My CCSA(156.215.65) Diary, My road to checkpoint certification

ell i am starting my diary so that when i would pass it would help others to know how to prepare for examinations.

My Target for completing CCSA is by next 2 months.And this is how i am going to complete my CCSA:-
1) Syngress.Check.Point.NGX.R65.Security.Administration.Feb.2008 pdf i am gonna read that
2) Documentation of CCSA from Checkpoint site — will do that after reading my book
3) During last 10 days i am going to take off from my work and going to join Classes to get Official Examination Guide of Checkpoint, for practical labs, for clearing my doubts..
4) The Judgement Day:- I am going to pass 156.215.65 examination very easily after putting lots of efforts for that.
I started with Chapter no 5 as i have already completed 1-4 chapters.
The topic was “Advanced VPN Concepts and Tunnel Monitoring” was quite easy but below are some points u should not miss.
1) How IKE works and how SA is formed.I found it some hard but letter on read the checkpoints docs and then visited How IKE works (Crytogrphy)

2) IKE — > port UDP 500

3) IKE phases –> I and II
Phase I –> Main mode or agressive mode (1 day by default)
Phase II –> (every hour by default)

4) What is Perfect Forward Secrecy(PFS) – need to research little bit on this the working is not explained

5) IP Compression and IKE DoS Attack – again no info on how to prevent DoS attack

6) What is IKE SA and IPSec SA

7) Mesh and Star Topology and there differences

PKI deplyoment – very easy to understand but need to research on how CA is deployed in various scenarios

9) What is Policy Based VPN and Route Based VPN(SecurePlatform and Nokia IPSO 3.9 >) and where to use

10) VPN Directional Match – didn’t get to much what it is and when and where to use it.Need to do lot of research in this

11) Secure platform(imp must know) and Nokia IPSO Configuration(not imp)

12) Very IMP VPN Routing must be configured only within two gateways of same community.

Well that was the end of VPN but still one lesson to follow which deals with VPN Client Installation which i would do after doing research on the things i didn’t get.

Meanwhile if anyone can help me out with those things that i didn’t digest. Well next one week research and will share with u the output of the same.

Donwload Free PassGuide Braindumps-The Most Realistic Practice Questions and Answers,Help You Pass any Exams

Thanks!
the complete VPN theme is covered in the CCSE (156-315.65) exam…

here is the official study guide for CCSA (156.215.65):
CODE
hxxp://rapidshare.com/files/145396601/CP-A-study.pdf
for the right content read the right chapters in the official R65 documents
CODE
hxxp://www.checkpoint.com/support/technical/documents/docs_r65.html
Thanks for the support from all of u guys…

After wasting my 5 days i am back on my track, today was doing revision on VPN through Checkpoint docs.But at IPsec i got confused
Why IPsec lifetime is defined in kilobytes.

Googled and found some interesting thing about IPsec

From Wikipedia:-
QUOTE
In order to decide what protection is to be provided for an outgoing packet, IPsec uses the Security Parameter Index (SPI), an index to the security association database (SADB), along with the destination address in a packet header, which together uniquely identify a security association for that packet. A similar procedure is performed for an incoming packet, where IPsec gathers decryption and verification keys from the security association database.

There is SADB which is not given in book

QUOTE
For multicast, a security association is provided for the group, and is duplicated across all authorized receivers of the group. There may be more than one security association for a group, using different SPIs, thereby allowing multiple levels and sets of security within a group

QUOTE
IPsec implementation is a mandatory part of IPv6[1] but is not an integral part of IPv4.

Comming to my main doubt IPsec in kilobytes.Actually i found it from cisco site (one more reason why cisco is gr8 than others)

QUOTE
There are two lifetimes: a “timed” lifetime and a “traffic-volume” lifetime. A security association expires after the first of these lifetimes is reached. The default lifetimes are 3600 seconds (one hour) and 4,608,000 kilobytes (10 megabits per second for one hour per second for one hour).

Checkpoint defers in this and has traffic-volume as 50,000 this can be problem for vpn between cisco and checkpoint device!

You can change this option by going to dbedit –> Table –> Managed Obects –> Communities
ike_p2_use_rekey_kbytes –> for enabling traffic-volume lifetime
ike_p2_rekey_kbytes –> specyging the size (50000 by default)

High quality IT Certification Training Exam Questions, Study Guides and Practice Tests are in Downloadable PassGuide Testing Engine,Successful for IT Certification or Full Refund for you.Contact Us:Sales@PassGuide.com

Type	Exam Bible	New Questions & Answers	Latest Updated	Download link
PDF	All Certbible 's Exam Dumps	597	1 days ago	Available

PassGuide Training Materials & Practice Tests

• 2010 Available checkpoint Tests
• checkpoint Certification
• Winstructor Trainning Pack (CRM4, Exchange, Checkpoint and Windows Powershell)
• checkpoint vce dumps
• Check point Video Train’g
• 156-315.65
• Boson Products for Check Point Certification
• 10 Tips for Acing the checkpoint CCSA Exam
• Check Point Certification Testing EXAMS
• 156-915.1