mcannelliss.net

• Next message: Bill Pennington: "Re: [fw-wiz] Question about L2F tunnels"
• Previous message: Michael C. Ibarra: "Re: [fw-wiz] Export restrictions for Embargo-ed countries"
• Maybe in reply to: Sachdev Neal: "[fw-wiz] Checkpoint Question"
• Next in thread: hermit1: "RE: [fw-wiz] Checkpoint Question"
• Next in thread: Marcus Goncalves: "RE: [fw-wiz] Checkpoint Question"
• Maybe reply: Cannella, Michael (ISS Southfield): "RE: [fw-wiz] Checkpoint Question"
• Reply: hermit1: "RE: [fw-wiz] Checkpoint Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

<Caveat>I teach the Checkpoint classes sometimes.</caveat>

Like many questions about security, the answer to this one is: "it depends."

A few questions to consider:

-How important is having the firewall up and working in a hurry to you/your
organization?

     Tight security firewall a high priority? The vast majority of people
can get it up and
     effective a lot more quickly by taking the course.

-Will you be "allowed" to dedicate the required time at work to the
firewall?

-Will inoperative NAT or VPN cost you money?

     The cost of the class is often cheap compared to the cost of being
down....

You _can_ get the information on your own that you would get in the classes,
and it's all available free on the internet. But how much do you know about
firewalls to start with? How much time will you really have at work to lock
yourself away with the firewall and get comfortable with it. How many
archived FW1 list posts do you want to sort through?

Like Chris, I have issues with the courseware. Some people don't learn well
in a classroom environment. And not all instructors are created equal. But
as I tell my students, even with a bonehead like me teaching, at the very
least the courses give you a combined four days in a lab with
pseudo-real-world conditions--time enough to:
 
--try a lot of different settings and configurations without real-world
repercussions,
--get familiar with the firewall, the gui, all of its features (even the
ones nobody uses ;^/ )

In a typical class, lots of people make lots of mistakes--an observant
student will realize that these mistakes and the symptoms they cause are
valuable troubleshooting experience for the real world.

If you decide to do it yourself:

--Be sure you understand the implications of security policy properties
(much info available on the internet)
--Spend some time with the firewall in an isolated testing environment, and
screw around with it
--RTFM; the manuals come in PDF form on the CD
--Follow the checkpoint mailing list
--get to know phoneboy http://www.phoneboy.com

Either way, best of luck.

-----michael cannella mailto:mcannellaiss.net
-----Internet Security Systems, Secure University
-----http://www.iss.net/

>
> -----Original Message-----
> From: owner-firewall-wizardslists.nfr.net
> [mailto:owner-firewall-wizardslists.nfr.net]On Behalf Of Sachdev Neal
> Sent: Thursday, April 13, 2000 11:14 AM
> To: firewall-wizardsnfr.net
> Subject: [fw-wiz] Checkpoint Question
>
>
> Is it possible to install a Checkpoint firwall w/o formal
> training? If
> so, what are some of the resources like books, etc that can be used to
> do it right the first time.
> Any kind of help will be highly appreciated.
> thanks
> NS
>

• Next message: Bill Pennington: "Re: [fw-wiz] Question about L2F tunnels"
• Previous message: Michael C. Ibarra: "Re: [fw-wiz] Export restrictions for Embargo-ed countries"
• Maybe in reply to: Sachdev Neal: "[fw-wiz] Checkpoint Question"
• Next in thread: hermit1: "RE: [fw-wiz] Checkpoint Question"
• Next in thread: Marcus Goncalves: "RE: [fw-wiz] Checkpoint Question"
• Maybe reply: Cannella, Michael (ISS Southfield): "RE: [fw-wiz] Checkpoint Question"
• Reply: hermit1: "RE: [fw-wiz] Checkpoint Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]