Check Point Certified Security Administrator (CCSA)

01. Next Generation Firewalls

• The difference between packet filtering, and everything else, App Control URL Filtering, AV, AB, VPN, HTTPS Inspection, etc.
• Deep Packet Inspection (DPI)

02. In-line versus Host-based Firewalls

• The purpose of this module is to discuss in-line appliances, CP does have AEP that leverages a host-based firewall, but there is a whole other solution segment dedicated to host-based firewalling, Guardicore, Illumio, etc

03. CP is based on a centrally managed architecture

• 3-tiered architecture – SmartConsole, Security Management & Security Gateway
• Security management Server (SMS)
• Gateways
• 3 deployment modes – Standalone (SMS and Gateway on same appliance), Distributed (different appliances) and Bridge (insert another gateway within the same subnet)

04. Configuration

• SmartConsole
• Application that manages the architecture centrally
• Blade activation, blade is what Check Point calls their features
• SIC
• Clustering
• Global parameters and rules
• NATing policies
• Policy rulebase for each blade
• Web User Interface (WebUI)
• Network Interfaces
• ARP config
• System Time, Logging
• Advanced Routing
• User Management
• Backup & Restore
• CPUSE
• Command Line Interface (CLI)
• Another channel to set configuration, and also use valuable tools, tools that are not available in the WebUI
• Tcpdump, FW Monitor, Zdebug, will have own sections

05. SMS-Gateway Communication

• Secure Internal Communication (SIC)
• Comm Channel between SMS and Gateway
• Policy installation
• Logs
• Internal Certificate Authority – ICA, issues certificates for the following services: SIC, VPN, Users

06. Configuration and Commands

• Local Configuration
• WebUI
• Overview – Widgets
• System Uptime, Traffic stats, Blade stats, Db Update status, Network Link status
• Basic and Advanced view
• Network Interface config
• ARP
• DHCP Server
• Host and DNS
• IPv4 Static Routes
• NetFlow Export
• System Management
• Time
• SNMP
• Messages (Banners)
• Advanced Routing
• DHCP Relay
• BGP
• IGMP
• RIP
• OSPF
• Route Aggregation
• Route Redistribution
• User Management
• Change My Password
• Users
• Roles
• Password Policy
• High Availability
• VRRP (and Advanced VRRP)
• Maintenance
• License Status
• Snapshot Management
• System Backup
• Upgrades (CPUSE)
• Status and Actions
• Software Updates Policy
• CLI – Accessed via a terminal emulator like PuTTY or ZOC on port 22, ssh
• CLISH – CLI Shell
• Most Check Point specific commands are run from this shell
• Show configuration – lists the local appliance config Db, like sh run in Cisco iOS
• Set expert-password, allows you to access the Expert prompt (Linux)
• Expert – BA Shell BASH – Password Protected
• More Linux specific commands are run from this shell
• Tcpdump, ls, etc
• Shutdown and reboot commands

07. Security Policies & Rulebase

• Overview
• Policy
• Policy Attributes
• Best Practice
• Rulebase

08. Software Blades

• Firewall
• IPSec VPN
• Mobile Access
• Application Control
• URL Filtering
• Data Loss Prevention
• IPS
• Anti-Bot
• Anti-Virus
• Threat Emulation
• Threat Extraction
• Anti-Spam & Email Security
• Identity Awareness
• Content Awareness
• QOS
• ClusterXL
• Monitoring

09. Logging and Tracing

1. Logs & Monitor
2. Tracing Tools

10. Imaging & Clustering

1. Imaging
2. ClusterXL

11. VIPs & VMACs

• Clustering the local config and SMS config
• Talking to one Virtual IP and one Virtual MAC address

12. Manage & Settings

• Permission & Administrators
• Blades
• Sessions
• Revisions
• Tags
• Preferences
• Sync with UserCenter