COURSE OVERVIEW

This course provides the fundamental skills to effectively troubleshoot SMS and Gateways. The fundamentals of traffic monitoring and packet capture and analysis are covered along with Check Point processes, SmartConsole, log collection, Identity Awareness, and APCL & URL Filtering troubleshooting.

Certification Exam

This course prepares for exam #156-583

Course Schedule

WHO SHOULD ATTEND?

This course is designed for security Administrators/Engineers/Analysts/Consultants/Architects and Check Point resellers who need to manage and monitor issues that may occur within their Check Point Quantum environment.

PREREQUISITES:

• Working knowledge of UNIX and/or Windows operating systems
• Knowledge of system administration and text editors in Unix-like OS
• Working knowledge of Networking TCP/IP and the Internet
• Network Security knowledge
• Suggested CPDA course
• CCSA/CCSE certification
• Advanced knowledge of Check Point Security products

COURSE TOPICS

• Introduction to Troubleshooting
• Traffic Monitoring Fundamentals
• Packet Capture Fundamentals
• Packet Capture Analysis using CLI
• Packet Capture Analysis using Wireshark
• Check Point Processes Troubleshooting
• SmartConsole Troubleshooting
• Log Collection Troubleshooting
• Identity Awareness Troubleshooting
• Application Control & URL Filtering Troubleshooting

COURSE OBJECTIVES

• Identify the principles of troubleshooting methodology.
• Understand how to use the OSI model for cause isolation.
• Identify resources available to troubleshoot Check Point Security Gateways and SMS.
• Describe the functions of packet captures.
• Describe how logs and monitoring are used when troubleshooting.
• Understand the impact of packet captures and their limitations.
• Understand the use and limitations of four packet capture tools.
• Investigate and troubleshoot potential traffic flow issues using packet captures.
• Monitor network activity and performance using packet captures.
• Identify command line output formats for tcpdump, cppcap, fw monitor -e, and fw monitor -F.
• Identify cppcap flags and their impact on output verbosity.
• Understand how CPMonitor can be used during packet capture analysis.
• Analyze packet captures in CLI.
• Understand Wireshark coloring rules and the modifications you can make.
• Identify file saving methodology for captures being analyzed in Wireshark.
• Analyze packet captures in Wireshark.
• Demonstrate an understanding of user / kernel space, and Check Point USFW processes.
• Investigate and troubleshoot process issues.
• Investigate and troubleshoot issues with Check Point SmartConsole
• Troubleshoot log collection issues and interrupted communications.
• Identify and use the appropriate commands/tools to resolve advanced Identity Awareness issues.
• Investigate and troubleshoot Application Control and URL Filtering issues

LAB TASKS

• Analyze Resources and Performance using CPStat and CPView
• Collect and analyze CPInfo Output on the SMS and Gateway
• Analyze Logs
• Trace Rules and Craft Policy
• Test Policy and NAT Rules
• Examine Routing and State Logging
• Capture Traffic with the FW Monitor, tcpdump and cppcap
• Troubleshoot Fundamental Traffic and Routing Issues
• Troubleshoot Policy Configuration and NAT Issues
• Configure Wireshark for use with Check Point
• Analyze FW Monitor Packet Captures in Wireshark
• Verify Process States and Connectivity
• Troubleshoot SmartConsole Login Issues
• Troubleshoot SMS and Gateway Log Connectivity
• Troubleshoot Identity Awareness
• Troubleshoot URL Filtering