COMPUTERLINKS Check Point Training Courses

Course Name please click course name for full outline	Course Code	Days
Check Point Security Administration NGX I: R65	CPNGXIR65	3
Check Point Security Administration NGX II: R65	CPNGXIIR65	2
Check Point Security Administration NGX III	CPNGXIII	4
Check Point Accelerated CCSE NGX	CPNGXAC	2
Check Point Provider-1 NGX	CPPV1NGX	2
Check Point VPN-1 VSX NGX	CPVSX	3
Check Point Integrity	CPINT	2
Check Point NGX (R65) Security Administration on Nokia IP Security Platforms	CPNOK	5
Check Point Endpoint Security Full Disk Encryption	ENDPOINT	2

Check Point Certified Security Administration NGX-I: R65 Course Code: CPNGXIR65 | Location: London | Duration: 3 days | Outline: CPNGXIR65 Check Point Security Administration I NGX (R65) is a foundation course for Check Point''s flagship product, VPN-1 (NGX R65). This course provides an understanding of basic concepts and skills necessary to configure VPN-1. During this course, students will configure a Security Policy, and learn about managing and monitoring a secure network. Objectives Delegates attending this course will be able to: How to use NGX tools to upgrade to VPN-1 NGX, from VPN-1/FireWall-1 NG or VPN-1 NG with Application Intelligence How to use NGX tools to install VPN-1 NGX on Windows Server 2003 and SecurePlatform How to work with Security Policy rules and NGX objects, using NGX object cloning and Database Revision Control features How to use VPN-1 SecuRemote/SecureClient to configure remote access How to use monitoring tools to track, monitor, and account for all connections logged by Check Point components How to implement LDAP, and integrate it with an NGX SmartCenter Server How to allocate bandwidth, given a variety of Check Point QoS configurations How to identify the features and limitations of Check Point High Availability solutions Topics covered Upgrading NG with AI R55 to VPN-1 NGX Installing VPN-1 NGX in a distributed deployment Installing VPN-1 Pro Gateway on SecurePlatform Pro Creating objects using object cloning Using Database Revision Control Configuring remote access in an IKE VPN Installing VPN-1 SecuRemote Using VPN-1 SecuRemote in an IKE VPN Implementing Office Mode Blocking intruder connections Setting up a Suspicious Activity Rule in SmartView Monitor Checking status in SmartView Monitor Configuring LDAP authentication with SmartDirectory Configuring a Check Point QoS Policy Deploying Management High Availability Deploying New Mode High Availability Configuring Load Sharing Unicast (Pivot) mode Certification This course meets the requirements for the Check Point Certified Security Administrator (CCSA) NGX R65 certification. A separate examination is available for those delegates who wish to have a formal qualification. Who should attend This course is designed for systems administrators, security managers, and network engineers who manages NGX R65 Security Gateway deployments. Pre-requisites Delegates should have basic networking knowledge, knowledge of Windows Server and/or UNIX, and experience with TCP/IP and the Internet. Follow-On Course This course meets the pre-requisites for the Check Point Security Administration NGX II R65 course covering those topics required by System Administrators setting up site-to-site VPNs or other more advanced configurations. (top)

Check Point Certified Security Administration NGX-II: R65 Course Code: CPNGXIIR65 | Location: London | Duration: 2 days | Outline: CPNGXIIR65 Check Point Security Administration II NGX (R65) provides an understanding of upgrading and advanced configuration of VPN-1 (NGX R65), installing and managing VPN-1 (on both internal and external networks), gaining the maximum security from Security Gateways, and resolving Gateway performance issues. Objectives Delegates attending this course will be able to: How to use NGX tools to upgrade to VPN-1 (NGX R65) How to configure VPNs, using IKE encryption and Check Point's simplified VPN setup How to use VPN-1 SecuRemote/SecureClient to configure remote access How to identify the features and limitations of Check Point High Availability solutions Topics covered Updating VPN-1 using SmartUpdate Two-Gateway IKE encryption configuration (using a shared secret) Two-Gateway IKE encryption configuration (using Certificates) Configuring remote access in an IKE VPN Installing SecuRemote Using SecuRemote in an IKE VPN Implementing Office Mode Using SSL Network Extender for remote-network access Deploying New Mode High Availability Configuring Load Sharing Unicast (Pivot) mode Configuring Load Sharing Multicast Mode Certification This course meets the requirements for the Check Point Security Expert (CCSE) NGX R65 Certification. A separate examination is available for those delegates who wish to have a formal qualification. Who should attend This course is designed for systems administrators, security managers, and network engineerd implementing VPN-1 (NGX R65) for VPN deployments. Pre-requisites Delegates should have attended the Check Point Security Administration I NGX (R65) course. Delegates should be able to use basic Internet tools, i.e. Web browsers, FTP and Telnet. They should have a system level knowledge of Microsoft NT operating system and should be able to manipulate files and directories and manage processes. Knowledge of TCP/IP is also necessary. Follow-On Course This course meets all of the pre-requisites for the Check Point Security Administration NGX III course, which covers even more advanced configurations. (top)

Check Point Certified Security Administration NGX-III Course Code: CPNGXIII | Location: London | Duration: 4 days | Outline: CPNGXIII Check Point Security Administration NGX III offers comprehensive training to enhance enterprise knowledge of VPN-1 NGX, network planning, route-based VPN, and troubleshooting procedures. Objectives Delegates attending this course will be able to: Undertake troubleshooting of NGX product problems using troubleshooting guidelines Use cpinfo and log files for file management Use protocol analysers to capture and analyse network traffic Conduct troubleshooting of NGX problems using NGX debugging tools Use fw and fw advanced commands for troubleshooting Identify and resolve specific Security Server issues Use VPN log files and VPN debug to troubleshoot VPN connections Capture traffic flow using ike debug, sr_service debug, and srfw monitor Identify the differences between route- and domain-based VPNs Identify, debug, and use relevant commands to troubleshoot Eventia Reporter problems Topics covered Collecting configuration files from an NGX installation Reviewing and analysing cpinfo output in InfoView Using GuiDBedit to create services and objects, and modify an object's global properties Using fw logswitch to switch active and audit logs Using fwm logexport to export logs Comparing client- and server-side NAT using fw monitor Using fwm and cpd debugging to troubleshoot a stand-alone installation problem Using fw stat to verify a Gateway's Policy installed status Using fw unloadlocal to uninstall a Security Policy Using fwm load to install a Policy Running ike debug on Gateways, and analyzing output using IKEview Observing IKE by running ike debug Running srfw monitor on a SecureClient desktop Configuring route-based VPNs for VPN redundancy Configuring dynamic routing using OSPF through VPN tunnels. Certification Along with the NGX-I and NGX-II courses, this course meets the requirements for the Check Point Security Expert Plus (CCSE+) NGX Certification. A separate examination (not part of the course) is available for those delegates who wish to have a formal qualification Who should attend This course is designed for systems administrators, security managers, or network engineers who require an in-depth knowledge of implementing, configuring and troubleshooting VPN-1 NGX in an enterprise setting Pre-requisites Delegates should have previously attended the Check Point Security Administration NGX-I and NGX-II courses. Delegates should be able to use basic Internet tools, i.e. Web browsers, FTP and Telnet. They should have a system level knowledge of Microsoft NT operating system and should be able to manipulate files and directories and manage processes. Knowledge of TCP/IP is also necessary. Follow-On Course Depending upon their specific environment, delegates may wish to consider attending the Check Point Integrity or Provider-1 courses to complete their Check Point training. (top)

Check Point Accelerated CCSE NGX Course Code: CPNGXAC | Location: London | Duration: 2 Days | Outline: CPNGXAC Check Point Accelerated CCSE NGX is a fast paced course designed for those engineers who are already certified to CCSE level on any version of Check Point VPN-1/Firewall-1 NG. This two-day course is intended to provide sufficient detail for a delegate to upgrade their proven Check Point skills to the latest VPN-1/FireWall-1 NGX version. During the course delegates will learn the steps to follow to upgrade their organisation Check Point software to VPN-1/FireWall-1 NGX. Objectives Delegates attending this course will be able to: Use NGX upgrade tools to upgrade to NGX, from VPN-1/Firewall-1 NG or VPN-1 NG with Application Intelligence. Use SmartUpdate to upgrade to NGX, from NG or NG with Application Intelligence. Use advanced NGX features to minimise the information-security management burden, when working with objects and rules. Determine whether Database Revision Control or Policy Package Management is the appropriate solution, given a variety of scenarios. Identify the features and limitations of Management HA. Use SmartView Tracker to block connections, given evidence of a potential intrusion or attack. Use SmartView Monitor to display information about an NGX deployment, given a variety of scenarios. Use fw monitor to capture and view packets. Use fw ctl pstat to verify the health of the NGX Security Gateway and SmartCenter Server. Review VPN-1 debugging and troubleshooting commands, including cpinfo. Given a variety of Check Point QoS configurations, determine how bandwidth will be allocated. Identify situations where Low Latency Queuing and Differentiated Services are an appropriate part of a QoS solution. Configure NGX to support LDAP/AD integration, given specific business requirements. Configure a Policy Server and SecureClient Rule Base. Download desktop rules from a Policy Server with SecureClient. Topics covered Upgrading to VPN-1 NGX Advanced NGX Management Concepts VPNs & Remote Access Monitoring Traffic and Connections Check Point QoS LDAP User Management with SmartDirectory High Availability & Clustering Certification This course is designed for those delegates who already hold the Check Point CCSE certification at a previous NG version and will provide them with the skills required to challenge the CCSE Upgrade examination. This is a separate examination (not part of the course), which is available for those delegates who wish to upgrade their existing CCSE qualification. Who should attend This course is designed for those people who will be responsible for the installation, implementation or maintenance of a FireWall-1/VPN-1 NGX protected site, including systems administrators, security managers, and network engineers who manage VPN-1/FireWall-1 NGX gateway deployments. Pre-requisites Delegates must have previously passed the Check Point CCSE examination at a previous NG version. Follow-on Course Those delegates who need even greater knowledge of the Check Point VPN-1 NGX product should consider attending the Check Point Security Administration NGX III course. (top)

Check Point Provider-1 NGX Course Code: CPPV1NGX | Location: London | Duration: 2 Days | Outline: CPPV1NGX This course offers in-depth training on deploying and managing Check Point Provider-1 NGX. Delegate will learn how to configure security policies for multiple remote Security Gateways using the Multi-Domain Graphical User Interface (MDG), and manage multiple firewalled networks using the Multi-Domain Server (MDS). Delegates will also learn how to perform advanced configuration tasks, such as establishing redundant Multi-Domain Servers for High Availability management functions and migrating existing servers into the Provider-1 database. Objectives Delegates attending this course will be able to: Describe the Provider-1 architecture. Describe the installation requirements for the Provider-1 components. Install and configure Provider-1. List and describe MDS configuration options. List and describe Customer Management Add-On (CMA) configuration options. Identify the features and functions of the MDG. Describe Provider-1 log-management features. Create and assign Global Policies to multiple CMA's. Use advanced tools to manage multiple Customer sites. Topics covered Installing the MDS as a Manager and Container, then configure the MDS to function as a primary MDS. Installing the Provider-1 SmartConsole and MDG client. Configuration of CMA's for city sites. Establishing SIC between CMA's and the remote Security Gateways they manage. Adjusting Provider-1 default settings to customise the system for your configuration. The creation of basic objects and Rule Bases for CMA's in your configuration. The creation of additional Administrators and showing the differences in their privilege levels. Deploying GUI clients at remote sites and granting different access to clients with different privileges. Remotely installing a Check Point software package on the Gateways in your lab configuration. Disconnecting a rogue client from your primary MDS. Defining network objects and rules for a NOC Gateway. Installation and configuration of a secondary MDS to be an MDS Multi-Log Module (MLM). Creating objects and rules applied to each CMA in a Global Policy. Define a Global VPN Community. Migrating an existing SmartCenter Server into your existing Provider-1 setup. Installation and configuration of a secondary MDS for Management High Availability (HA). Creating a mirror of a configured MDS to a second MDS in your setup. Configuring a secondary MDS for CMA level HA in a Provider-1 setup. Backing up MDS files using Provider-1 archiving commands. Restore MDS files using archiving commands Certification This course meets the requirements for the CCMSE NGX Certification. A separate examination (not part of the course) is available for those delegates who wish to have a formal qualification. Who should attend This course is designed for systems administrators, security managers, or network engineers implementing Provider-1 NGX in an enterprise setting. Pre-requisites Attendance of Check Point Security Administration NGX II is essential. (top)

