Category Archives: CheckPoint

A Flashback and a New Busy Year!

Dear Reader,

Thanks to spend your time reading this post on the first day of the new year.

The 2017 was a busy year regards projects and a new area i’ve been exploring myself (Business Development), this is quite new for me but it’s going….

What i mean by Business Development? I’ve been focus only on Engineering (hands-on) which is by far what i really like to do, so i get the implementation plan and GO! Why not dive in the conversation with the customer and understand their challenges, advise what technologies are in the market that really suit them. Presenting cutting-edge technologies and advise the customer is also something i really like.

What do i have for this upcoming year? I’ve done some re-cert’s, like Juniper, VMware and Cisco.
I have do do some re-certs this year too, but i want to focus more on the CCDE than ever, so i’m starting officially today and i hope do the Written in 6 months. I will attend the Cisco Live Barcelona 2018, so i hope get good contacts to push this even further. This is the plan mentally but i know this might has to change a bit.

CCNA Cyber Ops is just around the corner :)

Happy New Year.

Welcome to CheckPoint R80 API

Automation and orchestration capabilities these days are the key for many Organizations, and this session will show you what can you achieve with the R80.10 API.  Specifically, this session covers:

  • Introduction to using the R80.10 APIs using Postman and Ansible
  • Tips on how to add objects and services to adding rules via CLI RESTful API
  • Additional use cases
  • And much more

The content presented is below:

Slides: How to use R80.10 API for Automation and Streamlined Security (PPT)

Video: How to use R80.10 API for Automation and Streamlined Security (Video)

Scripts: CheckMates_Aug15_Demos.zip

Q&A: TechTalk Q&A: Leveraging the R80.10 API to Automate and Streamline Security Operations

Looking for more cool stuff? Check on CheckPoint CheckMates Community

Checkpoint R80.x Exam News

The CCSE exam is now available for R80. This exam is based on the R80.10 CCSE certification training course.

The CCSE Update exam will be released in Q3 2017. This is the fast path for certified professionals that are CCSE certified on previous software versions.

R80 CCSA exam is available at Pearson VUE. Please note the CCSA certification is a prerequisite for the CCSE exam and certification.

Quick reference for these new version exam numbers:

  • 156-215.80 – CCSA
  • 156-315.80 – CCSE
  • 156-915.80 – CCSE Update (Not released yet)

CCSA and CCSE (proctored exams) will be priced $250 USD and CCSM $350

Bad time for renewing CCSE

I got an email from Checkpoint about my cert expiration,  but what is the challenge here? I can’t  take the same exam as per check Point FAQ, in this case CCSE but i gave a try and bang!,

After contact Check point i got the following options:

  • Upgrade your certifications to CCSM (156-115.77)
  • Take two of the following certifications to extend your current CCSE for 1 year
    • Secure Web Gateway
    • ThP-Threat Prevention
    • GAIA Intro -Gaia Overview
    • Advanced IPS
    • CCSBA-Sandblast
    • MTPA-Mobile Threat Prevention Administrator
    • MTPE-Mobile Threat Prevention Engineering
    • Wait for CCSE R80 to be released

I do not see the point to do 2 of the certs to renew the CCSE just for 1 year. The CCSE R80 should be available on Q3 as per Checkpoint. But who knows……

You can read the Check Point Certification  FAQ here

Maybe wait is the best option!  And do the Update exam after.

Are you ready to R80?It is finally in!

No, it’s not fouls day…After a long delay we have the New generation Management Platform.

What is the R80 Upgrade Verification Service?

R80 Upgrade Verification Service is an upgrade verification and environment simulation service. You get customized support to help make your transition to R80 as seamless as possible, so you can optimize the features of R80, while ensuring compatibility with the existing security infrastructure. Click on follow link to get more information https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk108623

Check Point R80 in March

Check Point R80 will be available later this March, after Check Point rescheduled it for a few times, you can check it on Press Release. Having Multiple administrators managing policies at same time it´s a big improvement, so you don’t need to ask your team to log off because you need implement an urgent rule!

