Forcepoint NGFW System Engineer Virtual Training

Course Overview

In this five-day instructor-led course, you will learn the skills needed to practice as a system engineer with responsibilities for design, installation, configuration, administration, and support of the Forcepoint NGFW. Through instruction, demonstrations, and hands-on lab practice exercises, you will understand the requirements and recommendations to successfully deploy Forcepoint NGFW in a variety of network environments.
 

You will then develop expertise in topics that include, but are not limited to, clustering the NGFW, creating security rules and policies, integrating the NGFW with other Forcepoint technologies, inbound and outbound traffic management, understanding multi-link technology, configuring VPNs, traffic deep inspection, and controlling endpoint activity with the Endpoint Context Agent. This course prepares engineers or other professionals who need to manage or lead system engineering development of a Forcepoint NGFW deployment from concept creation to production.

 

Prerequisites

  • Completion of the Forcepoint NGFW Administrator Course and certification
  • General understanding IPv4 networking concepts (TCP/IP, routing, firewall functionalities, VPN, deep packet inspection)
  • Basic knowledge of Active Directory/User Directory concepts.

Audience Profile

  • End-user/customers: system administrators, network security administrators, network engineers, IT staff
  • Channel partners: consultants, system architects, integrators and planners who help customers with forcepoint NGFW implementations
  • Forcepoint: sales engineers, professional services, technical support

Learning Objectives

  • Describe the fundamentals of the NGFW solution.
  • Plan and execute the deployment of a NGFW engine and Security Management Center.
  • Configure the routing for a NGFW deployment.
  • Configure security policies and access control.
  • Configure the system for a distributed environment using NAT, locations, and contact addresses.
  • Deploy and configure a firewall cluster.
  • Review an example of the deployment and configuration of an MSSP architecture.
  • Configure and utilize multiple internet connections.
  • Define Multi-Link Policy-based VPNs.
  • Integrate with Active Directory to manage users and authentication.
  • Create a mobile VPN and deploy a VPN client.
  • Perform traffic inspection and recognition of Network Applications.
  • Customize and fine-tune Inspection policies.
  • Implement file filtering and malware detection.
  • Describe the concepts of traffic normalization and the use of situations.
  • Configure TLS decryption.
  • Define key features and distinctives of the IPS and Layer 2 Firewall roles.
  • Integrate the NGFW with Forcepoint cloud solutions.
  • Troubleshooting the NGFW engines, clusters, and SMC.

Content Outline

Articulate the NGFW System Architecture.

  • Articulate the NGFW System Architecture.
  • Understand how to size a firewall and management environment.
  • Understand Management and Log Server high availability.
  • Become familiar with upgrading Management Server, Log Server, and engines.

Articulate the Forcepoint NGFW license model.

  • Describe basic network defense strategies.
  • Define the capabilities and key features of the NGFW.
  • Understand and learn the process of defining and deploying a single firewall.
  • Identify additional features of the NGFW.
  • Configure static routing.
  • Describe additional special routing capabilities of the NGFW.
  • Understand route metrics and route monitoring.
  • Summarize the origin and function of Anti-spoofing.
  • Describe different NGFW policy types.
  • Define NGFW policy templates and policy structure.
  • Identify the anatomy of a security policy and the objects used in policies.
  • Detail the process of policy installation and activation.
  • Describe system communication in a distributed firewall environment.
  • Identify locations and contact addresses in distributed systems.
  • Describe system communication between management and engines.
  • Configure Network Address Translation (NAT).
  • Describe the firewall clustering architecture and theory.
  • Configure a firewall cluster in the SMC (management).
  • Employ NGFW interface options.
  • Deploy a firewall cluster.
  • Describe the SMC Domain Architecture.
  • Detail the function of the Web Portal Server.
  • Define Virtual Contexts.
  • Relate Master Engines and Virtual Engines.
  • Relate clustering and performance.
  • Review a configuration and deployment example of an MSSP architecture.
  • Describe Outbound Traffic Management and its capabilities.
  • Explain ISP link selection.
  • Classify when to use a particular link selection method.
  • Configure Outbound Multi-Link.
  • Define Forcepoint NGFW VPN capabilities.
  • Define Forcepoint NGFW VPN terminology.
  • Identify supported VPN topologies.
  • Relate Multi-Link and VPNs.
  • Test VPN-related tools in the SMC.
  • Configure a Multi-Link Policy-Based VPN.
  • Investigate Route-Based VPNs and when to use them.
  • Design VPN Hub configuration.
     
  • Define network user management.
  • Integrate Active Directory with the SMC (management).
  • Categorize the role of NPS, LDAP authentication, RADIUS, and TACAC+ in the authentication process.
  • Deploy Forcepoint User Identification.
  • Configure and deploy the Endpoint Context Agent
  • Monitor network users.
  • Describe Mobile VPN connections.
  • Distinguish IPSec and SSL VPN tunnelling.
  • Configure an NGFW engine for Mobile VPN connections.
  • Configure the VPN Client for an endpoint.
  • Demonstrate tools for Mobile VPN troubleshooting.
  • Review connection control and the role of Deep Inspection.
  • Differentiate between Services, Protocol Agents, and Proxy Modules.
  • Configure a Sidewinder Proxy service.
  • Establish Network Application Identification.
  • Differentiate Network Applications and Client Applications. 
  • Relate firewall and inspection policies.
  • Illustrate the anatomy of Inspection Policies.
  • Differentiate the predefined Inspection Policy templates.
  • Define the concept of Situations.
  • Define the function of the Inspection Rules tree.
  • Fine-tune inspection policies.
  • Analyze the role and function of Inspection Exception rules.
  • Analyze the use and function of Blacklisting.
  • Explain the process of Malware Detection.
  • Illustrate the anatomy of a File Filtering Policy.
  • Define the process of using File Reputation services.
  • Configure built-in Anti-Malware scanning.
  • Describe the role of Advanced Malware Detection.
  • Define techniques used by the NGFW to identify threats.
  • Detail the traffic inspection process.
  • Explain the role of Advanced Evasion Techniques and the process of traffic normalization.
  • Describe misuse detection with Fingerprints.
  • Describe the concept of Situations and their role in traffic inspection.
  • Analyze Regular Expression syntax.
  • Review examples of fingerprints.
     
