Re: Check Point FireWall-1 and CCSA

From: Richard H Miller (rick_at_bcm.tmc.edu)
Date: 10/24/03 

Date: 24 Oct 2003 07:21:52 GMT

Beoweolf (Beoweolf-spam@pacbell.net) wrote:
: Richard,

: Just as Checkpoint has embraced OPSEC for partners to create add-ons and
: products for its installed base, so it should continue to embrace the
: reality that in today's jobsite, money is still tight, the old school "super
: techs" have been let go, down-sized or shifted to other positions. The
: remaining tech are not as free to attend classes as easily as they should,
: thanks to the "right-sizing" theory. The leaves self study, which requires
: materials appropriate to different learning styles.

Almost all of the books are now written to NG. The Boson tends to include
questions about some of the depricated modules. It does tend to concentrate too
much on depricated elements [CPMAD] in the CCSE+ test.

I will try to look at the tests specifically referenced as include AI elements
and see what might be there

: As for the point that not much has changed...most, if not all the former
: proprietary protocols have been removed from NG (starting with FP2).
: Increased emphasis on VPN, SecurClient/SecuRemote, Bringing VoIP into a more
: prominent position....looks a lot like more than a patch or bug fix.

I never said that much had not changed. Many of the major changes did occur
in FP3. From what I have looked, the incremental changes between FP3 and FP4
are not so large to make the NG AI test substantially different from the FP3
test. Trying to understand NG AI based on CP2000 is a stretch.

: Even the names of modules has changed, (again starting with FP1 and 2), the
: location of commands, command line syntax, configuration location
: changes...it's not your fathers Oldsmobile any more. For some people this
: may seem minor, but for the tech running a 4.1 or 2000 install, who is now
: tasked with an upgrade to latest and greatest, its a big deal. Worthy of a
: few sleepless nights and much study. It is a big deal and trying to learn
: the ends and out using Online help or PDF documentation is like trying to
: visualize an Elephant, by looking its parts though the wrong end of a
: telescope. A lot of detail but no overall concept. That is where the
: "pre-digested" third party manuals can help. They help fit the puzzle
: together to give you an idea of what the picture will or should look like.

But again, the orignal point of this thread seems to be the claim that the
movement to testing based on NG AI was premature [specifically for the CCSA]

: As much as I am stressing on this issue, do not think I am against
: Checkpoint, they have a great product and this release is a big step in the
: right direction.. I just think this release could have used a little more
: thought, a little more time and lot more coordination with test centers,
: third party writers, publishers and especially techs.

But, again, the incremental differences between the FP3 and AI tests [based on
the description] at the CCSA level tend IMHO, to be minor and the additional knowledge
requirements added in the AI test can be handled by a combination of the documentation,
use of the demo mode and the exsiting third party material for NG. Bear in mind that
this was simply going to be FP4 until they renamed it for AI.

Howoever, this is supposition on my part. It would be interesting to hear from someone
who has taken the NG AI CCSA as to how much is 'new' material vs how much is based on
NG only. In particular, how much of a stretch is it for a person experienced on NG to
pass the NG AI with the material available. I will try to look at the training material
for MGMT I on AI and compare it against FP3.

Now, when we start talking about the CCSE and CCSE+, real substantial differences will
begin appear. But this is part of the trend that has always been there and is
become really true for CCSE/CCSE+;this certification is not a paper certification. Unless
you have real experiance in VPN design and implementation with the product and with the
distributed module [for CCSE+] you will not pass.

So, I understand your point but I do disagree that Checkpoint should have waited before kicking
the CCSA exam up.

I also do agree that they should have kept the CCSE/CCSE+ for NG available a bit longer. I was
lucky and was able to register well in advance so that I could take those two for NG and not
NG AI.