Re: Check Point FireWall-1 and CCSA

From: Beoweolf (
Date: 10/24/03

Date: Fri, 24 Oct 2003 05:57:50 GMT


I agree with your point, mainly because that point was conceded, as a given,
in an earlier post in this thread. The efforts to maintain, improve and
enhance the given level of expertise conveyed by acquiring CCSA or CCSE is a
"good thing", stealing a quote form Martha Stewart.

Just as Checkpoint has embraced OPSEC for partners to create add-ons and
products for its installed base, so it should continue to embrace the
reality that in today's jobsite, money is still tight, the old school "super
techs" have been let go, down-sized or shifted to other positions. The
remaining tech are not as free to attend classes as easily as they should,
thanks to the "right-sizing" theory. The leaves self study, which requires
materials appropriate to different learning styles.

As for the point that not much has changed...most, if not all the former
proprietary protocols have been removed from NG (starting with FP2).
Increased emphasis on VPN, SecurClient/SecuRemote, Bringing VoIP into a more
prominent position....looks a lot like more than a patch or bug fix.

Even the names of modules has changed, (again starting with FP1 and 2), the
location of commands, command line syntax, configuration location's not your fathers Oldsmobile any more. For some people this
may seem minor, but for the tech running a 4.1 or 2000 install, who is now
tasked with an upgrade to latest and greatest, its a big deal. Worthy of a
few sleepless nights and much study. It is a big deal and trying to learn
the ends and out using Online help or PDF documentation is like trying to
visualize an Elephant, by looking its parts though the wrong end of a
telescope. A lot of detail but no overall concept. That is where the
"pre-digested" third party manuals can help. They help fit the puzzle
together to give you an idea of what the picture will or should look like.

As much as I am stressing on this issue, do not think I am against
Checkpoint, they have a great product and this release is a big step in the
right direction.. I just think this release could have used a little more
thought, a little more time and lot more coordination with test centers,
third party writers, publishers and especially techs.

"Richard H Miller" <> wrote in message
> Beoweolf ( wrote:
> : Again, not to belabor the issue is not with NG, a known
> : If you will review each reply that I have made, I am specifically at
> : with NG-AI.
> : Do that same search on NG-AI or 156-210.4 or 156-310.4 .... there are no
> : publications specific to the "current" release, upon which the "current"
> : test is based.
> But both the documentation contained on the release CD and the current
> reflect NG AI. The latest release of the Boson tests also state they are
> on NG AI.
> The bottom line is that by taking courses now and/or using the current
> for a period of time should give you sufficient skills to past the test.
> checkpoint exams are becoming less of 'paper' certifications and more
tuned to
> enabling people who actually work with the product to pass the test. Why,
> the availability of the documentation, courseware and software, should
> wait to certify on the current release until 3rd party people upgrade
> material.
> Looking at the coverage for the new CCSA exam, it appears that points
> smart defense will be covered plus soem basics of the AI. I suspect that
> who has the recommended six months of actual experiance and the release
notes for
> AI would have no problem with that part and the rest should be pretty much
> has been in the previous test, how to configure a rule base, how user
> works and other basic things.

Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (
Version: 6.0.529 / Virus Database: 324 - Release Date: 10/16/2003