Frequently Asked Questions

What is my Smart-1 Cloud Management Server IP address?

In Smart-1 Cloud the Management Server holds an internal IP address, which is inaccessible from the outside.

Usually it is not necessary to know or use the Management IP address, but in some cases you are required to provide it.

Because the Management IP address is internal, it is the same for all deployments.

Therefore, when required to use the Management IP address, such as Central License, use this IP address: 100.64.0.52.

After Check Point releases a new software version, when is my Smart-1 Cloud environment upgraded?

Several weeks after the release of a new GA version, Smart-1 Cloud is upgraded and runs the new version for new environments.

Afterward, we gradually upgrade for existing customers.

Do I receive a notification before an upgrade runs on my Smart-1 Cloud environment?

In Smart-1 Cloud, Check Point upgrades your Smart-1 Cloud environment.

A customer receives a notification two weeks before the upgrade occur.

Upgrades are done based on the region in which your Smart-1 Cloud environment is deployed (after local business hours).
Smart-1 Cloud sends notifications to the primary administrator as defined in your Infinity Portal account settings.
After a customer receives the notification for a planned upgrade, they can ask to reschedule.

A new upgrade window is then allocated for the customer, and a new notification is sent before the next planned upgrade.

A customer's upgrade does not effect other customers Smart-1 Cloud environment.

What are the Service Maintenance Windows?

The service runs pro-active monitoring on all production environments; in some cases, maintenance actions are required to provide stable operation.

All maintenance operations are done after usual work hours for each deployed region and in accordance with the regional maintenance windows.

For non-disrupted operations or operations with disruptions lasting up to 10 minutes, no notification is shared with the customer.

(This is done only during regular off-hours.)

There are rare cases, such as major version upgrades, in which the maintenance operation may take 1-2 hours. In such cases, an email notification is sent 10–14 days in advance, providing a range of 2–3 days in which the operation will take place (again, always within regional off-hours). The customer can reply to the email and request to reschedule to another range.

Regional maintenance windows:

APAC, India, EU and US - Every Sunday
EU/UK - weekdays - from 20:00 to 06:00 am CET
US - weekdays - from 20:00 to 06:00 am CST
IN - weekdays - from 20:00 to 06:00 am IST
APC - weekdays - from 20:00 to 06:00 am ACT (Australian Central Time)

How can I revert my management database to an earlier version?

Starting from R80.40, customers can use SmartConsole or an API to revert to an earlier revision.
To revert all the management to an earlier version, it is necessary to open a Service Request with Check Point Support.

Note - After this procedure is done, you cannot cancel it.

Which ports must be open on the Security Gateway?

You must allow outbound HTTPS traffic to FQDN listed below to allow the communication between the Security Gateway and the service:

To your domain at Smart-1 Cloud:

<Service-Identifier>.maas.checkpoint.com
For Smart-1 Cloud deployments in Europe:

cloudinfra-gw.portal.checkpoint.com
For Smart-1 Cloud deployments in the United States:

cloudinfra-gw-us.portal.checkpoint.com
For Smart-1 Cloud deployments in the APAC:

https://cloudinfra-gw.ap.portal.checkpoint.com

From version R80.40, there is an implied rule that always allows this traffic when working in the MaaS mode.

What if I already have SmartConsole for a different on-premises management?

You can use the same SmartConsole to connect to your Smart-1 Cloud environments and to your on-premises environments.

Does Smart-1 Cloud support APIs?

Yes, you can use the Management APIs with Smart-1 Cloud, go to Settings > API & SmartConsole.

For more information, see the Check Point Management API Reference.

How frequently do you run backups?

Backups of the environments are taken daily for the first ten days and, after that, less frequently..

How many gateways can you manage with Smart-1 Cloud?

Smart-1 Cloud can manage up to 400 Security Gateways.

How do I manage to do tasks that must have SSH on the machine?

All tasks related to the maintenance of the environment are part of the service.

You can open a ticket with Check Point Support for assistance with SSH.

If it is necessary to cancel the service, what must I do?

A customer that decides to cancel the service and needs the management DB (to move it to the on-premises management), must open a Service Request with Check Point Support and ask for the management database.

Note - It is not possible to download the logs.

Do these changes in configuration:

Change the IP address in the management object (that primary IP address that holds the Smart-1 Cloud management IP address).

If "*.def" files were changed, then it is necessary to apply the changes. As an alternative, request the files from Check Point Support.

Other special configuration such as Security Gateway as a proxy to access the LDAP.

On the Security Gateway, disconnect the Security Gateway from Smart-1 Cloud, run the "maas off" command on the Security Gateway.

See Smart-1 Cloud Gateway Commands.

I purchased a Smart-1 Cloud license. How do I apply it, and what visibility do I have?

Congratulations, you have decided to join Smart-1 Cloud and purchased a license.

To help you ,our team will reach out to your sales representatives to get all the necessary information.

For more information, Smart-1 Cloud License.

If the issues continue, contact Account Services and ask to configure your account as production.

Provide these details:

Infinity Portal account name

Smart-1 Cloud Service Identifier

User Center Account

Which IP addresses the service uses to connect the Security Gateway to the Smart-1 Cloud?

When you register a new Gateway to the service, an IP address from one of these subnets is used for the creation of a secure tunnel between the Security Gateway and the Smart-1 Cloud:

100.64.0.0/16
100.70.0.0/16
100.71.0.0/16
100.100.0.0/16
100.101.0.0/16

	Note - The virtual interface that is created on the Security Gateway uses this IP address as the primary IP address in the object that shows the Gateway in SmartConsole..

Log Retention

The Smart-1 Cloud counts log storage based on storage size rather than days. The license you purchase includes storage space and the maximum log rate. Therefore, the total number of retained days is derived from the daily log rate and the purchased storage.

For example, if you purchase 100 GB of storage and the actual daily log input is 5 GB, the number of days that data is saved is 100/5 = 20 days.

You can see the average daily log input on the Smart-1 Cloud home page.

An exclamation mark shows on the Smart-1 Cloud home page as a warning if the storage capacity exceeds the license limit.

Note - When the storage capacity is full, Smart-1 Cloud deletes the oldest log.

DAIP Gateway and Smart-1 Cloud

If you have a DAIP Security Gateway and you are concerned with the connectivity between the Security Management Server and the Security Gateway, you can configure the tunnel IP in the Security Gateway object.
When you configure a DAIP Security Gateway in Smart-1 Cloud, on the initialize SIC sequence, you must enter the tunnel IP address as the Gateway IP address.

ICA Management Tool and Smart-1 Cloud

For support of the ICA Management Tool contact Check Point Support.

Does Smart-1 Cloud support Compliance Blade?

Yes, the Compliance blade is supported. You can see it from the Streamed SmartConsole. Refer to Log in to Streamed SmartConsole

How do I add/attach a VPN license to Smart-1 Cloud management?

To add or attach a VPN license to Smart-1 Cloud, contact Check Point Support and open a service request.