Security landscape is evolving fast, so fast detection and mitigation is important for customers. Many enterprises are looking to firewall vendors to provide cloud-based malware detection instances to aid them in their advanced threat detection efforts, as a cost-effective alternative to stand-alone sandboxing appliances.
SSL Decryption is one of the key topics, since TLS 1.2 to the TLS 1.3 standard will undoubtedly force changes in how enterprise firewall vendors process the traffic.
Policy Orchestration and Automation Become Critical on SDN deployments, some vendors haven’t provide much attention om this topic. Firewall Services Within IaaS Environments Become an Area of Differentiation.
Magic Quadrant for Enterprise Network Firewalls
Full Report on Report Magic Quadrant for Enterprise Network Firewalls 2018
Thanks to spend your time reading this post on the first day of the new year.
The 2017 was a busy year regards projects and a new area i’ve been exploring myself (Business Development), this is quite new for me but it’s going….
What i mean by Business Development? I’ve been focus only on Engineering (hands-on) which is by far what i really like to do, so i get the implementation plan and GO! Why not dive in the conversation with the customer and understand their challenges, advise what technologies are in the market that really suit them. Presenting cutting-edge technologies and advise the customer is also something i really like.
What do i have for this upcoming year? I’ve done some re-cert’s, like Juniper, VMware and Cisco.
I have do do some re-certs this year too, but i want to focus more on the CCDE than ever, so i’m starting officially today and i hope do the Written in 6 months. I will attend the Cisco Live Barcelona 2018, so i hope get good contacts to push this even further. This is the plan mentally but i know this might has to change a bit.
CCNA Cyber Ops is just around the corner :)
Happy New Year.
Automation and orchestration capabilities these days are the key for many Organizations, and this session will show you what can you achieve with the R80.10 API. Specifically, this session covers:
- Introduction to using the R80.10 APIs using Postman and Ansible
- Tips on how to add objects and services to adding rules via CLI RESTful API
- Additional use cases
- And much more
The content presented is below:
Slides: How to use R80.10 API for Automation and Streamlined Security (PPT)
Video: How to use R80.10 API for Automation and Streamlined Security (Video)
Q&A: TechTalk Q&A: Leveraging the R80.10 API to Automate and Streamline Security Operations
Looking for more cool stuff? Check on CheckPoint CheckMates Community
The CCSE exam is now available for R80. This exam is based on the R80.10 CCSE certification training course.
The CCSE Update exam will be released in Q3 2017. This is the fast path for certified professionals that are CCSE certified on previous software versions.
R80 CCSA exam is available at Pearson VUE. Please note the CCSA certification is a prerequisite for the CCSE exam and certification.
Quick reference for these new version exam numbers:
- 156-215.80 – CCSA
- 156-315.80 – CCSE
- 156-915.80 – CCSE Update (Not released yet)
CCSA and CCSE (proctored exams) will be priced $250 USD and CCSM $350
You can check here the CPX 2017 Presentations, for exclusive access to full slide decks from each presentation, please log into your Check Point CheckMates account.
It took a while for Checkpoint release the R80 for the gateways, but it’s here now! It’s time to move on and play! Another Marketing strategy around called Check Point Affinity landed with this new version.
I got an email from Checkpoint about my cert expiration, but what is the challenge here? I can’t take the same exam as per check Point FAQ, in this case CCSE but i gave a try and bang!,
After contact Check point i got the following options:
- Upgrade your certifications to CCSM (156-115.77)
- Take two of the following certifications to extend your current CCSE for 1 year
- Secure Web Gateway
- ThP-Threat Prevention
- GAIA Intro -Gaia Overview
- Advanced IPS
- MTPA-Mobile Threat Prevention Administrator
- MTPE-Mobile Threat Prevention Engineering
- Wait for CCSE R80 to be released
I do not see the point to do 2 of the certs to renew the CCSE just for 1 year. The CCSE R80 should be available on Q3 as per Checkpoint. But who knows……
You can read the Check Point Certification FAQ here
Maybe wait is the best option! And do the Update exam after.
No, it’s not fouls day…After a long delay we have the New generation Management Platform.
What is the R80 Upgrade Verification Service?
R80 Upgrade Verification Service is an upgrade verification and environment simulation service. You get customized support to help make your transition to R80 as seamless as possible, so you can optimize the features of R80, while ensuring compatibility with the existing security infrastructure. Click on follow link to get more information https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk108623
Check Point R80 will be available later this March, after Check Point rescheduled it for a few times, you can check it on Press Release. Having Multiple administrators managing policies at same time it´s a big improvement, so you don’t need to ask your team to log off because you need implement an urgent rule!
Benefits of R80:
- The introduction of ‘one console, one policy
- Better aligning security with business processes and network architectures
- Integration of threat management for a single view into risk across a network
Check point R80 has been delayed by Check Point for a long time… But if you are a partner and you want play with it, Check Point add it on Early Availability Program. Just login on your UC and download it!
Check Point trap me all the time because of Proxy ARP, for some reason after install a policy on a gateway the NAT didn’t come up AGAIN!
