CCSE-R75 Check Point Security Expert R75

Chapter 1: Advanced Firewall

· Chapter 1: Advanced Firewall

· Chapter Objectives

· Firewall-1 Infrastructure

· GUI Clients

· Management

· Security Gateway

· User and Kernel Mode Processes

· The CPD Core Process

· FWM

· FWSSD

· Inbound and Outbound Packet Flow

· Inbound FW CTL Chain Modules

· Outbound Chain Modules

· Columns in a Chain

· Stateful Inspection

· Kernel Tables

· Connections Table

· Connections Table Format

· FW Tab Command

· FireWall-1 Key Features

· Packet Inspection Flow

· Policy Installation Flow

· Policy Installation Process

· Policy Installation Process Flow

· NAT

· How NAT Works

· fwx_alloc

· Hide NAT Process

· Security Servers

· How a security Server Works

· Basic FireWall-1 Administration

· Common Commands

· User Mode Debug

· Isolate the Problem

· FW Monitor

· What is FW Monitor

· C2S and S2C Connections

· Architecture

· Fine Tuning

· Sampling Interval

· Chapter 1 - Review Question

Chapter 2: Advanced Upgrading

· Chapter 2: Advanced Upgrading

· Chapter Objectives

· Backup and Restore Security Gateways and Management Servers

· Snapshot and Revert

· Backup and Restore

· Upgrade Tools

· Back up Schedule Recommendations

· Performing Upgrades

· SMS Upgrade and Database Migration

· Workflow

· Upgrade Cluster Deployments

· Minimal Effort Upgrade

· Zero Downtime

· Full Connectivity Upgrade

· Chapter 2 - Review Question

Chapter 3: Advanced User Management

· Chapter 3: Advanced User Management

· Chapter Objectives

· User Management

· Active Directory OU Structure

· Using LDAP Servers with Check Point

· LDAP User Management with SmartDirectory

· Defining an Account Unit

· Configuring Active Directory

· Schemas

· Multiple SmartDirectory (LDAP) Servers

· Authentication Process Flow

· Limitations of Authentications Flow

· Limitations of Authentication Flow

· SmartDirectory (LDAP) Profiles

· Troubleshooting User Authentication and SmartDirectory

· Common Configuration Pitfalls

· Some LDAP Tools

· Troubleshooting User Authentication

· Identify Awareness

· Enabling AD Query

· AD Query Setup

· Identifying users behind an HTTP proxy

· Verifying there´s a logged and AD user at the source IP

· Checking the source computer OS

· Using Smartview Tracker

· Chapter 3 - Review Question

Chapter 4: Clustering and Acceleration

· Chapter 4: Advanced Clustering and Acceleration

· Objectives

· Clustering and Acceleration

· Cluster XL

· Cluster Synchronization

· Synchronized-Cluster Restrictions

· Securing the Sync Interface

· To Synchronize or Not to Synchronize

· Clustering Terms

· Cluster XL: Load Balancing

· Multicast Load Sharing

· Unicast Load Sharing

· How Packets Travel Through a Unicast LS Cluster

· Sticky Connections

· The Sticky Decision Function

· Maintenance Tasks and Tools

· Perform a Manual Failover of the FW Cluster

· Advanced Cluster Configuration Examples

· Management HA

· The Management High Availability Environment

· Active vs Standby

· What Data is Backed Up?

· Synchronization Modes

· Synchronization Status

· SecureXL: Security Acceleration

· What SecureXL Does

· Packet Acceleration

· Session Rate Acceleration

· Masking the Source Port

· Application Layer Protocol – An example with HTTP

· HTTP 1.1

· Factors that Prelude Acceleration

· Factors that Prelude Templating (Session Acceleration)

· Packet flow

· SecureXL API

· VPN Capabilities

· CoreXL: Multicore Acceleration

· Supported Platforms and Features

· Default Configuration

· Processing Core Allocation

· Allocating Processing Cores

· Adding Processing Cores to the Hardware

· Allocating an Additional Core to the SND

· Allocating a Core for Heavy Logging

· Packet Flows with SecureXL Enabled

· Chapter 4 - Review Question

Chapter 5: Advanced IPsec VPN and Remote Access

· Chapter 5: Advanced IPsec VPN Remote Access

· Objectives

· Advanced VPN Concepts and Practices

· IPsec

· Internet Key Exchange (IKE)

· IKE Key Exchange Process – Phase 1

· Phase 2 Stages

· Remote Access VPNs

· Connection Initiation

· Link Selection

· Multiple Entry Point VPNs

· How Does MEP Work

· Explicit MEP

· Implicit MEP

· Tunnel Management

· Permanent Tunnels

· Tunnel Testing

· VPN Tunnel Sharing

· Tunnel–Management Configuration

· Permanent–Tunnel Configuration

· Tracking Options

· Advanced Permanent-Tunnel Configuration

· Troubleshooting

· VPN Log Files

· vpn debug Command

· vpn Command

· vpn debug on І off

· vpn debug ikeon І ikeoff

· vpn tu

· vpn debug trunk

· VPN Enviroment Variables

· Comparing SAs

· Examples

· VPN Encryption Issues

· Example 1

· Example 2

· Chapter 5 - Review Question

Chapter 6: Auditing and Report

· Chapter 6: Auditing and Report

· Objectives

· Auditing and Reporting Processes

· Auditing and Reporting Standards

· SmartEvent

· SmartEvent Intro

· SmartReporter

· Report Types

· SmartEvent Architecture

· Component Communication Process

· Event Policy User Interface

· Migrating the SmartEvent Database

· Chapter 6- Review Question

Appendix IUser Mode Debug

· Running User-Mode Debug

· OPSEC

· TDERROR

· HERROR

· fw debug

· Analyze Debug Output

· Perform a Core Dump

· Kernel Debug

· Debugging Flags

· Kernel Debugging Tips

· Examples

Appendix II Chapter Questions and Answers

· Chapter 1 – Review Questions & Answers

· Chapter 2 – Review Questions & Answers

· Chapter 3 – Review Questions & Answers

· Chapter 4 – Review Questions & Answers

· Chapter 5 – Review Questions & Answers

Chapter 6 – Review Questions & Answers