nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Check Point Firewall Appliances

From: Yuri Slobodyanyuk <yuri () yurisk info>
Date: Fri, 21 Dec 2012 09:33:58 +0200
Having a love-and-hate relationship with Checkpoint firewalls after working
for 6 years daily with them I am
probably biased :), but will say they are great firewalls once you know to
work with them .
If you are completely new to it I'd recommend Checkpoint CCSA/CCSE from
accredited APT course as the shortest path ,
Alternatives:
- CBT Nuggets CCSA course , but last time I checked it was for NGX R65 that
is substantially
  different from current versions, only if you can get it really cheap
- Documentation from Checkpoint site (freely available to everyone) is the
start-all end-all source (I did it
this way) takes time but in the end you will have a through understanding
of the product
- Online is a good place once you know the basics. If, on the other hand,
you don't know to do manual port-forwarding , Google will only suck your
time. But for problems/inconsistencies/debug :
   http://cpug.org - Independent forum where you can always find advice
from many knowledgeable and helpful folks ;
   http://www.cpshared.com/forums/ Same goes here - people who can
configure route-based VPNs with policy-based routing with closed eyes hang
around here
   https://forums.checkpoint.com/ Official support forums from Checkpoint,
less active than 2 above

HTH
Yuri

On Wed, Dec 19, 2012 at 9:35 PM, Blake Pfankuch <blake () pfankuch me> wrote:


Howdy,
                I am just getting into an environment with a large Check
Point deployment and I am looking for a little bit of feedback from other
real world admins.  Looking for what people like, what people don't (why
hopefully).  Also for those of you who might run Check Point devices in
your environments what to dig into first as far as getting more experience
on the devices and a better understanding of how not to break them.  I am
slowly going through all of the official documentation, but would also like
to hear a real world opinion.

Thanks in advance!

Blake





-- 
Taking challenges one by one.
http://yurisk.info
Previous By Date Next
Previous By Thread Next

Current thread: