Check Point Security Master (CCSM)
Kursavgift: kr 25 000 | Varighet: 3 dager
- CCSE or equivalent knowledge
- Windows Server, UNIX and networking skills and TCP/IP experience
- Working knowledge of network and internet Technology
Section 1: Troubleshoot security problems
Section 2: Chain Modules
- Given a specific internal or client problem, replicate the issues in a test environment.
- Given a specific internal or client problem, troubleshoot and correct the issue.
Section 3: Network Address Translation (NAT)
- Use command fw ctl chain to study chain module behavior. Observe how policy changes
impact the chain.
- Use the command fw debug fwm on and review the file fwm.elg to find such issues as SIC,
mis-configured rules, GUI client connectivity problems, and improperly entered information.
- Given a specific internal or client need, analyze and apply the appropriate hot fix and evaluate its
- Use Check Point Debugging Tools: Reading and identifying fwmonitor outputs. Generating and interpreting kernel debugs.
Section 4: ClusterXL
- Use commands fw ctl debug and fw monitor to troubleshoot the NAT stages of Automatic
Hide NAT and Automatic Static NAT.
- Configure Manual NAT to define specific rules in unique NAT environments.
Section 5: VPN Troubleshooting
- Using commands fw ctl debug and fw ctl kdebug troubleshoot ClusterXL connections
from information displayed in debug file.
- Use commands fw tab –t connections and fw tab –t connections –x to review
and clear connections table.
- Modify file table.def to allow traffic through a specific cluster member.
Section 6: SecureXL Acceleration debugging
- Use command vpn debug to locate source of encryption failures.
- Use command fw monitor to verify VPN connectivity and identify potentially mis-configured VPN`s.
Section 7: Hardware Optimization
- Use commands fw accel and kernel debug to view acceleration tables and verify accelerated
Section 8: Software Tuning
- Identify the correct Check Point Hardware/Appliances for a given scenario
- Performance tuning and evaluation of complex networks and technologies
- Scope proper sizing of hardware based on customer requirements
- Use command ethtool to tune NIC performance.
- Edit arp cache table to increase size to improve performance.
- Use command fw ctl pstat to improve load capacity.
- Use the fwaccel stat and fwaccel stats outputs to tune the firewall rule base.
Section 9: Enable CoreXL
- Deploy NAT templates to reduce load on Rule Base application.
- Configure cluster synchronization planning to improve network performance.
- Identify performance limiting configurations
- Correct and tune different scenarios
- Identify the causes of performance limiting factors (internal and external factors)
Section 10: IPS
- Configure CoreXL for specific cpu task assignment.
Section 11: IPV6
- Configure IPS to reduce false positives.
- Use command fw ctl zdebug to improve logging efficiency.
- Use IPS Bypass to improve performance.
Section 12: Advanced VPN
- Deploy IPV6 in a local environment
Section 13: Dynamic Routing
- Identify differences between route-based VPNs and domain-based VPNs.
- Configure VTI for route-based VPN gateways.
- Configure OSPF for Dynamic VPN routing in a Community.
- Identify the Wire Mode function by testing a VPN failover.
- Configure Directional VPN Rule Match for Route-Based VPN.
- Diagnose and solve specific routing issues in a network environment.
- Multicast Design and troubleshooting PIM Sparse mode and Dense mode based on GateD and IPSRD
- Design/troubleshoot OSPF/BGP in GateD and IPSO IPSRD environments
- Static routing and network topologies
This course prepares for exam #156-115.77. The Exam is not included in the course price.
The exam consists of 80 multiple-choice questions with a passing score of 70% in 90 minutes.
Valid CCSE required to achieve the CCSM certification.