Average Rating: 0.00/10
(# Rating Votes: 0 | Rate This Course | Contribute a Review )
Short Description:
VPN-1/FireWall-1 Management III - NG offers comprehensive training to enhance enterprise knowledge of VPN-1/FireWall-1 Next Generation (NG), addressing network planning, ClusterXL solutions, and troubleshooting procedures.
Full Description:
Course Overview VPN-1/FireWall-1 Management III - NG offers comprehensive training to enhance enterprise knowledge of VPN-1/FireWall-1 Next Generation (NG), addressing network planning, ClusterXL solutions, and troubleshooting procedures.
Who Should Attend This course is designed for systems administrators, security managers and network engineers implementing VPN-1/FireWall-1 NG in an enterprise setting, and individuals seeking the Check Point Certified Security Expert Plus: Enterprise Integration and Troubleshooting (CCSE plus) certification The following professionals benefit best from this course:
Systems Administrators
Support Analysts
Network Engineers
Prerequisites Before taking this course, participants must be familiar with the following:
VPN-1/FireWall-1 Management I
VPN-1/FireWall-1 Management II
Working knowledge of firewall technologies
Experience with TCP/IP and Internet communications
Hands-on experience using Windows NT or UNIX, including the command-line interface
Hands-on experience with network technologies including (but not limited to) routers, gateways, and servers
Topics Covered Planning a secure network and identifying risks to a network
Implementing VPN-1/FireWall-1 in an enterprise or distributed environment
Configuring overlapping encryption domains
Integrating VPN-1/FireWall-1 NG into an LDAP environment
Configuring Multiple Entry Point (MEP) and Single Entry Point (SEP) VPNs with ClusterXL
Implementing UserAuthority
Using VPN-1/FireWall-1 NG debugging tools and applying protocol analyzers to capture and view packet information
Enhancing the performance of the operating systems to maintain the integrity and the security of the enterprise VPN installation
Troubleshooting the network installation
Goals & Objectives The following will be accomplished during this course:
Determine network risks and create a Security Policy
Design a network using VPN-1/FireWall-1, LDAP, and CVP/UFP servers
Assess a network using scanning tools
Install VPN-1/FireWall-1 NG in a distributed environment
Using Secure Internal Communications and SecureUpdate
Using Check Point MAD for Intrusion Detection
Harden the Operating System
Performance-tune the gateway modules
Plan and integrate VPN-1/FireWall-1 with LDAP
Integrate Account Management with the LDAP Server
Discuss Multiple Entry Point VPNs
Explain the process of creating IP pools
Successfully configure SecuRemote to work within a Multiple Entry Point VPN
Discuss Management High Availability and demonstrate how to utilize it
Demonstrate how to configure a proper subset cryptosystem of an internal Policy Server on a firewall protected by an external firewall
Discuss the key elements of a SEP configuration
Use the Policy Editor GUI to troubleshoot remote installations without logging in the systems using *local mode
Define basic guidelines for troubleshooting VPN-1/FireWall-1
Determine information that needs to be gathered to troubleshoot specific VPN-1/FireWall-1 issues
Use FW Monitor and snoop to capture packets and view them
Modify the objects_5_0.C file
Course Outline Day 1
Module 1: Planning a Secure Network
Identify risks to the network from internal and external intrusion
Define network elements to place on the topology diagram
Outline a security policy for an organization
Module 2: Implementing VPN-1/FireWall-1 NG
Identify weaknesses of an open network using scanning and intrusion tools
Configure a VPN-1/FireWall-1 NG Rule Base for traffic management
Assess the VPN-1/FireWall-1 NG Rule Base with the same scanning and intrusion tools for a comparison to a network without protection
Module 3: Check Point Product Placement
Arrange the location of various Check Point security products
Differentiate among Check Point products
Design a network using VPN-1/FireWall-1 NG, LDAP, and CVP/UFP servers
Module 4: Check Point's Malicious Activity Detection (MAD)
Identify the attacks MAD detects
Demonstrate how to configure MAD
Identify basic MAD errors for troubleshooting
Module 5: Performance Tuning and Hardening the Operating System
Remove unneeded services from the operating system
Modify operating system TCP/IP parameters
Secure the VPN-1/FireWall-1 Enforcement Module's operating system
Day 2
Module 6: Overlapping Encryption Domains
List the three types of overlapping encryption domains
Compare and contrast the varying types of overlapping encryption
Discuss routing issues in an asymmetric environment
Explain how to configure a Rule Base to allow overlapping encryption
Module 7: Multiple Entry Point VPNs (MEP)
Discuss the restrictions of Multiple Entry Point VPNs
List the steps for Multiple Entry Point configuration
Explain the process of IP pools
Successfully configure SecuRemote to work with a Multiple Entry Point VPN
Module 8: High Availability and Single Entry Point VPNs
Discuss the key elements of a SEP configuration
Describe the creation and importance of gateway clusters
List the steps required to configure a SEP VPN
Explain the implementation of state synchronization between two gateways
Day 3
Module 9: Management Module High Availability
Determine the differences between Primary and Secondary Management Module configurations
Determine how to switch between Primary and Secondary Management Module
Module 10: LDAP Servers
Plan the roll-out of LDAP
Install the LDAP server
Module 11: LDAP User Management with the Policy Editor
Integrate VPN-1/FireWall-1 Account Management with the LDAP Server
Day 4
Module 12: Using VPN-1/FireWall-1 Debugging Tools
Use fw ctl pstat to verify the health of the VPN-1/FireWall-1 Enforcement Module and Management Module
Use fw ctl debug to collect kernel debug information
Create a cpinfo file and review the contents
Use the Policy Editor GUI to troubleshoot remote installations, without logging into the systems (by using *local mode)
Module 13: General Troubleshooting Measures
Define basic guidelines for troubleshooting VPN-1/FireWall-1
Determine what information needs to be gathered to troubleshoot specific VPN-1/FireWall-1 issues
Module 14: Protocol Analyzers
Use fw monitor to capture packets and view them using either snoop or Ethereal
Use snoop to capture packets and review the three modes of verbosity of
Module 15: File Modification and System Maintenance
Modify the objects_5_0.C file
Import users into the VPN
Duration:
5 Days
Price:
?
Submitted by: admin
Hits: 0
NSEC's VPN-1/FireWall-1 Management III NG Course Web Page
|