Benefits of R80:

  • The introduction of ‘one console, one policy
  • Better aligning security with business processes and network architectures
  • Integration of threat management for a single view into risk across a network

Proxy ARP in Check Point GAIA

Check Point trap me all the time because of Proxy ARP, for some reason after install a policy on a gateway the NAT didn’t come up AGAIN!

After do a capture i realized what could be the problem (too many arp requests)

Capturing traffic

[[email protected]:0]# tcpdump -i eth0 host 200.0.0.102
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:49:57.381730 arp who-has 200.0.0.102 tell 200.0.0.97
(omitted)

These are the default values of ARP in GAIA OS

set arp table cache-size 4096
set arp table validity-timeout 60
set arp announce 2

Adding in clish mode a static proxy arp entry

Setup Proxy ARP

FW-GAIA> add arp proxy ipv4-address 200.0.0.102 interface eth0

The GAIA command above convert it automatically to a file called local.arp

[[email protected]:0]# cat $FWDIR/conf/local.arp
# This file was AUTOMATICALLY GENERATED
# DO NOT EDIT
# Please use Gaia Portal or clish command to configure ARP proxy
200.0.0.102 00:50:56:01:00:a1

Checking Proxy ARP

Using clish

FW-GAIA> show arp proxy all
IP Address              MAC Address / Interface         Real IP Address
200.0.0.102           eth0

Using Expert Mode

[[email protected]:0]# fw ctl arp
(200.0.0.102) at 00-50-56-01-00-a1

Golden rule: Setup always a static proxy arp

Check Point launch vSEC for VMware NSX

Check point bring Security Gateways to the heart of VMware NSX, this will provide:

  • Scalable micro-segmentation
  • Context-aware security policy
  • Ubiquitous security enforcement
  • Security automation and orchestration
  • Comprehensive control and visibility

vsec-chart-1024x768

vsec_architecture  vsec_table 

icon-vsec

Documentation

vSEC Controller R77.30 and vSEC Gateway R77.20VSEC Release Notes
vSEC Controller R77.30 and vSEC Gateway R77.20VSEC Administration Guide

References:

Check Point vSEC

Support Center vSEC

 

Bring Check Point CCSE cert to my bag

Since i achieved my Check Point CCSA i´ve decided to go to next level which means CCSE. I used old CBT Nuggets for R65/R70 , Student/Lab guide for R77, and also the Study guide provided by Check Point. I also read a few SKs to help to understand concepts and Blades which i’ve never touched before.

You can find the study guide here.

SK’s

 

Videos Overview

1. CCSE Welcome
2. Mgmt High Availability
This will present the student with the concept of deploying a backup Smart Center (Mgmt Server)
3. HA Cluster
This will give the student the first must have skill set and that is clustering Check Point firewalls using an New mode HA multicast configuration.
4. Load Sharing Clusters
This nugget will give the student the skills required to deploy load sharing clusters with unicast and multicast protocols.
5. Smart Update & Local upgrades
This nugget will give the student the skills to upgrade local and remote Check Point firewall deployments.
6. Cluster Trouble Shooting
This nugget will cover the process needed to perform health checks & ensure proper configuration of Check Point Firewalls.
7. Encryption
This nugget will cover the process of what encryption protocols are needed to maintain confidentiality, Integrity and availability of data over VPN’s
8. Domain Based VPN
This nugget will cover the first and most common Check Point VPN using encryption domains.
9. SSL VPN
This nugget will cover the deployment of an SSL remote access VPN using Check Point SSL Network Extender.
10. Remote Access VPN (IKE)
This nugget will cover the deployment of a remote access VPN using Check Point secure client on Windows pc
11. Route Based VPN (VTI)
This nugget will cover configuring point-to-point vpn using VTI. A VTI is an operating system level virtual interface that can be used as a gateway
12. Peer VPN’s
This nugget will cover the options need to setup a VPN with a peer company.
13. SCP on Splat
This nugget will cover the most secure way of transferring files to and from your Check Point Secure Platform devices.
14. Smart Center Recovery
This nugget will cover how to recover a Smart Center Mgmt server from a cpinfo or cpbackup file.
15. Disaster Recovery of Cluster Member
This nugget will cover how to recover a cluster member that has suffered a failure while keeping the organization online.
16. Final Note
In this final nugget we cover some study skills for CCSE prep and some housekeeping tips to maintain your Smart Center mgmt server.
17. CCSE Welcome
What’s new in R70. About this updated series.
18. Mgmt Portal
Virtual machine configuration. Software installation steps. Smart dashboard configuration. Navigation of portal settings.
19. R70 Cluster
SPLAT FW installation. Sysconfig of FW. Cluster object configuration. Policy configuration. Policy installation and verification.
20. Command Line World Part 1
Review of core XL. FW monitor troubleshooting.
21. Command Line World Part 2
Troubleshooting with TCP dump. FW troubleshooting and verification commands.
22. Smart Provisioning
FW object settings. Provisioning profiles. Review of SP gui settings. Deploying FW settings.
23. Smart Analyzer
Software installation. Dashboard object configuration. Server components configuration.
24. Smart Reporter
Gui reporter configuration. Review of report settings

Exam

Exam: 156-315.77
Duration
: 100 +30 extension
Questions: 70 to 100
Minimum to Pass:70%
Valid for: 2 Years

This time i got 89 questions, and i was scared because i mixed concepts of SmartEvent and i forgot about a few daemons/processes.

I leave here my notes guys to help you out.

And yes, i PASSED! So now i need to wait for my certificate and kit, Check Point needs 6 to 8 weeks to issue that. Shall i go to CCMSE? Maybe later, now it´s time to jump to VMware stuff, because any conversation which has cloud keyword becomes an Hot Topic!

 

CCSE

References:

Check Point Certified Security Expert (CCSE) R77

Check Point Training FAQ

 

I got my Check Point CCSA cert on R77

I´ve been working for a long time with Check Point but i did not take any exam, but this was in my objectives for a long time…. So i decided about 1 month ago to start studying for this and was not hard to be honest. The funny thing on Check Point is every Major release it changes the exam Title but that doesn´t mean you don´t know how to work with.

Material

I used the CBT Nuggets GAIA R76 for this and was enough to pass even not be for R77 (minor changes),  i would play more with authentication stuff when i will have time.  This was the first time i used CBT and worth every euro i spent.

Check Point also provide a study guide for this exam, which you can find here.

Videos Overview

1. Welcome! (7 min)
2. Check Point Fundamentals (16 min)
3. Installing GAiA (31 min)
4. Linking the Manager & Firewall (26 min)
5. Pushing Policy (34 min)
6. NAT (34 min)
7. Policy Packages & Database Versions (32 min)
8. SmartView Tracker (28 min)
9. SmartView Monitor (20 min)
10. LDAP (22 min)
11. Identity Awareness (35 min)
12. App Control and URL Filtering (31 min)
13. HTTPS Inspection (26 min)
14. CLI (27 min)
15. IPsec VPNs (Site to Site) (36 min)
16. Backup and Recovery (16 min)
17. Smart Update (14 min)
18. Additional Check Point Features (27 min)
19. CCSA Exam Success (16 min)

Exam

Exam: 156-215.77
Duration
: 100 +30 extension
Questions: 70 to 100
Minimum to Pass:70%
Valid for: 2 Years

The questions are a random number and because i´m a lucky man i got 100 questions, it freezes me at the beginning but after do 75 of them and with spare time to review i thought i would have a good chance to pass.

I leave here my notes guys to help you out.

And yes, i PASSED! Check Point needs 6 to 8 weeks to issue your certificate and Kit, so keep calm and you will get soon your certification in UserCenter.CCSAReferences:

Security Administration (Check Point Certified Security Administrator (CCSA) R77)

CBT Check Point Security

Check Point Training FAQ