ccse 2013 study guide
TRANSCRIPT
Check Point Security EngineeringStudy Guide
R76 Edition
Copyright 2013 Check Point Software Technologies, Inc. All rights reserved.
. . .
. .
© 2013 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and de-compilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19.
TRADEMARKS:
Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks.
Refer to the Third Party copyright notices (http:// www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses.
iii
0
International Headquarters: 5 Ha’Solelim Street
Tel Aviv 67897, Israel
Tel: +972-3-753 4555
U.S. Headquarters: 959 Skyway Road, Suite 300
San Carlos, CA 94070
Tel: 650-628-2000
Fax: 650-654-4233
Technical Support, Education & Professional Services:
6330 Commerce Drive, Suite 120
Irving, TX 75063
Tel: 972-444-6612
Fax: 972-506-7913
E-mail any comments or questions about our courseware to [email protected].
For questions or comments about other Check Point documentation, e-mail [email protected].
Document #: CPTS-DOC-CCSE-SG-R76
iv
Preface
The Check Point Certified Security Engineering ExamThe Check Point Security Engineering course provides an understanding of upgrad-ing and advanced configuration of Check Point software blades, installing and man-aging VPNs (on both internal and external networks), gaining the maximum security from Security Gateways, and resolving Gateway performance issues. The Check Point Security Engineering Study Guide supplements knowledge you have gained from the Security Engineering course, and is not a sole means of study.
The Check Point Certified Security Engineering #156-315.13 exam covers the fol-lowing topics:
The process for backup of a Security Gateway and Management Server using your understanding of the differences between backups, snapshots, and upgrade-exports.
The process for upgrade of Management Server using a database migration.
How to perform debugs on firewall processes.
Building, testing and troubleshooting a ClusterXL Load Sharing deployment on an enterprise network.
Building, testing and troubleshooting a ClusterXL High Availability deployment on an enterprise network.
1
Preface: The Check Point Certified Security Engineering Exam
Building, testing and troubleshooting a management HA deployment on an enterprise network.
Configuring, maintaining and troubleshooting SecureXL and CoreXL acceleration solutions on the corporate network traffic to ensure noted performance enhancement on the firewall.
Building, testing and troubleshooting a VRRP deployment on an enterprise network.
Using an external user database such as LDAP, to configure User Directory to incorporate user information for authentication services on the network.
Managing internal and external user access to resources for Remote Access or across a VPN.
Troubleshooting a site-to-site or certificate-based VPN on a corporate gateway using IKEView, VPN log files and command-line debug tools.
Optimizing VPN performance and availability using Link Selection and Multiple Entry Point solutions.
Managing and testing corporate VPN tunnels to allow for greater monitoring and scalability with multiple tunnels defined in a community including other VPN providers.
Creating Events and using existing event definitions to generate reports on specific network traffic using SmartReporter and SmartEvent in order to provide industry compliance information to management.
Troubleshoot report generation given command-line tools and debug-file information.
2 Check Point Security Engineering Study Guide
Preface: The Check Point Certified Security Engineering Exam
Frequently Asked Questions
The table below provides answers to commonly asked questions about the Check Point CCSE #156-315.13 exams:
Question Answer
What are the Check Point rec-ommendations and prerequi-sites?
Check Point recommends you have at least 6 months to 1 year of experience with the prod-ucts, before attempting to take the CCSE # 156-315.13 exam. In addition, you should also have basic networking knowledge, knowl-edge of Windows Server and/or UNIX, and experience with TCP/IP and the Internet.
Check Point also recommends you take the Check Point Security Engineering class from a Check Point Authorized Training Center (ATC). We recommend you take this class before taking the CCSE # 156-315.13 exam.
Check Point ATCs also offer Check Point’s comprehensive #156-315.13 Exam Prep course (only available at Check Point ATCs).
To locate an ATC, see:
http://atc.checkpoint.com/atclocator/locateATC
How do I register? Check Point exams are offered through Pearson VUE, a third-party testing vendor with more than 3,500 testing centers worldwide.
