Beruflich Dokumente
Kultur Dokumente
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
puresecurity
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Course Objectives
Part 1: Updating and Upgrading Chapter 1: SmartUpdate
Identify the common operational features of SmartUpdate. Use SmartUpdate to create an upgrade package. Upgrade and attach product licenses using SmartUpdate.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Course Objectives
Part 2: Virtual Private Networks Chapter 3: Encryption and VPNs
Explain encryption for VPNs. Compare and contrast common encryption methods. Describe the process for setting up a encrypted VPN tunnels.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Course Objectives
Chapter 5: Site-to-Site VPNs
Select the appropriate VPN deployment to meet requirements, given a variety of scenarios. Configure VPN-1 to support site-to-site VPNs, given a variety of business requirements. Adjust VPN configuration settings to correct a problem, given symptoms of a configuration problem.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Course Objectives
Part 3: High Availability and ClusterXL Chapter 7: High Availability and ClusterXL
Identify the features and limitations of Management High Availability. Identify the benefits and limitations of different modes in a ClusterXL configuration. Configure a ClusterXL VPN, given a specific business scenario. Implement and test State Synchronization, given a business scenario.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
puresecurity
Course Layout
Prerequisites Check Point Certified Security Expert (CCSE)
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
10
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
11
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
12
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
13
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
14
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
15
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
16
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
17
1
SmartUpdate
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Objectives
Identify the common operational features of SmartUpdate. Use SmartUpdate to create an upgrade package. Upgrade and attach product licenses using SmartUpdate.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
19
Introduction to SmartUpdate
Optional component of VPN-1 that automatically distributes software applications and updates for Check Point and OPSEC certified products Manages product licenses
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
20
Introduction to SmartUpdate
SmartUpdate Architecture
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
21
Upgrading Packages
Prerequisites for Remote Upgrades Retrieving Data From VPN-1 Gateways Adding New Packages to the Package Repository Verifying the Viability of a Distribution Transferring Files to Remote Devices Upgrading Edge Firmware with SmartUpdate Rebooting the VPN-1 Gateway Recovering From a Failed Upgrade Deleting Packages From the Package Repository
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
22
Managing Licenses
Central license: package license tied to IP address of SmartCenter Server Local license: package license tied to IP address of VPN-1 Gateway, and cannot be transferred to Gateway with different IP address License Upgrade Retrieving License Data From VPN-1 Gateways CPInfo SmartUpdate Command Line
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
23
1
Updating an Installation with SmartUpdate
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
25
VPN-1 Gateways Hotfixes, HFAs, and patches Third-party OPSEC applications UTM Edge devices Nokia operating systems Check Point SecurePlatform
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
26
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
27
License & Contract Repository in $FWDIR\conf Package Repository in C:\SUroos (Windows), /var/suroot (UNIX)
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
28
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
29
Operating-system compatibility Disk-space availability Package not already installed Package dependencies met
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
30
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
31
Only one IP address is needed for all licenses. A license can be moved from one Gateway to another. A license remains valid when changing Gateway IP addresses.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
32
2
Upgrading VPN-1
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Objectives
Determine which VPN-1 upgrade strategy is appropriate, given a variety of scenarios. Determine VPN-1 license requirements, based on upgrade strategy.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
34
Preinstallation Configuration
Remove any services not running that might be considered a security risk. Ensure your network and Gateway are properly configured, with special emphasis on routing. Log in to each of the hosts, and Ping the other hosts. Enable IP routing/forwarding. Confirm that DNS is working properly. Note names/IP addresses of the Gateways interfaces. Confirm Gateways name corresponds to IP address of Gateways external interface. Isolate the computers on which you will be installing VPN-1 components from the network. Verify you have correct version of software for all VPN-1 components.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
35
Distributed Installation
VPN-1 Client/Server Configuration
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
36
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
37
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
38
Licensing VPN-1
Obtaining Licenses Supported Upgrade Paths Contract Verification
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
39
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
40
Pre-Upgrade Considerations
Pre-Upgrade Verification Tool Web Intelligence License Enforcement Upgrading on SecurePlatform
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
41
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
42
Gateway Upgrade
Gateway Upgrade with SmartUpdate
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
43
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
44
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
45
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
46
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
47
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
48
Centrally, from the SmartCenter Server via SmartUpdate Locally at the Check Point machine
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
49
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
50
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
51
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
52
3
Encryption and VPNs
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Objectives
Explain encryption for VPNs. Compare and contrast common encryption methods. Describe the process for setting up a encrypted VPN tunnels.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
54
Securing Communication
Privacy
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
55
Securing Communication
Shared-Secret Key
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
56
Securing Communication
Symmetric Encryption
