CHECK POINT CERTIFIED SECURITY ADMINISTRATOR (CCSA)- R81.20
About This Course
CHECK POINT CERTIFIED SECURITY ADMINISTRATOR (CCSA)- R81.20
The Check Point CCSA training and certification is mainly targeted to those candidates who want to build their career in Security domain. The Check Point Certified Security Administrator (CCSA) R81 exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of Check Point CCSA R81
PREREQUISITES
Working knowledge of Windows, UNIX, networking technology, the Internet and TCP/IP
AUDIENCE
- Technical professionals who support, install deploy or administer Check Point products
- Network and security Engineers
Table of Contents
Module 1: Overview of Firewall Technologies
- What is a Firewall
- Firewall Technologies
- Legacy or Traditional Firewalls
- Next Generation Firewalls
Module 2: Introduction to Checkpoint Technology
- Security Management Architecture – SMART
- Checkpoint Core Systems – 3 Tier Architecture
- Secure Internal Communication – SIC
- Internal Certificate Authority – ICA
- Initializing trust
Module 3: Checkpoint Security Solutions and Licensing
- Software Blade Architecture
- Security Gateway Software Blades
- Management Server Software Blades
- Licensing overview
Module 4: Checkpoint Firewall Deployment
- Deployment Platforms
- Checkpoint Gaia OS
- Standalone Deployment
- Distributed Deployment
Module 5: Gaia OS Installation and Configuration
- Preparing for LAB
- Gaia OS Installation
- Initial Configuration – WebUI
- Downloading and Installing Smart Console
Module 6: Secure Internal communication (SIC)
- Smart console access to management Server
- Creating Security gateway object
- SIC establishment
- Verifying Policy installation
Module 7: Anti spoofing
- Understanding IP spoofing
- Prevention and tracking
- Network group
Module 8: Security Policy Management
- Security Policy Basics
- Implicit and Explicit Security rules
- Publishing Security Policy
- Installing Security Policy
Module 9: Logging and Monitoring
- Security and Audit Logs
- Smart View Monitor
- Monitoring Traffic and Connections
Module 10: HTTPS Inspection
- SSL Handshake
- Digital Certificate
- Inbound and outbound Inspection
- Enabling HTTPS Inspection
- HTTPS Inspection Policy
Module 11: Application Control and URL Filtering
- Application and URL Filtering Blades
- Editing Policy Layer
- Creating Security Rule
- Monitoring Application and URL Filtering
Module 12: Zone Based Security Rule
- Understanding Security Zone
- Creating Zone Based security Rule
Module 13: Inline Layer Policy
- Benefits of Inline Layer Policy
- Creating Inline Layer Policy
Module 14: Suspicious Activity Rules
- Understanding SAM Rule
- Creating SAM Rule from Smart View Monitor
Module 15: Network Address Translation – NAT
- Introduction to NAT
- Types of NAT – Static and Hide NAT
- Automatic Vs Manual NAT
- Manual Proxy ARP – Local.arp
- NAT – Global Properties
Module 16: Managing User Access
- Identity Awareness
- Methods for Acquiring Identity
- Light Weight Directory Access Protocol – LDAP
Module 17: Threat Prevention Solution
- Threat Prevention Components
- Threat Prevention Profiles
Module 18: Intrusion Prevention System (IPS)
- IPS Software Blade
- IPS Protection
Module 19: Anti Virus and Anti Bot
- Anti Virus
- Anti Bot
Module 20: Sand Blast
- Sandblast – Threat Emulation
- Sandblast – Threat extraction
Module 21: Adding a Second Security Gateway
- Creating Security Rule for SIC
- Control connections and NAT
- Policy Packages
Module 22: Virtual Private Network
- VPN Overview
- IPsec site to site VPN
- Internet Key Exchange (IKE)
- Phase 1 and Phase 2 Tunnels
- Domain Based VPN Vs Route Based VPN
- VPN Community and Domain
Module 23: IPsec site to Site VPN Configuration
- Creating VPN Community
- Encryption Domains
- IKE Phase 1 and Phase 2 Attributes
Module 24: IPsec S2S VPN between Checkpoint and Cisco
- Configuring Cisco Router
- Interoperable Device Object
- Checkpoint Gateway Configuration
Module 25: Troubleshooting IPsec VPN
- VPN Debug
- Analyzing debug log with Ikeview tool
Module 26: Remote Access VPN
- Clientless Vs Client based
- SSL VPN
- Split Tunnelling
Module 27: Backup and Snapshot
- Database Revisions
- Backup and Restore
- Snapshot and Revert
Module 28: CLI and Troubleshooting
- Clish and Bash (Expert Mode)
- Important commands
- TCPDUMP and fw monitor
Your Instructors
nettech
Manoj Verma (CCIE#43923) - Instructor & Consultant
Manoj Verma (CCIE#43923) is a highly experienced senior technical instructor and Network/ security consultant. He has been in the networking industry for more than 20 years, with a focus on networking and security for the past 15 years. He has assisted thousands of engineers in obtaining their various certifications starting from CCNA to CCIE, CCSA, CCSE, PCNSE, F5, etc. and learning the latest and cutting-edge technologies. He started his career as a system administrator and then switched to the networking and security domain. During the job, he realized that he is gifted with a passion for teaching and sharing his knowledge, as he used to teach his colleagues and friends. In his classroom training, he always starts with explaining the theory on a certain topic and then gives away a short note of key points and finally end with lab implementation. Now a day, driving down to the training institute to attend classroom training sessions is not feasible for everyone owing to the workflow, odd working hours and rotational shifts, especially for working professionals and those who are living in different cities and countries. He started getting multiple requests from lots of students to launch an online training module in the same way as he teaches in his classrooms. Keeping all this in mind, he designed this self-paced training module which replicates classroom training. He has brought his years of classroom teaching experience, and years of real-world enterprise and service provider experience in designing training modules. For a better understanding of technologies and in-depth knowledge, reading books or short notes is necessary and to witness the theoretical information in live, practical knowledge is required so he has included both which is very unique in the IT training sector.