Pearson VUE offers a variety of registration options. Register via the Web or visit a specific testing center. Registrations at a testing center may be made in advance or on the day you wish to test, subject to availability. For same-day testing, contact the testing center directly.
Locate a testing center from the VUE Pearson Web site:
www.pearsonvue.com
Check Point Security Engineering Study Guide 3
Preface: The Check Point Certified Security Engineering Exam
What is the exam structure? The exams are composed of multiple-choice and scenario questions. There is no partial credit for incorrectly marked questions.
How long is the exam?
Do I get extra time, if I am not a native English speaker?
The following countries are given 90 minutes to complete the exam. All other regions get 120 minutes:
Australia
Bermuda
Canada
Japan
New Zealand
Ireland
South Africa
UK
US
What are the pre-requisites for the CCSE R76 exam?
CCSA R70,CCSA 71, CCSA R75, or CCSA R76.
How can I update my R65 certification?
If you have any CCSA R60 certification, take the CCSA R70/71 Update Training Blade to
update your CCSA certification. If you have a CCSE R60 certification, take the CCSE
R70/71 Update Training Blade to update your CCSE certification.
How long is my certification valid?
Check Point certifications are valid for 2 years. CCMAs are valid for 3 years. Any certification more than three (3) years old is not considered current. Certifications become inactive after five years. Your benefits may be suspended if your certification is not current. Your certifica-tion can be maintained with annual continuing education credits.
Question Answer
4 Check Point Security Engineering Study Guide
Preface: The Check Point Certified Security Engineering Exam
What are ‘continuing education credits’?
Continuing education credits help you maintain Check Point certifications without starting over with every product release. Continuing educa-tion credits can be earned in a variety of ways like completing shorter training lessons (Train-ing Blades), by participating in our test devel-opment process, and even attending CPX.
What are the pre-requisites for CCMA?
CCSE is mandatory; CCMSE is suggested.
Do you have a test-out option? Though highly recommended, it is not a requirement to attend a training course before challenging the exam. You may test at any time, however it is advised you spend at least 6 months working with Check Point products before attempting to achieve certification.
Are study materials available? Free study guides and practice exams are avail-able for download at http://www.checkpoint.com/services/education/index.html#resources.Courseware can be purchased on our eStore and Training is available from an ATC.
Check Point ATCs also offer Check Point’s comprehensive #156-315.13 Exam Prep course (only available at Check Point ATCs).
How soon can I re-take an exam if I fail?
If you fail an exam you must wait 24 hours before your 2nd attempt, and 30 days for the 3rd attempt. Once you pass a test you cannot take it again for a higher score.
Can I get exam insurance? Students automatically get a 50% re-take dis-count on any 2nd attempt of the CCSA and CCSE R76 exams.
Question Answer
Check Point Security Engineering Study Guide 5
Preface: The Check Point Certified Security Engineering Exam
I only failed by 1 point and based on my calculations I should have passed – what happened?
The function of certification is to provide proof the Check Point Certified professional is qualified to protect the lifeblood of organizations – their data. Check Point takes this very seriously and we constantly strive to administer the most effective exams. Passing is calculated by comparing the number of ques-tions answered correctly versus the number of questions answered incorrectly. Not all sections of the test are weighted equally.
Can I take any R65 level exams?
No, all R65 exams have been retired except for the Japanese versions. Our philosophy is to provide training and certification only for current technologies so our partners and cus-tomers will always benefit from the latest secu-rity advancements.
Where can I find more informa-tion about Check Point Certi-fied Professionals?
The Check Point Certified Professionals web-site and newsletter are a benefit which contain special information and resources that are not available to the public.
What happens when I pass my exam? When will I receive my Certificate?
After you pass a Check Point exam at VUE, your exam results are uploaded. On the 15th and 30th, we process all certification results and order certification kits. It takes 6-8 weeks to receive your certificate. Your advanced access to Secure Knowledge and the Certified Professionals website is established once you achieve certification.
