Quantum Enforcement

With Quantum Enforcement, you can select the Security Gateways and Managements through which you want to execute an automation. It lists the Security Gateways from both on-premises Security Management Server and Smart-1 Cloud.

For an on-premises Security Management Server, make sure that you have on-boarded the Check Point Security Gateway. See On-boarding the On-premises Check Point Security Gateway.

Notes:

  • Check Point Security Gateway R81 and higher is supported as the enforcer.

  • VSX Gateways/VSX Clusters are supported with Management on versions R81.20 and higher with Configuration Sharing Take 187. See sk177205.

  • Security Gateways/Clusters managed with SmartProvisioning are not supported.

Infinity Playblocks adds these network objects to your Security Management Server:

  • Allowed Sources - External or internal resources that are not blocked by Infinity Playblocks.

  • Blocked Sources - External resources that are blocked from accessing the organization by Infinity Playblocks's enforcement points.

  • Blocked Destinations - External or internal destinations that are blocked by Infinity Playblocks's enforcement points.

  • Quarantined Sources - Internal resources that have limited outgoing access by Infinity Playblocks's enforcement points.

  • Playblocks DataCenter - Generic Data Center that allows dynamic enforcement of Infinity Playblocks on Security Gateways.

  • Playblocks Policy - UserCheck Interaction. A block page appears in the browser in case the device is in quarantine. You can customize this page in SmartConsole.

It also creates a predefined Access Policy Layer called Automated Remediation. This layer is added all your security policies and installed on the selected Security Gateways.

Infinity Identity Enforcement

Infinity Identity Enforcement enables you to control and restrict access from non-compliant devices by leveraging real-time identity and compliance data.

Note:

  • Check Point Security Gateway R82 and higher is supported as the enforcer.

  • Infinity Identity Enforcement is available only on Quantum Gateways with the Identity Awareness blade.

Infinity Playblocks adds these network objects to your Security Management Server:

  • Not Compliant Devices Policy – An access layer for controlling traffic from non-compliant devices.

  • Identity Awareness PolicyUserCheck Interaction. A block page that appears in the browser for non-compliant devices.

  • Not Compliant Devices – Access role based on the Not_Compliant_Devices identity tag which provides access to the list of non-compliant devices from Infinity Identity.

    Note - Not_Compliant_Devices is an identity tag used to identify non-compliant devices.

To Enable Infinity Identity Enforcement

  1. Access Infinity Playblocks and click Connectors.

  2. Select Quantum Enforcement.

  3. Turn on the Enabled toggle button.

  4. Select the Enforce Infinity Identity on Gateways with Identity Awareness blade checkbox.

  5. Click View Gateways to see gateways applicable for the enforcement.

  6. To execute the automation on all the Security Gateways, click All (Recommended). In addition, this automatically executes the automation on a new Security Gateway with Identity Awareness blade detected by Infinity Playblocks.

  7. To manually select the specific gateways, click Select specific Managements, and then select the gateways.

  8. Click Save.

To select the Quantum Management to add to Quantum Enforcement:

  1. Access Infinity Playblocks and click Connectors.

  2. Select Quantum Enforcement.

  3. Turn on the Enabled toggle button.

  4. To add all Quantum Managements to Quantum Enforcement, click All (Recommended). In addition, this automatically enables Quantum Enforcement on additional management environments that connects to the Infinity Portal.

  5. To manually select the specific Quantum Managements, click Select specific gateways and then select the Quantum Managements.

  6. Click Save.

To select the Security Gateways to execute the automation:

  1. Access Infinity Playblocks and click Connectors.

  2. Select Quantum Enforcement.

  3. Turn on the Enabled toggle button.

  4. To execute the automation on all the Security Gateways, click All (Recommended). In addition, this automatically executes the automation on a new Security Gateway detected by Infinity Playblocks.

  5. To manually select the specific Security Gateways, click Select specific gateways and then select the gateways.

  6. Click Save.

Quantum Managements and Gateways Configuration Options

  1. All Quantum Managements and All Gateways Configuration

    • Connecting new Quantum Managements automatically enables Quantum Enforcement (if you enable Configuration Sharing).

    • The system adds new Gateways to the list of enforcing Gateways automatically.

  2. Specific Quantum Managements and All Gateways Configuration

    • Connecting new Quantum Managements do not automatically enable Quantum Enforcement.

    • You must enable Configuration Sharing and select the new Quantum Management in the Quantum Enforcement connector to activate Quantum Enforcement.

    • The system adds new Gateways connected to the selected Quantum Managements to the list of enforcing Gateways automatically.

  3. Specific Quantum Managements and Specific Gateways Configuration

    • Connecting new Quantum Managements do not automatically enable Quantum Enforcement.

    • You must enable Configuration Sharing and select the new Quantum Management in the Quantum Enforcement connector to enable Quantum Enforcement.

    • You must add new Gateways to the list of enforcing Gateways manually.

  4. All Quantum Managements and Specific Gateways Configuration

    • Connecting new Quantum Managements automatically enables Quantum Enforcement if you enable Configuration Sharing.

    • You must add new Gateways to the list of enforcing Gateways manually.