Having a love-and-hate relationship with Checkpoint firewalls after working for 6 years daily with them I am probably biased :), but will say they are great firewalls once you know to work with them . If you are completely new to it I'd recommend Checkpoint CCSA/CCSE from accredited APT course as the shortest path , Alternatives: - CBT Nuggets CCSA course , but last time I checked it was for NGX R65 that is substantially different from current versions, only if you can get it really cheap - Documentation from Checkpoint site (freely available to everyone) is the start-all end-all source (I did it this way) takes time but in the end you will have a through understanding of the product - Online is a good place once you know the basics. If, on the other hand, you don't know to do manual port-forwarding , Google will only suck your time. But for problems/inconsistencies/debug : http://cpug.org - Independent forum where you can always find advice from many knowledgeable and helpful folks ; http://www.cpshared.com/forums/ Same goes here - people who can configure route-based VPNs with policy-based routing with closed eyes hang around here https://forums.checkpoint.com/ Official support forums from Checkpoint, less active than 2 above HTH Yuri On Wed, Dec 19, 2012 at 9:35 PM, Blake Pfankuch <blake@pfankuch.me> wrote:

Howdy, I am just getting into an environment with a large Check Point deployment and I am looking for a little bit of feedback from other real world admins. Looking for what people like, what people don't (why hopefully). Also for those of you who might run Check Point devices in your environments what to dig into first as far as getting more experience on the devices and a better understanding of how not to break them. I am slowly going through all of the official documentation, but would also like to hear a real world opinion.

Thanks in advance!

Blake

-- Taking challenges one by one. http://yurisk.info