Why can’t I have more than one account at Pearson VUE test centers?
Check Point only allows one Pearson VUE account to track your Check Point exams. If you change companies, please update the contact information in your Pearson VUE account instead of creating a new one so your Check Point certifications will follow you. You can verify your accounts with Customer Ser-vice here:http://www.vue.com/checkpoint/contact/
Question Answer
6 Check Point Security Engineering Study Guide
Preface: The Check Point Certified Security Engineering Exam
What happens if someone gets caught cheating? How do you prevent it?
Every individual who takes an exam signs our Non-disclosure agreement. Anyone caught in the act of cheating or sharing exam items will have their Check Point certifications revoked for 2 years. All testing privileges and partner program participation will be deactivated during this time. Check Point collaborates with major technology companies to prevent cheat-ing through test pattern analysis and distribu-tion best practices. Together we identify and take legal action against unauthorized test cen-ters and inaccurate “brain dump” sites.
What are the benefits of Check Point certification?
Check Point Certified Professionals receive access to the Advanced SecureKnowledge base, Certified Professionals only website and quarterly newsletter for 2 years. Check Point Certified Master Architects (CCMA) receive 3 years Expert level access to SecureKnowledge.
How do take a Training Blade exam?
You can purchase Training Blades at http://store.checkpoint.com. Please forward your email confirmation to: [email protected] for access to the exam. Please include your Check Point Cer-tified Professional ID# for credit. Your certifi-cation ID# is generated when you create an account at Pearson VUE. If you have any ques-tions about your ID#, please email: [email protected].
How do I access my certifica-tion benefits?
Make sure your Check Point User Center (UC) email address matches the email address regis-tered with Pearson VUE. Your UC profile will automatically be updated with each certifica-tion, including advanced access to Secure-Knowledge and the Certified Professionals only website. If you have any problems or questions about your benefits please email: [email protected]
Question Answer
Check Point Security Engineering Study Guide 7
Preface: The Check Point Certified Security Engineering Exam
For more exam and course information, see:
http://www.checkpoint.com/services/education/
8 Check Point Security Engineering Study Guide
Chapter
1Upgrading
Upgrades are used to save Check Point product configurations, Security Policies, and objects, so that Security Administrators do not need to re-create Gateway and Security Management Server configurations.
Chapter Objectives:
• Perform a backup of a Security Gateway and Management Server using your understanding of the differences between backups, snapshots, and upgrade-exports.
• Upgrade and troubleshoot a Management Server using a database migration.
• Upgrade and troubleshoot a clustered Security Gateway deployment.
7
Chapter 1: Upgrading Upgrading Topics
Upgrading TopicsThe following table outlines the topics covered in the “Upgrading” chapter of the Check Point Security Engineering Course. This table is intended as a supplement to knowledge you have gained from the Security Engineering Courseware handbook, and is not meant to be a sole means of study.
Topics Key Elements Page Numbers
Backup and Restore Secu-rity Gateways and Man-agement Servers
p. 11
Snapshot management
Upgrade Tools
Backup Schedule Recommenda-tions
Upgrade Tools
Performing Upgrades
Support Contract
p. 11
p. 12
p. 12
p. 12
p. 13
p.13
Upgrading Standalone Full High Availability
p. 16
Table 1-1: Upgrade Topics
Topic Key Element Page Number
Lab 1: Upgrading to Check Point R76 L-p. 1
Install Security Management Server L-p. 2
Table 1-2: Upgrading to Check Point R76 - Lab Topics
8 Check Point Security Engineering Study Guide
Upgrading Topics Chapter 1: Upgrading
Migrating Management server Data L-p. 6
Importing the Check Point Database L-p. 30
Launch SmartDashboard L-p. 34
Upgrading the Security Gateway L-p. 36
Topic Key Element Page Number
Table 1-2: Upgrading to Check Point R76 - Lab Topics
Check Point Security Engineering Study Guide 9
Chapter 1: Upgrading Sample CCSE Exam Question
Sample CCSE Exam QuestionDuring an upgrade to the management server, the contract file is transferred to a gateway when the gateway is upgraded. Where is the contract file retrieved from
a. ISO
b. Technical Support
c. Management.
d. User Center.
