Check Point (CCSA and CCSE)

SunPlus Healthcare Solutions > Check Point (CCSA and CCSE)

Duration

90 hrs.

Level

Advanced

This course is designed for anyone seeking Check Point Certified Security Administrator (CCSA) and Check Point Certified Security Expert (CCSE) certification courses together. This course covers the fundamentals needed to deploy and manage daily operations of Check Point Security Gateways and Management Software Blades that run on the Gaia operating system. This course also covers the expertise needed to identifying basic interfaces used to manage the Check Point environment, explain the purpose of the Check Point Management High Availability (HA) deployment, identify the workflow followed to deploy a Primary and solution Secondary servers, explain the basic concepts of ClusterXL, understand how to manage user access for internal and external users, describe the Identity Awareness components and configurations, describe threat prevention solutions and explain the purpose of Domain-based VPNs.

Introduction

This 120hrs (Lectures + hands-on Lab) training is for anyone seeking Check Point (CCSA+CCSE) certification and training is designed for personnel involved in deploying, configuring, and managing Check Point firewall including device configuration, routing, traffic control, and NAT. Candidates will learn how to install a Security Management Server and a Security Gateway in a distributed environment, configure objects, rules and settings to define a security policy, work with multiple concurrent administrators and define permission profiles, perform expertise tasks, as specified in job descriptions.

The key to a high success rate is based on the program’s objectives as follows:

  • Course contents are based on Check Point (CCSA+CCSE) course outlines.
  • Dedicated Monitoring to evaluate and report candidate’s progress.
  • Extensive hands-on lab exercises.
  • Industry acclaimed, experienced and certified instructors.
  • Project manager can be assigned to track candidate’s performance.
  • Curriculum based on course outlines defined by Microsoft.
  • This Instructor-led classroom course is designed with an aim to build theoretical knowledge supplemented by ample hands-on lab exercises.
  • Facility of Lab on cloud available.
  • Courseware includes reference material to maximize learning.
  • Assignments and tests to ensure concept absorption.
  • Courseware includes reference material to maximize learning.
  • Repeating of lectures allowed (On approval basis)
  • Candidates can attend lectures online.
  • Describe the primary components of a Check Point Three-Tier Architecture and explain how they work together in the Check Point environment.
  • Explain how communication is secured and how traffic is routed in the Check Point environment.
  • Describe the basic functions of the Gaia operating system.
  • Identify the basic workflow to install Security Management Server and Security Gateway for a single-domain solution.
  • Create SmartConsole objects that correspond to the organization’s topology for use in policies and rules.
  • Identify the tools available to manage Check Point licenses and contracts, including their purpose and use.
  • Identify features and capabilities that enhance the configuration and management of the Security Policy.
  • Explain how policy layers affect traffic inspection.
  • Articulate how Network Address Translation affects traffic
  • Describe how to configure manual and automatic Network Address Translation (NAT).
  • Demonstrate an understanding of Application Control & URL Filtering and Autonomous Threat Prevention capabilities and how to configure these solutions to meet an organization’s security requirements.
  • Articulate how pre-shared keys and certificates can be configured to authenticate with third party and externally managed VPN Gateways.
  • Describe how to analyze and interpret VPN tunnel traffic.
  • Configure logging parameters.
  • Use predefined and custom queries to filter log results.
  • Identify how to monitor the health of supported Check Point hardware using the Gaia Portal and the command line.
  • Describe the different methods for backing up Check Point system information and discuss best practices and recommendations for each method.
  • This course is an expert and advanced level course which includes learning and gaining detailed knowledge on Checkpoint Firewall, Clustering and Acceleration, Advanced User Management, Advanced IPsec VPN and Remote Access, Auditing and Reporting. Networking Aspirants can take this course and prepare for exam as well as upgrade their knowledge in Security Domain.
  • The Checkpoint Training helps a professional to get updated to new sets of checkpoint firewall technologies and Check Point system information and discuss best practices and recommendations for each method.

This course covers all topics required for the Check Point (CCSA+CCSE) course. The following topics are general guidelines to better reflect the contents of the course and for clarity purposes, the guidelines below may change at any time without notice.

Describing Information Security Concepts

  • Information Security Overview.
  • Assets, vulnerabilities, threat and countermeasures.

Describing Network Security Technologies.

  • Defense-in-Depth Strategy.
  • Defending across the attack continuum.
  • Statefull firewall overview.
  • Threat information standardization.
  • Network-based malware protection overview.
  • Intrusion Prevention System (IPS) overview.
  • Next Generation firewall.