After do a capture i realized what could be the problem (too many arp requests)
:0]# tcpdump -i eth0 host 126.96.36.199
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:49:57.381730 arp who-has 188.8.131.52 tell 184.108.40.206
These are the default values of ARP in GAIA OS
set arp table cache-size 4096
set arp table validity-timeout 60
set arp announce 2
Adding in clish mode a static proxy arp entry
Setup Proxy ARP
FW-GAIA> add arp proxy ipv4-address 220.127.116.11 interface eth0
The GAIA command above convert it automatically to a file called local.arp
:0]# cat $FWDIR/conf/local.arp
# This file was AUTOMATICALLY GENERATED
# DO NOT EDIT
# Please use Gaia Portal or clish command to configure ARP proxy
Checking Proxy ARP
FW-GAIA> show arp proxy all
IP Address MAC Address / Interface Real IP Address
Using Expert Mode
Golden rule: Setup always a static proxy arp
You installed Check Point Endpoint Security Agent R80 by mistake and now you can’t uninstall it because of the mysterious password you didn’t type? So try secret
Keep calm and eat a cookie!
Check point bring Security Gateways to the heart of VMware NSX, this will provide:
- Scalable micro-segmentation
- Context-aware security policy
- Ubiquitous security enforcement
- Security automation and orchestration
- Comprehensive control and visibility
vSEC Controller R77.30 and vSEC Gateway R77.20VSEC Release Notes
vSEC Controller R77.30 and vSEC Gateway R77.20VSEC Administration Guide
Check Point vSEC
Support Center vSEC
Since i achieved my Check Point CCSA i´ve decided to go to next level which means CCSE. I used old CBT Nuggets for R65/R70 , Student/Lab guide for R77, and also the Study guide provided by Check Point. I also read a few SKs to help to understand concepts and Blades which i’ve never touched before.
You can find the study guide here.
|1. CCSE Welcome
|2. Mgmt High Availability
|This will present the student with the concept of deploying a backup Smart Center (Mgmt Server)
|3. HA Cluster
|This will give the student the first must have skill set and that is clustering Check Point firewalls using an New mode HA multicast configuration.
|4. Load Sharing Clusters
|This nugget will give the student the skills required to deploy load sharing clusters with unicast and multicast protocols.
|5. Smart Update & Local upgrades
|This nugget will give the student the skills to upgrade local and remote Check Point firewall deployments.
|6. Cluster Trouble Shooting
|This nugget will cover the process needed to perform health checks & ensure proper configuration of Check Point Firewalls.
|This nugget will cover the process of what encryption protocols are needed to maintain confidentiality, Integrity and availability of data over VPN’s
|8. Domain Based VPN
|This nugget will cover the first and most common Check Point VPN using encryption domains.
|9. SSL VPN
|This nugget will cover the deployment of an SSL remote access VPN using Check Point SSL Network Extender.
|10. Remote Access VPN (IKE)
|This nugget will cover the deployment of a remote access VPN using Check Point secure client on Windows pc
|11. Route Based VPN (VTI)
|This nugget will cover configuring point-to-point vpn using VTI. A VTI is an operating system level virtual interface that can be used as a gateway
|12. Peer VPN’s
|This nugget will cover the options need to setup a VPN with a peer company.
|13. SCP on Splat
|This nugget will cover the most secure way of transferring files to and from your Check Point Secure Platform devices.
|14. Smart Center Recovery
|This nugget will cover how to recover a Smart Center Mgmt server from a cpinfo or cpbackup file.
|15. Disaster Recovery of Cluster Member
|This nugget will cover how to recover a cluster member that has suffered a failure while keeping the organization online.
|16. Final Note
|In this final nugget we cover some study skills for CCSE prep and some housekeeping tips to maintain your Smart Center mgmt server.
|17. CCSE Welcome
|What’s new in R70. About this updated series.
|18. Mgmt Portal
|Virtual machine configuration. Software installation steps. Smart dashboard configuration. Navigation of portal settings.
|19. R70 Cluster
|SPLAT FW installation. Sysconfig of FW. Cluster object configuration. Policy configuration. Policy installation and verification.
|20. Command Line World Part 1
|Review of core XL. FW monitor troubleshooting.
|21. Command Line World Part 2
|Troubleshooting with TCP dump. FW troubleshooting and verification commands.
|22. Smart Provisioning
|FW object settings. Provisioning profiles. Review of SP gui settings. Deploying FW settings.
|23. Smart Analyzer
|Software installation. Dashboard object configuration. Server components configuration.
|24. Smart Reporter
|Gui reporter configuration. Review of report settings
Duration: 100 +30 extension
Questions: 70 to 100
Minimum to Pass:70%
Valid for: 2 Years
This time i got 89 questions, and i was scared because i mixed concepts of SmartEvent and i forgot about a few daemons/processes.
I leave here my notes guys to help you out.
And yes, i PASSED! So now i need to wait for my certificate and kit, Check Point needs 6 to 8 weeks to issue that. Shall i go to CCMSE? Maybe later, now it´s time to jump to VMware stuff, because any conversation which has cloud keyword becomes an Hot Topic!
Check Point Certified Security Expert (CCSE) R77
Check Point Training FAQ