10 Check Point Security Engineering Study Guide
Answer Chapter 1: Upgrading
AnswerDuring an upgrade to the management server, the contract file is transferred to a gateway when the gateway is upgraded. Where is the contract file retrieved from
a. ISO
b. Technical Support
c. Management.
d. User Center...
Check Point Security Engineering Study Guide 11
Chapter 1: Upgrading Answer
12 Check Point Security Engineering Study Guide
Chapter
2Advanced Firewall
The Check Point Firewall Software Blade builds on the award-winning technology, first offered in Check Point’s firewall solution, to provide the industry’s best gate-way security with identity awareness. Check Point’s firewalls are trusted by 100% of Fortune 100 companies and deployed by over 170,000 customers. Check Point products have demonstrated industry leadership and continued innovation since the introduction of FireWall-1 in 1994.
Objectives:
Using knowledge of Security Gateway infrastructure, including chain modules, packet flow and kernel tables to describe how to perform debugs on firewall processes.
17
Chapter 2: Advanced Firewall Advanced Firewall Topics
Advanced Firewall TopicsThe following table outlines the topics covered in the “Advanced Firewall” chapter of the Check Point Security Engineering Course. This table is intended as a supplement to knowledge you have gained from the Security Engineering Courseware handbook, and is not meant to be a sole means of study..
Topic Key Element Page Number
Check Point Firewall Infra-structure
p. 21
GUI Clients
Management
p. 21
p. 21
Security Gateway p. 22
User and Kernel Mode Processes
CPC Core Process
FWM
FWD
CPWD
Inbound and Outbound Packet Flow
Inbound FW CTL Chain Modules
Outbound Chain Modules
Columns in a Chain
Stateful Inspection
p. 23
p. 24
p. 24
p. 25
p. 25
p. 26
p. 27
p. 28
p. 29
p. 30
Kernel Tables p. 32
Connections Table
Connections Table Format
p. 33
p. 44
Check Point Firewall Key Features
p. 35
Table 2-1: Advanced Firewall Topics
18 Check Point Security Engineering Study Guide
Advanced Firewall Topics Chapter 2: Advanced Firewall
Packet Inspection Flow
Policy Installation Flow
Policy Installation Process
Policy Installation Process Flow
p. 35
p. 36
p. 38
p. 39
NAT p. 41
How NAT Works
Hide NAT Process
Security Servers
How a Security Server Works
Basic Firewall Administration
Common Commands
p. 41
p. 42
p. 43
P. 43
p. 44
p. 45
FW Monitor p. 46
What is FW Monitor
C2S Connections and S2C Packets
fw monitor
p. 46
p. 47
p. 48
Topic Key Element Page Number
Lab 2: Core CLI Elements of Firewall Administration
L-p. 43
Policy Management and Status Verification from the CLI L-p. 44
Using cpinfo L-p. 47
Table 2-2: Advanced Firewall - Lab Topics
Topic Key Element Page Number
Table 2-1: Advanced Firewall Topics
Check Point Security Engineering Study Guide 19
Chapter 2: Advanced Firewall Advanced Firewall Topics
Run cpinfo on the Security Management Server L-p. 52
Analyzing cpinfo in InfoView (Optional) L-p. 53
using fw ctl pstat L-p. 58
Using tcpdump L-p. 62
Topic Key Element Page Number
Table 2-2: Advanced Firewall - Lab Topics
20 Check Point Security Engineering Study Guide
Sample CCSE Exam Question Chapter 2: Advanced Firewall
Sample CCSE Exam QuestionUser definitions are stored in __________________
a. $FWDIR/conf/fwmuser.conf
b. $FWDIR/conf/users/NDB
c. $FWDIR/conf/fwauth.NDB
d. $FWDIR/conf/conf/fwusers.conf
Check Point Security Engineering Study Guide 21
Chapter 2: Advanced Firewall Answer
AnswerUser definitions are stored in __________________
a. $FWDIR/conf/fwmuser.conf
b. $FWDIR/conf/users/NDB
c. $FWDIR/conf/fwauth.NDB
d. $FWDIR/conf/conf/fwusers.conf
22 Check Point Security Engineering Study Guide
Chapter 2: Advanced Firewall Answer
24 Check Point Security Engineering Study Guide
Chapter
3Clustering and Acceleration
Whether your preferred network redundancy protocol is Check Point ClusterXL technology or standard VRRP protocol, it is no longer a “platform choice” you will have to make with Gaia. Both ClusterXL and VRRP are fully supported by Gaia, and Gaia is available to all Check Point Appliances, open servers and virtualized environments. There are no more trade-off decisions between required network pro-tocols and preferred security platforms/functions.
