identity Awareness rule
- Implement Identity Awareness in the Firewall Rule Base
- Configure a pre-shared secret site-to-site VPN with partner sites
- Configure permanent tunnels for remote access to corporate resources
- Configure VPN tunnel sharing, given the difference between host-based, subunit-based, and gateway- based tunnels
- Perform a backup of a security gateway and Management Server using your understanding of the differences between backups, snapshots and update-exports
- Upgrade and troubleshoot a Management Server using a database migration
- Upgrade and troubleshoot a clustered Security Gateway deployment
- Use knowledge of Security Gateway infrastructures, chain modules, packet flow, and kernel tables to perform debugs on firewall processes
- Build, test, and troubleshoot a ClusterXL Load Sharing deployment on an enterprise network
- Build, test, and troubleshoot a ClusterXL High Availability deployment on an enterprise network
- Build, test, and troubleshoot a management HA deployment on an enterprise network
- Configure, maintain, and troubleshoot SecureXL and CoreXL acceleration solutions on the corporate network traffic to ensure noted performance enhancement
- Using an external user database such as LDAP, configure User Directory to incorporate user information for authentication services on the network
- Manage internal and external user access to resources for remote access or across a VPN
- Troubleshoot user-access issues found when implementing Identity Awareness
- Troubleshoot a site-to-site or certificate-based VPN on a corporate gateway using IKE View, VPN log files, and command-line debug tools
- Optimize VPN performance and availability by using Link Selection and Multiple Entry Point solutions
- Manage and test corporate VPN tunnels to allow for greater monitoring and scalability with multiple tunnels defined in a community including other VPN providers
- Create events or use existing event definitions to generate reports on specific network traffic using SmartReporter and SmartEvent to provide industry compliance information to management
- Troubleshoot report generation given command-line tools and debug-file information
Hands On LabsLab 1: Distributed Installations
Lab 2: Stand-Alone Security Gateway Installations
Lab 3: Common Tools
Lab 4: Building a Security Policy
Lab 5: Configure the DMZ
Lab 6: Configure NAT
Lab 7: Monitor with SmartView Tracker
Lab 8: Client Authentication
Lab 9: Identity Awareness
Lab 10: Site-to-Site VPN between Corporate and Branch Office
Lab 11: Upgrade to Check Point R77
Lab 12: Core CLI Elements of Firewall Administration
Lab 13: Migrate to a Clustering Solution
Lab 14: Configure SmartDashboard to Interface with Active Directory
Lab 15: Configure Site-to-Site VPNS with Third-Party Certificates
Lab 16: Remote Access with Endpoint Security VPN
Lab 17: SmartEvent and SmartReporter
Return to Top