Check Point VPN-1 VSX NGX Course Code: CPVSX | Location: London | Duration: 3 Days | Outline: CPVSX This course will provide you with an understanding of key concepts and skills necessary to effectively configure and deploy VPN-1 VSX, to manage multiple customer sites. This course provides hands-on training for installing VSX on SecurePlatform. You will configure Security Policies for multiple remote firewalls, using the Provider-1 NGX Multi-Domain GUI (MDG). You will also learn about managing multiple firewall-secured environments, and using Virtual Systems and Virtual Routers in a VSX configuration. You will understand how to perform advanced configuration tasks, such as establishing redundant VSX Gateways for High Availability functions. Objectives Delegates attending this course will be able to: Describe the VSX architecture Describe installation requirements for VSX components Successfully install VSX Identify features and functions of VSX Demonstrate VSX Gateway deployment in a VLAN environment Demonstrate VSX Gateway High Availability deployment Topics covered Installing Provider-1 NGX for VSX on a SecurePlatform machine Installing the Provider-1 NGX MDG on Windows Configuring the Admin CMA Installing the VSX Gateway on SecurePlatform Configuring the external VR Managing Virtual Systems Configuring unique Policies for multiple Virtual Systems Implementing a Virtual Switch Implementing VSX Gateway HA Certification This course meets the requirements for the CCMSE NGX Plus VSX Certification. A separate examination (not part of the course) is available for those delegates who wish to have a formal qualification. Who should attend This course is designed for systems administrators, security managers, or network engineer implementing VSX in an enterprise environment. Pre-requisites Attendance of Check Point Provider-1 NGX is essential. (top)

Check Point Integrity Course Code: CPINT | Location: London | Duration: 2 Days | Outline: CPINT This is a five-day, instructor-led course which covers configuring and implementing Check Point's VPN-1/FireWall-1 on Nokia IP Security Platforms. The course provides the information and experience necessary to deploy and manage Internet firewalls on the Nokia family of security products. Hands-on exercises enable students to demonstrate a thorough knowledge of the platform operations, effectively configure security policies, and successfully deploy Internet security solutions. Objectives Delegates attending this course will be able to: Describe how Integrity Advanced Server/client components and architecture secure network endpoint PCs. Use Integrity Advanced Server tools to create a basic Integrity Advanced Sever/client network. Create a rule-based policy package for deployment to Integrity clients. Use Integrity Advanced Server tools to configure policies that include firewall rules, zone-based security features, and Program controls. Use Integrity Advanced Server to protect remote, external endpoint PCs. Use Integrity Monitor reports to refine model deployment life-cycle policies. Topics covered Installing Integrity Advanced Server Adding an IP Catalog to your network Adding an NT Domain Catalog to your network Creating and assigning a role to an Integrity administrator Installing Integrity Client Creating and deploying a policy Duplicating and deploying a policy Assigning a policy to an entity Certification This course meets the requirements for the Check Point Integrity Specialist (CPIS) Certification. A separate examination (not part of the course) is available for those delegates who wish to have a formal qualification. Who should attend This course is designed for those people who will be responsible for the installation, implementation or maintenance of an Integrity Advanced Server installation, including systems administrators and security managers. Pre-requisites Delegates should be able to use basic Internet tools, they should have a system level knowledge of Microsoft NT operating system and should be able to manipulate files and directories and manage processes. (top)