Objectives:
Build, test and troubleshoot a ClusterXL Load Sharing deployment on an enterprise network.
Build, test and troubleshoot a ClusterXL High Availability deployment on an enterprise network.
Build, test and troubleshoot a management HA deployment on an enterprise network.
Configure, maintain and troubleshoot SecureXL and CoreXL acceleration solutions on the corporate network traffic to ensure noted performance enhancement on the firewall.
Build, test and troubleshoot a VRRP deployment on an enterprise network.
23
Chapter 3: Clustering and Acceleration Clustering and Acceleration Topics
Clustering and Acceleration TopicsThe following table outlines the topics covered in the “Clustering and Acceleration” chapter of the Check Point Security Engineering Course. This table is intended as a supplement to knowledge you have gained from the Security Engineering Courseware handbook, and is not meant to be a sole means of study..
Topic Key Element Page Number
VRRP p. 53
VRRP vs ClusterXL
Monitored Circuit VRRP
Troubleshooting VRRP
p. 53
p. 57
p. 57
Clustering and Accelera-tion
p. 60
Clustering Terms
ClusterXL
Cluster Synchronization
Synchronized-Cluster Restrictions
Securing the Sync Interface
To Synchronize or Not to Synchro-nize
p. 61
p. 62
p. 63
p. 64
p. 64
p. 65
ClusterXL: Load Sharing p. 66
Multicast Load Sharing
Unicast Load Sharing
How Packets Travel Through a Uni-cast LS Cluster
Sticky Connections
p. 66
p. 66\p.
p. 67
p. 68
Maintenance Tasks and Tools
p. 70
Table 3-1: Clustering and Acceleration Topics
24 Check Point Security Engineering Study Guide
Clustering and Acceleration Topics Chapter 3: Clustering and Acceleration
Perform a Manual Failover of the FW Cluster
Advanced Cluster Configuration Examples
p. 70
p. 71
Management HA p. 72
The Management High Availability Environment
Active vs. Standby
What Data is Backed Up?
Synchronization Modes
Synchronization Status
p. 72
p. 73
p. 73
p. 73
p. 74
SecureXL: Security Accel-eration
p. 75
What SecureXL Does
Packet Acceleration
Session Rate Acceleration
Masking the Source Port
Application Layer Protocol - An Example with HTTP
HTTP 1.1
Factors that Preclude Acceleration
Factors that Preclude Templating (Session Acceleration)
Packet Flow
VPN Capabilities
p. 75
p. 75
p. 76
p. 76
p. 76
p. 78
p. 79
p. 78
p. 80
p. 81
CoreXL: Multicore Accel-eration
p. 82
Topic Key Element Page Number
Table 3-1: Clustering and Acceleration Topics
Check Point Security Engineering Study Guide 25
Chapter 3: Clustering and Acceleration Clustering and Acceleration Topics
Supported Platforms and Features
Default Configuration
Processing Core Allocation
Allocating Processing Cores
Adding Processing Cores to the Hardware
Allocating an Additional Core to the SND
Allocating a Core for Heavy Log-ging
Packet Flows with SecureXL Enabled
p. 82
p. 83
p. 83
p. 84
p. 84
p. 85
p. 85
p. 86
Topic Key Element Page Number
Lab 3 Migrating to a Clus-tering Solution
L-p. 63
Installing and Configuring the Secondary Security Gateway L-p. 64
Re-configuring the Primary Gateway L-p. 76
Configuring Management Server Routing L-p. 79
Configuring the Cluster Object L-p. 82
Testing High Availability L-p. 107
Table 3-2: Clustering and Acceleration - Lab Topics
Topic Key Element Page Number
Table 3-1: Clustering and Acceleration Topics
26 Check Point Security Engineering Study Guide
Clustering and Acceleration Topics Chapter 3: Clustering and Acceleration
Installing the Secondary Management Server L-p. 111
Configuring Management High Availability L-p. 119
Topic Key Element Page Number
Table 3-2: Clustering and Acceleration - Lab Topics
Check Point Security Engineering Study Guide 27
Chapter 3: Clustering and Acceleration Sample CCSE Exam Question
Sample CCSE Exam QuestionA zero downtime upgrade of a cluster...?
