Knowledge United

Course Description

Check Point Security Administration NGX I is a foundation course for Check Point's flagship product, VPN-1/FireWall-1. This course covers configuring VPN-1/FireWall-1, and provides hands-on training managing a VPN-1/FireWall-1 installation.

Check Point Security Administration NGX II offers advanced training on VPN-1/FireWall-1, and delivers in-depth information on VPN and encryption technologies. This course is designed for Security Administrators and resellers, who require in-depth knowledge of VPN-1/FireWall-1 that goes beyond basic installation, setup, and methodologies.

Check Point Security Administration NGX III offers comprehensive training to enhance enterprise knowledge of VPN-1 NGX, network planning, route-based VPN, and troubleshooting procedures.

Who Should Attend

Systems administrator, security manager, network engineer who manages VPN-1/FireWall-1 gateway deployments and individuals seeking to earn Check Point Certified Security Administrator (CCSA, CCSE CCSE Plus) NGX certification.

What You Will Learn

• UCCSA NGX Management I
• VPN-1/FireWall-1 architecture
• VPN-1/FireWall-1 component deployment
• How to define a Security Policy using SmartDashboard
• How to deploy and manage distributed gateways, using Check Point's SmartUpdate and Secure Internal Communications
• How to administer and troubleshoot VPN-1/FireWall-1 Security Policies
• How to enable SmartDefense global protection mechanisms
• How to set up User Authentication in a VPN-1/FireWall-1 environment
• How to implement Network Address Translation
• How to protect your network with backups
• How to upgrade VPN-1/FireWall-1
• How to license VPN-1/FireWall-1
• CCSE NGX Management II
• Use NGX tools to install NGX on Windows Server 2003 and SecurePlatform
• Use NGX tools to upgrade to NGX, from VPN-1/FireWall-1 NG or VPN-1 NG with Application Intelligence
• Use advanced NGX features to minimize the information-security management burden, when working with objects and rules
• Determine whether Database Revision Control or Policy Package Management is the appropriate solution, given a variety of scenarios
• Identify the features and limitations of Management High Availability
• Use fw monitor to capture and view packets
• Use fw ctl pstat to verify the health of the NGX Security Gateway and SmartCenter Server
• Review VPN-1 debugging and troubleshooting commands, including cpinfo
• Given a variety of Check Point QoS configurations, determine how bandwidth will be allocated
• Identify situations where Low Latency Queueing and Differentiated Services are an appropriate part of a QoS solution
• Configure NGX to allow VoIP traffic to pass through a corporate Security Gateway
• Identify different modes in ClusterXL configuration, and configure ClusterXL VPN
• Configure a Policy Server and SecureClient Rule Base
• Configure route-based VPN and dynamic VPN routing
  

About The Labs

• Defining VPN-1/FireWall-1 rules, objects, and users
• Establishing basic VPN-1/FireWall-1 Security Policies
• Setting up User Authentication
• Configuring SmartDefense
• Configuring Network Address Translation
• Using SmartUpdate for VPN-1/FireWall-1 installation
• Installing VPN-1/FireWall-1
• Setting up SecuRemote and SecureClient for remote-access VPNs
• Configuring logical servers for load balancing
• Using content security to enable Java blocking, URL filtering and anti-virus checking
• Configuring two-gateway IKE encryption
• Collecting configuration files from an NGX installation
• Review and analyzing cpinfo output in InfoView
• Using GuiDBedit to create services and objects, and modify an object's global properties
• Using fw logswitch to switch active and audit logs
• Using fwm logexport to export logs
• Comparing client- and server-side NAT using fw monitor
• Using fwm and cpd debugging to troubleshoot a stand-alone installation problem
• Generating and interpreting a file containing fw ctl pstat information
• Using fw stat to verify a Gateway's Policy installed status
• Using fw unloadlocal to uninstall a Security Policy
• Using fwm load to install a Policy
• Running ike debug on Gateways, and analyzing output using IKEview
• Observing IKE by running ike debug
• Running srfw monitor on a SecureClient desktop
• Configuring route-based VPNs for VPN redundancy
• Configuring dynamic routing using OSPF through VPN tunnels
• CCSE Plus NGX Management III
• Troubleshooting NGX product problems using troubleshooting guidelines
• Using cpinfo and log files for file management
• Using protocol analyzers to capture and analyze network traffic
• Troubleshooting NGX problems using NGX debugging tools
• Using fw and fw advanced commands for troubleshooting
• Troubleshooting specific Security Server issues
• Using VPN log files and vpn debug to troubleshoot VPN connections
• Capturing traffic flow using ike debug, sr_service debug, and srfw monitor
• Identifying differences between route- and domain-based VPNs
• Identifying, debugging, and using relevant commands to troubleshoot Eventia Reporter problems

Prerequisites

• Working knowledge of Windows NT and/or UNIX
• Basic networking knowledge
• Experience with TCP/IP and the Internet
• Check Point Security Administration NGX I Rev 1.1 and Check Point Security Administration NGX II Rev 1.1 or equivalent knowledge and experience

Courses with a guaranteed icon () are guaranteed to run. View our full guaranteed to run schedule.

Onsite / Private Class

We can provide this class onsite to your team as a standard class or customized to meet your specific needs. Request a quote today.

Start Date	End Date	Start Time	End Time	Location
Your Dates		Your Time		Your Location	Request a quote today

Notify Me of Upcoming Dates

Where are all the dates? Contact us using the form below and we will provide you with training options for this course, as we have many nationwide dates that may not be listed.

Name:		Phone:
Email:		Company:
Comments: