Copyright 2013 Check Point Software Technologies, Inc. All rights reserved.

Check Point Security Engineering

Study Guide
R76 Edition


.

.

.

.

.
iii
2013 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under
licensing restricting their use, copying, distribution, and de-compilation. No part of this product or related
documentation may be reproduced in any form or by any means without prior written authorization of Check
Point. While every precaution has been taken in the preparation of this book, Check Point assumes no
responsibility for errors or omissions. This publication and features described herein are subject to change
without notice.
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph
(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR
52.227-19.
TRADEMARKS:
Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks.
Refer to the Third Party copyright notices (http:// www.checkpoint.com/
3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses.
iv
0
International Headquarters: 5 HaSolelim Street
Tel Aviv 67897, Israel
Tel: +972-3-753 4555
U.S. Headquarters: 959 Skyway Road, Suite 300
San Carlos, CA 94070
Tel: 650-628-2000
Fax: 650-654-4233
Technical Support, Education
& Professional Services:
6330 Commerce Drive, Suite 120
Irving, TX 75063
Tel: 972-444-6612
Fax: 972-506-7913
E-mail any comments or questions about our courseware to course-
[email protected].
For questions or comments about other Check Point documentation,
e-mail [email protected].
Document #: CPTS-DOC-CCSE-SG-R76
Preface
1
The Check Point Certified Security
Engineering Exam
The Check Point Security Engineering course provides an understanding of upgrad-
ing and advanced configuration of Check Point software blades, installing and man-
aging VPNs (on both internal and external networks), gaining the maximum
security from Security Gateways, and resolving Gateway performance issues. The
Check Point Security Engineering Study Guide supplements knowledge you have
gained from the Security Engineering course, and is not a sole means of study.
The Check Point Certified Security Engineering #156-315.13 exam covers the fol-
lowing topics:
The process for backup of a Security Gateway and Management Server
using your understanding of the differences between backups, snapshots,
and upgrade-exports.
The process for upgrade of Management Server using a database
migration.
How to perform debugs on firewall processes.
Building, testing and troubleshooting a ClusterXL Load Sharing
deployment on an enterprise network.
Building, testing and troubleshooting a ClusterXL High Availability
deployment on an enterprise network.
Preface: The Check Point Certified Security Engineering Exam
2 Check Point Security Engineering Study Guide
Building, testing and troubleshooting a management HA deployment
on an enterprise network.
Configuring, maintaining and troubleshooting SecureXL and CoreXL
acceleration solutions on the corporate network traffic to ensure
noted performance enhancement on the firewall.
Building, testing and troubleshooting a VRRP deployment on an
enterprise network.
Using an external user database such as LDAP, to configure User
Directory to incorporate user information for authentication services
on the network.
Managing internal and external user access to resources for Remote
Access or across a VPN.
Troubleshooting a site-to-site or certificate-based VPN on a
corporate gateway using IKEView, VPN log files and command-line
debug tools.
Optimizing VPN performance and availability using Link Selection
and Multiple Entry Point solutions.
Managing and testing corporate VPN tunnels to allow for greater
monitoring and scalability with multiple tunnels defined in a
community including other VPN providers.
Creating Events and using existing event definitions to generate
reports on specific network traffic using SmartReporter and
SmartEvent in order to provide industry compliance information to
management.
Troubleshoot report generation given command-line tools and
debug-file information.
Preface: The Check Point Certified Security Engineering Exam
Check Point Security Engineering Study Guide 3
Frequently Asked Questions
The table below provides answers to commonly asked questions about
the Check Point CCSE #156-315.13 exams:
Question Answer
What are the Check Point rec-
ommendations and prerequi-
sites?
Check Point recommends you have at least 6
months to 1 year of experience with the prod-
ucts, before attempting to take the CCSE
# 156-315.13 exam. In addition, you should
also have basic networking knowledge, knowl-
edge of Windows Server and/or UNIX, and
experience with TCP/IP and the Internet.
Check Point also recommends you take the
Check Point Security Engineering class from a
Check Point Authorized Training Center
(ATC). We recommend you take this class
before taking the CCSE # 156-315.13 exam.
Check Point ATCs also offer Check Points
comprehensive #156-315.13 Exam Prep
course (only available at Check Point ATCs).
