Check Point Security Administration (CCSA)

Course Description Schedule Course Outline
 

About this Course

Check Point Security Administration (R77 GAiA) provides you with an understanding of the basic concepts and skills necessary to configure Check Point Security Gateway and Management Software Blades. During this course, you will configure a Security Policy and learn about managing and monitoring a secure network, upgrading and configuring a Security Gateway, and implementing a virtual private network. This course prepares learners for CCSA exam #156-215.77, Exam is available at VUE test centers www.vue.com/Check Point. Exam contains 90 multiple-choice, scenario-based questions. A passing score is 70% or higher in 120 minutes. The exam is based on 80% course materials and 20% hands-on experience with Check Point products. Students should have at least 6 months experience with Check Point products before challenging the exam.

Who should attend

  • Systems Administrators
  • Support Analysts
  • Security Engineers
  • Network Engineers
  • Any other IT professional seeking CCSA certification

Class Prerequisites

  • General knowledge of TCP/IP
  • Working knowledge of Windows, UNIX, network technology, and the Internet

What You Will Learn

If you need to support, install, deploy or administer Check Point Software Blades, you will learn the skills necessary to work with Check Point Security Administration featuring R77 GAiA:

  • Introduction to check point technology
  • Deployment platforms
  • Introduction to the security policy
  • Monitoring traffic and connections
  • Using SmartUpdate
  • User management and authentication
  • Identity awareness
  • Introduction to Check Point VPNs

Outline: Check Point Security Administration (CCSA)

  • Describe Check Point's unified approach to network management and its key elements
  • Design a distributed environment
  • Install the Security Gateway in a distributed environment
  • Perform a backup and restore the current Gateway installation from the command line
  • Identify critical files needed to purge (or backup), import and export users and groups, and add (or delete) administrators from the command line
  • Deploy Gateways using the Gaia web interface
  • Create and configure network, host, and gateway objects
  • Verify SIC establishment between the Security Management Server and the Gateway using SmartDashboard
  • Create a basicRule Base in SmartDashboard that includes permissions for administrative users, external services, and LAN outbound use
  • Configure NAT rules on Web and Gateway servers
  • Evaluate existing policies and optimize the rules based on corporate  requirements
  • Maintain the Security Management Server with scheduled backups and policy versions to ensure seamless upgrades with minimal downtime
  • Use Queries in SmartView Tracker to monitor IPS and common network traffic and troubleshoot events using packet data
  • Use packet data to generate reports, troubleshoot system and security issues, and ensure network functionality
  • Using SmartView Monitor, configure alerts and traffic counters, view a Gateway's status, monitor suspicious activity rules, analyze tunnel activity, and monitor remote user access
  • Monitor remote gateways using SmartUpdate to evaluate the need for upgrades, new installations, and license modifications
  • Use SmartUpdate to apply upgrade packages to single or multiple VPN-1Gateways
  • Upgrade and attach product licenses using SmartUpdate
  • Centrally manage users to ensure only authenticated users securely access the corporate network either locally or remotely
  • Manage users to access the corporate LAN by using external databases
  • Use Identity Awareness to provide granula- level access to network resources
  • Acquire user information used by the Security Gateway to control access
  • Define access roles for use in an Identity Awareness rule
  • Implement Identity Awareness in the Firewall Rule Base
  • Configure a pre-shared secret site-to-site VPN with partner sites
  • Configure permanent tunnels for remote access to corporate resources
  • Configure VPN tunnel sharing, given the difference between host-based, subunit-based, and gateway- based tunnels

Labs

  • Distributed Installations
  • Stand-alone Security Gateway Installations
  • Common Tools
  • Building a Security Policy Lab 5: Configure the DMZ
  • Configure NAT
  • Monitor with SmartView Tracker Lab 8: Client Authentication
  • Identity Awareness
  • Site-to-Site VPN between corporate and branch office
Classroom Training

Duration 3 days

Price
  • United States: US$ 3,000
Enroll now
Online Training

Duration 3 days

Price
  • United States: US$ 3,000
Enroll now