Cp r81 10 quantum securitymanagement adminguide
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (6.71 MB, 699 trang )
05 March 2023
QUANTUM SECURITY
MANAGEMENT
R81.10
[Classification: Protected]
Administration Guide
Check Point Copyright Notice
© 2021 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under
licensing restricting their use, copying, distribution, and decompilation. No part of this product or related
documentation may be reproduced in any form or by any means without prior written authorization of Check
Point. While every precaution has been taken in the preparation of this book, Check Point assumes no
responsibility for errors or omissions. This publication and features described herein are subject to change
without notice.
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)
(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR
52.227-19.
TRADEMARKS:
Refer to the Copyright page for a list of our trademarks.
Refer to the Third Party copyright notices for a list of relevant copyrights and third-party licenses.
Important Information
Important Information
Latest Software
We recommend that you install the most recent software release to stay up-to-date with the
latest functional improvements, stability fixes, security enhancements and protection against
new and evolving attacks.
Certifications
For third party independent certification of Check Point products, see the Check Point
Certifications page.
Check Point R81.10
For more about this release, see the R81.10 home page.
Latest Version of this Document in English
Open the latest version of this document in a Web browser.
Download the latest version of this document in PDF format.
Feedback
Check Point is engaged in a continuous effort to improve its documentation.
Please help us by sending your comments.
Quantum Security Management R81.10 Administration Guide | 3
Important Information
Revision History
Date
Description
05 March 2023
Added "Sharing SmartConsole Configuration and Logs with Infinity Portal" on
page 329
19 February
2023
Updated "Configuring Implied Rules or Kernel Tables for Security Gateways" on
page 145
31 January 2023
Updated:
n
n
"Central Deployment of Hotfixes and Version Upgrades" on page 137
"The ICA Management Tool" on page 378
19 December
2022
Updated "Configuring a Secondary Security Management Server in SmartConsole"
on page 370
17 November
2022
Updated:
n
n
n
n
n
n
24 July 2022
"Configuring the NAT Policy" on page 247
"Working with Automatic NAT Rules" on page 255
"Working with Manual NAT Rules" on page 262
"Working with NAT46 Rules" on page 268
"Working with NAT64 Rules" on page 279
" Advanced NAT Settings" on page 293
Removed:
n
"Configuring a SIC Proxy" - supported only for internal Check Point needs
14 June 2022
In the HTML version, added glossary terms in the text
15 May 2022
Updated:
n
"Managing Server and Gateway Licenses" on page 130
24 February
2022
Updated:
30 January 2022
Updated:
n
n
28 December
2021
"Configuring Implied Rules or Kernel Tables for Security Gateways" on
page 145
l Corrected the paths for Security Gateways R81
l Added the Quantum Spark appliance models 1600 and 1800
"Database Revisions" on page 351
Updated:
n
"High Availability Troubleshooting" on page 374
Quantum Security Management R81.10 Administration Guide | 4
Important Information
Date
Description
23 December
2021
Updated:
n
n
n
n
n
21 December
2021
"The Columns of the Access Control Rule Base" on page 188
"Object Categories" on page 159"Object Categories" on page 159
Updated values of IKE Certificate Validity Period in "CA Procedures" on
page 388
Updated "Ordered Layers and Inline Layers" on page 214
Updated "Network Security for IoT Devices" on page 362
Updated:
n
n
n
n
"Understanding SmartConsole" on page 25
"The Columns of the Access Control Rule Base" on page 188
"Ordered Layers and Inline Layers" on page 214
"Monitoring Licenses in SmartConsole" on page 134
27 November
2021
Updated:
09 November
2021
Updated:
28 October 2021
Updated
n
n
n
n
n
06 October 2021
n
n
n
"Working with Policy Packages" on page 178
"Database Revisions" on page 351
"SmartTasks" on page 356
"Secure Internal Communication (SIC)" on page 124
"Viewing Licenses in SmartConsole" on page 132
Updated:
n
n
n
14 July 2021
"Managing Security through API" on page 40
"Central Deployment of Hotfixes and Version Upgrades" on page 137
"Network Security for IoT Devices" on page 362
Updated:
n