To locate an ATC, see:
http://atc.checkpoint.com/
atclocator/locateATC
How do I register? Check Point exams are offered through Pearson
VUE, a third-party testing vendor with more
than 3,500 testing centers worldwide.
Pearson VUE offers a variety of registration
options. Register via the Web or visit a specific
testing center. Registrations at a testing center
may be made in advance or on the day you
wish to test, subject to availability. For same-
day testing, contact the testing center directly.
Locate a testing center from the VUE Pearson
Web site:
www.pearsonvue.com
Preface: The Check Point Certified Security Engineering Exam
4 Check Point Security Engineering Study Guide
What is the exam structure? The exams are composed of multiple-choice
and scenario questions. There is no partial
credit for incorrectly marked questions.
How long is the exam?
Do I get extra time, if I am not
a native English speaker?
The following countries are given 90 minutes
to complete the exam. All other regions get 120
minutes:
Australia
Bermuda
Canada
Japan
New Zealand
Ireland
South Africa
UK
US
What are the pre-requisites for
the CCSE R76 exam?
CCSA R70,CCSA 71, CCSA R75, or CCSA
R76.
How can I update my R65
certification?
If you have any CCSA R60 certification, take
the CCSA R70/71 Update Training Blade to
update your CCSA certification. If you have a
CCSE R60 certification, take the CCSE
R70/71 Update Training Blade to update your
CCSE certification.
How long is my certification
valid?
Check Point certifications are valid for 2 years.
CCMAs are valid for 3 years. Any certification
more than three (3) years old is not considered
current. Certifications become inactive after
five years. Your benefits may be suspended if
your certification is not current. Your certifica-
tion can be maintained with annual continuing
education credits.
Question Answer
Preface: The Check Point Certified Security Engineering Exam
Check Point Security Engineering Study Guide 5
What are continuing education
credits?
Continuing education credits help you maintain
Check Point certifications without starting over
with every product release. Continuing educa-
tion credits can be earned in a variety of ways
like completing shorter training lessons (Train-
ing Blades), by participating in our test devel-
opment process, and even attending CPX.
What are the pre-requisites for
CCMA?
CCSE is mandatory; CCMSE is suggested.
Do you have a test-out option? Though highly recommended, it is not a
requirement to attend a training course before
challenging the exam. You may test at any
time, however it is advised you spend at least 6
months working with Check Point products
before attempting to achieve certification.
Are study materials available? Free study guides and practice exams are avail-
able for download at
http://www.checkpoint.com/services/
education/index.html#resources.
Courseware can be purchased on our eStore
and Training is available from an ATC.
Check Point ATCs also offer Check Points
comprehensive #156-315.13 Exam Prep
course (only available at Check Point ATCs).
How soon can I re-take an
exam if I fail?
If you fail an exam you must wait 24 hours
before your 2nd attempt, and 30 days for the
3rd attempt. Once you pass a test you cannot
take it again for a higher score.
Can I get exam insurance? Students automatically get a 50% re-take dis-
count on any 2nd attempt of the CCSA and
CCSE R76 exams.
Question Answer
Preface: The Check Point Certified Security Engineering Exam
6 Check Point Security Engineering Study Guide
I only failed by 1 point and
based on my calculations I
should have passed what
happened?
The function of certification is to provide proof
the Check Point Certified professional is
qualified to protect the lifeblood of
organizations their data. Check Point takes
this very seriously and we constantly strive to
administer the most effective exams. Passing is
calculated by comparing the number of ques-
tions answered correctly versus the number of
questions answered incorrectly. Not all sections
of the test are weighted equally.
Can I take any R65 level
exams?
No, all R65 exams have been retired except for
the Japanese versions. Our philosophy is to
provide training and certification only for
current technologies so our partners and cus-
tomers will always benefit from the latest secu-
rity advancements.
Where can I find more informa-
tion about Check Point Certi-
fied Professionals?
The Check Point Certified Professionals web-
site and newsletter are a benefit which contain
special information and resources that are not
available to the public.
What happens when I pass my
exam? When will I receive my
Certificate?
