Hands-On Mexico Day-5 - TAC Procedures & Followship
description
Transcript of Hands-On Mexico Day-5 - TAC Procedures & Followship
©2014 Check Point Software Technologies Ltd. 1 ©2014 Check Point Software Technologies Ltd [Restricted] ONLY for designated groups and individuals
Security Engineer
November 2014
A methodology to prioritize SR’s
Miguel Hernandez y Lopez
How to handle Cases with the TAC?
©2014 Check Point Software Technologies Ltd. 2 [Restricted] ONLY for designated groups and individuals
Open Session… How do you feel
with our TAC works?
©2014 Check Point Software Technologies Ltd. 3 [Restricted] ONLY for designated groups and individuals
Severity Levels & TAC Availability
©2014 Check Point Software Technologies Ltd. 4 [Restricted] ONLY for designated groups and individuals
Severity – 1 | Definition
“Severity 1” means
1. An Error with a direct security impact on the product
2. An Error isolated to Software or Appliance in a production environment that renders the product inoperative or causes the product to fail catastrophically; e.g., critical system impact, system down;
3. A reported defect in the licensed product in a production environment, which cannot be reasonably circumvented, in which there is an emergency condition that significantly restricts the use of the licensed product to perform necessary business functions.
4. Inability to use the licensed product or a critical impact on operation requiring an immediate solution.
©2014 Check Point Software Technologies Ltd. 5 [Restricted] ONLY for designated groups and individuals
Severity – 2 | Definition
“Severity 2” means
1. An Error isolated to Software or the Appliance that substantially degrades the performance of the product or materially restricts business; e.g., major system impact, temporary system hanging;
2. A reported defect in the licensed product, which restricts the use of one or more features of the licensed product to perform necessary business functions but does not completely restrict use of the licensed product; or (c) ability to use the licensed product, but an important function is not available, and operations are severely impacted.
©2014 Check Point Software Technologies Ltd. 6 [Restricted] ONLY for designated groups and individuals
Severity – 3 | Definition
“Severity 3” means
1. An Error isolated to the Software or Appliance that causes only a moderate impact on the use of the product; e.g., moderate system impact, performance/operational impact;
2. A reported defect in the licensed product that restricts the use of one or more features of the licensed product to perform necessary business functions, while the defect can be easily circumvented.
3. An Error that can cause some functional restrictions but it does not have a critical or severe impact on operations.
©2014 Check Point Software Technologies Ltd. 7 [Restricted] ONLY for designated groups and individuals
Severity – 4 | Definition
“Severity 4” means
1. A reported anomaly in the licensed product that does not substantially restrict the use of one or more features of the licensed product to perform necessary business functions; this is a minor problem and is not significant to operation.
2. An anomaly that may be easily circumvented or may need to be submitted to Check Point Research and Development as a request for enhancement.
©2014 Check Point Software Technologies Ltd. 8 [Restricted] ONLY for designated groups and individuals
How to prioritize the SR? – Priority decision Matrix
Sev-1
Sev-2 Sev-3
Sev-4 Unattended SR’s
©2014 Check Point Software Technologies Ltd. 9 [Restricted] ONLY for designated groups and individuals
Why this decision matrix?
©2014 Check Point Software Technologies Ltd. 10 [Restricted] ONLY for designated groups and individuals
Do and Don’t for Sev1 & Sev2 Service Requests
Suggestions:
• By Live Chat: Log into User Center, under the “Support” Tab, select “Live Chat” icon. Live Chat is for quick and simple questions about Check Point products and services. Any issue requires troubleshooting must be submitted by telephone or by web request.
• By Email: Check Point does not allow opening a Service Request via email. All requests should be opened by Telephone or by web request. Correspondence on an open Service Request may be made via email, as long as the Customer Designated Contact writes a reply to emails received from Check Point TAC.
– PLEASE NOTE: DO NOT submit a Service Request for a Severity 1
issue via the Web request form. For a Severity 1 case, please contact Check Point by telephone and select the appropriate options for your support.
©2014 Check Point Software Technologies Ltd. 11 [Restricted] ONLY for designated groups and individuals
No obligations from Check Point Software Technologies TAC
Support does not include the following items or actions:
