Check Point Security Engineering (CCSE)

Overview

This course provides advanced knowledge and hands-on experience for deploying, managing, and monitoring complex Check Point Quantum Security Environments. Learners build on foundational administration skills to perform high availability management, advanced policy configuration, and secure connectivity across distributed networks. The course includes practical activities that demonstrate how to deploy Management High Availability, configure dynamic and advanced policy elements, establish site-to-site VPNs, enable enhanced security monitoring, upgrade and migrate security gateways and management servers, and deploy an ElasticXL Cluster. Through guided labs and structured walkthroughs, learners deepen their operational capability and develop the expertise required to maintain high-performing and resilient security environments.

Prerequisites

Participants should have:

• Experience with Unix-like and Windows operating systems
• Knowledge of internet fundamentals
• Understanding of networking and network security
• System administration experience
• TCP/IP networking skills
• Familiarity with text editors in Unix-like environments
• At least six months of hands-on experience managing a Quantum Security Environment

Required preparation: Check Point Certified Security Administrator.

Target audience

This course is designed for:

• Security engineers
• Security analysts
• Security consultants
• Security architects

The course content also aligns with NIST/NICE work role categories for implementation and operation, and protection and defence.

Objectives

By the end of this course, learners will be able to:

• Deploy and configure Management High Availability to improve resilience and continuity.
• Enhance security policies using advanced object types, dynamic objects, and manual NAT rule configuration.
• Configure and validate management behind NAT to support distributed environments.
• Build, analyse, and manage site-to-site VPNs using internally managed gateways and advanced authentication options.
• Interpret VPN tunnel traffic and apply link selection, ISP redundancy, and tunnel management features.
• Use advanced security monitoring tools, including SmartEvent and the Compliance Blade, to analyse patterns, events, alerts, and regulatory compliance.
• Upgrade security gateways and deploy hotfixes using Central Deployment tool.
• Perform advanced management server upgrades and database migrations in distributed environments.
• Deploy and configure ElasticXL Cluster solutions to improve scalability and high availability.
• Validate security posture and operational performance through hands-on labs and practical scenarios.

Outline

Management High Availability

• Purpose of Management High Availability
• Key components and deployment considerations

Lab tasks

• Deploy and configure Management High Availability
• Validate failover behaviour and high availability functions

Advanced policy management

• Enhancing security policies with advanced object types
• Creating dynamic objects for gateway-updatable policies
• Manually defining NAT rules
• Configuring management behind NAT in distributed setups

Lab tasks

• Use updatable objects
• Configure NAT for server and network objects
• Configure management behind NAT for branch office connections

Site-to-site VPN

• Site-to-site VPN concepts and deployment models
• VPN communities and traffic flow analysis
• Pre-shared key and certificate-based authentication options
• Link selection and ISP redundancy
• Tunnel management behaviours

Lab task

• Configure a site-to-site VPN using internally managed security gateways

Advanced security monitoring

• Purpose and capabilities of SmartEvent
• Compliance Blade functions and reporting
• Event analysis, alert configuration, and pattern monitoring

Lab tasks

• Configure a SmartEvent Server
• Configure events and alerts
• Run SmartEvent reports
• Activate the Compliance Blade
• Review best practice settings and alerts
• Validate regulatory compliance scoring

Upgrades

• Supported upgrade methods and workflows

Lab tasks

• Upgrade a security gateway
• Use Central Deployment tool to install hotfixes

Advanced upgrades and migrations

• Exporting and importing a management database
• Upgrading a management server by deploying a new release or appliance

Lab tasks

• Prepare for an advanced upgrade with database migration in a distributed environment
• Perform an import of a primary security management server

ElasticXL Cluster

• Purpose and design of ElasticXL Cluster
• Deployment considerations and operational behaviour

Lab tasks

• Deploy an ElasticXL security gateway cluster

Exams and assessments

This course prepares learners for Certification Exam 156-315.82. No formal exam is delivered as part of the course. Learners complete practical lab tasks and structured exercises to validate capability and reinforce advanced administration skills.

Hands-on learning

The course includes extensive hands-on labs that support practical understanding of advanced configuration, monitoring, upgrades, and migration scenarios. Learners perform real-world tasks across VPN configuration, high availability management, NAT, policy enhancements, threat monitoring, and cluster deployment. Instructors provide guidance, troubleshooting support, and expert insights throughout the session.