a. Upgrades all cluster members except one at the same time
b. Is only supported in major releases (R70,to R71, R71 to R76)
c. Treats each individual cluster member as an individual gateway
d. Requires breaking the cluster and upgrading members independently.
28 Check Point Security Engineering Study Guide
Chapter 3: Clustering and Acceleration Answer
AnswerA zero downtime upgrade of a cluster...?
a. Upgrades all cluster members except one at the same time
b. Is only supported in major releases (R70,to R71, R71 to R76)
c. Treats each individual cluster member as an individual gateway
d. Requires breaking the cluster and upgrading members independently.
29 Check Point Security Engineering Study Guide
Chapter
4Advanced User Management
Consistent user information is critical for proper security. Without a centralized data store, managing user information across multiple applications can be a manual, error-prone process.
Objectives:
Using an external user database such as LDAP, configure User Directory to incorporate user information for authentication services on the network.
Manage internal and external user access to resources for Remote Access or across a VPN.
Troubleshoot user access issues found when implementing Identity Awareness.
29
Chapter 4: Advanced User Management Advanced User Management Topics
Advanced User Management TopicsThe following table outlines the topics covered in the “Advanced User Management” chapter of the Check Point Security Engineering Course. This table is intended as a supplement to knowledge you have gained from the Security Engineering Courseware handbook, and is not meant to be a sole means of study.
Topic Key Element Page Number
User Management p. 91
Active Directory OU Structure
Using LDAP Servers with Check Point
LDAP User Management with User Directory
Defining an Account Unit
Configuring Active Directory
Schemas
Multiple User Directory (LDAP) Servers
Authentication Process Flow
Limitations of Authentication Flow
User Directory (LDAP) Profiles
p. 91
p. 93
p. 94
p. 95
p. 95
p. 95
p. 96
p. 96
p. 97
p. 97
Troubleshooting User Authentication and User Directory (LDAP)
p. 98
Common Configuration Pitfalls
Some LDAP Tools
Troubleshooting User Authentica-tion
p. 99
p. 99
p. 100
Identity Awareness p. 101
Table 4-1: Advanced User Management Topics
30 Check Point Security Engineering Study Guide
Advanced User Management Topics Chapter 4: Advanced User Management
Enabling AD Query
AD Query Setup
Identifying users behind an HTTP Proxy
Verifying there’s a logged on AD user at the source IP
Checking the source computer OS.
Using SmartView Tracker
p. 102
p. 103
p.104
p. 104
p. 105
p. 106
Topic Key Element Page Number
Lab 4: Configuring Smart-Dashboard to Interface with Active Directory
L-p. 133
Creating the Active Directory Object in SmartDashboard
Verify SmartDashboard Communi-cation with the AD Server
L-p. 134
L-p. 141
Table 4-2: Advanced User Management- Lab Topics
Topic Key Element Page Number
Table 4-1: Advanced User Management Topics
Check Point Security Engineering Study Guide 31
Chapter 4: Advanced User Management Sample CCSE Exam Question
Sample CCSE Exam QuestionChoose the BEST sequence for configuring user managemetn in SmartDashboard, using an LDAP server.
a. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.
b. Configure a server object for the LDAP Account Unit, and create an LDAP resource object
c. Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit.
d. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.