After you pass a Check Point exam at VUE,
your exam results are uploaded. On the 15th
and 30th, we process all certification results
and order certification kits. It takes 6-8 weeks
to receive your certificate. Your advanced
access to Secure Knowledge and the Certified
Professionals website is established once you
achieve certification.
Why cant I have more than
one account at Pearson VUE
test centers?
Check Point only allows one Pearson VUE
account to track your Check Point exams. If
you change companies, please update the
contact information in your Pearson VUE
account instead of creating a new one so your
Check Point certifications will follow you. You
can verify your accounts with Customer Ser-
vice here:
http://www.vue.com/checkpoint/contact/
Question Answer
Preface: The Check Point Certified Security Engineering Exam
Check Point Security Engineering Study Guide 7
What happens if someone gets
caught cheating? How do you
prevent it?
Every individual who takes an exam signs our
Non-disclosure agreement. Anyone caught in
the act of cheating or sharing exam items will
have their Check Point certifications revoked
for 2 years. All testing privileges and partner
program participation will be deactivated
during this time. Check Point collaborates with
major technology companies to prevent cheat-
ing through test pattern analysis and distribu-
tion best practices. Together we identify and
take legal action against unauthorized test cen-
ters and inaccurate brain dump sites.
What are the benefits of Check
Point certification?
Check Point Certified Professionals receive
access to the Advanced SecureKnowledge
base, Certified Professionals only website and
quarterly newsletter for 2 years. Check Point
Certified Master Architects (CCMA) receive 3
years Expert level access to SecureKnowledge.
How do take a Training Blade
exam?
You can purchase Training Blades at http://
store.checkpoint.com. Please forward your
email confirmation to:
[email protected] for access to
the exam. Please include your Check Point Cer-
tified Professional ID# for credit. Your certifi-
cation ID# is generated when you create an
account at Pearson VUE. If you have any ques-
tions about your ID#, please email:
[email protected].
How do I access my certifica-
tion benefits?
Make sure your Check Point User Center (UC)
email address matches the email address regis-
tered with Pearson VUE. Your UC profile will
automatically be updated with each certifica-
tion, including advanced access to Secure-
Knowledge and the Certified Professionals
only website. If you have any problems or
questions about your benefits please email:
[email protected]
Question Answer
Preface: The Check Point Certified Security Engineering Exam
8 Check Point Security Engineering Study Guide
For more exam and course information, see:
http://www.checkpoint.com/services/education/
Chapter
7
1
Upgrading
Upgrades are used to save Check Point product configurations, Security Policies, and
objects, so that Security Administrators do not need to re-create Gateway and Security
Management Server configurations.
Chapter Objectives:
Perform a backup of a Security Gateway and Management Server using your
understanding of the differences between backups, snapshots, and upgrade-exports.
Upgrade and troubleshoot a Management Server using a database migration.
Upgrade and troubleshoot a clustered Security Gateway deployment.
Chapter 1: Upgrading Upgrading Topics
8 Check Point Security Engineering Study Guide
Upgrading Topics
The following table outlines the topics covered in the Upgrading
chapter of the Check Point Security Engineering Course. This table is
intended as a supplement to knowledge you have gained from the
Security Engineering Courseware handbook, and is not meant to be a
sole means of study.
Topics Key Elements
Page
Numbers
Backup and Restore Secu-
rity Gateways and Man-
agement Servers
p. 11
Snapshot management
Upgrade Tools
Backup Schedule Recommenda-
tions
Upgrade Tools
Performing Upgrades
Support Contract
p. 11
p. 12
p. 12
p. 12
p. 13
p.13
Upgrading Standalone
Full High Availability
p. 16
Table 1-1: Upgrade Topics
Topic Key Element
Page
Number
Lab 1: Upgrading to Check
Point R76 L-p. 1
Install Security Management Server L-p. 2
Table 1-2: Upgrading to Check Point R76 - Lab Topics
Upgrading Topics Chapter 1: Upgrading
Check Point Security Engineering Study Guide 9
Migrating Management server Data L-p. 6
Importing the Check Point Database L-p. 30
Launch SmartDashboard L-p. 34
Upgrading the Security Gateway L-p. 36
Topic Key Element
Page
Number
Table 1-2: Upgrading to Check Point R76 - Lab Topics
Chapter 1: Upgrading Sample CCSE Exam Question
10 Check Point Security Engineering Study Guide
Sample CCSE Exam Question
During an upgrade to the management server, the contract file is
transferred to a gateway when the gateway is upgraded. Where is the
contract file retrieved from
a. ISO
b. Technical Support
c. Management.
d. User Center.
