Tag Archives: Check Point

Bring Check Point CCSE cert to my bag

Since i achieved my Check Point CCSA i´ve decided to go to next level which means CCSE. I used old CBT Nuggets for R65/R70 , Student/Lab guide for R77, and also the Study guide provided by Check Point. I also read a few SKs to help to understand concepts and Blades which i’ve never touched before.

You can find the study guide here.

SK’s

 

Videos Overview

1. CCSE Welcome
2. Mgmt High Availability
This will present the student with the concept of deploying a backup Smart Center (Mgmt Server)
3. HA Cluster
This will give the student the first must have skill set and that is clustering Check Point firewalls using an New mode HA multicast configuration.
4. Load Sharing Clusters
This nugget will give the student the skills required to deploy load sharing clusters with unicast and multicast protocols.
5. Smart Update & Local upgrades
This nugget will give the student the skills to upgrade local and remote Check Point firewall deployments.
6. Cluster Trouble Shooting
This nugget will cover the process needed to perform health checks & ensure proper configuration of Check Point Firewalls.
7. Encryption
This nugget will cover the process of what encryption protocols are needed to maintain confidentiality, Integrity and availability of data over VPN’s
8. Domain Based VPN
This nugget will cover the first and most common Check Point VPN using encryption domains.
9. SSL VPN
This nugget will cover the deployment of an SSL remote access VPN using Check Point SSL Network Extender.
10. Remote Access VPN (IKE)
This nugget will cover the deployment of a remote access VPN using Check Point secure client on Windows pc
11. Route Based VPN (VTI)
This nugget will cover configuring point-to-point vpn using VTI. A VTI is an operating system level virtual interface that can be used as a gateway
12. Peer VPN’s
This nugget will cover the options need to setup a VPN with a peer company.
13. SCP on Splat
This nugget will cover the most secure way of transferring files to and from your Check Point Secure Platform devices.
14. Smart Center Recovery
This nugget will cover how to recover a Smart Center Mgmt server from a cpinfo or cpbackup file.
15. Disaster Recovery of Cluster Member
This nugget will cover how to recover a cluster member that has suffered a failure while keeping the organization online.
16. Final Note
In this final nugget we cover some study skills for CCSE prep and some housekeeping tips to maintain your Smart Center mgmt server.
17. CCSE Welcome
What’s new in R70. About this updated series.
18. Mgmt Portal
Virtual machine configuration. Software installation steps. Smart dashboard configuration. Navigation of portal settings.
19. R70 Cluster
SPLAT FW installation. Sysconfig of FW. Cluster object configuration. Policy configuration. Policy installation and verification.
20. Command Line World Part 1
Review of core XL. FW monitor troubleshooting.
21. Command Line World Part 2
Troubleshooting with TCP dump. FW troubleshooting and verification commands.
22. Smart Provisioning
FW object settings. Provisioning profiles. Review of SP gui settings. Deploying FW settings.
23. Smart Analyzer
Software installation. Dashboard object configuration. Server components configuration.
24. Smart Reporter
Gui reporter configuration. Review of report settings

Exam

Exam: 156-315.77
Duration
: 100 +30 extension
Questions: 70 to 100
Minimum to Pass:70%
Valid for: 2 Years

This time i got 89 questions, and i was scared because i mixed concepts of SmartEvent and i forgot about a few daemons/processes.

I leave here my notes guys to help you out.

And yes, i PASSED! So now i need to wait for my certificate and kit, Check Point needs 6 to 8 weeks to issue that. Shall i go to CCMSE? Maybe later, now it´s time to jump to VMware stuff, because any conversation which has cloud keyword becomes an Hot Topic!

 

CCSE

References:

Check Point Certified Security Expert (CCSE) R77

Check Point Training FAQ

 

I got my Check Point CCSA cert on R77

I´ve been working for a long time with Check Point but i did not take any exam, but this was in my objectives for a long time…. So i decided about 1 month ago to start studying for this and was not hard to be honest. The funny thing on Check Point is every Major release it changes the exam Title but that doesn´t mean you don´t know how to work with.

Material

I used the CBT Nuggets GAIA R76 for this and was enough to pass even not be for R77 (minor changes),  i would play more with authentication stuff when i will have time.  This was the first time i used CBT and worth every euro i spent.

Check Point also provide a study guide for this exam, which you can find here.

Videos Overview

1. Welcome! (7 min)
2. Check Point Fundamentals (16 min)
3. Installing GAiA (31 min)
4. Linking the Manager & Firewall (26 min)
5. Pushing Policy (34 min)
6. NAT (34 min)
7. Policy Packages & Database Versions (32 min)
8. SmartView Tracker (28 min)
9. SmartView Monitor (20 min)
10. LDAP (22 min)
11. Identity Awareness (35 min)
12. App Control and URL Filtering (31 min)
13. HTTPS Inspection (26 min)
14. CLI (27 min)
15. IPsec VPNs (Site to Site) (36 min)
16. Backup and Recovery (16 min)
17. Smart Update (14 min)
18. Additional Check Point Features (27 min)
19. CCSA Exam Success (16 min)

Exam

Exam: 156-215.77
Duration
: 100 +30 extension
Questions: 70 to 100
Minimum to Pass:70%
Valid for: 2 Years

The questions are a random number and because i´m a lucky man i got 100 questions, it freezes me at the beginning but after do 75 of them and with spare time to review i thought i would have a good chance to pass.

I leave here my notes guys to help you out.

And yes, i PASSED! Check Point needs 6 to 8 weeks to issue your certificate and Kit, so keep calm and you will get soon your certification in UserCenter.CCSAReferences:

Security Administration (Check Point Certified Security Administrator (CCSA) R77)

CBT Check Point Security

Check Point Training FAQ

 

Check Point Order of Operations

Após alguma pesquisa a Check Point não é muito clara neste tema nas plataformas mais recentes. Este “Order of Operations” aplica-se ao FireWall-1 , e eventualmente ás novas plataformas.

Ligações estabelecidas são permitidas desde que estejam listados nas tabelas de estado e são aceites NATED conforme necessário. Para novas conexões, o FireWall-1 segue esta ordem de operações:

  • Inbound anti-spoof check (verifies that the source IP is included in the interface’s Topology setting)
  • Inbound check against the rulebase (includes properties)
  • NAT, if appropriate properties are enabled (see Chapter 10)
  • Outbound check against the rulebase (includes properties)
  • NAT, if appropriate properties are not enabled (see Chapter 10)

A base de regra é aplicada nas direções especificadas nas regras pelo “Install On field“. Na maior parte dos casos, isso significa que ambos entram e saem da gateway. No entanto, se uma regra especifica Src (saída) ou Dst (entrada), a regra aplica-se apenas nessa direção. Uma vez que um pacote coincide com uma regra, ele executa a ação listada no “Action field“,  não processando mais nenhuma regra. Para conexões autenticadas não passando por Security Servers, as regras e propriedades são processadas na seguinte ordem:

  • Rulebase properties listed as First are processed. Matches are accepted and not logged.
  • Rules 1 through n+1 (assuming n rules) are processed and logged according to their individual settings.
  • Rulebase properties listed as Before Last are then processed. Matches are accepted and not logged.
  • Rule n is processed and logged according to its setting.
  • Rulebase properties listed as Last are then processed. Matches are accepted and not logged.
  • The Implicit Drop rule is matched (no logging occurs).

Referências:

Check Point Firewall