Ccse 2013 Study Guide

Check Point Security EngineeringStudy Guide

R76 Edition

Copyright 2013 Check Point Software Technologies, Inc. All rights reserved.

. . .

. .

© 2013 Check Point Software Technologies Ltd.

All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and de-compilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

RESTRICTED RIGHTS LEGEND:

Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19.

TRADEMARKS:

Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks.

Refer to the Third Party copyright notices (http:// www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses.

iii

0

International Headquarters: 5 Ha’Solelim Street

Tel Aviv 67897, Israel

Tel: +972-3-753 4555

U.S. Headquarters: 959 Skyway Road, Suite 300

San Carlos, CA 94070

Tel: 650-628-2000

Fax: 650-654-4233

Technical Support, Education & Professional Services:

6330 Commerce Drive, Suite 120

Irving, TX 75063

Tel: 972-444-6612

Fax: 972-506-7913

E-mail any comments or questions about our courseware to [email protected].

For questions or comments about other Check Point documentation, e-mail [email protected].

Document #: CPTS-DOC-CCSE-SG-R76

iv

Preface
The Check Point Certified Security Engineering Exam
The Check Point Security Engineering course provides an understanding of upgrad-ing and advanced configuration of Check Point software blades, installing and man-aging VPNs (on both internal and external networks), gaining the maximum security from Security Gateways, and resolving Gateway performance issues. The Check Point Security Engineering Study Guide supplements knowledge you have gained from the Security Engineering course, and is not a sole means of study.

The Check Point Certified Security Engineering #156-315.13 exam covers the fol-lowing topics:

The process for backup of a Security Gateway and Management Server using your understanding of the differences between backups, snapshots, and upgrade-exports.

The process for upgrade of Management Server using a database migration.

How to perform debugs on firewall processes.

Building, testing and troubleshooting a ClusterXL Load Sharing deployment on an enterprise network.

Building, testing and troubleshooting a ClusterXL High Availability deployment on an enterprise network.

1

Preface: The Check Point Certified Security Engineering Exam

Building, testing and troubleshooting a management HA deployment on an enterprise network.

Configuring, maintaining and troubleshooting SecureXL and CoreXL acceleration solutions on the corporate network traffic to ensure noted performance enhancement on the firewall.

Building, testing and troubleshooting a VRRP deployment on an enterprise network.

Using an external user database such as LDAP, to configure User Directory to incorporate user information for authentication services on the network.

Managing internal and external user access to resources for Remote Access or across a VPN.

Troubleshooting a site-to-site or certificate-based VPN on a corporate gateway using IKEView, VPN log files and command-line debug tools.

Optimizing VPN performance and availability using Link Selection and Multiple Entry Point solutions.

Managing and testing corporate VPN tunnels to allow for greater monitoring and scalability with multiple tunnels defined in a community including other VPN providers.

Creating Events and using existing event definitions to generate reports on specific network traffic using SmartReporter and SmartEvent in order to provide industry compliance information to management.

Troubleshoot report generation given command-line tools and debug-file information.

2 Check Point Security Engineering Study Guide


Frequently Asked Questions

The table below provides answers to commonly asked questions about the Check Point CCSE #156-315.13 exams:

Question Answer

What are the Check Point rec-ommendations and prerequi-sites?

Check Point recommends you have at least 6 months to 1 year of experience with the prod-ucts, before attempting to take the CCSE # 156-315.13 exam. In addition, you should also have basic networking knowledge, knowl-edge of Windows Server and/or UNIX, and experience with TCP/IP and the Internet.

Check Point also recommends you take the Check Point Security Engineering class from a Check Point Authorized Training Center (ATC). We recommend you take this class before taking the CCSE # 156-315.13 exam.

Check Point ATCs also offer Check Point’s comprehensive #156-315.13 Exam Prep course (only available at Check Point ATCs).

To locate an ATC, see:

http://atc.checkpoint.com/atclocator/locateATC

How do I register? Check Point exams are offered through Pearson VUE, a third-party testing vendor with more than 3,500 testing centers worldwide.

Pearson VUE offers a variety of registration options. Register via the Web or visit a specific testing center. Registrations at a testing center may be made in advance or on the day you wish to test, subject to availability. For same-day testing, contact the testing center directly.

