CKP-R71II - Check Point Security Expert R70-R71
CKP-R71II - Check Point Security Expert R70-R71
CKP-R71II - Check Point Security Expert R70-R71
Length
4 days (recommended)
Prerequisites
Course teaches everything you need to maximize the performance of your Check Point Software Blade
deployment.
Exercises
Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
Lab 2: Management Portal.
Scenario
Topics.
Configure Management Portal on Corporate Site.
Test Management Portal Access.
Configure Management Portal Access on Partner Site.
Test Management Portal with Read Only Access.
Lab 3: SmartWorkflow.
Scenario.
Topics.
Create a New Administrator.
Configure SmartWorkflow.
Open a Submit a Session for Approval.
Disapprove the Session and Request a Modification.
Repair Session 1.
Approve the Session and Install the Policy.
Install the Policy.
Disable SmartWorkflow.
Lab 4: SmartProvisioning.
Scenario.
Topics:
Enable SmartProvisioning.
Creating New Profile.
Assign Profile to sgcorp.
Push Policy to Gateway. 2
Verify Profile Changes.
Lab 5: SSL VPN.
Scenario.
Required Lab tools.
Topics:
Install SSL VPN.
Mandatory Hotfix for R71 SSL VPN Tab.
Enable SSL VPN in Smart Dashboard.
Create a File-Share Application in the SSL VPN Tab.
Create an Internal User.
Assign File-Share Access to User Group.
Verify Fileshare Access Through the User Portal.
Configure Embedded RDP.
Permit Access to Application.
Configure Global Properties.
Configure Server and Client.
Test RDP Session.
Lab 6: Secure XL.
Scenario.
Topics:
Enable and Configure SecureXL on the Gateway.
Open Connections and Verify Acceleration.
Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
Lab 7: Deploying New Mode HA
Scenario.
Objectives.
Topics
Create and Configure a Secondary Cluster Member.
Cluster and Member IP Addresses.
Reconfigure Routing.
Configure Gateway-Cluster Object.
Configure ClusterXL Properties.
Modify the Rule Base.
Pass Traffic Through Cluster.
Observe Cluster Status in SmartView Monitor.
Test Failover.
Method 1:
Method 2:
Method 3:
Lab 8: Load Sharing Unicats (Pivot) and Multicast Modes
Scenario.
Topics.
Configure Load Sharing Unicast Mode.
Test Load Sharing Unicast Mode.
Configure Load Sharing Multicast Mode.
Test Load Sharing Multicast Mode.
Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
Lab 11: Implementing IPS
Scenario.
Topics:
Modify the Gateway Properties.
Modify DMZ Server Object.
Configure IPS for Preliminary Detection.
Create a News IPS Profile.
Assign to Gateway.
Generate an Attack.
Analyze the Attack.
Reconfigure IPS to Block Attacks.
Review Logs.
Lab 12: Data Loss Prevention.
Synopsis.
Topology Setup.
Configure the DLP Gateway.
Configure the DLP Object in SmartDashboard
Modify the Rule Base.
Test The Default Policy
Employee Name
Keyword Search.
Template Exercise.
Lab 13: SmartEvent.
Scenario.
Objective 4
Topics.
Configure the Network object in SmartDashboard
Configuring Security Gateways to work with SmartEvent.
Configure the WindowsEventToCPLog service.
Monitoring Events with SmartEvent.
Generate Reports Base on Activities.
Lab 14: Kernel debugging, connection tables and the I/O chain.
Scenario.
Objectives:
Topics:
Examine changes to the Inbound and Outbound chains using fw ctl chain.
Examine the connections table with fw tab –t connections.
Debugging License Issues.
Bad GUI Client Definition.
Kernel Debugging Dropped Port.
Debugging HIDE NAT.
Comparing client side versus server side translation.
Debugging Cluster XL.
Debug the Kernel for Configuration Changes.
Debug the Kernel for Status Changes.
VPN Debug Exercise. Viewing the Phases in IKEView
Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
Contents
Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
Chapter 3 SmartProvisioning.
SmartProvisioning Overview.
SmartProvisioning Management.
Enabling SmartProvisioning.
The Smart Provisioning Console.
Tree Pane.
Workspace Pane.
Status View.
The SmartProvisioning Wizard.
SmartProvisioning Profiles.
UTM-1 Edge-Only SmartProvisioning.
Configuring a HotSpot for SmartProvisioning.
Configuring RADIUS for SmartProvisioning.
Security Gateway-Only SmartProvisioning.
Configuring DNS for SmartProvisioning.
Configuring Hosts for SmartProvisioning.
Configuring Domain Name for SmartProvisioning.
Configuring Backup Schedule.
Gateway Management.
Adding Gateways to SmartProvisioning.
Gateway Edit Window.
Real-Time Gateway Actions.
Remotely Controlling Gateways.
Updating Corporate Office Gateways.
Editing Gateway Properties. 6
Configuring Interfaces.
Executing Commands
Managing SmartLSM Security Gateways.
Applying Dynamic Object Values.
Getting Updated Security Policy.
Changing Assigned SmartLSM Security Profile.
Tracking.
Log Servers.
Configuring SmartLSM Security Gateway Topology.
Converting SmartLSM Security Gateways to Gateways.
Managing Security Gateways.
Scheduling Backups.
Configuring Hosts.
Configuring the Domain.
Configuring Host Name.
Configuring Routing.
Managing Software.
The Package Repository.
Distributing Packages.
Security Gateway Actions
Scripts.
Security Gateway Backup.
Applying Changes.
Maintenance Mode.
UTM-1 Edge Portal.
UTM-1 Edge Ports.
Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
Provisional Settings.
Configuring Routing.
RADIUS.
Configuring a HotSpot.
Understanding Dynamic Objects.
Benefits of Dynamic Objects.
Dynamic Object Types.
Dynamic Object Values.
Command Line.
Practice Lab.
Review.
Chapter 4 SSL Portal-Based VPN.
SSL VPN Software Blade Overview.
Key Features.
Simple Deployment – SSL VPN.
Deploying SSL VPN – DMZ
Cluster Deployment,
SSL VPN Management.
SSL Network Extender.
SSL VPN Security Features.
Configuration Workflow.
The SSL VPN Wizard.
Setting up the SSL VPN Portal.
User Workflow.
Managing Access to Applications. 7
Protection Levels.
Introduction to Applications.
Web Application.
File Shares.
Citrix Services.
Web Mail Services.
Native Applications.
Practice Lab.
Review.
Chapter 5 Acceleration.
Check Point Acceleration and Clustering.
SecureXL: Security Acceleration.
What SecureXL Does.
Throughput Acceleration.
Connection Rate Acceleration.
Masking the Source Port.
Application Layer Protocol.
HTTP 1.1.
Other Application Layer Protocols.
UDP Pseudo-Connections.
Packet Flow.
VPN Capabilities.
CoreXL: Multicore Acceleration.
Supported Platforms and Features.
Default Configuration.
Performance Tuning.
Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
Processing Core Allocation.
Packet Flows (When SecureXLis enabled)
Allocating Processing Cores.
Adding Processing Cores to the Hardware.
Allocating and Additional Core to SND.
Allocating a Core for Heavy Logging.
Practice Lab.
Review.
Chapter 6 High Availability.
Management High Availability.
The Management High Availability Environment.
Active vs Standby.
What Data is Backed Up by the Standby Security Management servers?
Synchronization Modes.
Synchronization Status.
Practice Lab.
Review.
Chapter 7 Clustering
ClusterXL: Smart Load Balancing.
Installing Cluster XL.
Clustering Terms.
Unicast Load Sharing.
How Pivot Mode Works.
How Packets Travel Through a Cluster.
Cluster Control Protocol. 8
Cluster Synchronization.
Check Point State Synchronization.
Synchronized-Cluster Restrictions.
Sticky Connections.
The Sticky Decision Function.
ClusterXL Configuration Issues.
Modes of ClusterXL Supporting SecureXL.
Crossover-Cable Support.
VRRP Overview.
How VRRP Works.
VRRP with Internal and External VRIDs.
VRRP with Simultaneous Backup.
Practice Lab.
Review.
Chapter 8 Advanced Networking – Routing.
Advanced Networking Blade.
Address and Prefix Formats.
Preferences in Routing.
Assigning Route Preferences.
Check Point Dynamic Routing.
Supported Protocols.
Dynamic Routing Support.
Tracing and Logging Options.
Status Monitoring via SNMP.
Backup and Restore.
Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
The Command Line Interface.
User Execution Mode.
Privileged Execution Mode,
Global Configuration Mode.
Router Configuration Mode.
Interface Configuration Mode.
Interfaces.
Kernel Interface.
Martian Addresses.
Border Gateway Protocol (BGP)
BGP Decision Process.
Dynamic Capabilities.
Internet Control Message Protocol (ICMP)
Open Shortest Path First.
Router Discovery.
SNMP Multiplexing (SMUX)
Distance Vector Multicast Routing Protocol (DVMRP)
Internet Group Management Protocol (IGMP)
Protocol Independent Multicast.
Access Lists.
AS Paths and AS Path Lists.
BGP Communities and Community Lists.
Prefix Lists and Prefix Trees.
Route Aggregation and Generation.
Route Flap Damping.
Route Maps. 9
Multicast Access Control.
Multicast Routing Protocols.
Dynamic Registration Using IGMP.
IP Multicast Group Addressing.
Reserved Local Addresses.
Per-Interface Multicast Restrictions.
VPN Connections.
Review.
Chapter 9 Advanced Networking – Load Balancing.
Why Load Balance?
Connect Control.
Methods of Load Balancing.
ConnectControl Packet Flow.
Logical Server Types.
Packet Flow in an HTTP logical Server.
Packet Flow in Other logical Server Types.
Considering Logical Server Types.
Persistent Server Mode.
Persistency by Server.
Persistency by Service.
Persistent Server Timeout
Server Availability.
Load Measuring.
Review.
Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
Chapter 10 Advanced Networking – QoS
Quality of Service.
QoS Technology – Stateful Inspection.
Intelligent Queuing Engine.
WFRED (Weighted Flow Random Early Drop)
RDED (Retransmit Detect Early Drop)
QoS Architecture.
QoS Gateway.
QoS Kernel Drive.
QoS Daemon (fgd50)
QoS Security Management Server.
QoS SmartConsole.
QoS in SmartDashboard.
QoS Configuration.
Client/Server Interaction.
QoS Policy Management.
Connection Classification.
Network Objects.
User Groups.
Services and Resources.
Time Objects.
Bandwidth Allocation and Rules.
Weight.
Guarantees.
Limits.
Default Rule. 10
QoS Action Type.
Example of a Rule Matching VPN Traffic.
Bandwidth Allocation and Sub-Rules.
Implementing the Rule Base.
Deploying QoS.
Sample Bandwidth Allocations.
Practice Lab.
Review.
Chapter 11 Check Point IPS
IPS Overview.
New IPS Engine/Architecture.
Flexible IPS Policy Management.
IPS Event Manager.
Configuring and Managing IPS.
IPS Protection.
IPS Profiles.
Creating Profiles.
Assigning Profiles.
Protection Browser.
Exporting the Protections List.
Protection Parameters.
Severity.
Confidence Level.
Performance Impact.
Protection Type.
Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
Protection Mode.
Activating Protections.
Automatically Activating Protections.
Manually Activating Protections.
Monitoring Traffic.
Network Exceptions.
Viewing Packet Information.
Optimizing IPS.
Performance Management.
Gateway Protection Scope.
Web Protection Scope.
Bypass Under Load.
Troubleshooting.
Protect Internal Hosts Only.
Tuning Protections.
Separate Profiles by Segment.
Separate Profiles by Gateway Version.
IPS Policy Settings.
Focus on High Severity Protections.
Focus on High Confidence Level Protections.
Focus on Low Performance Impact Protections.
Enhancing System Performance.
Updating Protections. –IPS Subscription.
Managing IPS Subscription.
Downloading Updates.
Updating IPS Protections. 11
IPS Software Blade Contracts (R71)
Contract Requirements.
License and Contract Coverage Status.
Practice Lab.
Review.
Chapter 12 Data Loss Prevention
The Need for Data Loss Prevention.
DLP Gateway in a Network.
What Happens on Rule Match?
Deployment Options.
DLP Platforms and Performance.
DLP UserCheck.
Installing, Connecting, Verifying Clients.
Data Loss Prevention Portal.
Data Loss Prevention Views.
My Organization,
DLP Policies.
