Security Engineering (CCSE R77)(R77)

Course outline:

Validate your understanding and skills necessary to configure and optimally manage Check Point Next Generation Firewalls. This advanced 3-day course teaches how to build, modify, deploy and troubleshoot Check Point Security Systems on the GAiA operating system. Hands-on lab exercises teach how to debug firewall processes, optimize VPN performance and upgrade Management Servers.


Target audience:
Technical persons who support, install, deploy or administer Check Point Software Blades should attend this course. This could include the following:

  • Systems Administrators, System Engineers and Security Managers
  • Check Point Certified Security Administrators (CCSA) who want to achieve Expert certification

Check Point Security Administration training or equivalent knowledge and experience.

Follow on course: Check Point Security Master (CCSM)


  • Upgrading Check Point Modules
  • Advanced Firewall
  • Clustering and Acceleration
  • Advanced User Management
  • Advanced IPSec VPN and Check Point Capsule
  • Threat Prevention
  • Intrusion Prevention
  • Auditing and Reporting


Lab exercises:   
  • Upgrading to Check Point R77.30
  • Core CLI Elements of Firewall Administration
  • Migrating to a Clustering Solution
  • Security Management Server High Availability
  • Configuring SmartDashboard to Interface with Active Directory
  • Mobile Access with Check Point Capsule
  • Reviewing Threat Prevention Settings and Protections
  • Working with Anti-Bot & Anti-Virus
  • Deploying Threat Emulation
  • Understanding IPS Protections
  • Working with IPS Profiles
  • SmartEvent and SmartReporter

  • Perform a backup of a Security Gateway and Management Server.
  • Upgrade a Management Server..
  • Perform debugs on Firewall processes.
  • Build, test, and troubleshoot a ClusterXL Load Sharing deployment, a ClusterXL High Availability deployment, a management HA deployment on an enterprise network.
  • Configure SecureXL and CoreXL acceleration.
  • Troubleshoot a VRRP deployment on an enterprise network.
  • Configure User Directory to incorporate user information.
  • Manage internal and external user access.
  • Troubleshoot a site-to-site or certificate-based using IKEView, VPN log files, and commandline debug tools.
  • Optimize VPN performance and availability by using Link Selection and MEP solutions.
  • Manage and test corporate VPN tunnels.
  • Provide corporate level protection to mobile devices using Check Point Capsule.
  • Identify the four steps of emulation.
  • Review the methods in which the Anti-Virus and Anti-Bot software blades prevent malware and bot infections.
  • Set up a Threat Prevention profile.
  • Review IPS profile properties.
  • Review the available IPS protections and manipulate the action taken on packets when they match a threat.
  • Generate reports on specific network traffic using SmartReporter and SmartEvent.

This training prepares the student for the Check Point Certified Security Expert exam.

3 days