Locate a testing center from the VUE Pearson Web site:

www.pearsonvue.com

Check Point Security Engineering Study Guide 3


What is the exam structure? The exams are composed of multiple-choice and scenario questions. There is no partial credit for incorrectly marked questions.

How long is the exam?

Do I get extra time, if I am not a native English speaker?

The following countries are given 90 minutes to complete the exam. All other regions get 120 minutes:

Australia

Bermuda

Canada

Japan

New Zealand

Ireland

South Africa

UK

US

What are the pre-requisites for the CCSE R76 exam?

CCSA R70,CCSA 71, CCSA R75, or CCSA R76.

How can I update my R65 certification?

If you have any CCSA R60 certification, take the CCSA R70/71 Update Training Blade to

update your CCSA certification. If you have a CCSE R60 certification, take the CCSE

R70/71 Update Training Blade to update your CCSE certification.

How long is my certification valid?

Check Point certifications are valid for 2 years. CCMAs are valid for 3 years. Any certification more than three (3) years old is not considered current. Certifications become inactive after five years. Your benefits may be suspended if your certification is not current. Your certifica-tion can be maintained with annual continuing education credits.

Question Answer



What are ‘continuing education credits’?

Continuing education credits help you maintain Check Point certifications without starting over with every product release. Continuing educa-tion credits can be earned in a variety of ways like completing shorter training lessons (Train-ing Blades), by participating in our test devel-opment process, and even attending CPX.

What are the pre-requisites for CCMA?

CCSE is mandatory; CCMSE is suggested.

Do you have a test-out option? Though highly recommended, it is not a requirement to attend a training course before challenging the exam. You may test at any time, however it is advised you spend at least 6 months working with Check Point products before attempting to achieve certification.

Are study materials available? Free study guides and practice exams are avail-able for download at http://www.checkpoint.com/services/education/index.html#resources.Courseware can be purchased on our eStore and Training is available from an ATC.

Check Point ATCs also offer Check Point’s comprehensive #156-315.13 Exam Prep course (only available at Check Point ATCs).

How soon can I re-take an exam if I fail?

If you fail an exam you must wait 24 hours before your 2nd attempt, and 30 days for the 3rd attempt. Once you pass a test you cannot take it again for a higher score.

Can I get exam insurance? Students automatically get a 50% re-take dis-count on any 2nd attempt of the CCSA and CCSE R76 exams.

Question Answer



I only failed by 1 point and based on my calculations I should have passed – what happened?

The function of certification is to provide proof the Check Point Certified professional is qualified to protect the lifeblood of organizations – their data. Check Point takes this very seriously and we constantly strive to administer the most effective exams. Passing is calculated by comparing the number of ques-tions answered correctly versus the number of questions answered incorrectly. Not all sections of the test are weighted equally.

Can I take any R65 level exams?

No, all R65 exams have been retired except for the Japanese versions. Our philosophy is to provide training and certification only for current technologies so our partners and cus-tomers will always benefit from the latest secu-rity advancements.

Where can I find more informa-tion about Check Point Certi-fied Professionals?

The Check Point Certified Professionals web-site and newsletter are a benefit which contain special information and resources that are not available to the public.

What happens when I pass my exam? When will I receive my Certificate?

After you pass a Check Point exam at VUE, your exam results are uploaded. On the 15th and 30th, we process all certification results and order certification kits. It takes 6-8 weeks to receive your certificate. Your advanced access to Secure Knowledge and the Certified Professionals website is established once you achieve certification.

Why can’t I have more than one account at Pearson VUE test centers?

Check Point only allows one Pearson VUE account to track your Check Point exams. If you change companies, please update the contact information in your Pearson VUE account instead of creating a new one so your Check Point certifications will follow you. You can verify your accounts with Customer Ser-vice here:http://www.vue.com/checkpoint/contact/

Question Answer



What happens if someone gets caught cheating? How do you prevent it?

Every individual who takes an exam signs our Non-disclosure agreement. Anyone caught in the act of cheating or sharing exam items will have their Check Point certifications revoked for 2 years. All testing privileges and partner program participation will be deactivated during this time. Check Point collaborates with major technology companies to prevent cheat-ing through test pattern analysis and distribu-tion best practices. Together we identify and take legal action against unauthorized test cen-ters and inaccurate “brain dump” sites.