1. Step-by-step installation of Software or Service Packs;
2. Onsite services (unless Customer’s level of Support, as purchased, includes this feature),
3. Professional Services, or Educational Services;
4. Modification of software code, security-policy configuration, audits, or security design.
©2014 Check Point Software Technologies Ltd. 12 [Restricted] ONLY for designated groups and individuals
No obligations from Check Point Software Technologies TAC
Check Point shall have no obligation to Support:
1. An altered, damaged, or modified product or any portion of the product incorporated with or into other software, hardware, or products not specifically approved by Check Point;
2. Product problems caused by Customer negligence, misuse, misapplication, or use of the product other than as specified in the Check Point user manual, or any other causes beyond the control of Check Point;
3. Product installed on any computer hardware that is not supported by Check Point;
4. Product not purchased from the Check Point Price List;
5. Products subjected to unusual physical or electrical stress, misuse, negligence or accident, or used in ultra-hazardous activities;
6. Products that are past their End-of-Support date
©2014 Check Point Software Technologies Ltd. 13 [Restricted] ONLY for designated groups and individuals
When and how to make escalations
(Technical & Administrative)
©2014 Check Point Software Technologies Ltd. 14 [Restricted] ONLY for designated groups and individuals
Customer-initiated Escalation
• Under Check Point’s Support plan, some work items (especially those associated with critical situations) may need to be expedited. When this becomes the case, Customer shall notify Check Point TAC of the critical situation. If TAC determines that sufficient information has been provided by Customer and the escalation is accepted, Check Point will work with Customer on providing the appropriate solution. The escalation begins in accordance to Check Point standard business practices. Upon request,
• Check Point may provide an action plan to Customer that may include (but is not limited by): problem statement, next action items to resolve the issue and time estimates on these action items.
©2014 Check Point Software Technologies Ltd. 15 [Restricted] ONLY for designated groups and individuals
OK, so What? Management Scalation
• If Customer feels that the issue is not moving forward in an appropriate timeframe to closure, and/or an issue requires managerial attention, for immediate escalation, Customer can either request Technical Representative to connect the Customer to a Team Leader or contact the Team Leader of the Technical Representative handling the case directly.
• Team Leader’s contact details are located at the bottom of the Service Request email. Regardless of the total elapsed time of an outstanding Service Request, the point of escalation shall be initiated at the Technical Representative level, escalated to the Team Leader(s), followed by TAC Manager(s), the TAC Director(s), and then the TAC Vice President. For the most current list of Check Point TAC
©2014 Check Point Software Technologies Ltd. 16 [Restricted] ONLY for designated groups and individuals
TAC Escalation Path - Dallas
©2014 Check Point Software Technologies Ltd. 17 [Restricted] ONLY for designated groups and individuals
TAC Escalation Path – International TAC
©2014 Check Point Software Technologies Ltd. 18 [Restricted] ONLY for designated groups and individuals
TAC Escalation Path - Ottawa
©2014 Check Point Software Technologies Ltd. 19 [Restricted] ONLY for designated groups and individuals
Tools to improve our interaction
with our TAC
©2014 Check Point Software Technologies Ltd. 20 [Restricted] ONLY for designated groups and individuals
Open SR from Dashboard (sk97748) R77.10 and above
©2014 Check Point Software Technologies Ltd. 21 [Restricted] ONLY for designated groups and individuals
CPVIEW – Memory & CPU Context
©2014 Check Point Software Technologies Ltd. 22
CPInfo
• Remote environment analysis
• All Check Point’s devices, versions, platforms (sk92739)
• Diagnostics and data collection
– System information (logs, version, HFs, interfaces)
– Configuration and db
– Core dump files
• Auto-update of latest from Check Point’s cloud
• Auto upload data to Check Point cloud
©2014 Check Point Software Technologies Ltd. 23
CPInfo
©2014 Check Point Software Technologies Ltd. 24
Hardware vs. Software Issues
Examples – Presumably HW Failure as Root Cause
• Appliance beeps during boot
• Boot partition corruption and fail at load time
• Firewall driver fails to load
• HW monitoring sensors reports abnormal range
temperatures and fan speed values
False Positive –
RMA and NFF Prevention
Hardware Diagnostics – “Spot the Difference”
©2014 Check Point Software Technologies Ltd. 25
• Simple, fast, easy to use diagnostic tool for hardware issues
• Featuring – ISOmorphic based bootable USB key
– Loadable via GAIA boot-loader
– Dual head user interface for LCD, Console
– Fast execution (1 minute)
– Covers
– Appliance spec
– Network interfaces
– HDD (RAID-S.M.A.R.T)
– Memory
– Environmental sensors (Voltage, Temp, Fan Speed, PSU)
– Logs and results exported to USB device
• Please review the SK97251
Hardware Diagnostic Tool
©2014 Check Point Software Technologies Ltd. 26
• ISOMorphic Based
• Plugin USB key and boot
• Post installation, auto configuration for appliance connectivity
• New ISOmorphic UI – Connectivity – IP, subnet and Default Gateway – One-to-many configuration – Import & export capabilities
USB “Laymen,” Hands Free Installation
©2014 Check Point Software Technologies Ltd. 27
RMA Recovery
• A new option with Gaia First Time Wizard
• Use of USB device (ISOMorphic tool based)
• Quick appliance recovery
– Using a previously taken snapshot
– Last-working-version, download and install from Check Point Cloud
©2014 Check Point Software Technologies Ltd. 28 [Restricted] ONLY for designated groups and individuals
SmartOptimizer &
connStat
THANK YOU