Using the Settings

Use the Settings tab to learn how to use the Management APIs, set the administrator's password, or migrate an on-premises Security Management Server to Smart-1 Cloud.

General

It is possible to read information and send commands to the Check Point Management Server. Same as you create objects and Security Policies and deploy them in SmartConsole, you can do the same tasks with APIs.

Migrate

Note - The migration operation overwrites tenant information (the migration process does not merge tenant information).

Smart-1 Cloud lets administrators to import configurations from an on-premises Management Server to Smart-1 Cloud.

Migration to Smart-1 Cloud is only supported from the Security Management Server R80.20 and higher.

To migrate an on-premises Security Management Server to Smart-1 Cloud:

  1. On the Smart-1 Cloud home page, select Settings > Migrate.

  2. Download the migration tool. If you want to migrate an on-premises Security Management to the cloud, use the migration tools provided in the portal.

  3. On the on-premises Security Management, run export.

  4. Upload the export file to the portal.

    Important - The migration process may take a while. During the import process, you do not have access to the Smart-1 Cloud application.

    When the import finishes, an email is sent to you and the service is unlocked.

  5. When the migration completes successfully, in Smart-1 Cloud navigate to Connect Gateway.

  6. Click the plus + below the existing gateway and select the gateway you want to connect and follow the instructions.

  7. Starting from R80.40 Jumbo Hotfix Accumulator Take 89, it s not necessary to reset SIC on your Security Gateways. Make sure all these conditions are met and install the policy before starting the export procedure:

    • Management Server must have version R80.40 Jumbo Hotfix Accumulator Take 89 or higher installed.

    • Quantum Security Gateways must have version R80.40 Jumbo Hotfix Accumulator Take 89 or higher installed.

    • Quantum Spark and Quantum Edge Gateways must have version R80.20.40 or higher installed.

    For Security Gateways that run lower versions, you must reset the SIC on the gateway before initializing the communication from SmartConsole to the Security Gateway (learn more how to reset SIC on the Security Gateway from sk65764).

Cloud Management Extension (CME) Configuration

Smart-1 Cloud lets administrators to configure and show Cloud Management Extension (CME) status directly in the GUI.

CME enables cloud-native integration between Check Point CloudGuard Network solutions and Cloud platforms.

As a Service that runs on Smart-1 Cloud, it continuously monitors CloudGuard Network solutions deployed in Azure and AWS and synchronizes them.

Limitations:

  • The GUI does not support the Google Cloud Platform (GCP) platform.

  • The GUI does not support the configuration of custom scripts on the Security Gateway.

For more information on CME, see the Cloud Management Extension Administration Guide.

Forwarding Events to SIEM

Event Forwarding is an easy and secure procedure to export logs. You can forward data, logs, events, and saved applications data from a Check Point environment to a SIEM (Security Information and Event Management) provider, such as Splunk, QRadar, or ArcSight. These SIEM providers process large amounts of data and show it for analysis in created dashboards or sent notifications.

Forward to SIEM vs. Event Forwarding

Forward to SIEM and event forwarding are used to send event logs to a monitoring system.

Currently, event forwarding supports only Syslog format, while Forward to SIEM supports Syslog, Splunk, LEEF, Generic, LogRhythm and RSA formats.

Forward to SIEM configuration

To access the Forward to SIEM Configuration, from the Smart-1 Cloud home page, select Settings -> Forward to SIEM.

In the configuration page you see a table with forward to SIEM destinations, and information for the destination, such as status, encryption, name, target port, protocol and format.

Adding a new destination

To add a new destination, on the Forward to SIEM Configuration screen, click New.

Note - It is currently supported to add up to 3 destinations.

The Add Forwarding Destination window opens.

  • Destination name: Enter a unique name for the destination.

  • Destination Server: Enter IP address or FQDN.

    Note - The IP address must be public.

  • Destination Port: The destination port number.

  • Format: The destination log format. Can be Syslog, CEF, JSON, Splunk, LEEF, Generic, LogRhythm or RSA.

  • Protocol: The destination protocol, ca be either TLS over TCP, TCP or UDP

TLS/SSL over TCP Configuration

It is recommended to export logs over an encrypted connection using the TLS protocol. When using TLS, it is important to know that only mutual authentication is allowed. For mutual authentication, you need these two certificates:

  • CA certificate (in PEM format) that signed both the client (Smart-1 Cloud side) and server (SIEM side) certificates. The CA certificate can be self-sign certificate.

  • Client certificate.

Procedure:

  • Click the Client Certificate box to download the certificate request (csr).

    Note: Signing the request is done in your organization, and is not part of Smart-1 Cloud services.

  • After you sign the request, click on Browse below the Client Certificate box to upload the certificate.

    Important - In case some time has passed between making the certificate request and uploading the certificate, you can close the Add New Destination window, and in a later time open it again, fill all the details but do not click the Client Certificate box again, as this will create a new request.

    Just click on Browse to upload the certificate, and continue with the new destination creation.

  • Upload the Certificate Authority (CA) certificate.

Editing the destination

To edit the destination, on the Forward to SIEM Configuration screen select a destination and click Edit.

You can change any one of the destination properties, except the destination name.

Deleting a destination

To delete a destination, on the Forward to SIEM Configuration screen select a destination and click: Delete.

Write confirm in the deletion dialog box.

Start, stop or restart a destination

To start, stop or restart destination, on the Forward to SIEM Configuration screen select a destination or multiple destinations, click on More Actions, and select the action you want to perform, and select Yes.

  • Stop - Stop sending logs to the destination

  • Start - Start sending logs to the destination

  • Restart - Restart sending logs to the destination

Troubleshooting

If no logs arrive to your SIEM, follow these steps:

  • Make sure that your Security Gateway does not block traffic from the Smart-1 Cloud. public FQDN:

    • eu-west-1.g04.checkpoint.com

    • us-east-1.g04.checkpoint.com

    • ap-southeast-2.g04.checkpoint.com

  • Check that all the details in the configuration are correct.

  • If you use TLS, make sure you are using the correct certificates.

  • Restart the destination.

If the issue persist, contact Check Point support and open a Service Request.