Frequently Asked Questions

In Smart-1 Cloud the Management Server holds an internal IP address, which is inaccessible from the outside.

Usually it is not necessary to know or use the Management IP address, but in some cases you are required to provide it.

Because the Management IP address is internal, it is the same for all deployments.

Therefore, when required to use the Management IP address, such as Central License, use this IP address: 100.64.0.52.

Several weeks after the release of a new GA version, Smart-1 Cloud is upgraded and runs the new version for new environments.

Afterward, we gradually upgrade for existing customers.

  • In Smart-1 Cloud, Check Point upgrades your Smart-1 Cloud environment.

    A customer receives a notification two weeks before the upgrade occur.

    Upgrades are done based on the region in which your Smart-1 Cloud environment is deployed (after local business hours).

  • Smart-1 Cloud sends notifications to the primary administrator as defined in your Infinity Portal account settings.

  • After a customer receives the notification for a planned upgrade, they can ask to reschedule.

    A new upgrade window is then allocated for the customer, and a new notification is sent before the next planned upgrade.

    A customer's upgrade does not effect other customers Smart-1 Cloud environment.

The service runs pro-active monitoring on all production environments; in some cases, maintenance actions are required to provide stable operation.

All maintenance operations are done after usual work hours for each deployed region and in accordance with the regional maintenance windows.

For non-disrupted operations or operations with disruptions lasting up to 10 minutes, no notification is shared with the customer.

(This is done only during regular off-hours.)

There are rare cases, such as major version upgrades, in which the maintenance operation may take 1-2 hours. In such cases, an email notification is sent 10–14 days in advance, providing a range of 2–3 days in which the operation will take place (again, always within regional off-hours). The customer can reply to the email and request to reschedule to another range.

Regional maintenance windows:

  • APAC, India, EU and US - Every Sunday

  • EU/UK - weekdays - from 20:00 to 06:00 am CET

  • US - weekdays - from 20:00 to 06:00 am CST

  • IN - weekdays - from 20:00 to 06:00 am IST

  • APC - weekdays - from 20:00 to 06:00 am ACT (Australian Central Time)

  • Starting from R80.40, customers can use SmartConsole or an API to revert to an earlier revision.

  • To revert all the management to an earlier version, it is necessary to open a Service Request with Check Point Support.

    Note - After this procedure is done, you cannot cancel it.

You must allow outbound HTTPS traffic to FQDN listed below to allow the communication between the Security Gateway and the service:

  • To your domain at Smart-1 Cloud:

    <Service-Identifier>.maas.checkpoint.com

  • For Smart-1 Cloud deployments in Europe:

    cloudinfra-gw.portal.checkpoint.com

  • For Smart-1 Cloud deployments in the United States:

    cloudinfra-gw-us.portal.checkpoint.com

  • For Smart-1 Cloud deployments in the APAC:

    https://cloudinfra-gw.ap.portal.checkpoint.com

From version R80.40, there is an implied rule that always allows this traffic when working in the MaaS mode.

You can use the same SmartConsole to connect to your Smart-1 Cloud environments and to your on-premises environments.

Yes, you can use the Management APIs with Smart-1 Cloud, go to Settings > API & SmartConsole.

For more information, see the Check Point Management API Reference.

Backups of the environments are taken daily for the first ten days and, after that, less frequently..

Smart-1 Cloud can manage up to 400 Security Gateways.

All tasks related to the maintenance of the environment are part of the service.

You can open a ticket with Check Point Support for assistance with SSH.

A customer that decides to cancel the service and needs the management DB (to move it to the on-premises management), must open a Service Request with Check Point Support and ask for the management database.

Note - It is not possible to download the logs.

Do these changes in configuration:

  • Change the IP address in the management object (that primary IP address that holds the Smart-1 Cloud management IP address).

  • If "*.def" files were changed, then it is necessary to apply the changes. As an alternative, request the files from Check Point Support.

  • Other special configuration such as Security Gateway as a proxy to access the LDAP.

  • On the Security Gateway, disconnect the Security Gateway from Smart-1 Cloud, run the "maas off" command on the Security Gateway.

    See Smart-1 Cloud Gateway Commands.

Congratulations, you have decided to join Smart-1 Cloud and purchased a license.

To help you ,our team will reach out to your sales representatives to get all the necessary information.

For more information, Smart-1 Cloud License.

If the issues continue, contact Account Services and ask to configure your account as production.

Provide these details:

  • Infinity Portal account name

  • Smart-1 Cloud Service Identifier

  • User Center Account

When you register a new Gateway to the service, an IP address from one of these subnets is used for the creation of a secure tunnel between the Security Gateway and the Smart-1 Cloud:

  • 100.64.0.0/16

  • 100.70.0.0/16

  • 100.71.0.0/16

  • 100.100.0.0/16

  • 100.101.0.0/16

Note - The virtual interface that is created on the Security Gateway uses this IP address as the primary IP address in the object that shows the Gateway in SmartConsole..

Your Smart-1 Cloud license determines two key parameters for log management:

  • Maximum daily log ingestion rate

  • Log retention period (the number of days logs are stored)

These parameters vary based on your specific license SKU.

Important - It is strongly recommended to purchase a license with a daily ingestion limit that exceeds your actual average log ingestion rate.

The standard offering includes 90 days of data retention. Extended retention periods (6 months or 1 year) are available for specific license SKUs (for more information on license SKUs, see sk182394).

To monitor your log usage, check the Average Monthly Ingestion and Daily Log Ingestion graphs on the Infinity Events > Log Ingestion page.

Note - See sk181096 for information on logs optimization.

  1. If you have a DAIP Security Gateway and you are concerned with the connectivity between the Security Management Server and the Security Gateway, you can configure the tunnel IP in the Security Gateway object.

  2. When you configure a DAIP Security Gateway in Smart-1 Cloud, on the initialize SIC sequence, you must enter the tunnel IP address as the Gateway IP address.

For support of the ICA Management Tool contact Check Point Support.

Yes, the Compliance blade is supported. You can see it from the Streamed SmartConsole. Refer to Log in to SmartConsole

To add or attach a VPN license to Smart-1 Cloud, contact Check Point Support and open a service request.

Yes, ElasticXL is supported starting from R82. This is a new clustering technology that simplifies operations by using a single management object, offering automatic configuration and software synchronization across all cluster members.