Go to Home Page

Check Point Training


Managing NGX R65 on Nokia IP Security Platform


 

Course Description


This intense five day Boot Camp covers all the essential skills and information students need to know about implementing Check Point VPN-1/FireWall-1 NGX R65 on Nokia IP Security Platforms with Nokia IPSO v4.2. This is a great class with extreme hands-on and troubleshooting scenarios.

 

Certification


Check Point Certified Security Administrator (CCSA), Check Point Certified Security Expert (CCSE), and Nokia (NSA) certifications

 

Who Should Take This Course?

 

  • System administrators, support analysis, network engineer, reseller, installation consultant, or security administrator who manages NGX Security Gateway deployments and/or who manages Nokia IP Security Platform deployment.
  • Individuals pursuing the Check Point Certified Security Administrator (CCSA), Check Point Certified Security Expert (CCSE) and Nokia Security Administrator (NSA) certification.

 

Course Fee: $4,990

 

Course Prerequisites

 

  • Working knowledge of TCP/IP
  • Working knowledge of Windows and/UNIX
  • Working knowledge of network technology, the Internet, and general knowledge of basic router operation

 

 

 

Day 1 - Nokia Foundation

 

  • Security terminology and an overview of the Nokia IP Security Platforms
  • Architecture and design of IPSCO on both disk-based and diskless platforms
  • Platform configuration using Nokia Network Voyager (browser-based management tool)
  • Installation and basic configuration of Firewall-1 (or VPN-1) FW
  • Authentication - localand remote with RADIS/TACACS, and role configuration
  • Simple Diagnostics
  • Configuration: backup and restore
  • System administration
  • DHCP and PPPoE for small scale installations
  • Nokia IP Series monitoring and maintenance
  • Overview of Nokia Technical Support

 

 

Days 2 & 3 - Check Point NGX I R65

 

Course Outline

 

 

Chapter 1: VPN-1 Overview

 

  • VPN-1 Fundamentals
  • Check Point's Security Gateway
  • Security Policy Management
  • VPN-1 SmartCenter Server
  • Lab 1: VPN-1 Distributed Installation

 

Chapter 2: Introduction to SecurePlatform

 

  • SecurePlatform Hardware Requirements and Setup
  • Using the Command Line
  • Managing Your SecurePlatform System
  • SecurePlatform Command Shell
  • Lab2: Configuring VPN-1 Using the CLI

 

 

Chapter 3: Introduction to the Security Policy

 

  • Security Policy Basics
  • Managing Objects in SmartDashboard
  • Lab 3: Creating Objects, Establishing Trust and Configuring SmartMap
  • Creating the Rule Base
  • Completing the Rule Base
  • Rule Base Management
  • Policy Management and Revision Control
  • Policy Management Overview
  • Database Revision Control
  • Lab 4: Configuring the Security Policy
  • Network Address Translation
  • Lab 5: Configuring Statis NAT
  • Enabling VolP Traffic
  • Detecting IP Spoofing
  • Multicasting

 

Chapter 4: Monitoring Traffic and Connections

 

  • SmartView Tracker
  • Blocking Connections
  • SmartView Monitor
  • Eventia Reporter
  • Lab 6: Blocking Intruder Connections
  • Lab 7: Configuring Suspicious Activity Rule in Smart View Monitor

 

Chapter 5: User Management And Authentication

 

  • Creating Users and Groups in SmartDashboard
  • Introduction to VPN-1 Authentication
  • Authentication Methods
  • LDAP User Management with SmartDirectory
  • Lab 8: Configuring Client Authentication
  • Lab 9: Configuring LDAP Authentication with SmartDirectory

 

Chapter 6: Check Point QoS

 

  • Check Point QoS Overview
  • Check Point QoS Architecture
  • Deploying QoS
  • Check Point QoS Rule Base
  • Differentiated Services
  • Low Latency Queuing
  • Monitoring QoS Policy
  • Optimizing Check Point QoS
  • Lab 10: Configuring Check Point QoS Policy

 

Chapter 7: Basic SmartDefense and Content Inspection

 

  • Introducing SmartDefense
  • Network Security
  • Application Intelligence
  • Web Intelligence
  • SmartDefense Services
  • Content Inspection
  • Lab 11: Configuring SmartDefense
  • Lab 12: Configuring Web-Filtering And Antivirus Settings

 

 

Day 4-5 - Check Point NGX II R65

 

Course Outline

 

Chapter 1: SmartUpdate

 

  • Introduction to SmartUpdate
  • Upgrading Packages
  • Managing Licenses
  • Lab 1: Uploading an Installation with SmartUpdate

 

Chapter 2: Upgrading VPN-1

 

  • Preinstallation Configuration
  • Distribution Installation
  • Upgrading to VPN-1 NGX R65
  • VPN-1 Backward Compatibility
  • Licensing VPN-1
  • Performing License Upgrade
  • Pre-Upgrade Considerations
  • Upgrading SmartCenter Server
  • Gateway Upgrade

 

Chapter 3: Encryption and VPNs

 

  • Securing Communications
  • IKE
  • Certificate Authorities

 

Chapter4: Introduction to VPNs

 

  • The Check Point VPN
  • VPN Deployments
  • VPN Implementation

 

Chapter 5: Site-to-Site VPN

 

  • Site-to-Site VPN
  • VPN Tunnel Management
  • Wire Mode
  • Directional VPN Enforcement
  • Multiple Entry Point VPNs
  • Traditional Mode VPNs
  • Lab 2: Two-Gateway IKE Encryption (Shared Secret)
  • Lab 3: Two-Gateway IKE Encryption (Certificates)

 

Chapter 6: Remote Access VPNs

 

  • Remote Access VPN
  • Official Mode
  • Official Mode Planning
  • Desktop Security Policy
  • VPN Routing - Remote Access
  • SSL Network Extender
  • Clientless VPN
  • Lab 4: Configuring Remote Access in an IKE VPN
  • Lab 5: Using SecureRemote in an IKE VPN
  • Lab 6: Remote Access and Office Mode
  • Lab 7: SSL Network Extender

 

Chapter 7: High Availability and cluster XL

 

  • Management and High Availability
  • Cluster XL
  • Cluster XL Modes
  • Synchronizing Clusters
  • Sticky Connections
  • CPHA Commands
  • Debugging Cluster XL Issues
  • Cluster XL Configuration Issues
  • Lab 8: Deploying New Mode HA
  • Lab 9: Load Sharing Unicast (Pivot) Mode
  • Lab 10: Configuring Load Sharing Multicast Mode
Copyright 2007-2008 Forsythe Solutions Group, Inc. All Rights Reserved. Contents may not be reproduced in part or in whole, without written permission from Forsythe.