Frequently Asked Questions

In Smart-1 Cloud the Management Server holds an internal IP address, which is inaccessible from the outside.
Usually it is not necessary to know or use the Management IP address, but in some cases you are required to provide it.
Because the Management IP address is internal, it is the same for all deployments.
Therefore, when required to use the Management IP address, such as Central License, use this IP address: 100.64.0.52.

Several weeks after the release of a new GA version, Smart-1 Cloud is upgraded and runs the new version for new environments.
Afterward, we gradually upgrade for existing customers.

-
In Smart-1 Cloud, Check Point upgrades your Smart-1 Cloud environment.
A customer receives a notification two weeks before the upgrade occur.
Upgrades are done based on the region in which your Smart-1 Cloud environment is deployed (after local business hours).
-
Smart-1 Cloud sends notifications to the primary administrator as defined in your Infinity Portal account settings.
-
After a customer receives the notification for a planned upgrade, they can ask to reschedule.
A new upgrade window is then allocated for the customer, and a new notification is sent before the next planned upgrade.
A customer's upgrade does not effect other customers Smart-1 Cloud environment.

The service runs pro-active monitoring on all production environments, and in some cases maintenance actions are required to provide stable operation.
All maintenance operations are done after usual work hours for each deployed region and in accordance to the regional maintenance windows.
For non-disrupted operations, no notification is shared with the customer.
In rare cases, a short disruptive maintenance operation is performed during the maintenance window. A notification is delivered in advance in the specific event of a major version upgrade.
Regional maintenance windows:
-
APAC, EU, and US - Every Sunday
-
EU - weekdays - from 20:00 to 06:00am CET
-
US - weekdays - from 20:00 to 06:00am CST
-
APC - weekdays - from 20:00 to 06:00am ACT (Australian Central Time)

-
Starting from R80.40, customers can use SmartConsole or an API to revert to an earlier revision.
-
To revert all the management to an earlier version, it is necessary to open a Service Request with Check Point Support.
Note - After this procedure is done, you cannot cancel it.

You must allow outbound HTTPS traffic to FQDN listed below to allow the communication between the Security Gateway and the service:
-
To your domain at Smart-1 Cloud:
<Service-Identifier>.maas.checkpoint.com
-
For Smart-1 Cloud deployments in Europe:
cloudinfra-gw.portal.checkpoint.com
-
For Smart-1 Cloud deployments in the United States:
cloudinfra-gw-us.portal.checkpoint.com
-
For Smart-1 Cloud deployments in the APAC:
https://cloudinfra-gw.ap.portal.checkpoint.com
From version R80.40, there is an implied rule that always allows this traffic when working in the MaaS mode.

You can use the same SmartConsole to connect to your Smart-1 Cloud environments and to your on-premises environments.

Yes, you can use the Management APIs with Smart-1 Cloud, go to Settings > General.
For more information, see the Check Point Management API Reference.

Backups of the environments are taken each 12 hours, and are saved for 30 days.


All tasks related to the maintenance of the environment are part of the service.
You can open a ticket with Check Point Support for assistance with SSH.

A customer that decides to cancel the service and needs the management DB (to move it to the on-premises management), must open a Service Request with Check Point Support and ask for the management database.
Note - It is not possible to download the logs.
Do these changes in configuration:
-
Change the IP address in the management object (that primary IP address that holds the Smart-1 Cloud management IP address).
-
If "
*.def
" files were changed, then it is necessary to apply the changes. As an alternative, request the files fromCheck Point Support.
-
Other special configuration such as Security Gateway as a proxy to access the LDAP.
-
On the Security Gateway, disconnect the Security Gateway from Smart-1 Cloud, run the "
maas off
" command on the Security Gateway.

Congratulations, you have decided to join Smart-1 Cloud and purchased a license.
To help you ,our team will reach out to your sales representatives to get all the necessary information.
For more information, Smart-1 Cloud License.
If the issues continue, contact Account Services and ask to configure your account as production.
Provide these details:
-
Infinity Portal account name
-
Smart-1 Cloud Service Identifier
-
User Center Account

When you register a new Gateway to the service, an IP from one of these subnets is used for the creation of a secure tunnel between the Security Gateway and the Smart-1 Cloud:
-
100.64.0.0/16
-
100.70.0.0/16
-
100.71.0.0/16
-
100.100.0.0/16
-
100.101.0.0/16
|
Note - The virtual interface that is created on the Security Gateway uses this IP as the primary IP in the object that shows the Gateway in SmartConsole.. |