Detailed Course Outline
Module 1: Introduction to Quantum Security
- Identify the primary components of the Check Point Three-Tier Architecture and explain how they work together.
Lab Tasks:
- Explore Gaia on Security Management Server
- Explore Gaia on Dedicated Log Server
- Explore Gaia on Security Gateway Cluster Members
- Connect to SmartConsole
- Navigate GATEWAYS & SERVERS Vies
- Navigate SECURITY POLICIES Views
- Navigate LOGS & EVENTS Views
- Navigate MANAGE & SETTINGS Views
Module 2: Administrator Account Management
- Explain the purpose of SmartConsole administrator accounts
- Identify features for collaboration: session management, concurrent administration, policy installation
Lab Tasks:
- Create new administrators and assign profiles
- Test administrator profile assignments
- Manage concurrent sessions
- Take over another session and verify status
Module 3: Object Management
- Explain the purpose of SmartConsole objects
- Provide examples of physical and logical objects
Lab Tasks:
- View and modify GATEWAYS & SERVERS objects
- View and modify network objects
- View and modify service objects
Module 4: Security Policy Management
- Explain the purpose of Security Policies
- Identify the essential elements of a Security Policy.
- Identify features and capabilities that enhance the configuration and management of the Security Policy.
Lab Tasks:
- Verify and modify the Security Policy.
- Install the standard Security Policy.
- Test the Security Policy.
Module 5: Policy Layers
- Demonstrate an understanding of the Check Point policy layer concept.
- Explain how layers affect traffic inspection.
Lab Tasks:
- Add an Ordered Layer
- Configure and deploy Ordered Layer rules
- Test Ordered Layer policy
- Create Inline DMZ Layer
- Test Inline DMZ Layer
Module 6: Security Operations Monitoring
- Explain the purpose of security operations monitoring
- Tune log server configuration
- Use predefined and custom queries to filter the logging results.
- Monitor the state of Check Point systems.
Lab Tasks:
- Configure log management
- Enhance rulebase view, rules, and logging
- Review logs and search for data
- Configure Monitoring Blade
- Monitor status of the systems
Module 7: Identity Awareness
- Explain the purpose of the Identity Awareness solution
- Identify the essential elements of Identity Awareness.
Lab Tasks:
- Adjust security policy for Identity Awareness
- Configure Identity Collector
- Define the user access role
- Test Identity Awareness
Module 8: HTTPS Inspection
- Explain the purpose of HTTPS Inspection solution
- Identify the essential elements of HTTPS Inspection
Lab Tasks:
- Enable HTTPS Inspection
- Adjust access control rules
- Deploy Security Gateway certificate
- Test and analyze policy with HTTPS Inspection
Module 9: Application Control and URL Filtering
- Explain the purpose of the Application Control and URL Filtering solutions
- Identify the essential elements of Application Control and URL Filtering
Lab Tasks:
- Adjust the Access Control Policy
- Create and adjust Application Control and URL
- Test and adjust the Application Control and URL Filtering Rules
Module 10: Threat Prevention Fundamentals
- Explain the purpose of the Threat Prevention solution
- Identify the essential elements of Autonomous Threat Prevention
Lab Tasks:
- Enable Autonomous Threat Prevention
- Test Autonomous Threat Prevention
Module 11: Management High Availability
- Explain the purpose of Management High Availability
- Identify the essential elements of Management High Availability
Lab Tasks:
- Deploy and configure Management High Availability
- Ensure the failover process functions as expected
Module 12: Advanced Policy Management
- Identify ways to enhance the Security Policy with more object types
- Create dynamic objects to make policy updatable from the Gateway
- Manually define NAT rules
- Configure Security Management behind NAT
Lab Tasks:
- Use Updatable Objects
- Configure Network Address Translation for server and network objects
- Configure Management behind NAT for Branch Office connections
Module 13: Site-to-Site VPN
- Discuss site-to-site VPN basics, deployment, and communities
- Describe how to analyze and interpret VPN tunnel traffic
- Articulate how pre-shared keys and certificates can be configured to authenticate with third-party and externally managed VPN Gateways
- Explain Link Selection and ISP Redundancy options
- Explain tunnel management features
Lab Task:
- Configure Site-to-Site VPN with internally managed Security Gateways
Module 14: Advanced Security Monitoring
- Describe the SmartEvent and Compliance Blade solutions, including their purpose and use
Lab Tasks:
- Configure a SmartEvent Server to monitor relevant patterns and events
- Demonstrate how to configure Events and Alerts in SmartEvent
- Demonstrate how to run specific SmartEvent reports
- Activate the Compliance Blade
- Demonstrate Security Best Practice settings and alerts
- Demonstrate Regulatory Requirements Compliance Scores
Module 15: Upgrades
- Identify supported upgrade options
Lab Task:
- Upgrade a Security Gateway
- Use Central Deployment tool to install Hotfixes
Module 16: Advanced Upgrades and Migrations
- Export/import a Management Database
- Upgrade a Security Management Server by freshly deploying the new release or using a new appliance
Lab Task:
- Prepare to perform an Advanced Upgrade with Database Migration on the Primary Security Management Server in a distributed environment
- Perform an import of a Primary Security Management Server in a distributed Check Point environment
Module 17: ElasticXL Cluster
- Describe the ElasticXL Cluster solution, including its purpose and use
Lab Tasks:
- Deploy an ElasticXL Security Gateway Cluster