Answer Chapter 1: Upgrading
Check Point Security Engineering Study Guide 11
Answer
During an upgrade to the management server, the contract file is
transferred to a gateway when the gateway is upgraded. Where is the
contract file retrieved from
a. ISO
b. Technical Support
c. Management.
d. User Center...
Chapter 1: Upgrading Answer
12 Check Point Security Engineering Study Guide
Chapter
17
2
Advanced Firewall
The Check Point Firewall Software Blade builds on the award-winning technology,
first offered in Check Points firewall solution, to provide the industrys best gate-
way security with identity awareness. Check Points firewalls are trusted by 100%
of Fortune 100 companies and deployed by over 170,000 customers. Check Point
products have demonstrated industry leadership and continued innovation since the
introduction of FireWall-1 in 1994.
Objectives:
Using knowledge of Security Gateway infrastructure, including chain modules,
packet flow and kernel tables to describe how to perform debugs on firewall
processes.
Chapter 2: Advanced Firewall Advanced Firewall Topics
18 Check Point Security Engineering Study Guide
Advanced Firewall Topics
The following table outlines the topics covered in the Advanced
Firewall chapter of the Check Point Security Engineering Course. This
table is intended as a supplement to knowledge you have gained from
the Security Engineering Courseware handbook, and is not meant to be
a sole means of study..
Topic Key Element
Page
Number
Check Point Firewall Infra-
structure
p. 21
GUI Clients
Management
p. 21
p. 21
Security Gateway p. 22
User and Kernel Mode Processes
CPC Core Process
FWM
FWD
CPWD
Inbound and Outbound Packet Flow
Inbound FW CTL Chain Modules
Outbound Chain Modules
Columns in a Chain
Stateful Inspection
p. 23
p. 24
p. 24
p. 25
p. 25
p. 26
p. 27
p. 28
p. 29
p. 30
Kernel Tables p. 32
Connections Table
Connections Table Format
p. 33
p. 44
Check Point Firewall Key
Features
p. 35
Table 2-1: Advanced Firewall Topics
Advanced Firewall Topics Chapter 2: Advanced Firewall
Check Point Security Engineering Study Guide 19
Packet Inspection Flow
Policy Installation Flow
Policy Installation Process
Policy Installation Process Flow
p. 35
p. 36
p. 38
p. 39
NAT p. 41
How NAT Works
Hide NAT Process
Security Servers
How a Security Server Works
Basic Firewall Administration
Common Commands
p. 41
p. 42
p. 43
P. 43
p. 44
p. 45
FW Monitor p. 46
What is FW Monitor
C2S Connections and S2C Packets
fw monitor
p. 46
p. 47
p. 48
Topic Key Element
Page
Number
Lab 2: Core CLI Elements
of Firewall Administration
L-p. 43
Policy Management and Status
Verification from the CLI L-p. 44
Using cpinfo L-p. 47
Table 2-2: Advanced Firewall - Lab Topics
Topic Key Element
Page
Number
Table 2-1: Advanced Firewall Topics
Chapter 2: Advanced Firewall Advanced Firewall Topics
20 Check Point Security Engineering Study Guide
Run cpinfo on the Security
Management Server L-p. 52
Analyzing cpinfo in InfoView
(Optional) L-p. 53
using fw ctl pstat L-p. 58
Using tcpdump L-p. 62
Topic Key Element
Page
Number
Table 2-2: Advanced Firewall - Lab Topics
Sample CCSE Exam Question Chapter 2: Advanced Firewall
Check Point Security Engineering Study Guide 21
Sample CCSE Exam Question
User definitions are stored in __________________
a. $FWDIR/conf/fwmuser.conf
b. $FWDIR/conf/users/NDB
c. $FWDIR/conf/fwauth.NDB
d. $FWDIR/conf/conf/fwusers.conf
Chapter 2: Advanced Firewall Answer
22 Check Point Security Engineering Study Guide
Answer
User definitions are stored in __________________
a. $FWDIR/conf/fwmuser.conf
b. $FWDIR/conf/users/NDB
c. $FWDIR/conf/fwauth.NDB
d. $FWDIR/conf/conf/fwusers.conf
Chapter 2: Advanced Firewall Answer
24 Check Point Security Engineering Study Guide
Chapter
23
3
Clustering and Acceleration
Whether your preferred network redundancy protocol is Check Point ClusterXL
technology or standard VRRP protocol, it is no longer a platform choice you will
have to make with Gaia. Both ClusterXL and VRRP are fully supported by Gaia,
and Gaia is available to all Check Point Appliances, open servers and virtualized
environments. There are no more trade-off decisions between required network pro-
tocols and preferred security platforms/functions.