32 Check Point Security Engineering Study Guide
Answer Chapter 4: Advanced User Management
AnswerChoose the BEST sequence for configuring user managemetn in SmartDashboard, using an LDAP server.
a. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.
b. Configure a server object for the LDAP Account Unit, and create an LDAP resource object
c. Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit.
d. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.
Check Point Security Engineering Study Guide 33
Chapter 4: Advanced User Management Answer
34 Check Point Security Engineering Study Guide
Chapter
5Advanced IPsec VPN and Remote Access
Check Point's VPN Software Blade is an integrated software solution that provides secure connectivity to corporate networks, remote and mobile users, branch offices and business partners. The blade integrates access control, authentication and en-cryption to guarantee the security of network connections over the public Internet.
Objectives:
Using your knowledge of fundamental VPN tunnel concepts, troubleshoot a site-to-site or certificate-based VPN on a corporate gateway using IKEView, VPN log files and command-line debug tools.
Optimize VPN performance and availability by using Link Selection and Multiple Entry Point solutions.
Manage and test corporate VPN tunnels to allow for greater monitoring and scalability with multiple tunnels defined in a community including other VPN providers.
29
Chapter 5: Advanced IPsec VPN and Remote Access Advanced IPsec VPN and Remote Access
Advanced IPsec VPN and Remote AccessThe following table outlines the topics covered in the “Advanced IPsec VPN and Remote Access” chapter of the Check Point Security Engineering Course. This table is intended as a supplement to knowledge you have gained from the Security Engineering Courseware handbook, and is not meant to be a sole means of study
Topic Key Element Page Number
Advanced VPN Concepts and Practices
p. 111
IPsec
Internet Key Exchange (IKE)
IKE Key Exchange Process - Phase 1
Phase 2 Stages
p. 111
p. 111
p. 112
p. 115
Remote Access VPNs p. 118
Connection Initiation
Link Selection
p. 118
p. 119
Multiple Entry Point VPNs p. 121
How Does MEP Work
Explicit MEP
Implicit MEP
p. 121
p. 121
p. 122
Tunnel Management p. 123
Table 5-1: Advanced IPsec VPN and Remote Access Topics
30 Check Point Security Engineering Study Guide
Advanced IPsec VPN and Remote Access Chapter 5: Advanced IPsec VPN and Remote Access
Permanent Tunnels
Tunnel Testing
VPN Tunnel Sharing
Tunnel-Management Configuration
Permanent-Tunnel Configuration
Tracking Options
Advanced Permanent-Tunnel configuration
VPN Tunnel Sharing Configuration
p. 123
p. 124
p. 124
p. 125
p. 126
p. 126
p. 127
p. 127
Troubleshooting p. 128
VPN Debug p. 129
vpn debug Command
vpn debug on | off
vpn debug ikeon |ikeoff
vpn Log Files
vpn debug trunc
VPN Environment Variables
vpn Command
vpn tu
Comparing SAs
Examples
VPN Encryption Issues
Example 1
Example 2
p. 129
p. 130
p. 130
p. 130
p. 130
p. 131
p. 131
p. 132
p. 132
p. 133
p. 133
p. 134
p. 134
Topic Key Element Page Number
Table 5-1: Advanced IPsec VPN and Remote Access Topics
Check Point Security Engineering Study Guide 31
Chapter 5: Advanced IPsec VPN and Remote Access Advanced IPsec VPN and Remote Access
Topic Key Element Page Number
Lab 5: Configure Site-to-Site VPNs with Third Party Certificates
L-p. 143
Configure Access to the Active Directory Server
Create the Certificate
Importing the Certificate Chain and Generating Encryption Keys
Installing the Certificate
Environment Specific Configuration
Testing the VPN Using 3rd Party Certificates
L-p. 144
L-p. 149
L-p. 151
L-p. 164
L-p. 167
L-p. 178
Lab 6: Remote Access with Endpoint Security VPN
L-p. 179
Defining LDAP Users and Groups