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
57
Securing Communication
Symmetric Disadvantages Asymmetric Encryption
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
58
Securing Communication
Diffie-Hellman Encryption
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
59
Securing Communication
Integrity
Hash Function
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
60
Securing Communication
Authentication
Digital Signature
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
61
Securing Communication
Two Phases of Encryption Encryption Algorithms
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
62
IKE
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
63
IKE
Tunneling-Mode Encryption
Encrypted Packet
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
64
Certificate Authorities
Certificates Multiple Certificate Authorities Certificate Authority Hierarchy
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
65
Certificate Authorities
Local Certificate Authority
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
66
Certificate Authorities
CA Service via the Internet
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
67
Certificate Authorities
Internal Certificate Authority CA Public Keys
CA Action
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
68
Certificate Authorities
Creating Certificates
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
69
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
70
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
71
2. Which encryption system uses a different key for encryption and decryption?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
72
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
73
3. What two modes does VPN-1 supply for IKE Phase 1 between Gateways?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
74
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
75
4. Which encryption method encapsulates an entire packet, adding its own encryption protocol header to the packet?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
76
Tunnel-mode encryption
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
77
4
Introduction to VPNs
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Objectives
Select the appropriate VPN deployment to meet requirements, given a variety of scenarios. Configure VPN-1 to support site-to-site VPNs, given a variety of business requirements. Adjust NGX R65 VPN configuration settings to correct a problem, given symptoms of a configuration problem.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
79
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
80
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
81
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
82
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
83
VPN Deployments
Site-to-Site VPNs
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
84
VPN Deployments
Remote-Access VPNs
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
85
VPN Implementation
Three Critical VPN Components
Complete VPN
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
86
VPN Implementation
VPN Setup
Two-Network Configuration
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
87
VPN Implementation
How a VPN Works
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
88
VPN Implementation
VPN Tunnel
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
89
VPN Implementation
VPN Communities
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
90
VPN Implementation
VPN Topologies
Basic Meshed Community
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
91
VPN Implementation
Star VPN Community
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
92
VPN Implementation
Choosing a Topology
Star and Mesh Combined
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
93
VPN Implementation
Different Encryptions in Mesh Communities
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
94
VPN Implementation
Special Condition
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
95
VPN Implementation
Three VPN Communities
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
96
VPN Implementation
Authentication Between Community Members Dynamically Assigned IP Gateways Routing Traffic Within a VPN Community Access Control and VPN Communities
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
97
VPN Implementation
Access Control in VPN Communities
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
98
VPN Implementation
Special Considerations for Planning a VPN Topology
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
99
VPN Implementation
Integrating VPNs into a Rule Base
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
101
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
102
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
103
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
104
A VPN Community in which a VPN site can create a VPN tunnel with any other VPN site within the Community
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
105
3. Which is the preferred means of authentication between VPN Community members, and why?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
106
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
107
4. If both domain-based VPN and route-based VPN are configured, which will take precedence?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
108
Domain-based VPN
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
109
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
110
Who needs secure/private access? From the point of view of the VPN, what will be the structure of the organization? How will externally managed Gateways authenticate?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
111
5
Site-to-Site VPNs
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Objectives
Select the appropriate VPN deployment to meet requirements, given a variety of scenarios. Configure VPN-1 to support site-to-site VPNs, given a variety of business requirements. Adjust VPN configuration settings to correct a problem, given symptoms of a configuration problem.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
113
Site-to-Site VPN
Domain-Based VPN
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
114
Site-to-Site VPN
Simple VPN Routing
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
115
Site-to-Site VPN
Route-Based VPN VPN Routing Process for VTIs
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
116
Site-to-Site VPN
Routing to a Virtual Interface
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
117
Site-to-Site VPN
Route-Based VPN
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
118
Site-to-Site VPN
Routing Multicast Packets Through VPN Tunnels
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
119
Site-to-Site VPN
Multicasting
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
120
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
121
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
122
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
123
Wire Mode
Wire Mode in a MEP Configuration
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
124
Wire Mode
Wire Mode in MEP
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
125
Wire Mode
Wire Mode with Route-Based VPN
Wire Mode in a Satellite Community
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