The Default Policy.
DLP Policy vs. Security Policy.
Data Loss Prevention Actions.
Data Types.
Protecting Data by Keyword.
Protecting Documents by Template.
Protecting Files.
Protecting Data by Pattern.
Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
Protecting Data by CPcode.
Defining Compound Data Types.
Data Type Groups.
Practice Lab.
Review.
Chapter 13 Smart Event
Learning Objectives.
SmarEvent Architecture.
SmartEvent Client.
Event Queries.
Predefined Queries.
Event Log.
Sorting and Searching Events.
Grouping Events.
Exporting Events.
Event Statistics Pane.
Event Details.
Presenting Event Data – OverviewTab.
Presenting Event Data – TimelineTab.
Administrator Permissions.
Tracking Event Resolution – Tickets.
Checking Client Vulnerability.
Practice Lab.
Review.
Chapter 14 SmartReporter. 12
Learning Objectives.
Introduction to SmartReporter.
Log Consolidation.
Predefined Reports.
Standard Reports,
Express Reports.
Report Subjects.
Planning for SmartReporter.
Standalone vs. Distributed Deployment.
Log Availability vs Log Storage and Processing.
Record Availability vs Database Size.
High Availability.
Adapting Report Detail Level to Needs.
Generating Only Selected Sections.
Scheduling Reports.
Report Filters.
Report Output.
Reporter Database Management.
Tuning the Database.
Modifying the Database.
Predefined Consolidation Policy.
Review.
Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
SUPPLEMENT Troubleshooting and Debugging.
Check Point Three-Tier Architecture.
SMART Console Applications.
SMART Center,
Security Gateway.
Firewall-1 Structure.
FireWall-1 main Processes.
Inbound and Outbound Chains.
Inbound Chain Modules.
Outbound Chain Modules.
Chain Positions.
Stateful inspection.
The INSPECT Engine.
FireWall-1 Technologies.
Connections Table Format.
Connection Table Formats Illustrated:
fw tab – t usage:
Packet Inspection Flow.
Packet Inspection Flow (cont.)
Policy Installation.
Policy Install Overview.
Policy Installation Flow in the 3 –Tier Architecture.
FireWall-1 Configuration Files.
User Mode Debugging.
Running User Mode Debug.
fw debug. 13
FWM/FWD process debug:
Some examples of debugs, WF ON VSX.
Debugging stauses in SmartLSM.
Debug Anti Virus update process:
Analyzing Debug Output.
Core Dumps.
How to activate core file in SPLAT:
How to open core files.
Kernel Debug.
Running Debug – Set Of Operations.
Debugging Flags.
Most Common Debugging Flags Explained.
Debugging Flagsfor other Modules.
Kernel Debugging Tips.
Cyclic Debug Files.
General Guidelines
Kernel Debugging Examples
Debugging Unexplained Packet Loss.
FW Monitor:Definition.
The four default inspection points in FW Monitor.
FW Monitor Traffic Flow Client > Server.
FW Monitor Traffic Flow Server > Client.
Using FW Monitor.
fw ctl chain with fw monitor.
Analyzing fw monitor output.
VPN – 1 NAT Debugging: How NAT Works.
Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85
How NAT Works: Original Packet Actions.
How Static NAT Works – Reply Packet.
How Hide NAT Works – NAT Tables.
Debugging NAT Issues.
IP Pool Nat.
Debugging ClusterXL.
VPN Troubleshooting.
The Troubleshooting process – step by step.
Gleaning a Conclusion form the IKE.elg File:
Analysing VPN.elg.
Using fw monitor to Troubleshoot VPN Issues:
The inbound Chain
The Outbound Chain.
VPN Kernel Debugging.
VPN Kernel Debugging Commands.
Troubleshhoting Site to Site VPNs Check List:
SecureXL Troubleshhoting.
fwaccel conns flags:
Displaying Templates.
Debugging SecureXL.
Using fwaccel dbg:
Available modules for feaccel dbg:
Important flags for fwaccel dbg:
Using sinmdgb.
Practice Lab.
14
APPENDIX Chapter Questions and Answers.
Bosque de Duraznos No. 65-601A, Bosques de las Lomas, México D.F., 11700 | T+52 (55) 5985 85 85