Go to Home Page

Nokia Training


NSA: Connectivity


 

Course Description
This one-day instructor-led course covers theory and practice of routing in a complete Check Point-on-IPSO Security system. The course is designed to be hands-on, and students will implement in the course of their lab exercises an entirely dynamically routed network with routing security, firewall security, and routing over VPN.

 

Who Should Take This Course?
Technical persons tasked with the design, installation, and operation of Nokia security solutions with complex topologies, multiple entry points or other distribution across the Internet should attend. This would include operation of any system with close integration with other routing products such as Cisco IOS routers.

 

Course Fee: $995

 

Course Prerequisites

Persons attending this course must have attended NSA: Foundation or they should have passed NSA certification. They should have CCSA certification or equivalent Check Point knowledge. In addition, a foundation knowledge of routing and IP is important which includes: IP addressing and subnetting, static routing, DNS, some knowledge of the TCP protocol.

 

Course Objectives
After completion of this course, participants will be able to:

  • Understand the theory of dynamic routing
  • Understand concepts of and implement RIPv2
  • Understand concepts of and implement OSPF
  • Understand issues of securing a dynamically routed environment
  • Understand and implement OSPF over a Check Point VPN

 

Topics Covered

  • Theory of dynamic routing
  • Concepts and implementation of RIPv2
  • Concepts and implementation of OSPF
  • Securing dynamic routing with passwords and keys
  • Making communication with less secure areas safe by route filtering
  • Theory and implementation of OSPF over a Check Point VPN
  • Anti-spoofing, Check Point wire-mode and security implications

 

Course Outline

  • Introduction
  • Routing Basics
  • Lab Design
  • RIP Version 2
  • OSPF
  • Limitations and Security Considerations
  • Dynamic Routing Over VPN-1
  • Where to go from here

 

Note
While dynamic routing can be used for resilience purposes, this class concentrates on managing and simplifying topology and connectivity. If you intend to design your network so that dynamic routing implements failover to other firewalls, you will also want to attend the NSA:HA class.

 
Copyright 2007-2008 Forsythe Solutions Group, Inc. All Rights Reserved. Contents may not be reproduced in part or in whole, without written permission from Forsythe.