1 / 199

Check Point Security Administration II NGX R65

Check Point Security Administration II NGX R65. Slide Graphic Legend. Course Objectives. Part 1: Updating and Upgrading Chapter 1: SmartUpdate Identify the common operational features of SmartUpdate. Use SmartUpdate to create an upgrade package.

haroun
Download Presentation

Check Point Security Administration II NGX R65

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Check Point Security Administration IINGX R65

  2. Slide Graphic Legend

  3. Course Objectives • Part 1: Updating and Upgrading • Chapter 1: SmartUpdate • Identify the common operational features of SmartUpdate. • Use SmartUpdate to create an upgrade package. • Upgrade and attach product licenses using SmartUpdate. • Chapter 2: Upgrading VPN-1 • Determine which VPN-1 upgrade strategy is appropriate, given a variety of scenarios. • Determine VPN-1 license requirements, based on upgrade strategy.

  4. Course Objectives • Part 2: Virtual Private Networks • Chapter 3: Encryption and VPNs • Explain encryption for VPNs. • Compare and contrast common encryption methods. • Describe the process for setting up a encrypted VPN tunnels. • Chapter 4: Introduction to VPNs • Select the appropriate VPN deployment to meet requirements, given a variety of scenarios. • Configure VPN-1 to support site-to-site VPNs, given a variety of business requirements. • Adjust NGX R65 VPN configuration settings to correct a problem, given symptoms of a configuration problem.

  5. Course Objectives • Chapter 5: Site-to-Site VPNs • Select the appropriate VPN deployment to meet requirements, given a variety of scenarios. • Configure VPN-1 to support site-to-site VPNs, given a variety of business requirements. • Adjust VPN configuration settings to correct a problem, given symptoms of a configuration problem. • Chapter 6: Remote Access VPNs • Configure VPN-1 to support remote-access VPNs, given a variety of business requirements.

  6. Course Objectives • Part 3: High Availability and ClusterXL • Chapter 7: High Availability and ClusterXL • Identify the features and limitations of Management High Availability. • Identify the benefits and limitations of different modes in a ClusterXL configuration. • Configure a ClusterXL VPN, given a specific business scenario. • Implement and test State Synchronization, given a business scenario.

  7. PrefaceCheck Point Security Administration IINGX (R65)

  8. Course Layout • Prerequisites • Check Point Certified Security Expert (CCSE)

  9. Recommended Setup for Labs • Recommended Lab Topology

  10. Recommended Setup for Labs • IP Addresses • Lab Terms

  11. Check Point Security Architecture • PURE Security

  12. Check Point Security Architecture • Check Point Components

  13. Check Point Security Architecture • Unified Security Architecture

  14. Check Point Security Architecture • Broad Range of Security Solutions

  15. Check Point Security Architecture • Network Security • Data Security • Security Management • Services

  16. Training and Certification • CCMA • Learn More

  17. Part 1: Updating and Upgrading • Chapter 1: SmartUpdate • Chapter 2: Upgrading VPN-1

  18. 1 • SmartUpdate

  19. Objectives 1 • Identify the common operational features of SmartUpdate. • Use SmartUpdate to create an upgrade package. • Upgrade and attach product licenses using SmartUpdate.

  20. Introduction to SmartUpdate 1 • Optional component of VPN-1 that automatically distributes software applications and updates for Check Point and OPSEC certified products • Manages product licenses

  21. Introduction to SmartUpdate 1 • SmartUpdate Architecture

  22. Upgrading Packages 1 • Prerequisites for Remote Upgrades • Retrieving Data From VPN-1 Gateways • Adding New Packages to the Package Repository • Verifying the Viability of a Distribution • Transferring Files to Remote Devices • Upgrading Edge Firmware with SmartUpdate • Rebooting the VPN-1 Gateway • Recovering From a Failed Upgrade • Deleting Packages From the Package Repository

