Cheat sheet

CCSA R82 Cheat Sheet

Deployment + Gaia

20-25%of exam

SMSSecurity GatewaySICICAGaiaSmartConsole

Access Control + Policy

20-25%of exam

Ordered LayersInline LayersImplied RulesStealth RuleCleanup RuleHit Count

NAT

10-15%of exam

Hide NATStatic NATAutomatic NATManual NATProxy ARP

Identity Awareness

10-15%of exam

AD QueryIdentity CollectorIdentity AgentCaptive Portal

Threat Prevention

10-15%of exam

App ControlURL FilteringIPSAnti-BotAnti-VirusThreat Emulation

VPN + Mobile Access

10-15%of exam

Site-to-SiteRemote AccessEncryption DomainVPN CommunitiesMobile AccessHTTPS Inspection

ClusterXL

5-10%of exam

HALoad SharingCCPState Synccphaprob

Logs + Troubleshooting

5-10%of exam

SmartViewSmartEventfw monitorfw ctl zdebugcpinfoBackups

Quick Facts

Exam
156-215.82
Credential
CCSA R82
Time
90 min
Pass
70%
Questions
100 MCQ
Fee
$250 USD
Validity
2 years
Provider
Pearson VUE

Gateway vs SMS

Security Gateway

  • Enforces policy
  • Inspects traffic
  • Runs blades

SMS

  • Manages config
  • Stores logs
  • Pushes policy

Enforce vs manage

SMS + Gateway

SMS
Security Management Servermgmt
SG
Security Gatewayfw
Standalone
SMS+SG on one host
Distributed
SMS and SG separate
SmartConsole
Admin GUI suite
SmartDashboard
Policy editor
SmartView
Logs + monitor
SmartEvent
Event correlation

Gaia + SIC

Gaia
Check Point OS
clish
Gaia shell CLI
expert
Root bash mode
SIC
Secure Internal Comm
ICA
Internal Cert Authority
Trust
SIC established
cpconfig
Gateway config tool
gui cpconfig
First-time wizard

Rule Order

Implied > Stealth > Specific > Cleanup

Implied: auto controlStealth: drop directCleanup: drop all

Ordered vs Inline Layer

Ordered layer

  • Top-down first match
  • Stops at first hit
  • Parallel layers

Inline layer

  • Nested sub-rules
  • Continues parent
  • Granular scope

First match vs nested

Policy + Layers

Policy package
Installed rule set
Ordered layer
Top-down first match
Inline layer
Nested sub-rules
Implied rules
Auto control rules
Stealth rule
Drop direct to gateway
Cleanup rule
Final drop all
Hit Count
Rule match counter
Install Policy
Push to gateways

NAT Types

Hide out | Static in | Auto obj | Manual rule

Hide: many outStatic: one-to-oneAuto: object propManual: explicit rule

Hide NAT vs Static NAT

Hide NAT

  • Many to one
  • Outbound only
  • Source port translated

Static NAT

  • One-to-one
  • Bidirectional
  • Inbound reachable

Many out vs one in

NAT Rule Picker

  1. Many to one outboundHide NAT(Auto)
  2. One-to-one inbound+outboundStatic NAT(Auto)
  3. Object property NATAutomatic NAT(Per object)
  4. Custom translation logicManual NAT(In policy)
  5. Gateway answers for translated IPProxy ARP(Static)
  6. Pool of hide IPsHide NAT pool(Range)

NAT Types

Hide NAT
Many to one outbound
Static NAT
One-to-one bidirectional
Automatic NAT
Object property rules
Manual NAT
Custom rule in policy
Proxy ARP
Gateway answers ARP
Source NAT
Translate client IP
Destination NAT
Translate target IP
NAT pool
Hide NAT IP range

Automatic vs Manual NAT

Automatic

  • Object property
  • Auto rule order
  • Easy bulk

Manual

  • Custom rule
  • Explicit position
  • Complex logic

Property vs rule

Identity Sources

Query | Collector | Agent | Portal

AD Query: poll logsCollector: aggregateAgent: endpointPortal: web auth

AD Query vs Identity Agent

AD Query

  • Polls logs
  • No agent
  • Per gateway

Identity Agent

  • On endpoint
  • Real-time
  • Per user

Poll vs agent

Identity Source Picker

  1. AD security logs onlyAD Query(Simple)
  2. Multiple AD/Exchange sourcesIdentity Collector(Aggregator)
  3. Endpoint user identityIdentity Agent(Agent)
  4. No agent, web redirectCaptive Portal(Browser)
  5. Match user/group in ruleAccess Role(Matcher)
  6. Terminal server usersIdentity Agent(TS)