  • Articulate the purpose of TLS inspection.
  • Describe TLS inspection exceptions.
  • Define the process of Server and Client-Side TLS inspection.
  • Configure the TLS inspection.
  • Identify NGFW Operating Roles.
  • Define key features of the IPS and Layer 2 Firewall roles.
  • Understand the difference between the Firewall and IPS.
  • Describe a Layer 2 Policy.
  • Configure and deploy a multi-layer NGFW.
  • Analyze the role of High Availability in multi-layer deployments.
  • Configure integration with Forcepoint Web Security Cloud.
  • Detail how to integrate with Forcepoint Advanced Malware Detection.
  • Review the Malware Detection process.
  • Understand information exchange using Syslog or other SIEM solutions.
  • Detail the NGFW packet inspection process.
  • Review the troubleshooting process and learn troubleshooting tips.
  • Define the role of sgInfo in troubleshooting.
  • Explore how to troubleshoot with logs.
  • Understand how to troubleshoot a VPN.
  • Analyze the role of monitoring in troubleshooting.
  • Troubleshoot the NGFW engine.

Certification

This course prepares you for the Certified Forcepoint NGFW System Engineer exam. The System Engineer exam is a two-part exam: theoretical (multiple choice) and practical (hands-on). The practical exams will be administered on day 5 of the course. A minimum score of 80% on the multiple-choice online exam and a 70% of the hands-on exam is required to obtain the System Engineer certification. The System Engineer exam is included in the price of the course

 

FAQs

A: Forcepoint is an American cyber security company that develops security software and data protection, cloud access security broker, firewall and cross-domain solutions. Recently, a move has been made to sun-set legacy products and migrate to Forcepoint One.

A: Forcepoint is the leading user and data security cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.

 

Forcepoint is the leading user and data security cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.

A: Forcepoint NGFW is an award-winning next generation firewall that blocks malicious attacks and prevents the theft of data and intellectual property while transforming infrastructure and increasing the efficiency of your operations.

 

Forcepoint, an American multinational corporation software company headquartered in Austin, Texas, that develops computer security software and data protection, cloud access security broker, firewall and cross-domain solutions.

 

A: To attend the training session, you should have operational Desktops or Laptops with the required specifications, along with a good internet connection to access the labs. 

 

A: We would always recommend you attend the live session to practice & clarify the doubts instantly and get more value from your investment. However, if, due to some contingency, you have to skip the class, Radiant Tech learning will help you with the recorded session of that particular day. However, those recorded sessions are not meant only for personal consumption and NOT for distribution or any commercial use.

 

A: Radiant Tech learning has a data center containing the Virtual Training environment for the purpose of participant hand-on-practice. Participants can easily access these labs over Cloud with the help of a remote desktop connection. Radiant virtual labs provide you the flexibility to learn from anywhere in the world and in any time zone. 

 

A: The learners will be enthralled as we engage them in real-world and Oriented industry projects during the training program. These projects will improve your skills and knowledge, and you will gain a better experience. These real-time projects will help you a lot in your future tasks and assignments.

 

A: You can request a refund if you do not wish to enroll in the course.

A: Yes you can.

A: We utilize the best standards in Internet security. Any data retained is not communicated with third parties.

 

A: It is recommended but not mandatory. Being acquainted with the primary course material will enable students and the trainer to move at the desired pace during classes. You can access courseware for most vendors.

 

A: You can buy online from the page by clicking on "Buy Now". You can view alternate payment methods on the payment options page.

 

A:Yes, students can pay from the course page.

 

A: The course completion certification will be awarded to all the professionals who have completed the training program & the project assignment given by your instructor. You can use the certificate in your future job interviews which will surely help you to acquire your dream job.

 

Ans- Radiant believes in a practical & creative approach to training & development, which distinguishes it from other training & development platforms. Moreover, training courses are undertaken by some experts with a range of experience in their domain.

 

 A:  Radiant team of experts will be available at e-mail support@radianttechlearning.com to answer your technical queries even after the training program.

 A:  Yes, Radiant will provide you with the most updated high, value & relevant real-time projects & case studies in each training program.

 

A:  Technical issues are unpredictable & might occur with us as well. Participants have to ensure they have access to the required configuration with good internet speed.

 

 A: Radiant Techlearning offers training programs on weekdays, weekends & combination of weekdays & weekends. We provide you with complete liberty to choose the schedule that suits your needs.

 

A: Radiant has highly intensive selection criteria for Technology Trainers & Consultants, who deliver you training programs. Our trainers & consultants undergo rigorous technical and behavioral interview and assessment processes before they are on board in the company.

Our Technology experts/trainers & consultants carry deep-dive knowledge in the technical subject & are certified from the OEM.

Our training programs are practically oriented with 70% – 80% hands on the training technology tool.  Our training program focuses on one-on-one interaction with each participant, latest content in curriculum, real-time projects and case studies during the training program.

Our faculty will provide you with the knowledge of each course from the fundamental level in an easy way and you are free to ask your doubts any time from your respective faculty.

Our trainers have patience and ability to explain difficult concepts in a simplistic way with depth and width of knowledge.

To ensure quality learning, we provide a support session even after the training program.

 

Send a Message.


  • Enroll