Objectives:
Build, test and troubleshoot a ClusterXL Load Sharing deployment on an
enterprise network.
Build, test and troubleshoot a ClusterXL High Availability deployment on an
enterprise network.
Build, test and troubleshoot a management HA deployment on an enterprise
network.
Configure, maintain and troubleshoot SecureXL and CoreXL acceleration
solutions on the corporate network traffic to ensure noted performance
enhancement on the firewall.
Build, test and troubleshoot a VRRP deployment on an enterprise network.
Chapter 3: Clustering and Acceleration Clustering and Acceleration Topics
24 Check Point Security Engineering Study Guide
Clustering and Acceleration Topics
The following table outlines the topics covered in the Clustering and
Acceleration chapter of the Check Point Security Engineering Course.
This table is intended as a supplement to knowledge you have gained
from the Security Engineering Courseware handbook, and is not meant
to be a sole means of study..
Topic Key Element
Page
Number
VRRP p. 53
VRRP vs ClusterXL
Monitored Circuit VRRP
Troubleshooting VRRP
p. 53
p. 57
p. 57
Clustering and Accelera-
tion
p. 60
Clustering Terms
ClusterXL
Cluster Synchronization
Synchronized-Cluster Restrictions
Securing the Sync Interface
To Synchronize or Not to Synchro-
nize
p. 61
p. 62
p. 63
p. 64
p. 64
p. 65
ClusterXL: Load Sharing p. 66
Multicast Load Sharing
Unicast Load Sharing
How Packets Travel Through a Uni-
cast LS Cluster
Sticky Connections
p. 66
p. 66\p.
p. 67
p. 68
Maintenance Tasks and
Tools
p. 70
Table 3-1: Clustering and Acceleration Topics
Clustering and Acceleration Topics Chapter 3: Clustering and Acceleration
Check Point Security Engineering Study Guide 25
Perform a Manual Failover of the
FW Cluster
Advanced Cluster Configuration
Examples
p. 70
p. 71
Management HA p. 72
The Management High Availability
Environment
Active vs. Standby
What Data is Backed Up?
Synchronization Modes
Synchronization Status
p. 72
p. 73
p. 73
p. 73
p. 74
SecureXL: Security Accel-
eration
p. 75
What SecureXL Does
Packet Acceleration
Session Rate Acceleration
Masking the Source Port
Application Layer Protocol - An
Example with HTTP
HTTP 1.1
Factors that Preclude Acceleration
Factors that Preclude Templating
(Session Acceleration)
Packet Flow
VPN Capabilities
p. 75
p. 75
p. 76
p. 76
p. 76
p. 78
p. 79
p. 78
p. 80
p. 81
CoreXL: Multicore Accel-
eration
p. 82
Topic Key Element
Page
Number
Table 3-1: Clustering and Acceleration Topics
Chapter 3: Clustering and Acceleration Clustering and Acceleration Topics
26 Check Point Security Engineering Study Guide
Supported Platforms and Features
Default Configuration
Processing Core Allocation
Allocating Processing Cores
Adding Processing Cores to the
Hardware
Allocating an Additional Core to
the SND
Allocating a Core for Heavy Log-
ging
Packet Flows with SecureXL
Enabled
p. 82
p. 83
p. 83
p. 84
p. 84
p. 85
p. 85
p. 86
Topic Key Element
Page
Number
Lab 3 Migrating to a Clus-
tering Solution
L-p. 63
Installing and Configuring the
Secondary Security Gateway L-p. 64
Re-configuring the Primary
Gateway L-p. 76
Configuring Management Server
Routing L-p. 79
Configuring the Cluster Object L-p. 82
Testing High Availability L-p. 107
Table 3-2: Clustering and Acceleration - Lab Topics
Topic Key Element
Page
Number
Table 3-1: Clustering and Acceleration Topics
Clustering and Acceleration Topics Chapter 3: Clustering and Acceleration
Check Point Security Engineering Study Guide 27
Installing the Secondary
Management Server L-p. 111
Configuring Management High
Availability
L-p. 119
Topic Key Element
Page
Number
Table 3-2: Clustering and Acceleration - Lab Topics
Chapter 3: Clustering and Acceleration Sample CCSE Exam Question
28 Check Point Security Engineering Study Guide
Sample CCSE Exam Question
A zero downtime upgrade of a cluster...?
