CSNTS training course

With this certified training, you can become the technical expert for our Stormshield Network Security firewalls in your company. You’ll become familiar with the advanced features of Stormshield Network Security products within a complex architecture.

During the Certified Stormshield Network Troubleshooting and Support (CSNTS) training course, you’ll get to grips with the most advanced features of Stormshield Network Security firewalls. The aim of this course is to introduce tools and methods for collecting the information needed to examine and correct problems using Stormshield Network Security firewalls’ Command Line Interface (CLI). The network security of your company (and other companies) will be an open book to you. This skillset is enhanced by our Stormshield CSNTS certification.

At the heart of CSNTS training

If you are...

An IT manager, network administrator, IT and support technician, or a candidate aiming to become a support engineer or expert trainer on our UTM products, or a Stormshield Partner: this course is for you! However, you need to have already passed the CSNE exam.

Face-to-face or distance CSNTS training?

The training is delivered either face to face (classroom-based teaching), or remotely (virtual trainer via a video system, with role-playing labs delivered via the Airbus CyberSecurity CyberRange platform). It alternates theoretical courses and practical work.

You’ll receive course support consisting of a theoretical component, practical work (Labs) and marking. To help you put the course theory into practice, you’ll have a full technical environment at your disposal.

And you’ll be able to keep your expertise current for three years by downloading updates to the course material in PDF format on our Institute platform.

What our CSNTS training will enable you to do

  • Become familiar with the file system structure, and the demonstrations and processes of a Stormshield Network appliance.
  • Locate, explore and manipulate the various configuration and activity log files.
  • Distinguish specific characteristics and anomalies in a network and routing configuration.
  • Carry out and examine network traffic captures.
  • Examine a safety policy and identify its general guidelines and specific parameters.
  • Identify the treatments applied to current connections.
  • Produce a tailored, complete and usable information record for establishing a diagnosis.
  • Configure IPSec VPN tunnel policies, identify activated mechanisms and diagnose malfunctions.
  • Analyse and diagnose a high-availability configuration.

What does this CSNTS training cost, and how do I register?

The public price is € 3,500 ex. VAT for 28 hours’ training in the classroom and two online certification sessions.

You can register via the training calendar.

Practical information about the CSNTS training course

The CSNTS training lasts 28 hours.

Stormshield offers face-to-face inter-company training sessions at its Paris, Lille and Lyon premises, or via distance learning.

Our trainers also conduct intra-company training (on-site or distance learning) for groups of 5 or more people.

There is a maximum of 6 trainees per session.

You must...

  • Have a valid CSNE certification.
  • Have a thorough knowledge of TCP/IP and the UNIX shell

Hardware requirements depend on the format of the session.

In the classroom:

  • A PC with 6 GB RAM and an i3-type processor, 2 GB of free hard disk space
  • Administrator rights for the PC, to enable you to install the following software:
    • A Chrome 50 (or higher) or Firefox 50 (or higher) web browser
    • PuTTY (or any other SSH client)
    • WinSCP (or equivalent SCP client)
    • Wireshark, VirtualBox or VMWare equivalent (VMWare Workstation Player or Pro).

Distance learning:

  • A PC with 6 GB RAM and an i3-type processor, with no hard disk constraints.
  • A Chrome 50 (or higher) or Firefox 50 (or higher) web browser with JavaScript installed for access to the CyberRange platform for practical work (no other browsers are supported). You must have plugin installation rights for managing the videoconferencing software.
  • Internet access with a minimum speed of 2 Mb/s.
  • A 2nd screen is strongly recommended (22'' or more).

CSNTS: certification at your fingertips

Provided you pass the final exam at the end of the course, obviously! You sit the exam online (3 hours,60 questions, including more than 25 open questions). The passmark is 70%.

The exam is automatically available on the day following the end of training, for a period of three weeks, at the Institute’s website.

In the event of failure, or inability to take the exam within this time slot, a second and final exam opportunity automatically opens immediately afterwards for a duration of one additional week.

Detailed CSNTS description

  • Individual introduction of trainees
  • Introduction to the course
  • Operating system and related UNIX commands
    • Shell access and settings
    • SSH features
    • File system and associated commands
    • Directories and associated commands
    • System and user environment
    • Files and associated commands
  • Logs
    • Local logs: location, characteristics, syntax and categories
    • Associated commands
    • Configuration files
    • Logd, logctl, kernel message logs
  • Configuration files
    • Directories, structure and general syntax
    • Backups (*.na), decbackup and tar
    • Default configuration
  • Objects
    • Object syntax
    • Dynamic and FQDN objects
  • Network and routing
    • Network interface settings
    • Bridges and associated commands
    • Routing functions and their priorities
    • Default routes and static routes
    • Gatemon and router objects
    • Dynamic routing
    • Relative commands and showing routes
    • Verbose mode
    • Lab: Network and routing
  • Traffic captures and analyses
    • Introduction and tips
    • General syntax and arguments
    • Common filters
    • Commented examples and preparations for effective captures
    • Analyzing traffic with tcpdump (TCP and UDP/icmp traffic)
    • Lab: Network/tcpdump
  • ASQ: the various stages of its analysis
    • Step-by-step analysis of network layers
    • Associated commands
    • Global settings
    • Special profiles and settings
    • Asynchronous ASQ: various cases and watermarking
    • ASQ verbose mode
    • Lab: ASQ settings
  • ASQ: security policy
    • Configuration files and directories, and rule syntax
    • Filtering: associated commands
    • Filtering: examples of loaded rules (action, inspection level, plugin, PBR, QoS, interfaces and proxy)
    • Filtering: translation of groups and lists
    • NAT: revision (dynamic NAT, static NAT by port, static NAT/bimap and no NAT)
    • NAT: associated commands
    • NAT: syntax of loaded rules
    • LAB: NAT and filtering
  • ASQ: stateful tracking and status tables
    • Protected address table
    • Host table
    • Connection table: examples of connection statuses (NAT, vconn, FTP plugin, async, lite, etc.)
    • LAB: ASQ stateful tracking
  • Daemons and processes
    • Lists and roles
    • Supervisor daemon
    • Relative commands
  • Eventd: event manager
  • IPSec VPN
    • Stormshield Network IKE/IPsec implementation
    • Configuration files
    • Security policy (SPD and SAD)
    • IKE negotiations
    • Negotiations: main mode and aggressive mode
    • ISAKMP and IPsec SAs
    • IKE proposals
    • Specific features: NAT-T, DPD, Keepalive, SharedSA, Policy None and SPD cache
    • Associated commands
    • Analysis of an IPSec-SA
    • Logs
    • “Delete SA” notifications
    • ISAKMP traffic captures and analyses
    • Particularities of dynamic peers
    • Verbose mode and common errors
    • LAB: ISAKMP/IPsec
  • PKIs and certificates
    • Recap and global directives
    • CA directory
    • Configuration tips
    • Certificate verification
  • High availability
    • Overview
    • Configuration files
    • Relative commands
    • Enabling HA and managing network interfaces
    • Processes and traffic involved
    • Replications/synchronization
    • HA events and logs

re-certification kits

In common with all good software, you’ll need to update your network/security expertise before the third anniversary of your certification. You can do this using our online re-certification kits, which allow you to renew your certification for an additional three years.


Want to find out about dates for network protection training courses? Discover our SNS training calendar.