  23. Managing Licenses 1 • Central license: package license tied to IP address of SmartCenter Server • Local license: package license tied to IP address of VPN-1 Gateway, and cannot be transferred to Gateway with different IP address • License Upgrade • Retrieving License Data From VPN-1 Gateways • CPInfo • SmartUpdate Command Line

  24. 1 • Updating an Installation with SmartUpdate

  25. Review Questions & Answers 1 • What can be upgraded remotely using SmartUpdate?

  26. Review Questions & Answers 1 • VPN-1 Gateways • Hotfixes, HFAs, and patches • Third-party OPSEC applications • UTM Edge devices • Nokia operating systems • Check Point SecurePlatform

  27. Review Questions & Answers 1 • What two repositories does SmartUpdate install on the SmartCenter Server?

  28. Review Questions & Answers 1 • License & Contract Repository in $FWDIR\conf • Package Repository in C:\SUroos (Windows), /var/suroot (UNIX)

  29. Review Questions & Answers 1 • What does the Pre-Install Verifier check?

  30. Review Questions & Answers 1 • Operating-system compatibility • Disk-space availability • Package not already installed • Package dependencies met

  31. Review Questions & Answers 1 • What are the benefits of using a central license?

  32. Review Questions & Answers 1 • Only one IP address is needed for all licenses. • A license can be moved from one Gateway to another. • A license remains valid when changing Gateway IP addresses.

  33. 2 • Upgrading VPN-1

  34. Objectives 2 • Determine which VPN-1 upgrade strategy is appropriate, given a variety of scenarios. • Determine VPN-1 license requirements, based on upgrade strategy.

  35. Preinstallation Configuration 2 • Remove any services not running that might be considered a security risk. • Ensure your network and Gateway are properly configured, with special emphasis on routing. • Log in to each of the hosts, and Ping the other hosts. • Enable IP routing/forwarding. • Confirm that DNS is working properly. • Note names/IP addresses of the Gateway’s interfaces. • Confirm Gateway’s name corresponds to IP address of Gateway’s external interface. • Isolate the computers on which you will be installing VPN-1 components from the network. • Verify you have correct version of software for all VPN-1 components.

  36. Distributed Installation 2 • VPN-1 Client/Server Configuration

  37. Upgrading To VPN-1 NGX R65 2 • Upgrade Guidelines • Upgrade Order • Upgrade Export/Import • Upgrading via SmartUpdate

  38. VPN-1 Backward Compatibility 2 • Supported Versions

  39. Licensing VPN-1 2 • Obtaining Licenses • Supported Upgrade Paths • Contract Verification

  40. Performing License Upgrade 2 • Two Upgrade Methods • Trial Licenses

  41. Pre-Upgrade Considerations 2 • Pre-Upgrade Verification Tool • Web Intelligence License Enforcement • Upgrading on SecurePlatform

  42. Upgrading SmartCenter Server 2 • Using the Pre-Upgrade Verification Tool

  43. Gateway Upgrade 2 • Gateway Upgrade with SmartUpdate

  44. Review Questions & Answers 2 • What is the correct order for a VPN-1 upgrade?

  45. Review Questions & Answers 2 • SmartCenter Server first, then Security Gateway

  46. Review Questions & Answers 2 • What should be done before installing a VPN-1 Security Gateway?

  47. Review Questions & Answers 2 • Remove any services not running that may be a security risk. • Make sure your network and Gateway are properly configured. • Test network communication. • Enable IP routing/forwarding • Confirm DNS is working properly. • Note the names and IP addresses of the Gateway’s interfaces. • Confirm the Gateway is shown in the hosts files correctly. • Isolate the computers. • Verify the correct version of software for you OS

  48. Review Questions & Answers 2 • What methods are there for upgrading licenses?

  49. Review Questions & Answers 2 • Centrally, from the SmartCenter Server via SmartUpdate • Locally at the Check Point machine

  50. Review Questions & Answers 2 • Which products can be upgraded to NGX R65?

More Related