Identity Sources

AD Query
Poll AD security logs
Identity Collector
Aggregate AD/Exchange
Identity Agent
Endpoint agent
Captive Portal
Web auth page
Identity Awareness
User-based rules
Access Role
User/group matcher

Threat Stack

App | URL | IPS | Bot | AV | SandBlast

App/URL: web controlIPS/Bot/AV: networkSandBlast: emulate+extract

Emulation vs Extraction

Threat Emulation

  • Sandbox files
  • Detonate malware
  • Slower

Threat Extraction

  • Strip content
  • Deliver safe copy
  • Faster

Sandbox vs clean

Threat Prevention Profile

  1. Minimal protection, low overheadBasic(Light)
  2. Balanced defaultOptimized(Recommended)
  3. Aggressive, high riskStrict(Heavy)
  4. Unknown file sandboxThreat Emulation(Sandbox)
  5. Strip active contentThreat Extraction(Clean)

Threat Prevention Blades

App Control
Block applications
URL Filtering
Category web blocks
IPS
Intrusion prevention
Anti-Bot
C2 detection block
Anti-Virus
Malware scanning
Threat Emulation
Sandbox detonation
Threat Extraction
Strip active content
HTTPS Inspection
Decrypt TLS traffic

VPN Concepts

Site-to-Site
Gateway to gateway
Remote Access
Client to gateway
Encryption domain
Protected networks
VPN community
Peer group
Meshed
All peers connect
Star
Center hub
Mobile Access
SSL VPN portal
IKE Phase 1
Main/Aggressive mode

ClusterXL Modes

HA New backups | Load Sharing splits

HA New: active/standbyLS Multicast: efficientLS Unicast: compat

HA vs Load Sharing

HA New

  • Active/Standby
  • Single forwarder
  • Simple failover

Load Sharing

  • Active/Active
  • All forward
  • Splits traffic

Backup vs balance

ClusterXL Mode Picker

  1. Active/Standby failoverHA New(Simple)
  2. All members forwardLoad Sharing(Active/Active)
  3. Multicast capable networkLS Multicast(Efficient)
  4. No multicast supportLS Unicast(Wider compat)
  5. Check cluster healthcphaprob state(Status)
  6. Check interfacescphaprob -a if(Interfaces)

ClusterXL

ClusterXL
Gateway HA cluster
HA New
Active/Standby
Load Sharing
Active/Active
Multicast
LS via multicast
Unicast
LS via unicast
CCP
Cluster Control Protocol
State sync
Connection tables
cphaprob
Cluster status CLI

Troubleshoot + CLI

fw monitor
Packet capture
fw ctl zdebug
Kernel drop debug
cpinfo
System diagnostics
cpview
Real-time stats
Gaia backup
Config snapshot
snapshot
Full disk image
migrate
Export/import tool
SmartEvent
Correlate logs

Common Traps

Hide vs Static

Hide = outbound only Static = bidirectional

Stealth vs Cleanup

Stealth drops direct hits Cleanup drops all rest

Auto vs Manual NAT

Auto tied to object Manual lives in policy

SIC vs ICA

ICA issues certs SIC uses certs to trust

Ordered vs Inline

Ordered first-match stops Inline nested continues

HA vs Load Sharing

HA one forwarder LS all forwarders

Emulation vs Extraction

Emulation sandboxes Extraction strips

Last Minute

  1. 1.Hide NAT = many-to-one outbound
  2. 2.Static NAT = one-to-one bidirectional
  3. 3.Stealth rule drops direct-to-gateway traffic
  4. 4.Cleanup rule = final drop all
  5. 5.Install Policy after every change
  6. 6.SIC trust up before policy install
  7. 7.fw ctl zdebug +drop for drops
  8. 8.cphaprob state shows cluster status
  9. 9.Proxy ARP for Static NAT inbound
  10. 10.Identity Agent gives real-time user data
  11. 11.Threat Emulation sandboxes; Extraction strips
  12. 12.Ordered layer first match wins
Same family resources

Explore More Check Point Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.