What are the benefits of Check Point certification?

Check Point Certified Professionals receive access to the Advanced SecureKnowledge base, Certified Professionals only website and quarterly newsletter for 2 years. Check Point Certified Master Architects (CCMA) receive 3 years Expert level access to SecureKnowledge.

How do take a Training Blade exam?

You can purchase Training Blades at http://store.checkpoint.com. Please forward your email confirmation to: [email protected] for access to the exam. Please include your Check Point Cer-tified Professional ID# for credit. Your certifi-cation ID# is generated when you create an account at Pearson VUE. If you have any ques-tions about your ID#, please email: [email protected].

How do I access my certifica-tion benefits?

Make sure your Check Point User Center (UC) email address matches the email address regis-tered with Pearson VUE. Your UC profile will automatically be updated with each certifica-tion, including advanced access to Secure-Knowledge and the Certified Professionals only website. If you have any problems or questions about your benefits please email: [email protected]

Question Answer



For more exam and course information, see:

http://www.checkpoint.com/services/education/


Chapter

1Upgrading

Upgrades are used to save Check Point product configurations, Security Policies, and objects, so that Security Administrators do not need to re-create Gateway and Security Management Server configurations.

Chapter Objectives:

• Perform a backup of a Security Gateway and Management Server using your understanding of the differences between backups, snapshots, and upgrade-exports.

• Upgrade and troubleshoot a Management Server using a database migration.

• Upgrade and troubleshoot a clustered Security Gateway deployment.

7

Chapter 1: Upgrading Upgrading Topics

Upgrading TopicsThe following table outlines the topics covered in the “Upgrading” chapter of the Check Point Security Engineering Course. This table is intended as a supplement to knowledge you have gained from the Security Engineering Courseware handbook, and is not meant to be a sole means of study.

Topics Key Elements Page Numbers

Backup and Restore Secu-rity Gateways and Man-agement Servers

p. 11

Snapshot management

Upgrade Tools

Backup Schedule Recommenda-tions

Upgrade Tools

Performing Upgrades

Support Contract

p. 11

p. 12

p. 12

p. 12

p. 13

p.13

Upgrading Standalone Full High Availability

p. 16

Table 1-1: Upgrade Topics

Topic Key Element Page Number

Lab 1: Upgrading to Check Point R76 L-p. 1

Install Security Management Server L-p. 2

Table 1-2: Upgrading to Check Point R76 - Lab Topics


Upgrading Topics Chapter 1: Upgrading

Migrating Management server Data L-p. 6

Importing the Check Point Database L-p. 30

Launch SmartDashboard L-p. 34

Upgrading the Security Gateway L-p. 36


Table 1-2: Upgrading to Check Point R76 - Lab Topics


Chapter 1: Upgrading Sample CCSE Exam Question

Sample CCSE Exam QuestionDuring an upgrade to the management server, the contract file is transferred to a gateway when the gateway is upgraded. Where is the contract file retrieved from

a. ISO

b. Technical Support

c. Management.

d. User Center.


Answer Chapter 1: Upgrading

AnswerDuring an upgrade to the management server, the contract file is transferred to a gateway when the gateway is upgraded. Where is the contract file retrieved from

a. ISO

b. Technical Support

c. Management.

d. User Center...


Chapter 1: Upgrading Answer


Chapter

2Advanced Firewall

The Check Point Firewall Software Blade builds on the award-winning technology, first offered in Check Point’s firewall solution, to provide the industry’s best gate-way security with identity awareness. Check Point’s firewalls are trusted by 100% of Fortune 100 companies and deployed by over 170,000 customers. Check Point products have demonstrated industry leadership and continued innovation since the introduction of FireWall-1 in 1994.

Objectives:

Using knowledge of Security Gateway infrastructure, including chain modules, packet flow and kernel tables to describe how to perform debugs on firewall processes.

17

Chapter 2: Advanced Firewall Advanced Firewall Topics

Advanced Firewall TopicsThe following table outlines the topics covered in the “Advanced Firewall” chapter of the Check Point Security Engineering Course. This table is intended as a supplement to knowledge you have gained from the Security Engineering Courseware handbook, and is not meant to be a sole means of study..