Check Point NGX (R65) Security Administration on Nokia IP Security Platforms Course Code: CPNOK | Location: London | Duration: 5 Days | Outline: CPNOK This is a five-day, instructor-led course which covers configuring and implementing Check Point's VPN-1/FireWall-1 on Nokia IP Security Platforms. The course provides the information and experience necessary to deploy and manage Internet firewalls on the Nokia family of security products. Hands-on exercises enable students to demonstrate a thorough knowledge of the platform operations, effectively configure security policies, and successfully deploy Internet security solutions. Objectives Delegates attending this course will be able to: Identifying the key features of the IPSO file system and directory structure Reviewing the installation, administration, and management functions of IPS Identifying the components of Nokia Network Voyager Identifying the main uses of clish, the command line shell Configuring SSH and SSL for secure management Configuring Simplified-Mode VRRP for high availability Describing the process for obtaining Nokia Technical Support Topics covered Design and install a distributed deployment of VPN-1 Verify the VPN-1 deployment based on SIC establishment between the SmartCenter Server and the Gateway using SmartDashboard Update the appropriate network interface using the sysconfig utility to change the management interface Perform a backup and restore of the current Gateway installation from the command line Create and configure network, host and gateway objects for your city site In SmartMap view actualise your city site's network objects In SmartMap, given your partner city's network data, create and configure your partner city's Web server object Create a basic Rule Base in SmartDashboad that includes permissions for administrative users, external services, and LAN outbound use. Test your Rule Base with your partner city, and evaluate logs in SmartView Tracker Given your Policy's implicit rules, configure an implied rule for logging purposes Manually configure NAT rules on your Web-server and Gateway objects. Refer to the Global Properties of the Gateway object Configure the Policy using Database Revision Control Given a deployment strategy, test and verify a new Policy using SmartView Tracker Given evidence of a potential intrusion or attack using SmartView Tracker, change the Policy to block the offending connection Use SmartView Monitor to block and monitor a user's activities by implementing the SAM rule Given accumulated raw-logged data, configure Eventia Reporter to monitor and audit network traffic Create and configure users in SmartDirectory for access to your LAN Modify your Rule Base to provide permissions for users Configure partially automatic Client Authentication, and install, test, and verify the Policy in SmartView Tracker Given a distributed network deployment, design a strategy for implementing QoS Based on an implementation of QoS, configure the required bandwidth allocation for the network Using content inspection, Application Intelligence, and/or Web Intelligence, configure for port scanning and HTTP work catcher Create a SmartDefence profile, and incorporate port-scanning and successive-events settings into the profile. Test the configuration with your partners city's Web server, and evaluate logs using SmartView Tracker Block connections, given evidence of a potential intrusion or attack. Evaluate logs Based on network analysis disclosing threats by specific sites, configure a Web-filtering and antivirus Policy to filter and/or scan the threatening traffic. Certification This course meets the requirements for the Check Point Certified Security Administrator (CCSA) NGX and Nokia Security Administrator (NSA) Certification. Separate examinations (not part of the course) are available for those delegates who wish to have formal certification. Who should attend This course is designed for users and Security Administrators who need to configure VPN-1, and for those who seek NSA and /or CCSA certification. The following professionals benefit most from this course: Systems Administrators Support Analysts Network Engineers Security Staff Firewall Administrators Reseller Support Installation Consultants Pre-requisites Persons attending this course should have a working knowledge of: IP Networking and static routing Working knowledge of internet working concepts Understanding of TCP/IP Understanding of network addressing Understanding of subnet masks Working knowledge of Windows and/or UNIX General knowledge of basic router operation Follow-On Course This course meets all of the pre-requisites for the Check Point Security Administration NGX-2 course which covers those topics required by system administrators who will be setting up site-to-site VPNs or other more advanced configurations. This course also covers the Nokia IPSO range of products, those delegates who require a more advanced level of training on this range should consider attending the NSA - Connectivity and NSA- High Availability courses. (top)

Check Point Endpoint Security Full Disk Encryption Course Code: ENDPOINT | Location: London | Duration: 2 Days | Outline: ENDPOINT This course teaches you how to configure and manage a Pointsec PC protected device using the Pointsec PC Management Console. You will learn the details of hard-disk encryption, and how best to deploy Pointsec PC in your organization. Objectives Delegates attending this course will be able to: Given Privileged Permissions and Permissions Settings as defined in Pointsec PC, define the role of users and administrators in your organization Considering Pointsec PC's encryption technology, choose the most suitable method for authenticating each user type. Install and confirm the installation of Pointsec PC for the administrator with the installation CDs. Determine access levels for Pointsec PC users and create user profiles. Select the suitable authentication method for a given deployment Prepare a strategy to deploy Pointsec PC to all company endpoints. Given existing configuration sets and profiles, implement a Pointsec PC deployment for end-users. Install Pointsec PC on a user's machine to initiate encryption and observe the installation process from the user's perspective. Perform basic profile maintenance procedures such as updating and upgrading profiles from client computers, and using Remote Help to re-permit locked-out users access to their systems. Configure Service Accounts for handling recovery files, update profiles, and upgrade packages. View and transfer the local log file to the central log file. Create and deploy an uninstall profile from client computers. Develop a plan for recovering encrypted information from a hard disk Customize the preboot environment. Troubleshoot a failed installations and repair corrupted boot sectors. Install and configure SmartCenter for Pointsec -WebRH for Web-based remote help. Manage Organization Units to control user access and permissions. Topics covered Provide remote help to Pointsec clients using SmartCenter for Pointsec -WebRH. View and use the Local Event Database for monitoring and Pointsec PC auditing. Exercises Installing Pointsec Creating configuration sets and profiles Deploying Pointsec Removing user profiles Using Remote Help Upgrading Pointsec Uninstalling from removable media SmartCenter for Pointsec Protector installation Working with the Pointsec Protector Administration Console Pointsec Protector client installation Pointsec Protector client functionality Program Security Guard Certification This course meets the requirements for the Check Certified Specialist - Pointsec Certification. A separate examination is available for those delegates who wish to have a formal qualification. Who should attend This course is designed for systems administrators, security managers, or network engineers who manage Pointsec deployments and want to earn the Check Point Certified Specialist - Pointsec certification. Pre-requisites Delegates should have a Working knowledge of TCP/IP, Windows and/UNIX, network technology, and the Internet (top)