10 August 2021
"Creating a New Security Gateway" on page 119
Updated:
n
05 September
2021
"Configuring a Security Gateway to Access the Management Server or Log
Server at its NATed IP Address" on page 144
"Creating Application Control and URL Filtering Rules" on page 208
"Best Practices for Access Control Rules" on page 235
"Database Revisions" on page 351
First release of this document
Quantum Security Management R81.10 Administration Guide | 5
Table of Contents
Table of Contents
Introduction to Security Management
23
Getting Started
24
Understanding SmartConsole
25
SmartConsole Window
25
SmartConsole Toolbars
26
Search Engine
28
IP Search
29
General IP Search
29
Packet Search
29
Rule Base Results
30
30
Access and Custom Policy Tools
"Access Tools" in the Security Policies "Access Control" view
30
"Custom Policy Tools" in the Security Policies "Threat Prevention" view
31
Shared Policies
31
API Command Line Interface
32
Keyboard Shortcuts for SmartConsole
32
Web SmartConsole
35
Connecting to the Security Management Server through SmartConsole
36
Planning Security Management
37
Define your Organization's Topology
37
Define Access Rules for Protection of your Organization's Resources
37
Enforce Access Policies
37
Configuring the Security Management Server and Security Gateways
37
Setting up for Team Work
38
40
Managing Security through API
API
40
API Tools
40
Configuring the API Server
41
API Key Authentication
42
Configuring API key authentication for administrators
Managing User and Administrator Accounts
42
45
Authentication Methods for Users and Administrators
46
Managing User Accounts
48
Quantum Security Management R81.10 Administration Guide | 6
Table of Contents
48
User Database
Creating, Modifying, and Removing User Accounts
48
User > General Properties
49
Configuring Authentication
49
User > Location
49
User > Time
49
User > Certificates
50
User > Encryption
50
Configuring Default Expiration Settings for Users
51
Delete a User
51
Granting User Access using RADIUS Server Groups
51
SecurID Authentication for Security Gateway
52
Configuring TACACS+ Authentication
57
Managing User Groups
57
Adding User Groups
58
LDAP and User Directory
58
User Directory and Identity Awareness
59
User Directory Considerations
59
The User Directory Schema
59
Check Point Schema for LDAP
60
Schema Checking
60
OID Proprietary Attributes
60
User Directory Schema Attributes
60
Fetch User Information Effectively
69
Setting User-to-Group Membership Mode
70
Profile Attributes
70
79
Microsoft Active Directory
Updating the Registry Settings
80
Delegating Control
80
Extending the Active Directory Schema
80
Adding New Attributes to the Active Directory
81
Retrieving Information from a User Directory Server
81
Running User Directory Queries
82
Querying Multiple LDAP Servers
83
User Directory
83
Quantum Security Management R81.10 Administration Guide | 7
Table of Contents
Deploying User Directory
83
Enabling User Directory
83
84
Account Units
Working with LDAP Account Units
Configuring LDAP query parameters
84
88
Modifying the LDAP Server
88
Account Units and High Availability
89
Setting High Availability Priority
90
Authenticating with Certificates
90
Managing Users on a User Directory Server
91
Distributing Users in Multiple Servers
91
Managing LDAP Information
91
LDAP Groups for the User Directory
92
93
Access Roles
93
Adding Access Roles
94
Authentication Rules
95
Managing Administrator Accounts
Configuring Authentication Methods for Administrators
95
Configuring Check Point Password Authentication for Administrators
95
Configuring OS Password Authentication for Administrators
96
Configuring RADIUS Server Authentication for Administrators
96
Configuring SecurID Server Authentication for Administrators
97
Configuring TACACS Server Authentication for Administrators
98
Configuring API key authentication for administrators
Creating, Changing, and Deleting an Administrator Account
100
102
Creating an Administrator Account
103
Changing an Existing Administrator Account
104
Deleting an Administrator Account
105
Creating a Certificate for Logging in to SmartConsole
105
Configuring Default Expiration for Administrators
106
Setting SmartConsole Timeout
107
Revoking Administrator Certificate
107
Assigning Permission Profiles to Administrators
108
Changing and Creating Permission Profiles
108
Configuring Customized Permissions
109
Quantum Security Management R81.10 Administration Guide | 8