Check Point Firewall Infra-structure

p. 21

GUI Clients

Management

p. 21

p. 21

Security Gateway p. 22

User and Kernel Mode Processes

CPC Core Process

FWM

FWD

CPWD

Inbound and Outbound Packet Flow

Inbound FW CTL Chain Modules

Outbound Chain Modules

Columns in a Chain

Stateful Inspection

p. 23

p. 24

p. 24

p. 25

p. 25

p. 26

p. 27

p. 28

p. 29

p. 30

Kernel Tables p. 32

Connections Table

Connections Table Format

p. 33

p. 44

Check Point Firewall Key Features

p. 35

Table 2-1: Advanced Firewall Topics


Advanced Firewall Topics Chapter 2: Advanced Firewall

Packet Inspection Flow

Policy Installation Flow

Policy Installation Process

Policy Installation Process Flow

p. 35

p. 36

p. 38

p. 39

NAT p. 41

How NAT Works

Hide NAT Process

Security Servers

How a Security Server Works

Basic Firewall Administration

Common Commands

p. 41

p. 42

p. 43

P. 43

p. 44

p. 45

FW Monitor p. 46

What is FW Monitor

C2S Connections and S2C Packets

fw monitor

p. 46

p. 47

p. 48


Lab 2: Core CLI Elements of Firewall Administration

L-p. 43

Policy Management and Status Verification from the CLI L-p. 44

Using cpinfo L-p. 47

Table 2-2: Advanced Firewall - Lab Topics


Table 2-1: Advanced Firewall Topics


Chapter 2: Advanced Firewall Advanced Firewall Topics

Run cpinfo on the Security Management Server L-p. 52

Analyzing cpinfo in InfoView (Optional) L-p. 53

using fw ctl pstat L-p. 58

Using tcpdump L-p. 62


Table 2-2: Advanced Firewall - Lab Topics


Sample CCSE Exam Question Chapter 2: Advanced Firewall

Sample CCSE Exam QuestionUser definitions are stored in __________________

a. $FWDIR/conf/fwmuser.conf

b. $FWDIR/conf/users/NDB

c. $FWDIR/conf/fwauth.NDB

d. $FWDIR/conf/conf/fwusers.conf


Chapter 2: Advanced Firewall Answer

AnswerUser definitions are stored in __________________

a. $FWDIR/conf/fwmuser.conf

b. $FWDIR/conf/users/NDB

c. $FWDIR/conf/fwauth.NDB

d. $FWDIR/conf/conf/fwusers.conf


Chapter 2: Advanced Firewall Answer


Chapter

3Clustering and Acceleration

Whether your preferred network redundancy protocol is Check Point ClusterXL technology or standard VRRP protocol, it is no longer a “platform choice” you will have to make with Gaia. Both ClusterXL and VRRP are fully supported by Gaia, and Gaia is available to all Check Point Appliances, open servers and virtualized environments. There are no more trade-off decisions between required network pro-tocols and preferred security platforms/functions.

Objectives:

Build, test and troubleshoot a ClusterXL Load Sharing deployment on an enterprise network.

Build, test and troubleshoot a ClusterXL High Availability deployment on an enterprise network.

Build, test and troubleshoot a management HA deployment on an enterprise network.

Configure, maintain and troubleshoot SecureXL and CoreXL acceleration solutions on the corporate network traffic to ensure noted performance enhancement on the firewall.

Build, test and troubleshoot a VRRP deployment on an enterprise network.

23

Chapter 3: Clustering and Acceleration Clustering and Acceleration Topics

Clustering and Acceleration TopicsThe following table outlines the topics covered in the “Clustering and Acceleration” chapter of the Check Point Security Engineering Course. This table is intended as a supplement to knowledge you have gained from the Security Engineering Courseware handbook, and is not meant to be a sole means of study..


