Course Name:	Check Point VPN-1/FireWall-l Management III - NG with Application Intelligence Training:
Course Duration:	4 Days
Deployment Option:	Onsite Training
Course Price:	$3995.00

Who Should Attend:

Systems administrators, security managers and network engineers implementing VPN-1/FireWall-1 G in an enterprise setting, and individuals seeking the Check Point Certified Security Expert Plus: Enterprise Integration and Troubleshooting (CCSE plus) certification.

Prerequisites:

Delegates must already have attended the VPN-1/FireWall-1 Management I - NG and VPN-1/FireWall-1 Management II - NG, or equivalent knowledge and experience

Course Description:

Introduced in February 2002 the advanced VPN-1/FireWall-1 Management III - NG course offers comprehensive training to enhance enterprise knowledge of VPN-1/FireWall-1 Next Generation (NG), addressing network planning, High Availability solutions, and troubleshooting procedures

Course Objectives:

Delegates attending this course will be able to: Planning a secure network, and identifying risks to a network Implementing VPN-1/FireWall-1 in an enterprise or distributed environment Configuring overlapping VPN Domains Integrating VPN-1/FireWall-1 into an LDAP environment Configuring Multiple Entry Point VPNs Using VPN-1/FireWall-1 debugging tools, and applying protocol analyzers, to capture and view packet information Enhancing the performance of operating systems, to maintain the integrity and security of the enterprise VPN installation Troubleshooting the network installation In the labs you will gain hands-on experience in: Creating network diagrams and Security Policy outlines Placing security components in a network, and defining proper subset and overlapping VPN Domains Installing VPN-1/FireWall-1 in a distributed environment Converting users from VPN-1/FireWall-1 files to LDAP Configuring MEP VPNs

Course Outline:

Check Point NG with Application Intelligence - Management III Identifying Assets Business processes End-to-end security Assets Valuation Threats, Vulnerabilities and Risks Threats Evaluating risk Qualitative risk analysis Due care and due diligence Reactions to risk Implementing Safeguards to Mitigate Risk Selecting safeguards Categories of countermeasures Product overview and placement Security-management challenges and solutions Implementing VPN-1/FireWall-1 Probes and DoS attacks Rule Base creation tips VPN-1/FireWall-1 tuning Securing the OS Installing VPN-1/FireWall-1 in a distributed environment LDAP user management with SmartDashboard Introduction to account management Integrating LDAP with VPN-1/FireWall-1 LDAP and user-manager troubleshooting Important debugging tools Integrating Microsoft Active Directory with VPN-1/FireWall-1 Configuring groups in LDAP Management High Availability SmartView Tracker Overlapping VPN Domains Full and partial overlap, and proper subset Multiple Entry Point VPNs IP pools MEP restrictions VPN load distribution Configuring Multiple Entry Point gateways ClusterXL High Availability Load sharing Policy Servers Cluster Control Protocol Analyzing ClusterXL packets ClusterXL state-update mechanism Commands for HA Debugging ClusterXL issues ClusterXL configuration issues Debugging Tools VPN-1/FireWall-1 debug commands The cpinfo file VPN debugging tools VPN log files VPN commands VPN client debugging tools Known configuration issues Debugging logging General Troubleshooting Measures Troubleshooting guidelines Acquiring information and files System crashes Using cpinfo Protocol Analyzers Using snoop to collect information VPN-1/FireWall-1 fw monitor Advanced topics