a. Upgrades all cluster members except one at the same time
b. Is only supported in major releases (R70,to R71, R71 to R76)
c. Treats each individual cluster member as an individual gateway
d. Requires breaking the cluster and upgrading members
independently.
Chapter 3: Clustering and Acceleration Answer
29 Check Point Security Engineering Study Guide
Answer
A zero downtime upgrade of a cluster...?
a. Upgrades all cluster members except one at the same time
b. Is only supported in major releases (R70,to R71, R71 to R76)
c. Treats each individual cluster member as an individual gateway
d. Requires breaking the cluster and upgrading members
independently.
Chapter
29
4
Advanced User Management
Consistent user information is critical for proper security. Without a centralized
data store, managing user information across multiple applications can be a manual,
error-prone process.
Objectives:
Using an external user database such as LDAP, configure User Directory
to incorporate user information for authentication services on the
network.
Manage internal and external user access to resources for Remote Access
or across a VPN.
Troubleshoot user access issues found when implementing Identity
Awareness.
Chapter 4: Advanced User Management Advanced User Management Topics
30 Check Point Security Engineering Study Guide
Advanced User Management Topics
The following table outlines the topics covered in the Advanced User
Management chapter of the Check Point Security Engineering Course.
This table is intended as a supplement to knowledge you have gained
from the Security Engineering Courseware handbook, and is not meant
to be a sole means of study.
Topic Key Element
Page
Number
User Management p. 91
Active Directory OU Structure
Using LDAP Servers with Check
Point
LDAP User Management with User
Directory
Defining an Account Unit
Configuring Active Directory
Schemas
Multiple User Directory (LDAP)
Servers
Authentication Process Flow
Limitations of Authentication Flow
User Directory (LDAP) Profiles
p. 91
p. 93
p. 94
p. 95
p. 95
p. 95
p. 96
p. 96
p. 97
p. 97
Troubleshooting User
Authentication and User
Directory (LDAP)
p. 98
Common Configuration Pitfalls
Some LDAP Tools
Troubleshooting User Authentica-
tion
p. 99
p. 99
p. 100
Identity Awareness p. 101
Table 4-1: Advanced User Management Topics
Advanced User Management Topics Chapter 4: Advanced User Management
Check Point Security Engineering Study Guide 31
Enabling AD Query
AD Query Setup
Identifying users behind an HTTP
Proxy
Verifying theres a logged on AD
user at the source IP
Checking the source computer OS.
Using SmartView Tracker
p. 102
p. 103
p.104
p. 104
p. 105
p. 106
Topic Key Element
Page
Number
Lab 4: Configuring Smart-
Dashboard to Interface
with Active Directory
L-p. 133
Creating the Active Directory
Object in SmartDashboard
Verify SmartDashboard Communi-
cation with the AD Server
L-p. 134
L-p. 141
Table 4-2: Advanced User Management- Lab Topics
Topic Key Element
Page
Number
Table 4-1: Advanced User Management Topics
Chapter 4: Advanced User Management Sample CCSE Exam Question
32 Check Point Security Engineering Study Guide
Sample CCSE Exam Question
Choose the BEST sequence for configuring user managemetn in
SmartDashboard, using an LDAP server.
a. Configure a workstation object for the LDAP server, configure a
server object for the LDAP Account Unit, and enable LDAP in
Global Properties.
b. Configure a server object for the LDAP Account Unit, and create
an LDAP resource object
c. Enable LDAP in Global Properties, configure a host-node object
for the LDAP server, and configure a server object for the LDAP
Account Unit.
d. Configure a server object for the LDAP Account Unit, enable
LDAP in Global Properties, and create an LDAP resource object.