VRRP p. 53

VRRP vs ClusterXL

Monitored Circuit VRRP

Troubleshooting VRRP

p. 53

p. 57

p. 57

Clustering and Accelera-tion

p. 60

Clustering Terms

ClusterXL

Cluster Synchronization

Synchronized-Cluster Restrictions

Securing the Sync Interface

To Synchronize or Not to Synchro-nize

p. 61

p. 62

p. 63

p. 64

p. 64

p. 65

ClusterXL: Load Sharing p. 66

Multicast Load Sharing

Unicast Load Sharing

How Packets Travel Through a Uni-cast LS Cluster

Sticky Connections

p. 66

p. 66\p.

p. 67

p. 68

Maintenance Tasks and Tools

p. 70

Table 3-1: Clustering and Acceleration Topics


Clustering and Acceleration Topics Chapter 3: Clustering and Acceleration

Perform a Manual Failover of the FW Cluster

Advanced Cluster Configuration Examples

p. 70

p. 71

Management HA p. 72

The Management High Availability Environment

Active vs. Standby

What Data is Backed Up?

Synchronization Modes

Synchronization Status

p. 72

p. 73

p. 73

p. 73

p. 74

SecureXL: Security Accel-eration

p. 75

What SecureXL Does

Packet Acceleration

Session Rate Acceleration

Masking the Source Port

Application Layer Protocol - An Example with HTTP

HTTP 1.1

Factors that Preclude Acceleration

Factors that Preclude Templating (Session Acceleration)

Packet Flow

VPN Capabilities

p. 75

p. 75

p. 76

p. 76

p. 76

p. 78

p. 79

p. 78

p. 80

p. 81

CoreXL: Multicore Accel-eration

p. 82




Chapter 3: Clustering and Acceleration Clustering and Acceleration Topics

Supported Platforms and Features

Default Configuration

Processing Core Allocation

Allocating Processing Cores

Adding Processing Cores to the Hardware

Allocating an Additional Core to the SND

Allocating a Core for Heavy Log-ging

Packet Flows with SecureXL Enabled

p. 82

p. 83

p. 83

p. 84

p. 84

p. 85

p. 85

p. 86


Lab 3 Migrating to a Clus-tering Solution

L-p. 63

Installing and Configuring the Secondary Security Gateway L-p. 64

Re-configuring the Primary Gateway L-p. 76

Configuring Management Server Routing L-p. 79

Configuring the Cluster Object L-p. 82

Testing High Availability L-p. 107

Table 3-2: Clustering and Acceleration - Lab Topics




Clustering and Acceleration Topics Chapter 3: Clustering and Acceleration

Installing the Secondary Management Server L-p. 111

Configuring Management High Availability L-p. 119


Table 3-2: Clustering and Acceleration - Lab Topics


Chapter 3: Clustering and Acceleration Sample CCSE Exam Question

Sample CCSE Exam QuestionA zero downtime upgrade of a cluster...?

a. Upgrades all cluster members except one at the same time

b. Is only supported in major releases (R70,to R71, R71 to R76)

c. Treats each individual cluster member as an individual gateway

d. Requires breaking the cluster and upgrading members independently.


Chapter 3: Clustering and Acceleration Answer

AnswerA zero downtime upgrade of a cluster...?

a. Upgrades all cluster members except one at the same time

b. Is only supported in major releases (R70,to R71, R71 to R76)

c. Treats each individual cluster member as an individual gateway

d. Requires breaking the cluster and upgrading members independently.


Chapter

4Advanced User Management

Consistent user information is critical for proper security. Without a centralized data store, managing user information across multiple applications can be a manual, error-prone process.

Objectives:

Using an external user database such as LDAP, configure User Directory to incorporate user information for authentication services on the network.

Manage internal and external user access to resources for Remote Access or across a VPN.

Troubleshoot user access issues found when implementing Identity Awareness.

29

Chapter 4: Advanced User Management Advanced User Management Topics

Advanced User Management TopicsThe following table outlines the topics covered in the “Advanced User Management” chapter of the Check Point Security Engineering Course. This table is intended as a supplement to knowledge you have gained from the Security Engineering Courseware handbook, and is not meant to be a sole means of study.