Check Point Security Concepts and Deployment

  • Interpret the concept of firewall and understand the mechanisms used for controlling network traffic.
  • Describe the key elements of Check Point’s unified, 3-tiered architecture.
  • Describe the essential elements of a unified security policy.
  • Understand Check Point deployment options.
  • Gateway installation.
  • Management Server installation.
  • Smart Console installation.
  • Recognize Smart Console features, functions and tools.
  • Adding gateway into management server.
  • Create and configure network, host and gateway objects.
  • Create and confirm admin users for the network.
  • Create multiple administrators and apply different roles/permissions for concurrent administration.
  • Create and configure network, host and gateway objects.
  • Evaluate and manipulate rules in a unified Access Control Security Policy.
  • Apply policy layers and analyze how they affect traffic inspection.
  • Prepare and schedule backups for the gateway.
  • Recall how to implement Check Point backup techniques.
  • Understand how traffic inspection takes place in a unified security policy.
  • Validate existing licenses for products installed on your network.
  • Generate network traffic and use traffic visibility tools to monitor the data
  • Compare and contrast various tools available for viewing traffic.
  • Prepare and scheduled backups for the gateway.
  • Recall how to implement Check Point backup techniques.
  • Deploying NAT (STATIC, HIDE, MANUAL).
  • Identity awareness.
  • Recognize how to define users and user groups for your environment.
  • Describe the basic concept of ClusterXL technology and its advantages.
  • Install and configure ClusterXL with a High Availabilty Configuration.
  • Recognize how to effectively create, customize and generate network activity reports.
  • URL filtering.
  • Understand VPN deployments and Check Point Communities.
  • Configure and deploy a site-to-site VPN.
  • Test the VPN connection and analyze the tunnel traffic.
  • Identify basic interfaces used to manage the Check Point environment.
  • Identify the types of technologies that Check Point supports for automation.
  • Explain the purpose of the Check Management High Availability (HA) deployment.
  • Identify the workflow followed to deploy a Primary and solution Secondary servers.
  • Explain the basic concepts of Clustering and ClusterXL, including protocols, synchronization, connection stickyness.
  • Identify how to exclude services from synchronizing or delaying synchronization.
  • Explain the policy installation flow.
  • Explain the purpose of dynamic objects, updatable objects, and network feeds.
  • Understand how to manage user access for internal and external users.
  • Describe the Identity Awareness components and configurations.
  • Describe different Check Point Threat Prevention solutions.
  • Articulate how the Intrusion Prevention System is configured.
  • Obtain knowledge about Check Point’s IoT Protect.
  • Explain the purpose of Domain-based VPNs.
  • Describe situations where externally managed certificate authentication is used.
  • Describe how client security can be provided by Remote Access.
  • Discuss the Mobile Access Software Blade.
  • Explain how to determine if the configuration is compliant with the best practices.
  • Define performance tuning solutions and basic configuration workflow.
  • Identify supported upgrade and migration methods and procedures for Security Management Servers and dedicated Log and SmartEvent Servers.
  • Identify supported upgrade methods and procedures for Security Gateways.

Followings labs will be performed by candidates during lab practice sessions:

  • Lab 1. Deploying SmartConsole.
  • Lab 2. Installing a Security Management Server.
  • Lab 3. Installing a Security Gateway.
  • Lab 4. Configuring Objects in SmartConsole.
  • Lab 5. Establishing Secure Internal Communication.
  • Lab 6. Managing Administrator Access.
  • Lab 7. Managing Licenses.
  • Lab 8. Creating a Security Policy.
  • Lab 9. Configuring Order Layers.
  • Lab 10. Configuring a Shared Inline Layer.
  • Lab 11. Configuring NAT.
  • Lab 12. Integrating Security with Autonomous Threat Prevention.
  • Lab 13. Elevating Security with Autonomous Threat Prevention.
  • Lab 14. Configuring a locally managed Site-to-Site VPN.
  • Lab 15. Elevating Traffic view.
  • Lab 16. Monitoring System States.
  • Lab 17. Maintaining the Security Environment.
  • Lab 18. Navigating the Environment and Using the Management API.
  • Lab 19. Deploying Secondary Security Management Server.
  • Lab 20. Configuring a Dedicated Log Server.
  • Lab 21. Deploying SmartEvent.
  • Lab 22. Configuring a High Availability Security Gateway Cluster.
  • Lab 23. Working with ClusterXL.
  • Lab 24. Configuring Dynamic and Updateable Objects.
  • Lab 25. Verifying Accelerated Policy Installation and Monitoring Status.
  • Lab 26. Elevating Security with HTTPS Inspection.
  • Lab 27. Deploying Identity Awareness.
  • Lab 28. Customizing Threat Prevention.
  • Lab 29. Configuring a Site-to-Site VPN with an Interoperable Device.
  • Lab 30. Deploying Remote Access VPN.
  • Lab 31. Configuring Mobile Access VPN.
  • Lab 32. Monitoring Policy Compliance.
  • Lab 33. Reporting SmartEvent Statistics.
  • Lab 34. Tuning Security Gateway Performance.
  • Instructor led online training is an ideal vehicle for delivering training to individuals anywhere in the world at any time.
  • This innovative approach presents live content with instructor delivering the training online.
  • Candidates will be performing labs remotely on our labs on cloud in presence of an online instructor.
  • SunPlus forum uses microsoft lync engine to deliver instructor led online training.
  • Advances in computer network technology, improvements in bandwidth, interactions, chat and conferencing, and realtime audio and video offers unparalleled training opportunities.
  • Instructor led online training can helps today’s busy professionals to perform their jobs and upgrade knowledge by integrating self-paced instructor led online training in their daily routines.
  • The minimum batch size required for batch is 10 participants in this course.
  • The SunPlus forum reserves the right to cancel/postpone the class.
  • Course schedule will be provided before commencement of the course.
  • Certificate of participation will be awarded to participants with a minimum 90% attendance.
  • All attendees must observe the Copyright Law on intellectual properties such as software and courseware from respective vendors.
  • The SunPlus forum reserves the right to include external participants in the program either for the entire course or individual courses.
  • The SunPlus forum reserves the right to change/alter the sequence of courses. SunPlus forum published Book would be given at 50% discounted rate to the forum students.

Labs on cloud

SunPlus forum uses cloud computing to efficiently provide “Platform As A Service” (PAAS) to its students enabling them to quickly access Technology Racks over the internet and practice lab exercise from home These Racks are populated with latest equipment’s required for practical exercise’s.

Web Forums

Our web based forum allows its users to ask, hundreds of technical experts about their technology and certification problem. SunPlus forum is a tight knit community of working professionals that provide timely help on technical, certification and design related queries.