Answer Chapter 4: Advanced User Management
Check Point Security Engineering Study Guide 33
Answer
Choose the BEST sequence for configuring user managemetn in
SmartDashboard, using an LDAP server.
a. Configure a workstation object for the LDAP server, configure a
server object for the LDAP Account Unit, and enable LDAP in
Global Properties.
b. Configure a server object for the LDAP Account Unit, and create
an LDAP resource object
c. Enable LDAP in Global Properties, configure a host-node
object for the LDAP server, and configure a server object for the
LDAP Account Unit.
d. Configure a server object for the LDAP Account Unit, enable
LDAP in Global Properties, and create an LDAP resource object.
Chapter 4: Advanced User Management Answer
34 Check Point Security Engineering Study Guide
Chapter
29
5
Advanced IPsec VPN
and Remote Access
Check Point's VPN Software Blade is an integrated software solution that provides
secure connectivity to corporate networks, remote and mobile users, branch offices
and business partners. The blade integrates access control, authentication and en-
cryption to guarantee the security of network connections over the public Internet.
Objectives:
Using your knowledge of fundamental VPN tunnel concepts,
troubleshoot a site-to-site or certificate-based VPN on a corporate
gateway using IKEView, VPN log files and command-line debug tools.
Optimize VPN performance and availability by using Link Selection and
Multiple Entry Point solutions.
Manage and test corporate VPN tunnels to allow for greater monitoring
and scalability with multiple tunnels defined in a community including
other VPN providers.
Chapter 5: Advanced IPsec VPN and Remote Access Advanced IPsec VPN and Remote Access
30 Check Point Security Engineering Study Guide
Advanced IPsec VPN and Remote Access
The following table outlines the topics covered in the Advanced IPsec
VPN and Remote Access chapter of the Check Point Security
Engineering Course. This table is intended as a supplement to
knowledge you have gained from the Security Engineering Courseware
handbook, and is not meant to be a sole means of study
Topic Key Element
Page
Number
Advanced VPN Concepts
and Practices
p. 111
IPsec
Internet Key Exchange (IKE)
IKE Key Exchange Process - Phase
1
Phase 2 Stages
p. 111
p. 111
p. 112
p. 115
Remote Access VPNs p. 118
Connection Initiation
Link Selection
p. 118
p. 119
Multiple Entry Point VPNs p. 121
How Does MEP Work
Explicit MEP
Implicit MEP
p. 121
p. 121
p. 122
Tunnel Management p. 123
Table 5-1: Advanced IPsec VPN and Remote Access Topics
Advanced IPsec VPN and Remote Access Chapter 5: Advanced IPsec VPN and Remote Access
Check Point Security Engineering Study Guide 31
Permanent Tunnels
Tunnel Testing
VPN Tunnel Sharing
Tunnel-Management Configuration
Permanent-Tunnel Configuration
Tracking Options
Advanced Permanent-Tunnel
configuration
VPN Tunnel Sharing Configuration
p. 123
p. 124
p. 124
p. 125
p. 126
p. 126
p. 127
p. 127
Troubleshooting p. 128
VPN Debug p. 129
vpn debug Command
vpn debug on | off
vpn debug ikeon |ikeoff
vpn Log Files
vpn debug trunc
VPN Environment Variables
vpn Command
vpn tu
Comparing SAs
Examples
VPN Encryption Issues
Example 1
Example 2
p. 129
p. 130
p. 130
p. 130
p. 130
p. 131
p. 131
p. 132
p. 132
p. 133
p. 133
p. 134
p. 134
Topic Key Element
Page
Number
Table 5-1: Advanced IPsec VPN and Remote Access Topics
Chapter 5: Advanced IPsec VPN and Remote Access Advanced IPsec VPN and Remote Access
32 Check Point Security Engineering Study Guide
Topic Key Element
Page
Number
Lab 5: Configure Site-to-
Site VPNs with Third Party
Certificates
L-p. 143
Configure Access to the Active
Directory Server
Create the Certificate
Importing the Certificate Chain and
Generating Encryption Keys
Installing the Certificate
Environment Specific
Configuration
Testing the VPN Using 3rd Party
Certificates
L-p. 144
