San Francisco London
Certified Security Administrator
Associate Publisher: Neil EddeAcquisitions Editor: Maureen AdamsDevelopmental Editor: Heather OConnorEditor: Cheryl HauserProduction Editor: Dennis FitzgeraldTechnical Editors: Ted Snider, Gareth BromleyGraphic Illustrator: Tony JonickElectronic Publishing Specialist: Interactive Composition CorporationCD Coordinator: Dan MummertCD Technician: Kevin LyProofreaders: Emily Husan, Dave Nash, Laurie OConnell, Nancy Riddiough Indexer: Ted LauxBook Designer: Bill GibsonCover Design: Archer DesignCover Photograph: Bruce Heinemann, PhotoDisc
Copyright 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. No part of this publication may be stored in a retrieval system, transmitted, or reproduced in any way, including but not limited to photocopy, photograph, magnetic, or other record, without the prior agreement and written permission of the publisher.
Library of Congress Card Number: 2002113565
SYBEX and the SYBEX logo are either registered trademarks or trademarks of SYBEX Inc. in the United States and/or other countries.
Screen reproductions produced with FullShot 99. FullShot 99 19911999 Inbit Incorporated. All rights reserved.FullShot is a trademark of Inbit Incorporated.
The CD interface was created using Macromedia Director, COPYRIGHT 1994, 19971999 Macromedia Inc. For more information on Macromedia and Macromedia Director, visit http://www.macromedia.com.
TRADEMARKS: SYBEX has attempted throughout this book to distinguish proprietary trademarks from descriptive terms by following the capitalization style used by the manufacturer.
ClusterXL, ConnectControl, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FireWall-1 SmallOffice, FireWall-1 VSX, FireWall-1 XL, FloodGate-1, INSPECT, INSPECT XL, IQ Engine, Open Security Extension, OPSEC, Provider-1, SecureKnowledge, SecurePlatform, SecureXL, SiteManager-1, SmartCenter, SmartCenter Pro, SmartDashboard, Smart-Defense, SmartLSM, SmartMap, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartView Tracker, SVN, UAM, User-to-Address Mapping, UserAuthority, VPN-1, VPN-1 Accelerator Card, VPN-1 Net, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 SmallOffice and VPN-1 VSX are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates.
The author and publisher have made their best efforts to prepare this book, and the content is based upon final release software whenever possible. Portions of the manuscript may be based upon pre-release versions supplied by software manufacturer(s). The author and the publisher make no representation or warranties of any kind with regard to the completeness or accuracy of the contents herein and accept no liability of any kind including but not limited to performance, merchantability, fitness for any particular purpose, or any losses or damages of any kind caused or alleged to be caused directly or indirectly from this book.
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
To Our Valued Readers:
The Check Point certification program well deserves its position as the leading vendor-specific security certification in the IT arena. And with the recent release of the Check Point NG exams, current and aspiring security professionals are seeking accurate, thorough, and accessible study material to help them prepare for the new CCSA and CCSE exams.
Sybex is excited about the opportunity to provide individuals with the knowledge and skills theyll need to succeed in the highly competitive IT security field. It has always been Sybexs mission to teach exam candidates how new technologies work in the real world, not to simply feed them answers to test questions. Sybex was founded on the premise of providing technical skills to IT professionals, and we have continued to build on that foundation. Over the years, we have made significant improvements to our study guides based on feedback from readers, suggestions from instructors, and comments from industry leaders.
Check Points certification exams are indeed challenging. The Sybex team of authors, editors, and technical reviewers have worked hard to ensure that this Study Guide is comprehensive, in-depth, and pedagogically sound. Were confident that this book, along with the collection of cutting-edge software study tools included on the CD, will meet and exceed the demanding standards of the certification marketplace and help you, the Check Point certification exam candidate, succeed in your endeavors.
Good luck in pursuit of your Check Point certification!
Neil EddeAssociate PublisherCertificationSybex, Inc.
Software License Agreement: Terms and Conditions
The media and/or any online materials accompanying this book that are available now or in the future contain programs and/or text files (the Software) to be used in connection with the book. SYBEX hereby grants to you a license to use the Software, subject to the terms that follow. Your purchase, acceptance, or use of the Software will constitute your accep-tance of such terms.
The Software compilation is the property of SYBEX unless otherwise indicated and is protected by copyright to SYBEX or other copyright owner(s) as indicated in the media files (the Owner(s)). You are hereby granted a single-user license to use the Software for your personal, noncommercial use only. You may not reproduce, sell, distribute, publish, circu-late, or commercially exploit the Software, or any portion thereof, without the written consent of SYBEX and the specific copyright owner(s) of any component software included on this media.
In the event that the Software or components include specific license requirements or end-user agreements, statements of condition, disclaimers, limitations or warranties (End-User License), those End-User Licenses supersede the terms and conditions herein as to that particular Software component. Your purchase, acceptance, or use of the Software will con-stitute your acceptance of such End-User Licenses.
By purchase, use or acceptance of the Software you further agree to comply with all export laws and regulations of the United States as such laws and regulations may exist from time to time.
Components of the supplemental Software and any offers associated with them may be supported by the specific Owner(s) of that material, but they are not supported by SYBEX. Information regarding any available support may be obtained from the Owner(s) using the information provided in the appropriate read.me files or listed elsewhere on the media.
Should the manufacturer(s) or other Owner(s) cease to offer support or decline to honor any offer, SYBEX bears no responsibility. This notice concerning support for the Soft-ware is provided for your information only. SYBEX is not the agent or principal of the Owner(s), and SYBEX is in no way responsible for providing any support for the Software, nor is it liable or responsible for any support provided, or not provided, by the Owner(s).
SYBEX warrants the enclosed media to be free of physical defects for a period of ninety (90) days after purchase. The Software is not available from SYBEX in any other form or media than that enclosed herein or posted to www.sybex.com.
If you discover a defect in the media during this warranty period, you may obtain a replacement of identical format at no charge by sending the defective media, postage prepaid, with proof of purchase to:
SYBEX Inc.Product Support Department1151 Marina Village ParkwayAlameda, CA 94501Web: http://www.sybex.com
After the 90-day period, you can obtain replacement media of identical format by sending us the defective disk, proof of purchase, and a check or money order for $10, payable to SYBEX.
SYBEX makes no warranty or representation, either expressed or implied, with respect to the Software or its contents, quality, performance, merchantability, or fitness for a particular purpose. In no event will SYBEX, its distributors, or dealers be liable to you or any other party for direct, indirect, special, incidental, consequential, or other damages arising out of the use of or inability to use the Software or its contents even if advised of the possibility of such damage. In the event that the Software includes an online update feature, SYBEX further disclaims any obligation to provide this feature for any specific duration other than the initial posting.
The exclusion of implied warranties is not permitted by some states. Therefore, the above exclusion may not apply to you. This warranty provides you with specific legal rights; there may be other rights that you may have that vary from state to state. The pricing of the book with the Software by SYBEX reflects the allocation of risk and limitations on liability contained in this agreement of Terms and Conditions.
This Software may contain various programs that are dis-tributed as shareware. Copyright laws apply to both shareware and ordinary commercial software, and the copyright Owner(s) retains all rights. If you try a shareware program and continue using it, you are expected to register it. Individual programs differ on details of trial periods, registration, and payment. Please observe the requirements stated in appropriate files.
The Software in whole or in part may or may not be copy-protected or encrypted. However, in all cases, reselling or redistributing these files without authorization is expressly forbidden except as specifically provided for by the Owner(s) therein.
This book is dedicated to my first child,
elcome to the exciting world of Check Point certification! You have picked up this book because you want something better; namely, a better job with more satisfaction. Rest assured that you have made a good decision. Check Point certification can help you get your first networking or security job, or more money or a promotion if you are already in the field.
Check Point certification can also improve your understanding of how network security works for more than just Check Point products. For instance, currently over 300 products integrate VPN-1/FireWall-1 through protocols such as voice over IP (VoIP) and Lightweight Directory Access Protocol (LDAP), as well as technologies such as network address translation (NAT) and content filtering. Check Points Open Platform for Security (OPSEC), located at
, is the foundation responsible for creating the standards used to incorporate products from third-party vendors with Check Point products.
It certainly cant hurt to have Check Point certifications, considering Check Point is the worldwide market leader in firewalls and VPNs and has been since 1995. According to their website, Check Points solutions are sold, integrated and serviced by a network of 2,500 certified partners in 149 countries. Obtaining a Check Point certification makes you a CCP (Check Point Certified Professional), which in turn makes you eligible to use the Certified Professional password-protected website. Here youll find tools, features, transcripts, and other information not available to the general public. Other benefits of being a CCP include access to the Secure-Knowledge database, notification of product updates, use of logos and credentials, and invitations to seminars and other Check Point events. For more information about the CCP program, visit
.While pursuing Check Point certifications, you will develop a complete
understanding of networking security. This knowledge is beneficial to every network security job and is the reason that, in recent times, Check Point certification has become so popular. Check Point is one of the leading and most respected firewall and VPN vendors in the world. To ensure that organizations can measure the skill level of Check Point administrators and engineers, Check Point provides various levels of certification that
quantify network security knowledge and an administrators ability to implement network security using Check Point products.
How to Use This Book
If you want a solid foundation for the Check Point Certified Security Admin-istrator (CCSA) exam, then look no further. We have spent hundreds of hours putting together this book with the sole intention of helping you to pass the VPN-1/FireWall-1 Management I NG (156-210) exam.
This book is loaded with valuable information, and you will get the most out of your studying time if you understand how we put this book together.
To best benefit from this book, we recommend the following study method:
Take the assessment test immediately following this introduction. (The answers are at the end of the test.) Its okay if you dont know any of the answers; that is why you bought this book! Carefully read over the explanations for any question you get wrong, and note which chapters the material comes from. This information should help you plan your study strategy.
Study each chapter thoroughly, making sure that you fully understand the information and the test objectives listed at the beginning of each chapter. Pay extra-close attention to any chapter where you missed questions in the assessment test.
Complete the exercises included in each chapter on your own equip-ment if possible. If you do not have Check Point VPN-1/FireWall-1 equipment and software available, be sure to study the examples provided in the book carefully.
Answer all of the review questions related to each chapter. (The answers appear at the end of each chapter.) Note questions that confuse you and study those sections of the book again. Do not just skim these questions! Make sure you understand completely the reason for each answer.
Try your hand at the practice exams that are included on the compan-ion CD. The questions in these exams appear only on the CD. These exams will give you a complete overview of what you can expect to see on the real VPN-1/FireWall-1 Management I NG exam.
Test yourself using all the flashcards on the CD. There are brand new and updated flashcard programs on the CD to help you prepare completely for the VPN-1/FireWall-1 Management I NG exam. These are great study tools!
The electronic flashcards can be used on your Windows computer, Pocket PC,
or Palm device.
Make sure you read the Key Terms and Exam Essentials lists at the end of the chapters. These study aids will help you finish each chapter with the main points fresh in your mind; theyre also helpful as a quick refresher before heading into the testing center.
To learn every bit of the material covered in this book, youll have to apply yourself regularly, and with discipline. Try to set aside the same time every day to study, and se...