Check Point | Learning

Technicians, administrators, and system/network/security engineers.

Presentation of Check Point R81 Architecture

• Check Point products.

• New features of version R81.

Gaia Deployment: Installation of Check Point Appliances

• Presentation of the Gaia system.

• Elements of the three-tier architecture.

• Modular architecture of “Software Blades.”

• Check Point Infinity.

• Architecture in distributed mode and standalone mode.

• The management server. The SIC protocol.
  Practical Work: Installation of Check Point R81.

Managing the Security Management Server

• Introduction to SmartConsole R81.

• Security policy. Rule management.

• Unified Policies.

• Packet inspection.

• “Inline” policies (sub-rules).
  Practical Work: Installing SmartConsole. Creating objects. Building a security policy. Enabling anti-spoofing.

Network Address Translation (NAT)

• Address translation rules with IPv4 and IPv6.

• Static NAT (One-to-One NAT) and dynamic NAT (Many-to-One NAT)/PAT.

• Manual NAT.

• ARP issues and routing.
  Practical Work: Setting up automatic static NAT, Hide NAT, and manual translation rules.

Visibility: Log Management, Monitoring, and Reporting

• Log management policy.

• Tracking connections with Logs & Monitor (formerly SmartView Tracker).

• SmartView Monitor: features and alert thresholds.
  Practical Work: Enabling monitoring, using the Suspicious Activity Monitoring Protocol, viewing traffic, monitoring security policy status.

License and Multi-Site Management

• License structure.

• Managing licenses in SmartUpdate and SmartConsole.

• Types of licenses.

• Managing contracts and services.

• Monitoring license status.

• Defining Policy Packages.

• Managing Policy Packages.

• Definition and types of “Layers.”

• Packet inspection in an “Ordered Layer.”

• Sharing Layers (Policy Layer Sharing).

Administrator Management

• “Permission Profiles.”

• Limiting administrator action scope.

• Managing concurrent users.

• Session management.
  Practical Work: Creating a new “Permission Profile” with limited permissions.

HTTPS Decryption

• Creating rules.

• Certificate management.

• Server Name Indications (SNI).
  Practical Work: Implementing HTTPS inspection.

Application Control / URL Filtering

• Limitations of a classic firewall by IP and port.

• Access control.

• AppWiki. URL Filtering.

• UserCheck.
  Practical Work: Web and Application Filtering—create and share the “Web and Applications Filtering” policy as an “Inline Layer” and “Ordered Layer.”

User-Based / Threat Prevention Policy

• Need to retrieve user identity.

• Identity Awareness R81 authentication methods.

• “Access Role” objects.

• Threat Prevention policy and its “Software Blades.”

• Rule management.

• Security profiles.

• Autonomous Threat Prevention.
  Practical Work: Authentication—implement Identity Awareness, create roles and access. Anti-Virus and Anti-Bot.

The trainer evaluates the participant’s learning progress throughout the course using multiple-choice questionnaires, practical exercises, and real-life scenarios.
The participant also completes a placement test before and after the training to validate the skills acquired.