Table of Contents
Configuring Permissions for Access Control Layers
110
Configuring Permissions for Access Control and Threat Prevention
111
Configuring Permissions for Monitoring, Logging, Events, and Reports
111
Defining Trusted Clients
112
Restricting Administrator Login Attempts
113
Unlocking Administrators
113
Session Flow for Administrators
114
Publishing a Session
114
Working in SmartConsole Session View
115
Viewing Changes Made in Private Sessions
115
Taking over locked objects from administrators with inactive sessions
116
Administrators Working with Multiple Sessions
116
117
Use Case
119
Managing Gateways
Creating a New Security Gateway
119
Manually Updating the Gateway Topology
121
121
Get Interfaces API
Dynamically Updating the Security Gateway Topology
123
123
Dynamic Anti-Spoofing
Secure Internal Communication (SIC)
124
Initializing Trust
124
SIC Status
124
Trust State
125
Troubleshooting SIC
125
Understanding the Check Point Internal Certificate Authority (ICA)
126
ICA Clients
127
SIC Certificate Management
127
129
Managing Licenses
Managing Server and Gateway Licenses
130
Viewing Licenses in SmartConsole
132
Viewing license information for VSX
133
Monitoring Licenses in SmartConsole
134
136
License or Quota Changes
Central Deployment of Hotfixes and Version Upgrades
Introduction
137
137
Quantum Security Management R81.10 Administration Guide | 9
Table of Contents
Prerequisites
138
Limitations
138
Installation
139
How the Central Deployment Upgrades a Cluster
142
Configuring a Security Gateway to Access the Management Server or Log Server at its NATed IP
Address
144
Configuring Implied Rules or Kernel Tables for Security Gateways
145
Introduction
145
Configuration files
145
Configuration Procedure
147
Introduction
147
Configuration files
148
Configuration Procedure
149
Location of 'user.def' Files on the Management Server
150
Location of 'implied_rules.def' Files on the Management Server
151
Location of 'table.def' Files on the Management Server
152
Location of 'crypt.def' Files on the Management Server
153
Location of 'vpn_table.def' Files on the Management Server
154
Location of 'communities.def' Files on the Management Server
155
Location of 'base.def' Files on the Management Server
156
Location of 'dhcp.def' Files on the Management Server
157
Location of 'gtp.def' Files on the Management Server
158
159
Managing Objects
Object Categories
159
Actions with Objects
161
Object Tags
162
162
Adding a Tag to an Object
163
Network Object Types
Networks
163
Network Groups
163
163
Grouping Network Objects
Check Point Hosts
164
Gateway Cluster
164
Address Ranges
164
Wildcard Objects
164
Understanding Wildcard Objects
164
Quantum Security Management R81.10 Administration Guide | 10
Table of Contents
IPv6
168
Domains
168
Updatable Objects
169
Adding an Updatable Object to the Security Policy
169
Dynamic Objects
170
Generic Data Center Objects
170
Limitations
171
Security Zones
171
Creating and Assigning Security Zones
172
Predefined Security Zones
173
Limitations
173
Externally Managed Gateways and Hosts
174
Interoperable Devices
174
VoIP Domains
174
Logical Servers
174
175
Balance Method
Open Security Extension (OSE) Devices
175
Defining OSE Device Interfaces
176
OSE Device Properties Window - "General" Tab
176
Anti-Spoofing Parameters and OSE Devices Setup (Cisco)
176
178
Managing Policies
Working with Policy Packages
178
Viewing Rule Logs
183
Policy Installation History
184
Concurrent Install Policy
185
Accelerated Install Policy
186
187
Creating an Access Control Policy
Introducing the Unified Access Control Policy
187
The Columns of the Access Control Rule Base
188
The Columns of the Access Control Rule Base
Source and Destination Column
To Learn More About Network Objects
188
189
189
VPN Column
189
IPsec VPN
189
Mobile Access to the Network
190
Quantum Security Management R81.10 Administration Guide | 11
Table of Contents
190
To Learn More About VPN
Services & Applications Column
190
Service Matching
190
Application Matching
191
Services and Applications on R77.30 and Lower Security Gateways, and after Upgrade
193
Content Column
193
Actions
195
196
UserCheck Actions
196
Tracking Column
To Learn More About Tracking
197
Rule Matching in the Access Control Policy
198
The matching examples show that:
Creating a Basic Access Control Policy
201
202
Basic Rules
202
Use Case - Basic Access Control
202
