Looks like Check Point has finally released some R75 training materials. Looks like they will also address some of the Software Blades as well. As of today however, they do not have any R75 exams (as seen from the Pearson Vue portal below):
Click for larger image
The “Self-Study” portal has not been updated with any R75 material, so we will have to wait to see if check Point will still continue with that practice (the material was actually pretty good, especially the practice exams). Looks like they have a free training video on the Application Control Blade. Unfortunately it does not come with any lab material.
One can only hope that Check Point will seriously consider updating the CCMA exam, as that material was painfully outdated. I took the written exam in April of 2011 and was disappointing to see so many in-depth questions on SmartDefense, Connectra, and (wait for it…wait for it) Interspect!!?? Seriously Check Point you owe me $300USD or at least a free testing voucher if you release a new test.
This is a quick video on a tool tucked into the Provider-1/MDM MDG. It allows you to export all of the objects from the ‘Network Objects’ view in the MDG, and then view them in Excel.
Tufin Software is releasing their latest version 6.0 today. If you have not seen this tool in a while, you will be impressed with all of the enhancements. SecureTrack has become a “must have” for anyone managing a medium large firewall environment, or an environment with multiple vendors. It supports Check Point, Cisco (ASA/PIX and IOS), Junos (network gear and firewalls), Fortinet, Palo Alto, Blue Coat, f5 and iptables.
Several key enhancements in this new version include:
Visual Topology (think of SmartMap for all of your Check Point and non-Check Point firewalls and ACLs).
Increase pattern granularity – Header rejection, HTTP worm catcher and Cifs worm catcher patterns were converted into separate protections, giving more granularity in their settings. This feature is installed during the first IPS update process (online update, offline update or scheduled update).
Implied exceptions – Built-in exceptions to allow Check Point products trusted traffic.
Support for UTM-1 Edge 8.2 gateways.
Security Gateway
IPS Geo database – The Geo country-ranges database accuracy has been significantly improved.
Security Gateway 80
Support for VPN Link Selection.
Support for local masters file.
Improved communication when Security Management server is behind NAT.
Support for IGMP Proxy.
Windows 7 32-bit and 64-bit Support
Secure Workspace supports Windows 7 32-bit and 64-bit.
Mobile Access clients with Windows 7 64-bit can connect to Connectra and SSL VPN gateways.
Support for SSL Network Extender Application mode and Network mode for Windows 7 32-bit and 64- bit.
Enhanced Secure Workspace
Faster and better performance.
Enhanced allowed application configuration by software vendor. You can easily allow all applications from a specific vendor.
VPN Client
This version includes a deployment package of Endpoint Security VPN R75, which replaces SecureClient and Endpoint Connect. For automatic deployment of the new VPN client, select a client upgrade mode in Global Properties > Remote Access > Endpoint Connect.
Some interesting new enhancements (from the notes):
Security Management
IPS improvements
SmartEvent enhancements
Increase pattern granularity – Header rejection, Http worm catcher and Cifs worm catcher patterns were converted into separate protections, giving more granularity in their settings. This feature is installed during the first IPS update process (online update, offline update or scheduled update).
Implied exceptions – Built-in exceptions to allow Check Point products trusted traffic.
Support for UTM-1 Edge 8.2 gateways
New Remote Access Client Support
Improved SSL Network Extender application control by software vendor so you can easily choose to allow all applications from a specific vendor
Security Gateway
IPS Geo database – The Geo country-ranges database accuracy has been significantly improved.
Security Gateway 80 Series
Support for VPN Link Selection
Support for local masters file
Improved communication when Security Management server is behind NAT
Support for IGMP Proxy
Windows 7 32-bit and 64-bit Support
Secure Workspace supports Windows 7 32-bit and 64-bit.
Mobile Access clients with Windows 7 64-bit can connect to Connectra and SSL VPN gateways
Support for SSL Network Extender Application mode and Network mode for Windows 7 32-bit and 64-bit.
Enhanced Secure Workspace
Faster and better performance.
Enhanced allowed application configuration by software vendor. You can easily allow all applications from a specific vendor.
VPN Client
This version includes a deployment package of Endpoint Security VPN R75, which replaces SecureClient
and Endpoint Connect. For automatic deployment of the new VPN client, select a client upgrade mode in
Global Properties > Remote Access > Endpoint Connect.
Another temporary “dead-end” release. This means that there are now two releases (R71.30 and R71.40) that cannot be upgraded directly to R75. Also interesting that you can upgrade from R70.40 to R71.40, so you now have two options to move off R70.40: R71.20 and R71.40. I am running out of room on the Roadmap and Upgrade Path diagrams, so I have to see how I can fit this new information.
Below are the latest diagrams for all the R7x releases.
Click for .pdf
Click for .pdf
Click for .pdf
Click for .pdf
The following was modified:
Now reflects R75.10 GA links and information
Noted that R65.4 cannot be upgraded directly to R70, R71, or R75
Finally, wanted to note that there have been over 15,000 downloads since December of 2010. I am glad to see that this information is getting out there, and seems to be making a difference. As usual, thanks for all of the feedback and suggestions.
Looks like the only way to get to R75.10 is directly from vanilla R75. I have changed the diagrams to reflect this latest information, and made a change to reflect the R71.30 to R75 issue (thanks to pabouk on CPUG)
On Check Point’s page today there was an announcement that NSS had completed an evaluation and certification of R75 as the first true Next Generation Firewall (NGFW). Apparently there is a group test that was completed, and so far only Check Point has released its results. While I would love to provide the download here, you will need to do a quick registration on Check Point’s site to get the document. Will be interesting to see how the other vendors fared, but word on the street is that Cisco, Fortinet, Juniper, Palo Alto Networks, and SonicWall all did pretty poorly. We will see in the next few weeks.
Is NSS now the only 3rd party doing any type of reputable/interesting testing?
Just announced this morning VSX R67.10 is now public EA (Early Availbility). The following has been added to VSX:
Support for Endpoint Security VPN R75.
Improved synchronization.
Support for synchronization of cluster members with different minor version using the procedure included in this document.
Improved IPS protections.
SIC support for certificates using the SHA-256 hash algorithm as digital signatures.
Support for a Deterministic Random Bit Generator (RNG) that conforms to SP800-90.
Resolution of customer reported issues.
Resolution of stability issues.
To participate in the EA, got to your User Center, select ‘Products’ and then ‘Early Availbility.’
, ? Support for Endpoint Security VPN R75.
? Improved synchronization.
? Support for synchronization of cluster members with different minor version using the procedure included in this document.
? Improved IPS protections.
? SIC support for certificates using the SHA-256 hash algorithm as digital signatures.
? Support for a Deterministic Random Bit Generator (RNG) that conforms to SP800-90.
? Resolution of customer reported issues.
? Resolution of stability issues.
Recent Comments