CCSA: Check Point Certified Security Administration (R70)
Check Point Security Administration R70 is a foundation course for Check Point's Security Management Systems, Security Gateway Systems, and deployment platforms. This course provides an understanding of basic concepts and skills necessary to configure Check Point Software Blades including Firewall, IPSec VPN, IPS, Network Policy Management, Logging & Status, and Monitoring, URL Filtering, Antivirus & Anti-malware, Anti-spam & Email Security. During this course, students will configure a Security Policy, secure communications across the Internet, defend against network threats, and learn about managing and monitoring a secure network.
- » Systems administrators, security managers, or network engineers who manage, and implement NGX R65 Security Gateway deployments, and want to upgrade to R70, and also want to earn Check Point Certified Security Administrator (CCSA) R70 and (CCSE) R70 certifications
Back to Top
- » Check Point Technology Overview
- » Describe Check Point's unified approach to network management, and the key elements of this architecture
- » Design a distributed environment using the network detailed in the course topology
- » Install the Security Gateway version R70 in a distributed environment using the network detailed in the course topology
- » Check Point Software Blades
- » Given Check Point's latest integration of CoreXL technology, select the best security solution for your corporate environment
- » Deployment Platforms
- » Given network specifications, perform a backup and restore the current Gateway installation from the command line
- » Identify critical files needed to purge or backup, import and export users and groups and add or delete administrators from the command line
- » Deploy Gateways using sysconfig and cpconfig from the Gateway command line
- » Use the Command Line to assist support in troubleshooting common problems on the Security Gateway
Back to Top
- Distributed Installation
- Install and configure the Security Management Server
- Install SecurePlatform on the Security Gateway
- Configure the Security Gateway using WebUI
- Launch SmartDashboard
- Branch Office Security Gateway Installation
- Configure Branch Gateway via WebUI
- Command Line Interface (CLI) Tools
- Initialize the ICA
- Set expert password
- Add and delete administrators
- Run backup and restore
- Defining Basic Objects
- Create Security Gateway Object
- Create Rules for Corporate Gateway
- Create the Remote Security Gateway Object
- Configure DMZ
- Configure DMZ Interface on the Gateway
- Create a DMZ Object
- Configure NAT
- Configure Hide NAT
- Configure Static NAT
- Observe NAT using fw monitor
- Monitoring with SmartView Tracker
- Launch SmartView Tracker
- Track by Source and Destination
- Using SmartUpdate
- Get Gateway data and run Cpinfo
- Download HFA Package
- Upgrade a Security Gateway Locally
- Client Authentication
- Configure Manual Client Authentication with FTP and Local User
- Configure Partially Automatic Client Authentication with LDAP
- Test Active Directory Authentication
- Create a Database Revision
- Configure a Site-to-Site VPN
- Define the VPN Domain
- Create the VPN Community
- Create VPN Rule
- Test VPN Connection
- VPN Troubleshooting
- Configure Two Gateway IKE Encryption Using Certificates
- Save a Certificate for Export
- Add Machine to VPN Community
- Create a Certificate Authority
- Modify Rule Base
- Install and Verify Security Gateway Configuration
- Test Encryption with Certificates
- Revert to Standard Security Policy
- Remote Access and Office Mode
- Create Remote Access Group
- Configure Gateway for IKE Encryption and LDAP Authentication
- Configure VPN Domain
- Configure Office Mode IP Pool
- Configure Remote Access Object
- Modify Rule Base for Remote Access
- Create a Site Using Site Wizard
- Verifying Office Mode IP Assignment
- Test Remote Connection
- Messaging and Content Security
- Configure IPS for Preliminary Detection
- Analyze Attacks
- Reconfiguring IPS to Block Attacks
- Review Logs
Back to Top
- » Design and install version R70 in a distributed environment
- » Perform a backup and restore the current installation.
- » Identify critical files
- » Deploy Gateways
- » Create and configure network, host and gateway objects.
- » Verify SIC establishment
- » Create a basic Rule Base
- » Configure NAT rules
- » Evaluate existing policies and optimize rules
- » Ensure seamless upgrades and minimal downtime.
- » Use queries to monitor IPS and common network traffic and troubleshoot events.
- » Generate reports, troubleshoot system and security issues, and ensure network functionality.