Use Case - Inline Layer for Each Department
203
206
Default Cell Values
Enforcement of Rules with the Value "None"
206
Upgrading of a Management Server from R81 and Lower Versions
207
Creating Application Control and URL Filtering Rules
208
Blocking URL Categories
213
Ordered Layers and Inline Layers
214
The Need for Ordered Layers and Inline Layers
214
Order of Rule Enforcement in Inline Layers
214
Order of Rule Enforcement in Ordered Layers
215
Creating an Inline Layer
216
Creating an Ordered Layer
217
Enabling Access Control Features
218
Types of Rules in the Rule Base
219
Administrators for Access Control Layers
221
Sharing Layers
222
Visual Division of the Rule Base with Sections
223
Managing Policies and Layers
223
Use Cases for the Unified Rule Base
225
Best Practices for Access Control Rules
235
Quantum Security Management R81.10 Administration Guide | 12
Table of Contents
Installing the Access Control Policy
237
Pre-R80.10 Gateways and the Unified Access Control Policy
238
Analyzing the Rule Base Hit Count
239
Enabling or Disabling Hit Count
239
Hit Count Display
240
242
Preventing IP Spoofing
244
Anti-Spoofing Options
Multicast Access Control
245
Configuring the NAT Policy
247
Getting Started with NAT
247
Introduction
247
Types of NAT Rules
248
Types of NAT Methods
249
NAT Rules in SmartConsole
252
Order of NAT Rule Enforcement
254
Working with Automatic NAT Rules
255
Example of Automatic NAT Rules
255
Configuring Automatic NAT
257
Example Deployment
257
Automatic Hide NAT to External Networks
260
Working with Manual NAT Rules
262
Example of a Manual NAT Rule
262
Configuring Manual NAT
263
Example Deployment
263
Working with NAT46 Rules
268
Overview
268
Known Limitations for NAT46
270
Configuring NAT46
270
Logging of NAT46 Traffic
278
Working with NAT64 Rules
279
Overview
279
Known Limitations for NAT64
280
Example of NAT64 Translation Flow
280
Configuring NAT64
282
Logging of NAT64 traffic
292
Quantum Security Management R81.10 Administration Guide | 13
Table of Contents
293
Advanced NAT Settings
Automatic and Proxy ARP
293
NAT and Anti-Spoofing
293
Disabling NAT in a VPN Tunnel
293
Internal Communication with Overlapping Addresses
295
Example Network Configuration
295
Communication Examples
296
Routing Considerations
297
Object Database Configuration
297
Security Management behind NAT
298
Overview
298
Configuring NAT for Control Connections on the Security Management Server
298
Configuring NAT for Control Connections on a Remote Security Gateway
299
301
IP Pool NAT
Overview
301
NAT Priorities
302
IP Pool Per Interface
303
Reusing IP Pool Addresses For Different Destinations
304
IP Pool Configuration Procedure
306
309
Mobile Access to the Network
Check Point Mobile Access Solutions
309
Client-Based vs. Clientless
309
Mobile Access Clients
309
Mobile Access Web Portal
310
SSL Network Extender
310
Configuring Mobile Access to Network Resources
310
Sample Mobile Access Workflow
310
Sample Mobile Access Deployment
311
Using the Mobile Access Configuration Wizard
312
Allowing Mobile Connections
313
Defining Access to Applications
313
Activating Single Sign-On
313
Connecting to a Citrix Server
314
Sample Deployment with Citrix Server
314
Configuring Citrix Services for Mobile Access
315
Quantum Security Management R81.10 Administration Guide | 14
Table of Contents
316
Compliance Check
Compliance Policy Rules
316
Creating a Compliance Policy
317
Configuring Compliance Settings for a Security Gateway
317
318
Secure Workspace
Secure Workspace
319
To Learn More About Mobile Access
319
320
Site-to-Site VPN
Sample Site-to-Site VPN Deployment
320
VPN Communities
320
Sample Combination VPN Community
322
Allowing VPN Connections
323
Sample VPN Access Control Rules
323
To Learn More About Site-to-Site VPN
324
325
Remote Access VPN
VPN Connectivity Modes
325
Sample Remote Access VPN Workflow
325
Configuring the Security Gateway for a Remote Access Community
326
To Learn More About Remote Access VPN
327
Creating a New Threat Prevention Policy
328
Sharing SmartConsole Configuration and Logs with Infinity Portal
329
329
Prerequisites
332
HTTPS Inspection
332
Inspecting HTTPS Connections
Outbound HTTPS Connections
332
Inbound HTTPS Connections
333
Configuring Security Gateways to inspect outbound and inbound HTTPS traffic
333
Enabling HTTPS Inspection
334
Creating an Outbound CA Certificate
334
Importing an Outbound CA Certificate
335
Exporting a Certificate from the Security Management Server
336
Exporting and Deploying the Generated CA
336
Deploying Certificates by Using Group Policy
337
Configuring Inbound HTTPS Inspection
337
Assigning a Server Certificate for Inbound HTTPS Inspection
338
Quantum Security Management R81.10 Administration Guide | 15
Table of Contents
339
HTTPS Inspection Policy
Configuring HTTPS Inspection Rules
340
342
HTTPS InspectionLogs
Bypassing HTTPS Inspection for Software Update Services
342
Managing Certificates by Gateway
343
Adding Trusted CAs for Outbound HTTPS Inspection
343
344
Saving a CA Certificate
HTTPS Validation
344
Showing HTTPS Inspection Logs
344
SNI support for Site Categorization
345
HTTPS Inspection on Non-Standard Ports
345
Inspection of TLS v1.3 Traffic
345
Client Certificates for Smartphones and Tablets
346
Managing Client Certificates
346
Creating Client Certificates
346
Revoking Certificates
347
Creating Templates for Certificate Distribution
348
Cloning a Template
349
Giving Permissions for Client Certificates
350
Preferences and Management Settings
351
Database Revisions
351
Setting IP Address Versions of the Environment
353
Restoring Window Default
353
Configuring the Login Window
353
Synchronization with UserCenter
354
Inspection Settings
354
Configuring Inspection Settings
355
356
SmartTasks
Available Triggers
357
Available Actions
357
Configuring SmartTask Properties
357
SmartTask Advanced Properties
358
Send Web Request
358
Run script
358
Network Security for IoT Devices
362
Quantum Security Management R81.10 Administration Guide | 16
Table of Contents
Introduction
362
Prerequisites
363
Network Overview
364
Network Diagram
364
Configuring the IoT Controller
364
Adding IoT Assets to the Policy
365
Infinity for IoT Logs
366
368
Management High Availability
Overview of Management High Availability
368
The High Availability Environment
369
Configuring a Secondary Security Management Server in SmartConsole
370
Synchronizing Active and Standby Servers
371
Monitoring High Availability
371
Monitoring Synchronization Status and Actions
371
Changing a Server to Active or Standby
373
Working in Collision Mode
373
Changeover Between Active and Standby
373
374
High Availability Troubleshooting
Not Communicating
374
Collision or HA Conflict
374
Sync Error
374
Unlocking the Administrator
374
Environments with Endpoint Security
375
High Availability Disaster Recovery
376
378
The ICA Management Tool
Connecting to the ICA Management Tool
378
The ICA Management Tool Portal
380
User Certificate Management
380
Modifying the Key Size for User Certificates
381
Performing Multiple Simultaneous Operations
381
ICA Administrators with Reduced Privileges
382
Operations with Certificates
382
Management of SIC Certificates
382
Management of Security Gateway VPN Certificates
382
Management of User Certificates in SmartConsole
382
Quantum Security Management R81.10 Administration Guide | 17
Table of Contents
Notifying Users about Certificate Initialization
382
Retrieving the ICA Certificate Files
383
Searching for a Certificate
383
Basic Search Parameters
383
Advanced Search Attributes
383
The Search Results
384
Viewing and Saving Certificate Details
384
Removing and Revoking Certificates and Sending Email Notifications
384
Submitting a Certificate Request to the CA
385
Initializing Multiple Certificates Simultaneously
386
CRL
387
CRL Management
387
CRL Operations
387
CA Procedures
388
CA Cleanup
388
Configuring the CA
388
CA Data Types and Attributes
389
Certificate Longevity and Statuses
392
Gaia API Proxy
394
Command Line Reference
400
Syntax Legend
401
contract_util
402
contract_util check
403
contract_util cpmacro
404
contract_util download
405
contract_util mgmt
407
contract_util print
408
contract_util summary
409
contract_util update
410
contract_util verify
411
cp_conf
412
cp_conf admin
414
cp_conf auto
417
cp_conf ca
418
cp_conf client
419
Quantum Security Management R81.10 Administration Guide | 18
Table of Contents
cp_conf finger
422
cp_conf lic
423
cp_log_export
425
cpca_client
440
cpca_client create_cert
442
cpca_client double_sign
443
cpca_client get_crldp
445
cpca_client get_pubkey
446
cpca_client init_certs
447
cpca_client lscert
448
cpca_client revoke_cert
450
cpca_client revoke_non_exist_cert
453
cpca_client search
454
cpca_client set_ca_services
456
cpca_client set_cert_validity
458
cpca_client set_mgmt_tool
459
cpca_client set_sign_hash
463
cpca_create
465
cpconfig
466
cpinfo
468
cplic
469
cplic check
472
cplic contract
474
cplic db_add
476
cplic db_print
478
cplic db_rm
480
cplic del
481
cplic del <object name>
482
cplic get
483
cplic print
484
cplic put
486
cplic put <object name>
488
cplic upgrade
491
cppkg
cppkg add
493
494
Quantum Security Management R81.10 Administration Guide | 19
Table of Contents
ppkg delete
495
cppkg get
497
cppkg getroot
498
cppkg print
499
cppkg setroot
500
cpprod_util
501
cprid
504
cprinstall
505
cprinstall boot
507
cprinstall cprestart
508
cprinstall cpstart
509
cprinstall cpstop
510
cprinstall delete
511
cprinstall get
512
cprinstall install
513
cprinstall revert
515
cprinstall show
516
cprinstall snapshot
517
cprinstall transfer
518
cprinstall uninstall
519
cprinstall verify
521
cpstart
523
cpstat
524
cpstop
530
cpview
531
Overview of CPView
531
CPView User Interface
531
Using CPView
532
cpwd_admin
533
cpwd_admin config
535
cpwd_admin del
538
cpwd_admin detach
539
cpwd_admin exist
540
cpwd_admin flist
541
cpwd_admin getpid
542
Quantum Security Management R81.10 Administration Guide | 20
Table of Contents
cpwd_admin kill
543
cpwd_admin list
544
cpwd_admin monitor_list
546
cpwd_admin start
547
cpwd_admin start_monitor
549
cpwd_admin stop
550
cpwd_admin stop_monitor
552
dbedit
553
fw
564
fw fetchlogs
566
fw hastat
568
fw kill
569
fw log
570
fw logswitch
578
fw lslogs
581
fw mergefiles
584
fw repairlog
587
fw sam
588
fw sam_policy
594
fw sam_policy add
596
fw sam_policy batch
608
fw sam_policy del
610
fw sam_policy get
613
fwm
617
fwm dbload
619
fwm exportcert
620
fwm fetchfile
621
fwm fingerprint
622
fwm getpcap
624
fwm ikecrypt
625
fwm load
626
fwm logexport
627
fwm mds
632
fwm printcert
633
fwm sic_reset
637
Quantum Security Management R81.10 Administration Guide | 21
Table of Contents
fwm snmp_trap
638
fwm unload
640
fwm ver
643
fwm verify
644
inet_alert
645
ldapcmd
648
ldapcompare
650
ldapmemberconvert
654
ldapmodify
659
ldapsearch
661
mgmt_cli
663
migrate
664
migrate_server
668
queryDB_util
674
rs_db_tool
675
sam_alert
677
stattest
681
threshold_config
684
Glossary
689
Quantum Security Management R81.10 Administration Guide | 22
Introduction to Security Management
Introduction to Security
Management
Check Point offers effective Security Management solutions to help you keep up with constantly growing
needs and challenges of your organizational network. This Administration Guide focuses on the basic
Security Management Server deployment.
If you are interested in deployments for organizations with multiple sites, refer to the R81.10 Multi-Domain
Security Management Administration Guide.
These are the basic components of Check Point security architecture.
Item
Description
1
SmartConsole - Check Point Graphical User Interface for connection to and management of
Security Management Servers.
2
Security Management Server - Manages Security Gateways with defined security policies and
monitors security events on the network.
3
Security Gateway - Placed at the perimeter of the network topology, to protect your
environment through enforcement of the security policies.
4
Your environment to protect.
Quantum Security Management R81.10 Administration Guide | 23
Getting Started
Getting Started
Before you deploy a Check Point security solution, familiarize yourself with:
n
Check Point SmartConsole
n
Basic setup of a Check Point Security Management Server
n
Basic setup of Check Point Security Gateways
n
Administrative task delegation
n
Security management in a non-GUI environment
Quantum Security Management R81.10 Administration Guide | 24
Understanding SmartConsole
Understanding SmartConsole
Check Point SmartConsole makes it easy to manage security for complex networks. Before you configure
your cyber security environment and policies, become familiar with Check Point SmartConsole.
You can get the SmartConsole package:
n
In the Home Page SK article - sk170416.
n
In the Gaia Portal of the Management Server (at the top of the Overview page, click the "Download
Now" button).
You must install the SmartConsole package in a folder, whose full path includes only English characters.
SmartConsole Window
Item
Description
Item
Description
1
Global Toolbar
5
Objects Bar (F11)
2
Session Management Toolbar
6
Validations pane
3
Navigation Toolbar
7
Command line interface button
4
System Information Area
Quantum Security Management R81.10 Administration Guide | 25