User Management p. 91

Active Directory OU Structure

Using LDAP Servers with Check Point

LDAP User Management with User Directory

Defining an Account Unit

Configuring Active Directory

Schemas

Multiple User Directory (LDAP) Servers

Authentication Process Flow

Limitations of Authentication Flow

User Directory (LDAP) Profiles

p. 91

p. 93

p. 94

p. 95

p. 95

p. 95

p. 96

p. 96

p. 97

p. 97

Troubleshooting User Authentication and User Directory (LDAP)

p. 98

Common Configuration Pitfalls

Some LDAP Tools

Troubleshooting User Authentica-tion

p. 99

p. 99

p. 100

Identity Awareness p. 101

Table 4-1: Advanced User Management Topics


Advanced User Management Topics Chapter 4: Advanced User Management

Enabling AD Query

AD Query Setup

Identifying users behind an HTTP Proxy

Verifying there’s a logged on AD user at the source IP

Checking the source computer OS.

Using SmartView Tracker

p. 102

p. 103

p.104

p. 104

p. 105

p. 106


Lab 4: Configuring Smart-Dashboard to Interface with Active Directory

L-p. 133

Creating the Active Directory Object in SmartDashboard

Verify SmartDashboard Communi-cation with the AD Server

L-p. 134

L-p. 141

Table 4-2: Advanced User Management- Lab Topics


Table 4-1: Advanced User Management Topics


Chapter 4: Advanced User Management Sample CCSE Exam Question

Sample CCSE Exam QuestionChoose the BEST sequence for configuring user managemetn in SmartDashboard, using an LDAP server.

a. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.

b. Configure a server object for the LDAP Account Unit, and create an LDAP resource object

c. Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit.

d. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.


Answer Chapter 4: Advanced User Management

AnswerChoose the BEST sequence for configuring user managemetn in SmartDashboard, using an LDAP server.

a. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.

b. Configure a server object for the LDAP Account Unit, and create an LDAP resource object

c. Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit.

d. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.


Chapter 4: Advanced User Management Answer


Chapter

5Advanced IPsec VPN and Remote Access

Check Point's VPN Software Blade is an integrated software solution that provides secure connectivity to corporate networks, remote and mobile users, branch offices and business partners. The blade integrates access control, authentication and en-cryption to guarantee the security of network connections over the public Internet.

Objectives:

Using your knowledge of fundamental VPN tunnel concepts, troubleshoot a site-to-site or certificate-based VPN on a corporate gateway using IKEView, VPN log files and command-line debug tools.

Optimize VPN performance and availability by using Link Selection and Multiple Entry Point solutions.

Manage and test corporate VPN tunnels to allow for greater monitoring and scalability with multiple tunnels defined in a community including other VPN providers.

29

Chapter 5: Advanced IPsec VPN and Remote Access Advanced IPsec VPN and Remote Access

Advanced IPsec VPN and Remote AccessThe following table outlines the topics covered in the “Advanced IPsec VPN and Remote Access” chapter of the Check Point Security Engineering Course. This table is intended as a supplement to knowledge you have gained from the Security Engineering Courseware handbook, and is not meant to be a sole means of study


Advanced VPN Concepts and Practices

p. 111

IPsec

Internet Key Exchange (IKE)

IKE Key Exchange Process - Phase 1

Phase 2 Stages

p. 111

p. 111

p. 112

p. 115

Remote Access VPNs p. 118

Connection Initiation

Link Selection

p. 118

p. 119

Multiple Entry Point VPNs p. 121

How Does MEP Work

Explicit MEP

Implicit MEP

p. 121

p. 121

p. 122

Tunnel Management p. 123

Table 5-1: Advanced IPsec VPN and Remote Access Topics


Advanced IPsec VPN and Remote Access Chapter 5: Advanced IPsec VPN and Remote Access

Permanent Tunnels

Tunnel Testing

VPN Tunnel Sharing

Tunnel-Management Configuration

Permanent-Tunnel Configuration

Tracking Options

Advanced Permanent-Tunnel configuration

VPN Tunnel Sharing Configuration

p. 123

p. 124

p. 124

p. 125

p. 126

p. 126

p. 127

p. 127

Troubleshooting p. 128

VPN Debug p. 129

vpn debug Command

vpn debug on | off

vpn debug ikeon |ikeoff

vpn Log Files

vpn debug trunc

VPN Environment Variables

vpn Command

vpn tu

Comparing SAs

Examples

VPN Encryption Issues

Example 1

Example 2

p. 129

p. 130

p. 130

p. 130

p. 130

p. 131

p. 131

p. 132

p. 132

p. 133

p. 133

p. 134

p. 134


Table 5-1: Advanced IPsec VPN and Remote Access Topics


Chapter 5: Advanced IPsec VPN and Remote Access Advanced IPsec VPN and Remote Access


