So aproaching the last day of CCSE training.
Many thanks to Yasushi Kono for the interersting days, a lot of fun and insides.
Finshed this day.
Those are my personal notes towards the certification and do not reflect any training from Check Point
For official Information please refer to sk163417.
| Start | 08:30 |
| End | 17:00 |
- Chapter 7: Advanced Site-to-Site VPN (LAB)
- Chapter 8: Check Point Remote Access VPN
- Chapter 9: Check Point Mobile Access VPN
- Chapter 10: Advanced Security Monitoring
- Chapter 11: Performance Tuning
- Chapter 12: Advanced Security Maintainance
Chapter 7: Advanced Site-to-Site VPN (LAB)
Chapter 8: Check Point Remote Access VPN
IPSec VPN
Chapter 9: Check Point Mobile Access VPN
SSL VPN
ReverseProxyCLI
ReverseProxyCLI
Usage :
ReverseProxyCLI <OPTIONS>
<OPTIONS> :
1. on : Enable Reverse Proxy
2. off : Disable Reverse Proxy
3. show : Reverse Proxy information display
4. add : Add a Reverse Proxy rule or application
5. edit : Edit an existing Reverse Proxy rule
6. remove : Remove an existing Reverse Proxy rule
7. apply : Apply changes
Chapter 10: Advanced Security Monitoring
Display Company logo in reports: ${RTDIR}/smartview/conf/
On the Smart Event Server create: cover-company-logo.png
Chapter 11: Performance Tuning
nmon
cpstat
SecureXL Paths
cpview
fwaccel
fwaccel stat
+---------------------------------------------------------------------------------+
|Id|Name |Status |Interfaces |Features |
+---------------------------------------------------------------------------------+
|0 |KPPAK |enabled |eth1,eth2,eth3,Mgmt |Acceleration,Cryptography |
| | | | | |
| | | | |Crypto: Tunnel,UDPEncap,MD5, |
| | | | |SHA1,3DES,DES,AES-128,AES-256,|
| | | | |ESP,LinkSelection,DynamicVPN, |
| | | | |NatTraversal,AES-XCBC,SHA256, |
| | | | |SHA384,SHA512 |
+---------------------------------------------------------------------------------+
Accept Templates : enabled
Drop Templates : enabled
NAT Templates : enabled
LightSpeed Accel : disabled
fwaccel stats
Name Value Name Value
---------------------------- ------------------- ---------------------------- -------------------
LightSpeed Accelerated Path
--------------------------------------------------------------------------------------------------------
hw accel inbound bytes 0 hw accel packets 0
hw accel outbound bytes 0 C hw accel conns 0
hw accel total conns 0 C hw accel tcp conns 0
C hw accel non-tcp conns 0
Accelerated Path
--------------------------------------------------------------------------------------------------------
accel packets 0 accel bytes 0
outbound packets 0 outbound bytes 0
conns created 0 conns deleted 0
C total conns 0 C TCP conns 0
C non TCP conns 0 nat conns 0
dropped packets 0 dropped bytes 0
fragments received 0 fragments transmit 0
fragments dropped 0 fragments expired 0
IP options dropped 0 corrs created 0
corrs deleted 0 C corrections 0
corrected packets 0 corrected bytes 0
Accelerated VPN Path
--------------------------------------------------------------------------------------------------------
C crypt conns 0 enc bytes 0
dec bytes 0 ESP enc pkts 0
ESP enc err 0 ESP dec pkts 0
ESP dec err 0 ESP other err 0
espudp enc pkts 0 espudp enc err 0
espudp dec pkts 0 espudp dec err 0
espudp other err 0
Medium Streaming Path
--------------------------------------------------------------------------------------------------------
CPASXL packets 0 PSLXL packets 0
CPASXL async packets 0 PSLXL async packets 0
CPASXL bytes 0 PSLXL bytes 0
C CPASXL conns 0 C PSLXL conns 0
CPASXL conns created 0 PSLXL conns created 0
PXL FF conns 0 PXL FF packets 0
PXL FF bytes 0 PXL FF acks 0
PXL no conn drops 0
Pipeline Streaming Path
--------------------------------------------------------------------------------------------------------
PSL Pipeline packets 0 PSL Pipeline bytes 0
CPAS Pipeline packets 0 CPAS Pipeline bytes 0
QoS Paths
--------------------------------------------------------------------------------------------------------
QoS General Information:
------------------------
Total QoS Conns 0 QoS Classify Conns 0
QoS Classify flow 0 Reclassify QoS policy 0
FireWall QoS Path:
------------------
Enqueued IN packets 0 Enqueued OUT packets 0
Dequeued IN packets 0 Dequeued OUT packets 0
Enqueued IN bytes 0 Enqueued OUT bytes 0
Dequeued IN bytes 0 Dequeued OUT bytes 0
Accelerated QoS Path:
---------------------
Enqueued IN packets 0 Enqueued OUT packets 0
Dequeued IN packets 0 Dequeued OUT packets 0
Enqueued IN bytes 0 Enqueued OUT bytes 0
Dequeued IN bytes 0 Dequeued OUT bytes 0
Firewall Path
--------------------------------------------------------------------------------------------------------
F2F packets 46244465 F2F bytes 8559355200
TCP violations 0 F2V conn match pkts 0
F2V packets 0 F2V bytes 0
GTP
--------------------------------------------------------------------------------------------------------
gtp tunnels created 0 gtp tunnels 0
gtp accel pkts 0 gtp f2f pkts 0
gtp spoofed pkts 0 gtp in gtp pkts 0
gtp signaling pkts 0 gtp tcpopt pkts 0
gtp apn err pkts 0
General
--------------------------------------------------------------------------------------------------------
memory used 43550884 C tcp handshake conns 0
C tcp established conns 0 C tcp closed conns 0
C tcp pxl handshake conns 0 C tcp pxl established conns 0
C tcp pxl closed conns 0 DNS DoR stats 0
(*) Statistics marked with C refer to current value, others refer to total value
fwaccel6
echo cphwd_nat_templates_enable=1 >>/etc/fw.boot/modules/fwkern.conf
echo cphwd_nat_templates_support=1 >>/etc/fw.boot/modules/fwkern.conf
Multiq
mq_mng --show
Total 4 cores. Available for MQ 1 cores
i/f driver driver mode state mode (queues) cores
actual/avail
------------------------------------------------------------------------------------------------
Mgmt igb Kernel Up Auto 0
eth1 igb Kernel Up Auto 0
eth2 igb Kernel Up Auto 0
eth3 igb Kernel Up Auto 0
mq_mng -o
Total 4 cores. Available for MQ 1 cores
i/f driver driver mode state mode (queues) cores
actual/avail
------------------------------------------------------------------------------------------------
Mgmt igb Kernel Up Auto 0
eth1 igb Kernel Up Auto 0
eth2 igb Kernel Up Auto 0
eth3 igb Kernel Up Auto 0
Patrick Marc's Networks 