- » Configure alerts and traffic counters, monitor suspicious activity, analyze tunnel activity and monitor remote user access
- » Apply upgrade packages
- » Attach product licenses
- » Perform a pre-installation compatibility assessment
- » Centrally manage users and manage users' access using external databases.
- » Configure a pre-shared secret site-to-site VPN.
- » Configure a certificate based site-to-site VPN using an internal CA or a third party CA.
- » Configure permanent tunnels for remote access.
- » Configure VPN tunnel sharing.
- » Configure Check Point Messaging Security to test IP Reputation, content based anti-spam, and zero hour virus detection.
- » Configure a Web-filtering and antivirus policy to filter and scan traffic.
- » Implement default or customized profiles to designated Gateways.
- » Create and install IPS policies.
Back to Top
- » 156-215.70 : Check Point Security Administration R70
Back to Top
We ensure your success by asking all
students to take a FREE Skill Assessment test.
These short, instructor-written tests are an objective measure of your current skills that help us determine whether or not you will be able to meet your goals by attending this course at your current skill level. If we determine that you need additional preparation or training in order to gain the most value from this course, we will recommend cost-effective solutions that you can use to get ready for the course.
Our required skill-assessments ensure that:
- All students in the class are at a comparable skill level, so the class can run smoothly without beginners slowing down the class for everyone else.
- NetCom students enjoy one of the industry's highest success rates, and pass rates when a certification exam is involved.
- We stay committed to providing you real value. Again, your success is paramount; we will register you only if you have the skills to succeed.
This assessment is for your benefit and best taken without any preparation or reference materials, so your skills can be objectively measured.
Take your FREE Skill Assessment test »
Back to Top
- Over 22 years of professional experience in the IT field, including more than a decade as a Certified Trainer.
- An expert in Cisco's Routing, Switching, Security, Voice and Wireless areas, as well as select Microsoft, Novell, CompTIA, Sun and CWNP courses.
- High-skilled and acclaimed instructor. Has trained over 900 students at Netcom Learning.
Michael has over 22 years of professional experience in the IT field, including more than a decade as a Certified Trainer. An expert in Cisco's Routing, Switching, Security, Voice and Wireless areas, Michael also teaches select Microsoft, Novell, CompTIA, Sun and CWNP courses.
Michael's dedication and passion for teaching is unmatched. He has trained over 900 students at Netcom Learning since 2006 and his evaluation scores average 8.7 out of 9.
- Over 20 years experience in the IT industry.
- CEH and Microsoft training for many government agencies, including the United States Department of Homeland Security, and the Federal Bureau of Investigation.
- CEH and Microsoft training for Fortune corporations such as Merrill Lynch and ADP.
Richard is a premier Microsoft Certified Trainer and Certified EC-Council Instructor. He has over 20 years of experience as a network administrator, security consultant, vulnerability assessor, and penetration tester for assorted Fortune companies.
Richard??s knowledge on the development and implementation of policies and procedures concerning the security of network data is unsurpassed. He has conducted successful CEH and Microsoft training classes for many government agencies including the United States Department of Homeland Security, the Department of Justice and the Federal Bureau of Investigation, as well as Fortune enterprises such as Merrill Lynch and ADP.
Back to Top
I want to express to you the delight it has been partnering with Rob, our educational consultant, on these 3 key education tracks for my team (Juniper, f5, Checkpoint). I had the liberty of sitting through the original week of Juniper training and experienced first hand the caliber of instructor/course material that Rob secured on our behalf. I was not able to attend the f5 training personally but received like reviews from my team. All in all I found the instruction was top notch, on topic and well delivered and am looking forward to the f5 training in the upcoming weeks.
From the inception Rob was pivotal in understanding our unique requirements and drafted a training schedule that was right on par for our needs. His attention to detail and willingness to understand our requirements directly attested to the successful training we have received. There is no denying that we faced some challenges throughout this engagement but I can say I am truly fortunate to of had Rob on the other side working through the issues. His sense of urgency, constant communication and professionalism were a godsend to say the least. The level of confidence and acumen protruded by Rob was unmatched by the other vendors and put my concerns at ease throughout the process. I wanted to personally thank you for providing such a talented professional such as Rob to this engagement and reiterate my thanks for having such within your employ.
» Check Point R75
More testimonials »
Back to Top