L-p. 149
L-p. 151
L-p. 164
L-p. 167
L-p. 178
Lab 6: Remote Access with
Endpoint Security VPN
L-p. 179
Defining LDAP Users and Groups
Configuring LDAP User Access
Defining Encryption Rules
Defining Remote Access Rules
Configuring the Client Side
L-p. 180
L-p. 190
L-p. 201
L-p. 203
L-p. 210
Table 5-2: Advanced IPsec VPN and Remote Access Topics - Lab Topics
Sample CCSE Exam Question Chapter 5: Advanced IPsec VPN and Remote Access
Check Point Security Engineering Study Guide 33
Sample CCSE Exam Question
Remote clients are using IPSec VPN to authenticate via LDAP server to
connect to the organization. Which gateway process is responsible for
the authentication?:
a. vpnd
b. cvpnd
c. fwm
d. fwd
Chapter 5: Advanced IPsec VPN and Remote Access Answer
34 Check Point Security Engineering Study Guide
Answer
Remote clients are using IPSec VPN to authenticate via LDAP server to
connect to the organization. Which gateway process is responsible for
the authentication?:
a. vpnd
b. cvpnd
c. fwm
d. fwd
Chapter
35
6
Auditing and Reporting
The SmartEvent Software Blade turns security information into action with real-
time security event correlation and management for Check Point security gateways
and third-party devices. SmartEvents unified event analysis identifies critical se-
curity events from the clutter, while correlating events across all security systems.
Its automated aggregation and correlation of data not only minimizes the time spent
analyzing log data, but also isolates and prioritizes the real security threats.
The SmartReporter Software Blade centralizes reporting on network, security, and
user activity and consolidates the data into concise predefined and custom-built re-
ports. Easy report generation and automatic distribution save time and money.
Objectives:
Create Events or use existing event definitions to generate reports on
specific network traffic using SmartReporter and SmartEvent in order to
provide industry compliance information to management.
Using your knowledge of SmartEvent architecture and module
communication, troubleshoot report generation given command-line
tools and debug-file information.
Chapter 6: Auditing and Reporting Auditing and Reporting Topics
36 Check Point Security Engineering Study Guide
Auditing and Reporting Topics
The following table outlines the topics covered in the Auditing and
Reporting chapter of the Check Point Security Engineering Course.
This table is intended as a supplement to knowledge you have gained
from the Security Engineering Courseware handbook, and is not meant
to be a sole means of study.
Topic Key Element
Page
Number
Auditing and Reporting
Process
p. 139
Auditing and Reporting Standards p. 139
SmartEvent p. 141
SmartEvent Intro p. 142
SmartEvent Architecture p. 143
Component Communication Pro-
cess
Event Policy User Interface
p. 144
p. 145
SmartReporter p. 154
Report Types p. 156
Table 6-6: Using SmartUpdate Topics
Topic Key Element
Page
Number
Lab 7: SmartEvent and
SmartReporter
L-p. 219
Configure the Network Object in
SmartDashboard L-p. 220
Table 6-7: Using SmartUpdate - Lab Topics
Auditing and Reporting Topics Chapter 6: Auditing and Reporting
Check Point Security Engineering Study Guide 37
Configuring Security Gateways to
work with SmartEvent
L-p. 224
Monitoring Events with SmartEvent L-p. 232
Generate Reports Based on
Activities L-p. 237
Topic Key Element
Page
Number
Table 6-7: Using SmartUpdate - Lab Topics
Chapter 6: Auditing and Reporting Sample CCSE Exam Question
38 Check Point Security Engineering Study Guide
Sample CCSE Exam Question
How many Events can be shown at one time in the Event preview pane?
a. 5,000
b. 30,000
c. 15,000
d. 1,000
Chapter 6: Auditing and Reporting Answer
39 Check Point Security Engineering Study Guide
Answer
How many Events can be shown at one time in the Event preview pane?
a. 5,000
b. 30,000
c. 15,000
d. 1,000