Autoryzowane szkolenia STORMSHIELDCertified Stormshield Network Troubleshooting & Support (NT-CSNTS)


The training takes place on a BYOL (Bring Your Own Laptop) basis. This means that you must bring your own laptop to the training or inform us if you do not have one.

About this course

This course comprehensively covers the tools and methods used to gather crucial network data. With such data, issues can be analyzed and fixed effectively in the command line interface (CLI) on Stormshield Network UTM appliances. This course caters to employees of companies aiming for Stormshield’s highest level of partnership, and potential support engineers and expert instructors specializing in our UTM appliances.

Aims of this course

At the end of the course, and after revising the fundamentals, trainees are expected to know:

  • the organization of the file system, and the daemons and processes on Stormshield Network appliances
  • how to locate, explore and handle the various configuration and log files
  • the difference between specific features and anomalies in network and routing configurations
  • how to capture network traffic and analyze captures
  • how to analyze a security policy, and identify its general directives and special parameters
  • how to identify the processes applied to ongoing connections
  • how to generate an adapted, comprehensive and usable report to make a diagnosis
  • how to configure IPSec VPN tunnel policies, identify enabled mechanisms and diagnose malfunctions on these mechanisms
  • how to analyze and debug a high availability configuration

Course Outline

  • SSH features
  • File system and associated commands
  • Directories and associated commands
  • System and user environment
  • Files and associated commands


  • Local logs: location, characteristics, syntax and categories
  • Associated commands
  • Configuration files
  • Logd, logctl, kernel message logs

Configuration files

  • Directories, structure and general syntax
  • Backups (*.na), decbackup and tar
  • Default configuration


  • Object syntax
  • Dynamic and FQDN objects

Network and routing

  • Network interface settings
  • Bridges and associated commands
  • Routing functions and their priorities
  • Default routes and static routes
  • Gatemon and router objects
  • Dynamic routing
  • Relative commands and showing routes
  • Verbose mode

Lab: Network and routing

Traffic captures and analyses

  • Introduction and tips
  • General syntax and arguments
  • Common filters
  • Commented examples and preparations for effective captures
  • Analyzing traffic with tcpdump (TCP and UDP/icmp traffic)

Lab: Network/tcpdump

ASQ: the various stages of its analysis

  • Step-by-step analysis of network layers
  • Associated commands
  • Global settings
  • Special profiles and settings
  • Asynchronous ASQ: various cases and watermarking
  • ASQ verbose mode

Lab: ASQ settings

ASQ: security policy

  • Configuration files and directories, and rule syntax
  • Filtering: associated commands
  • Filtering: examples of loaded rules (action, inspection level, plugin, PBR, QoS, interfaces and proxy)
  • Filtering: translation of groups and lists
  • NAT: revision (dynamic NAT, static NAT by port, static NAT/bimap and no NAT)
  • NAT: associated commands
  • NAT: syntax of loaded rules

Lab: NAT and filtering

ASQ: stateful tracking and status tables

  • Protected address table
  • Host table
  • Connection table: examples of connection statuses (NAT, vconn, FTP plugin, async, lite, etc.)

Lab: ASQ stateful tracking

Daemons and processes

  • Lists and roles
  • Supervisor daemon
  • Relative commands

Eventd: event manager




  • Stormshield Network IKE/IPsec implementation
  • Configuration files
  • Security policy (SPD and SAD)
  • IKE negotiations
  • Negotiations: main mode and aggressive mode
  • ISAKMP and IPsec SAs
  • IKE proposals
  • Specific features: NAT-T, DPD, Keepalive, SharedSA, Policy None and SPD cache
  • Associated commands
  • Analysis of an IPSec-SA
  • Logs
  • “Delete SA” notifications
  • ISAKMP traffic captures and analyses
  • Particularities of dynamic peers
  • Verbose mode and common errors


PKIs and certificates

  • Recap and global directives
  • CA directory
  • Configuration tips
  • Certificate verification

High availability

  • Overview
  • Configuration files
  • Relative commands
  • Enabling HA and managing network interfaces
  • Processes and traffic involved
  • Replications/synchronization
  • HA events and logs


5 September 2022 . - Szkolenie Online


5 d x 6 h (Total 30 h)

Do you have any questions?
Do you need more information?
Do you want to pre-book the place?

Call Us!
+48 32 259 11 80


Autoryzowane szkolenia STORMSHIELD

Hotel during training

Are you looking for a Hotel for the duration of a training course? Select the city and see our offer.

Hotels in Gdansk
Hotels in Katowice
Hotels in Lodz
Hotels in Poznan
Hotels in Rzeszow
Hotels in Szczecin
Hotels in Warsaw
Hotels in Wroclaw