The CCSM course provides an understanding of the advanced concepts and skills necessary to troubleshoot and optimize Check Point Security Gateways and Management Servers so that they run at their peak efficiency.

(Supported Versions: R80.10, R80.20)

•    Obtain a deeper knowledge of the Check Point Security Management Architecture.
•    Understand management processes and debugs.
•    Understand how GuiDBedit operates.
•    Understand how fw monitor captures packets.
•    Understand how to use the fw debug process and debug infrastructures for User mode debugging.
•    Discuss how to enable and use core dumps.
•    Understand how to troubleshoot and debug SmartConsole and policy installation issues.
•    Understand how to troubleshoot and debug NAT.
•    Understand client side and server-side NAT.
•    Describe how to configure port mapping services. 
•    Recognize how to debug VPN-related issues.
•    Understand the processes and components used for policy installation and packet processing.
•    Understand how to troubleshoot and debug Application Control and URL Filtering issues.
•    Understand how to debug HTTPS inspection.
•    Understand how to troubleshoot and debug Content Awareness, Anti-Bot and Antivirus, and Threat Prevention software blade issues. 
•    Discuss how to use the IPS Bypass feature.
•    Understand how to to reduce IPS false positives.
•    Understand hardware and operating system performance of Security Gateways.
•    Understand how to evaluate hardware performance.
•    Discover tools used in monitoring CPU utilization.
•    Understand how to monitor cluster status and work with critical devices.
•    Recognize how to troubleshoot synchronization.
•    Recognize how to work with accelerated traffic.
•    Understand how to use fwaccel dbg and sim dbg.
•    Understand how to configure CoreXL for performance.
•    Understand how to deploy IPv6.

This course is for customers and partners who

want to learn the advanced skills to troubleshoot

and configure Check Point Security Gateway and

Management Software Blades:

• System Administrators

• Security Engineers

• Network Engineers

• R80 CCSEs seeking higher certification or R77 CCSMs looking to recertify

• R80 CCSE or R77 CCSM

• General knowledge of TCP/IP

• Working knowledge of Windows and UNIX

• Working knowledge of network technology

• Working knowledge of Internet technology

COURSE TOPICS

Chapter 1: Advanced Database Management

Chapter 2: Kernel Mode and User Mode Troubleshooting

Chapter 3: SmartConsole and Policy Management

Chapter 4: Advanced Network Address Translation

Chapter 5: VPN Troubleshooting

Chapter 6: Troubleshooting Access Control Policies

Chapter 7: Troubleshooting Threat Prevention Policies

Chapter 8: Optimization and Tuning

Chapter 9: Advanced Clustering

Chapter 10: Acceleration Debugging

Chapter 11: IPv6

 LAB EXERCISES

• Perform Solr database queries and review the results.

• Use debug files to troubleshoot SmartConsole.

• Use debug commands to explore common management issues.

• Demonstrate how to troubleshoot two methods of Automatic NAT.

• Demonstrate how to manually configure NAT.

• Configure port mapping of services as an alternative to performing NAT.

• Use vpn debug tools to identify issues that may have occurred during encryption

• Manipulate IPS settings to enhance performance and reduce false positives.

• Evaluate network security conditions using the Check Point CheckMe tool.

• Use policy settings to improve performance of Security Gateways.

• Tune the Security Policy for improved Security Gateway performance

• Evaluate the Security Gateway cluster conditions by examining the debug files.

• Demonstrate how to manage connections in a clustered environment.

• Demonstrate how to debug Security Management Server synchronization

• Demonstrate how to identify the cause of acceleration related issues.

• Demonstrate how to configure advanced CoreXL settings

• Define and test communication in an IPv6 environment

Please note that Check Point only offer e-kit courseware for training courses. Each delegate will be provided with an official set of e-kit courseware.