Tento kurz poskytuje studentům základní dovednosti potřebné k efektivnímu řešení problémů na serverech Quantum Security Management Server a Security Gateway, které běží na operačním systému Gaia. Po úvodu do problematiky troubleshootingu jsou probírány základy monitorování provozu a pořizování packet capture, následované analýzou zachycených paketů pomocí rozhraní CLI i nástroje Wireshark. Následně se pozornost přesouvá na procesy, SmartConsole, sběr logů a řešení problémů v oblastech Identity Awareness, Application Control a URL Filtering.

• Security Administrators

• Security Engineers

• Security Analysts

• Security Consultants

• Security Architects

• Unix-like and/or Windows OS

• Internet Fundamentals

• Networking Fundamentals

• Networking Security

• System Administration

• TCP/IP Networking

• Text Editors in Unix-like OS

Module 1: Introduction to Troubleshooting

• Identify the principles of troubleshooting methodology.

• Understand how to use the OSI (Open Systems Interconnection) model for cause isolation.

• Identify resources available to troubleshoot Check Point Security Gateways and Security Management Servers that run on the Gaia operating system.

Lab Tasks

• Analyze Resources and Performance

• Analyze System Information with CPStat

• Analyze Statistical Data with CPView

• Collect CPInfo Output on the Security Management Server

• Collect CPInfo Output on the Security Gateway

• Analyze the CPInfo Output

Module 2: Traffic Monitoring Fundamentals

• Describe the functions of packet captures.

• Describe how logs and monitoring are used when troubleshooting.

• Investigate and troubleshoot potential traffic flow issues.

• Monitor network activity and performance.

Lab Tasks

• Analyze Logs

• Trace Rules and Craft Policy

• Test Policy and NAT Rules

• Examine Routing and State Logging

Module 3: Packet Capture Fundamentals

• Understand the impact of packet captures and packet capture limitations.

• Understand the use and limitations of four tools that can be used when capturing packets.

• Investigate and troubleshoot potential traffic flow issues using packet captures.

• Monitor network activity and performance using packet captures.

Lab Tasks

• Capture Traffic with the FW Monitor Expression Filter

• Capture Traffic with the FW Monitor Simple Filter

• Capture Traffic with the tcpdump Utility

• Capture Traffic with Check Point PCAP

Module 4: Packet Capture Analysis Using CLI

• Identify command line output formats for tcpdump, cppcap, fw monitor -e, and fw monitor -F.

• Identify cppcap flags and their impact on output verbosity.

• Understand how CPMonitor can be used during packet capture analysis.

• Analyze packet captures in CLI.

Lab Tasks

• Create Issues

• Troubleshoot Fundamental Traffic Issues

• Troubleshoot Policy Configuration Issues

• Troubleshoot Routing Issues

• Troubleshoot NAT Issues

• Restore the environment

Module 5: Packet Capture Analysis Using Wireshark

• Understand Wireshark coloring rules and the modifications you can make.

• Identify file saving methodology for captures being analyzed in Wireshark.

• Analyze packet captures in Wireshark.

Lab Tasks

• Configure Wireshark for use with Check Point

• Save Packet Captures

• Analyze FW Monitor Packet Captures in Wireshark

• Analyze Interface Packet Captures in Wireshark

Module 6: Check Point Processes Troubleshooting Processes Troubleshooting

• Demonstrate an understanding of user space, kernel space, and Check Point User Space Firewall processes.

• Investigate and troubleshoot process issues.

Lab Tasks

• Verify Process States

• Analyze Process Connectivity Certified Troubleshooting Administrator (CCTA) DOC-TDS-CCTA-R82-V1.0 FRAMEWORK FOR SUCCESS Prepare for Success | Learn from Experts | Expand your Knowledge

Module 7: SmartConsole Troubleshooting

• Investigate and troubleshoot issues with Check Point SmartConsole.

Lab Tasks

• Activate the Bad Actor

• Troubleshoot SmartConsole Login Issues

• Restore the Environment

Module 8: Log Collection Troubleshooting

• Troubleshoot log collection issues and interrupted communications.

Lab Tasks

• Activate the Bad Actor

• Troubleshoot Gateway Log Connectivity

• Troubleshoot the Security Management Server Log Collection

• Restore the Environment

Module 9: Identity Awareness Troubleshooting

• Identify and use the appropriate troubleshooting commands/tools to resolve advanced Identity Awareness issues.

Lab Tasks

• Activate the Bad Actor

• Troubleshoot Identity Awareness

• Restore the Environment

Module 10: Application Control and URL Filtering Troubleshooting

• Investigate and troubleshoot Application Control and URL Filtering issues.

Lab Tasks

• Activate the Bad Actor

• Troubleshoot URL Filtering

• Restore the Environment