Configuring LDAP User Access
Defining Encryption Rules
Defining Remote Access Rules
Configuring the Client Side
L-p. 180
L-p. 190
L-p. 201
L-p. 203
L-p. 210
Table 5-2: Advanced IPsec VPN and Remote Access Topics - Lab Topics
32 Check Point Security Engineering Study Guide
Sample CCSE Exam Question Chapter 5: Advanced IPsec VPN and Remote Access
Sample CCSE Exam QuestionRemote clients are using IPSec VPN to authenticate via LDAP server to connect to the organization. Which gateway process is responsible for the authentication?:
a. vpnd
b. cvpnd
c. fwm
d. fwd
Check Point Security Engineering Study Guide 33
Chapter 5: Advanced IPsec VPN and Remote Access Answer
AnswerRemote clients are using IPSec VPN to authenticate via LDAP server to connect to the organization. Which gateway process is responsible for the authentication?:
a. vpnd
b. cvpnd
c. fwm
d. fwd
34 Check Point Security Engineering Study Guide
Chapter
6Auditing and Reporting
The SmartEvent Software Blade turns security information into action with real-time security event correlation and management for Check Point security gateways and third-party devices. SmartEvent’s unified event analysis identifies critical se-curity events from the clutter, while correlating events across all security systems. Its automated aggregation and correlation of data not only minimizes the time spent analyzing log data, but also isolates and prioritizes the real security threats.
The SmartReporter Software Blade centralizes reporting on network, security, and user activity and consolidates the data into concise predefined and custom-built re-ports. Easy report generation and automatic distribution save time and money.
Objectives:
Create Events or use existing event definitions to generate reports on specific network traffic using SmartReporter and SmartEvent in order to provide industry compliance information to management.
Using your knowledge of SmartEvent architecture and module communication, troubleshoot report generation given command-line tools and debug-file information.
35
Chapter 6: Auditing and Reporting Auditing and Reporting Topics
Auditing and Reporting TopicsThe following table outlines the topics covered in the “Auditing and Reporting” chapter of the Check Point Security Engineering Course. This table is intended as a supplement to knowledge you have gained from the Security Engineering Courseware handbook, and is not meant to be a sole means of study.
Topic Key Element Page Number
Auditing and Reporting Process
p. 139
Auditing and Reporting Standards p. 139
SmartEvent p. 141
SmartEvent Intro p. 142
SmartEvent Architecture p. 143
Component Communication Pro-cess
Event Policy User Interface
p. 144
p. 145
SmartReporter p. 154
Report Types p. 156
Table 6-6: Using SmartUpdate Topics
Topic Key Element Page Number
Lab 7: SmartEvent and SmartReporter
L-p. 219
Configure the Network Object in SmartDashboard L-p. 220
Table 6-7: Using SmartUpdate - Lab Topics
36 Check Point Security Engineering Study Guide
Auditing and Reporting Topics Chapter 6: Auditing and Reporting
Configuring Security Gateways to work with SmartEvent L-p. 224
Monitoring Events with SmartEvent L-p. 232
Generate Reports Based on Activities L-p. 237
Topic Key Element Page Number
Table 6-7: Using SmartUpdate - Lab Topics
Check Point Security Engineering Study Guide 37
Chapter 6: Auditing and Reporting Sample CCSE Exam Question
Sample CCSE Exam QuestionHow many Events can be shown at one time in the Event preview pane?
a. 5,000
b. 30,000
c. 15,000
d. 1,000
38 Check Point Security Engineering Study Guide
Chapter 6: Auditing and Reporting Answer
AnswerHow many Events can be shown at one time in the Event preview pane?
a. 5,000
b. 30,000
c. 15,000
d. 1,000
39 Check Point Security Engineering Study Guide