Lab 5: Configure Site-to-Site VPNs with Third Party Certificates

L-p. 143

Configure Access to the Active Directory Server

Create the Certificate

Importing the Certificate Chain and Generating Encryption Keys

Installing the Certificate

Environment Specific Configuration

Testing the VPN Using 3rd Party Certificates

L-p. 144

L-p. 149

L-p. 151

L-p. 164

L-p. 167

L-p. 178

Lab 6: Remote Access with Endpoint Security VPN

L-p. 179

Defining LDAP Users and Groups

Configuring LDAP User Access

Defining Encryption Rules

Defining Remote Access Rules

Configuring the Client Side

L-p. 180

L-p. 190

L-p. 201

L-p. 203

L-p. 210

Table 5-2: Advanced IPsec VPN and Remote Access Topics - Lab Topics


Sample CCSE Exam Question Chapter 5: Advanced IPsec VPN and Remote Access

Sample CCSE Exam QuestionRemote clients are using IPSec VPN to authenticate via LDAP server to connect to the organization. Which gateway process is responsible for the authentication?:

a. vpnd

b. cvpnd

c. fwm

d. fwd


Chapter 5: Advanced IPsec VPN and Remote Access Answer

AnswerRemote clients are using IPSec VPN to authenticate via LDAP server to connect to the organization. Which gateway process is responsible for the authentication?:

a. vpnd

b. cvpnd

c. fwm

d. fwd


Chapter

6Auditing and Reporting

The SmartEvent Software Blade turns security information into action with real-time security event correlation and management for Check Point security gateways and third-party devices. SmartEvent’s unified event analysis identifies critical se-curity events from the clutter, while correlating events across all security systems. Its automated aggregation and correlation of data not only minimizes the time spent analyzing log data, but also isolates and prioritizes the real security threats.

The SmartReporter Software Blade centralizes reporting on network, security, and user activity and consolidates the data into concise predefined and custom-built re-ports. Easy report generation and automatic distribution save time and money.

Objectives:

Create Events or use existing event definitions to generate reports on specific network traffic using SmartReporter and SmartEvent in order to provide industry compliance information to management.

Using your knowledge of SmartEvent architecture and module communication, troubleshoot report generation given command-line tools and debug-file information.

35

Chapter 6: Auditing and Reporting Auditing and Reporting Topics

Auditing and Reporting TopicsThe following table outlines the topics covered in the “Auditing and Reporting” chapter of the Check Point Security Engineering Course. This table is intended as a supplement to knowledge you have gained from the Security Engineering Courseware handbook, and is not meant to be a sole means of study.


Auditing and Reporting Process

p. 139

Auditing and Reporting Standards p. 139

SmartEvent p. 141

SmartEvent Intro p. 142

SmartEvent Architecture p. 143

Component Communication Pro-cess

Event Policy User Interface

p. 144

p. 145

SmartReporter p. 154

Report Types p. 156

Table 6-6: Using SmartUpdate Topics


Lab 7: SmartEvent and SmartReporter

L-p. 219

Configure the Network Object in SmartDashboard L-p. 220

Table 6-7: Using SmartUpdate - Lab Topics


Auditing and Reporting Topics Chapter 6: Auditing and Reporting

Configuring Security Gateways to work with SmartEvent L-p. 224

Monitoring Events with SmartEvent L-p. 232

Generate Reports Based on Activities L-p. 237


Table 6-7: Using SmartUpdate - Lab Topics


Chapter 6: Auditing and Reporting Sample CCSE Exam Question

Sample CCSE Exam QuestionHow many Events can be shown at one time in the Event preview pane?

a. 5,000

b. 30,000

c. 15,000

d. 1,000


Chapter 6: Auditing and Reporting Answer

AnswerHow many Events can be shown at one time in the Event preview pane?

a. 5,000

b. 30,000

c. 15,000

d. 1,000


Ccse 2013 Study Guide

Documents