This course provides students with the advanced knowledge, skills, and hands-on experience needed to deploy, manage, and monitor existing Quantum Security Environments. Students will learn how to deploy Management High Availability, provide advanced policy management, configure Site-to-Site VPN, provide advanced security monitoring, upgrade a Security Gateway, use Central Deployment tool to install hotfixes, perform an import of a Primary Security Management Server, and Deploy ElasticXL Cluster. 

Target Audience

• Security Engineers
• Security Analysts
• Security Consultants
• Security Architects 

Prerequisites

Base Knowledge

• Unix-like and/or Windows OS
• Internet Fundamentals
• Networking Fundamentals
• Networking Security
• System Administration
• TCP/IP Networking
• Text Editors in Unix-like OS
• Minimum of 6-months of practical experience with the management of a Quantum Security Environment.

Check Point Courses

• Check Point Certified Security Administrator (required)
• Check Point Deployment Administrator (suggested)

Duration

3 days

Certification

Exam: 156-315.82

Agenda

Module 1: Management High Availability

• Explain the purpose of Management High Availability.
• Identify the essential elements of Management High Availability.

Lab Tasks

• Deploy and configure Management High Availability
• Ensure the failover process functions as expected

Module 2: Advanced Policy Management

• Identify ways to enhance the Security Policy with more object types.
• Create dynamic objects to make policy updatable from the Gateway.
• Manually define NAT rules.
• Configure Security Management behind NAT.

Lab Tasks

• Use Updatable Objects
• Configure Network Address Translation for server and network objects
• Configure Management behind NAT for Branch Office connections

Module 3: Site-to-Site VPN

• Discuss site-to-site VPN basics, deployment, and communities.
• Describe how to analyze and interpret VPN tunnel traffic.
• Articulate how pre-shared keys and certificates can be configured to authenticate with third-party and externally managed VPN Gateways.
• Explain Link Selection and ISP Redundancy options.
• Explain tunnel management features.

Lab Task

• Configure Site-to-Site VPN with internally managed Security Gateways

Module 4: Advanced Security Monitoring

• Describe the SmartEvent and Compliance Blade solutions, including their purpose and use.

Lab Tasks

• Configure a SmartEvent Server to monitor relevant patterns and events
• Demonstrate how to configure Events and Alerts in SmartEvent
• Demonstrate how to run specific SmartEvent reports
• Activate the Compliance Blade
• Demonstrate Security Best Practice settings and alerts
• Demonstrate Regulatory Requirements Compliance Scores

Module 5: Upgrades

• Identify supported upgrade options.

Lab Task

• Upgrade a Security Gateway
• Use Central Deployment tool to install Hotfixes

Module 6: Advanced Upgrades and Migrations

• Export/import a Management Database.
• Upgrade a Security Management Server by freshly deploying the new release or using a new appliance.

Lab Task

• Prepare to perform an Advanced Upgrade with Database Migration on the Primary Security Management Server in a distributed environment
• Perform an import of a Primary Security Management Server in a distributed Check Point environment

Module 7: ElasticXL Cluster

• Describe the ElasticXL Cluster solution, including its purpose and use.

Lab Tasks

• Deploy an ElasticXL Security Gateway Cluster