Check Point Certified Troubleshooting Expert R81.10 (CCTE)

The Check Point Certified Troubleshooting Expert R81.10 course (CCTE) provides advanced troubleshooting skills to investigate and resolve more complex issues that may occur while managing your Check Point security environment.

Audience

This course is designed for security experts and Check Point resellers who desire to obtain the necessary knowledge required to perform more advanced troubleshooting skills while managing their security environments.

About the instructor, Eric Anderson

Eric Anderson is a Cybersecurity Architect and Instructor at Atlantic Data Security in Boston. He has been working with Check Point products for over 25 years, both as an Engineer and as a Senior Instructor. 
Eric is often a featured speaker at several cybersecurity conferences including Check Point CPX.

Prerequisites

  • Working knowledge of UNIX and/or Windows operating systems
  • Working knowledge of Networking, TCP/IP
  • CCSE training/certification
  • Advanced knowledge of Check Point Security products

Course topics

  • Advanced Troubleshooting Techniques
  • Advanced Logs and and Monitoring Management
  • Database and Processes
  • Advanced Kernel Debugging
  • User Mode Troubleshooting
  • Advanced Identity Awareness Troubleshooting
  • Advanced Access Control
  • Site-to-Site VPN Troubleshooting
  • Client-to-Site VPN Troubleshooting

Course objectives

  • Demonstrate understanding how to use advanced troubleshooting tools and techniques including:
    • Interpreting diagnostic data with CPInfo
    • Collecting and reading statistical data using CPView
    • Advanced troubleshooting risks.
  • Describe the use of Logs and SmartEvent in troubleshooting.
  • Describe the log indexing system and issues that can occur.
  • Discuss methods to troubleshoot log indexing in SmartLog and SmartEvent.
  • Explain the databases used in Security Management operations.
  • Identify common troubleshooting database issues.
  • Discuss Management Processes.
  • Demonstrate understanding of advance troubleshooting tools and techniques including:
    • How the kernel handles traffic
    • How to troubleshoot issues using chain modules
    • How to use the two main procedures for debugging the Firewall kernel
    • How the two main procedures for debugging the Firewall kernel differ.
  • Demonstrate understanding of user mode debugging, including collecting and interpreting process debugs.
  • Debug user mode processes.
  • Discuss advanced Identity awareness troubleshooting.
  • Learn to run debugs on Identity Awareness.
  • Explain Unifed Access Control flow and processes.
  • Explain Access Control kernel debugs.
  • Describe Access Control process debugs.
  • Explain basic and advanced Site-to-Site VPN troubleshooting tools and techniques, including:
    • Packet captures
    • IKE debugs
    • VPN process debugs.
  • Explain Client-to-Site VPN troubleshooting tools and techniques, including Remote access troubleshooting and Mobile access troubleshooting.

Exercises

  • Collecting and Reading CPInfo
  • Collecting and Reading CPView Data
  • Troubleshooting SmartLog
  • Troubleshooting SmartEvent
  • Troubleshooting Database Issues
  • Debugging Security Gateway Kernel
  • Debugging User Mode Processes
  • Debugging Identity Awareness
  • Debugging Unified Policy Inspection
  • Troubleshooting Site-to-Site VPN
  • Debugging Remote Access VPN

Certification

This course is recommended as preparation for exam 156-586: Check Point Certified Troubleshooting Expert (CCTE) R81.

Other relevant courses