Agenda

Checkpoint Firewall
Training

By Vikas Rajpal
Agenda Day1
Introduction
Basics - Network & Security technologies
Why Network security
Type of Threats
Security technologies
Basics on static routing and VLANS
Advance TCP/IP concepts

Review
Question Answer session
Agenda Day2
What is Firewall ?
Why we need firewall.
Different Firewall technologies.
Limitation of firewalls

Introduction of Checkpoint Firewall

Checkpoint Product overview
Architecture in detail and various components
Licensing brief
Checkpoint deployment scenarios

LAB 1 9Basic checkpoint installation on Windows platform

Agenda Day3
Overview of SPLAT and basic commands
Understanding Network Address translation
Dynamic NAT
Static NAT
Manual NAT

Review
Question Answer session

9Basic checkpoint installation on SPLAT platform

LAB 2 Distributed environment
9Initial configuration of checkpoint gateway
Agenda:- Day4
Security Policy defined
Implicit and explicit rules.
Understanding rule base order & Rule base management
Policy command line options

Monitoring traffic and connections

User Authentication
Review & Question Answer session
9Defining Basics objects
9Configuring Antispoofing controls on gateway
LAB 3 9Defining basic rules - NAT and Security
9Command line administration and management
controls
Agenda Day5
Smart Defense
Encryption and VPN
How encryption works
IKE encryption

LDAP user management

Disaster Recovery
Review & Question Answer session

9Configuring User, Client and session authentication

LAB 4 9Configuring LDAP Authentication with smartDirectory
9Backup and restore Disaster recovery
By the end of this training, you
should be able to:-
Understanding on various threats & end to end security technologies.
Understand what technologies firewalls typically employ.
Discuss the pros and cons of different firewall technologies.
Successful installation and configuration of checkpoint firewall
How to use following graphical user interface
Smart Dashboard, Smart View Tracker
Smart View Reporter, Smart update etc..
Successfully adapt NAT rules
Successfully demonstrate ability to authenticate users
Understanding on encryption & VPN technology
Successful Recovery of firewall in case on any disaster
Troubleshoot the issues with tools like TcpDump & FW monitor
Lab Scenario -1
 Scenario -1 Activities
NGX distributed installation i.e. Firewall module on SPLAT and management center on
Windows platform.

Define basic objects in checkpoint.

Configuring anti-spoofing and basic security rule base.

Configuring Hide and Static NAT using both Automatic and manual NAT as per defined
security policy.

Verifying the security policy and address translation in Smart view tracker.

Security Policy:-
Internal /LAN users should be able to access internet services through proxy server.
LAN users should be able to access FTP/SMTP/MSTSC though firewall.
Publish internal servers on internet i.e internet users should be able to browse internal resources.
Lab Scenario -2
 Scenario -2 Activities
Defining user templates and setting authentication parameters.

Policy based static NAT to access DMZ serves.

Configuring user, client and session authentication using both checkpoint local and active
directory database

Advance Rule base function with object cloning and database revision control.

Security Policy:-
Internal /LAN users should be able to access internet services through proxy server through user, client and session authentication.
LAN users should be able to access FTP/SMTP/MSTSC through firewall module
Publishing of DMZ server on internet i.e. internet users should be able to browse internal resources.
Publishing one of DMZ server on internet with non standard port Original port should be hidden from external users.
Lab Scenario -3
 Scenario -3 Activities
Scenario 1 and 2 activities.

Blocking intruder activities through smart view tracker and checking status in smart view monitor.

Backup and restore for Disaster recovery.

Client to site virtual private network using secure remote / client

Troubleshooting and debugging using tcpdump and Fw- monitor tools

Security Policy:-

LAN and remote users should be able to access internet through proxy server and directly via firewall.
Corporate users should be able to access the internal resources through internet using IPsec VPN.
 Faculty
Vikas Rajpal Consultant presales security at IRIS
5 Years of experience in implementation and designing of end to end security
technologies with various certifications i.e. CCSA, CCSE, CEH, ISO 27001 LA,
Cisco PIX ,VPN & Radware certified.

Govil Rajpal Sr. Engineer network security at TechM

Three years of Hands on experience in managing checkpoint firewalls, Very strong
troubleshooting and analytical skills.

Contact details:- Contact details:-

Vikas Rajpal Govil Rajpal
Mail:- Vikas_rajpal@hotmail.com Mail:- govil.rajpal@gmail.com
Mobile:- 9810890614 Mobile:- 9871120103
Why We ?
Highly Qualified and experienced faculty with Strong theoretical as
well as practical knowledge.

Job Assistance for both fresher as well as professional.

Customized course material with more emphasis on troubleshooting

tools and various real scenarios

Guidance and assistance to crack interviews and certification exams.

24*7 Lab facility

Thanks
Shop no:- S-9
Second floor, Manish Plaza II, Plot no. 10
Sector 10 market, Dwarka
Landmark ;- Enigma Gym and Spa