126
Wire Mode
Wire Mode Between Two VPN Communities
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
127
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
128
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
129
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
130
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
131
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
132
2
Two-Gateway IKE Encryption (Shared Secret)
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
3
Two-Gateway IKE Encryption (Certificates)
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
1. What type of VPN does the use of VPN tunnel interfaces support?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
135
Route-based VPNs
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
136
2. What are the three types of VPN tunnel sharing supported by VPN-1?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
137
One VPN tunnel per each pair of hosts One VPN tunnel per subnet pair One VPN tunnel per Gateway pair
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
138
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
139
Improves connectivity by allowing existing connections to fail over successfully by bypassing firewall enforcement, and relying on the security of the trusted VPN connection itself
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
140
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
141
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
142
6
Remote Access VPNs
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Objectives
Configure VPN-1 to support remote-access VPNs, given a variety of business requirements.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
144
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
145
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
146
Office Mode
How Office Mode Works
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
147
Office Mode
Office Mode Process
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
148
IP Pool vs. DHCP Routing-Table Modifications Multiple External Interfaces Before Configuring Office Mode
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
149
Policy Expiration and Renewal Policy Server HA Wireless Hotspot/Hotel Registration Logging SecureClient Mobile
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
150
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
151
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
152
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
153
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
154
Clientless VPN
Clientless VPN provides secure SSL-based communication between clients and servers that support HTTPS. Two phases:
Establishing a secure channel Communication phase
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
155
Clientless VPN
Communication Phase
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
156
Clientless VPN
Special Considerations for Clientless VPN Configuring Clientless VPN Creating Appropriate Rules in the Rule Base
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
157
4
Configuring Remote Access in an IKE VPN
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
5
Using SecuRemote in an IKE VPN
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
6
Remote Access and Office Mode
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
7
SSL Network Extender
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
6 1.
When a SecuRemote/SecureClient needs to know the elements of the organizations internal network to build a connection, how is that information sent?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
162
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
163
6 2.
What is the most recommended and manageable method for client-Gateway authentication?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
164
Digital Certificates
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
165
6 3.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
166
Nonroutable IP addresses; Office Mode enables a VPN-1 Gateway to assign a remote client an IP address.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
167
6 4.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
168
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
169
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
170
7
High Availability and ClusterXL
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
Objectives
Identify the features and limitations of Management High Availability. Identify the benefits and limitations of different modes in a ClusterXL configuration. Configure a ClusterXL VPN, given a specific business scenario. Implement and test State Synchronization, given a business scenario.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
172
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
173
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
174
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
175
ClusterXL
VPN-1 Gateway Cluster
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
176
ClusterXL
Load Sharing
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
177
ClusterXL Modes
Legacy High Availability Mode New High Availability Mode Load Sharing Multicast Mode Load Sharing Unicast (Pivot) Mode
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
178
ClusterXL Modes
Load Sharing Unicast Mode
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
179
ClusterXL Modes
Cluster Member Forwarding Packet
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
180
ClusterXL Modes
Cluster Control Protocol
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
181
Synchronizing Clusters
The Synchronization Network How State Synchronization Works Synchronized-Cluster Restrictions
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
182
Sticky Connections
The Sticky Decision Function
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
183
cpha Commands
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
184
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
185
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
186
8
Deploying New Mode HA
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
9
Load Sharing Unicast (Pivot) Mode
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
10
Configuring Load Sharing Multicast Mode (Optional)
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
8 1.
For Management HA to function properly, what data must be synchronized and backed up?
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
190
8 2.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
192
Ensures no data is lost in case of a cluster member failure; all connection information and VPN state information is synchronized between the members.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
193
8 3.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
194
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
195
8 4.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
196
Full sync, which transfers all VPN-1 kernel-table information from one cluster member to another Delta sync, which transfers changes in the kernel tables between cluster members
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
197
8 5.
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
198
puresecurity
2003-2007 Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential.
199