Step 2 - Configuration on the On-Premises Management Server

This is a step in the On-Premises Management Deployment.

Part 1 - Prerequisites for the Management Server

  1. The required version of the Management Server must be up and running one of these versions:

  2. The Management Server must connect to the Internet.

  3. If you configured Manual Proxy ARP (sk30197) and Manual NAT rules, then you must follow these steps in SmartConsole:

    1. Click Menu > Global properties.

    2. In the left tree, click NAT - Network Address Translation.

    3. Select Automatic ARP configuration.

    4. Select Merge manual proxy ARP configuration.

    5. Click OK.

Important - Create the Security Gateway objects in SmartConsole only after you configure the applicable interfaces on the Security Gateways. This makes sure the Security Gateway objects automatically get the correct interface topology.

Part 2 - Configure Object Sharing and Log Sharing

It is necessary to enable Object Sharing on the on-premises Management Server to use the configured objects in Infinity Portal.

It is necessary to enable Log Sharing on the on-premises Management Server to see the applicable logs in Infinity Portal.

  1. You must register in Infinity Portal.

    See Step 1 - Configuration in Infinity Portal.

  2. Connect to the command line on the Management Server.

  3. Log in to the Expert mode.

  4. Run these commands in the given order:

    Note - This step applies only to the Management Server with the R81.10 version.

    1. Configure the Management Server to work with Check Point Cloud Services.

      Copy and paste these commands:

      touch show_cloud_services_view

      mv -v show_cloud_services_view /var/log/AutoUpdater/metadata/InfinityOnPrem/infinity_onprem/tunnel_AutoUpdate/*/

    2. Configure the Management Server to show the Infinity Services view in Web SmartConsole.

      Copy and paste these commands:

      echo CF_CLOUD_SERVICES=1 >> $FWDIR/conf/mwc.env

      $MDS_FWDIR/webconsole/mwc.sh restart

    If SmartConsole or Web SmartConsole is currently open, then close all their instances.

  5. Connect to the Management Server in one of these ways:

    • With the Desktop SmartConsole connect to:

      IP Address of your Management Server

    • With a web browser, open Web SmartConsole at this URL:

      https://<IP Address of your Management Server>/smartconsole

  6. Enable the Upload Consent:

    • You must enable the "Upload Information" consent flag (see sk175504):

      1. In SmartConsole top left corner, click the Menu button.

      2. Click Global properties.

      3. From the left tree, click Data Access Control.

      4. Select Help Check Point improve the products by sending anonymous information.

      5. Click OK.

      6. Install the Access Control Policy.

    • You must enable the "Allow Upload" consent flag (see sk111080):

      1. In SmartConsole top left corner, click the Menu button.

      2. Click Global properties.

      3. From the left tree, click Security Management Access.

      4. Select Improve product experience by sending information to Check Point.

      5. Click OK.

      6. Install the Access Control Policy.

  7. From the left navigation panel, click Infinity Services.

  8. Click the Get Started button.

  9. The Instructions window opens.

    54A6F92C

  10. Click Get Token.

    Web browser opens Infinity Portal Login page. Log in.

  11. Select the applicable account, if you have more than one account, and click Next.

  12. Select I wish to connect my Quantum Management environment with Infinity Portal and click Next.

  13. The page shows the required token.

    Click Copy Token.

  14. In SmartConsole, paste the token and click Connect.

    54A6F92C

  15. The Infinity Portal page must show Quantum Management Connected and Connection Status: Active.

    Example:

  16. SmartConsole page must show Connected with Infinity Portal and Connection Status: Active.

    Example:

  17. Enable Configuration Sharing:

    1. In SmartConsole, in the bottom left section Data Sharing, on the right of Configuration Sharing, click Edit.

    2. The Configuration Sharing window opens.

    3. Near the Enable option, click the OFF button.

      It must change to ON.

      Click OK.

    4. The configuration sharing starts, and after some time its status changes from Initializing to Active.

    From this point, objects configured in SmartConsole on the on-premises Management Server appear in Infinity Portal as assets.

  18. Optional: Enable Log Sharing:

    Note - This configuration is required to see the logs in Infinity Portal.

    1. In SmartConsole, in the bottom left section Data Sharing, on the right of Log Sharing, click Edit.

    2. The Configure Log Sharing window opens.

    3. Near the Enable option, click the OFF button.

      It must change to ON.

      Notes:

      • To share logs from all products, select All products.

      • To share logs only from specific products, select Specific products and select the required products.

        You must select these:

        • SD-WAN

        • Application Control

        • URL Filtering

      Click OK.

    4. The log sharing starts, and its status changes to Active.

What is Next?

Follow Step 3 - Configuration on Security Gateways