Security Master (CCSM R80)

Advanced training to manage virtualized security in high-end networks and advanced security optimization techniques.
 
Learn How To
  • Identify issues and problems using commands
  • Locate the source of encryption failures
  • Identify potentially mis-configured VPNs
 
How You Will Benefit
  • Bypass wait times and fast track to a support engineer
  • Compare your policy to rules that degrade performance
  • Tune your systems to improve acceleration of traffic
 
Target Audience:
This course is for customers and partners who want to learn the advanced skills to troubleshoot and configure Check Point Security Gateway and Management Software Blades:
  • System Administrators
  • Security Engineers
  • Network Engineers
  • R80 CCSEs seeking higher certification
 
Prerequisites:
  • CCSE
  • General knowledge of TCP/IP
  • Working knowledge of Windows and UNIX
  • Working knowledge of network technology
  • Working knowledge of Internet technology
 
Objectives:
  • Obtain a deeper knowledge of the Security Management Architecture.
  • Understand how the Security Management Server uses key processes and debugs.
  • Review how objects are represented in the database.
  • Understand how GuiDBedit operates.
  • Understand how to use fw monitor to capture packets.
  • Discuss how to enable and use core dumps when a User mode process crashes.
  • Understand how to troubleshoot and debug SmartConsole issues.
  • Understand how to troubleshoot and debug NAT issues using Gaia commands.
  • Understand Client Side and Server Side NAT.
  • Describe how to configure port mapping services.
  • Recognize how to debug VPN-related issues.
  • Understand how to debug HTTPS Inspection related issues.
  • Understand how to troubleshoot and debug Content Awareness issues.
  • Understand how to troubleshoot Anti-Bot and Antivirus issues.
  • Discuss how to use IPS Bypass to manage performance issues.
  • Understand how to configure IPS to reduce false positives.
  • Understand how to evaluate hardware configurations for optimal performance.
  • Discover additional tools to assist in monitoring CPU utilization.
  • Understand how to monitor cluster status and work with critical devices.
  • Recognize how to use fwaccel and sim to enable and disable accelerated traffic.
  • Understand how to configure CoreXL to enhance Security Gateway performance.
  • Understand how to deploy IPv6 in a local environment
 
Lab exercises:
  • Perform Solr database queries and review the results.
  • Use debug files to troubleshoot SmartConsole.
  • Use debug commands to explore common management issues.
  • Demonstrate how to troubleshoot two methods of Automatic NAT.
  • Demonstrate how to manually configure NAT.
  • Configure port mapping of services as an alternative to performing NAT.
  • Use vpn debug tools to identify issues that may have occurred during encryption
  • Manipulate IPS settings to enhance performance and reduce false positives.
  • Evaluate network security conditions using the Check Point CheckMe tool.
  • Use policy settings to improve performance of Security Gateways.
  • Tune the Security Policy for improved Security Gateway performance
  • Evaluate the Security Gateway cluster conditions by examining the debug files.
  • Demonstrate how to manage connections in a clustered environment.
  • Demonstrate how to debug Security Management Server synchronization
  • Demonstrate how to identify the cause of acceleration related issues.
  • Demonstrate how to configure advanced CoreXL settings
  • Define and test communication in an IPv6 environment
 
Course content:
Chapter 1: Advanced Database Management
Chapter 2: Kernel Mode and User Mode Troubleshooting
Chapter 3: SmartConsole and Policy Management
Chapter 4: Advanced Network Address Translation
Chapter 5: VPN Troubleshooting
Chapter 6: Troubleshooting Access Control Policies
Chapter 7: Troubleshooting Threat Prevention Policies
Chapter 8: Optimization and Tuning
Chapter 9: Advanced Clustering
Chapter 10: Acceleration Debugging
Chapter 11: IPv6
 
Certification:
This training prepares the student for the Check Point Certified Security Master R80 (CCSM R80) exam.
 
Length
3 days