August CCSE 315.1 passed

[Afontanilla]

Ok guys, just passed with an 85 but I thought I would get higher...they really do try to screw you up with hidden qualifiers and details. It is true that the CCSA test is wider in scope and may ask you some obscure questions. But then again, so is the NGX I student manual when compared to the NGX II manual. I suggest you get two or 3 Checkpoint servers...(2 nokias (gateways) and a 1 secureplatform as a smartserver) and practice most if not all of the labs in the NGX II student manual. This should take about 6 hours(un-interupted) if your experienced with the product. (I got some nokias if anyone wants any...) then you can get drunk..and then take the test ..8) just watch out for: 1. When you set up a HA cluster....take a look at the actual IP addresses of the individual members that you use on the cluster interfaces. Does the IP address on those interfaces have to be on the same subnet as the virtual HA IP addressed that they form...................I say no....you can have the ip addresses be rfc1918 but still form a virtual HA address that is routable on the internet..... the question you get, sort of tests you on this but changes some details...ie outside vs inside. 2. Know the difference between SIP and SIP any in relation to rulebase..Checkpoint documentation is very unclear about this...they use some confusing language to explain this... ie SIP-If you use source or destination to be any in the rulebase any is not allowed to redirect traffic unless its a proxy. sip-any if you use the source or destination as any, any is not allowed to be a sip proxy... Thats great but what happens if you dont use any and actually use a network object? I guess the less restrictive use would be sip-any?????(used in proxy to proxy communications, call handoff, or for you Cisco guys secure routing)? Can we debate this? 3. Know the difference between advanced upgrade and and a normal upgrade when it comes to HA smartcenter servers...whats the proper order to upgrade high availability Smartcenter servers. 4. Whats the difference between Diff services and low latency classes...is there a special tag that goes with either of these..... 5. Do the URI blocked access list lab in the NGX II manual...just so you can get a feel of creating a URI resource (just a net or filter or IP pool for you cisco guys) and blocking sites by importing a properly formatted bad-web txt file. The question they ask however involves using a CVP to do the same thing..slighly different then using just a plain URI resource. I'll post more once I remember them.. Good luck all!!!