Step 2 - Configuration on the On-Premises Management Server

This is a step in the On-Premises Management Deployment.

Part 1 - Prerequisites for the Management Server

  1. The Management Server must be up and running one of these versions:

  2. The Management Server must connect to the Internet.

  3. If you configured Manual Proxy ARP (sk30197) and Manual NAT rules, then you must follow these steps in SmartConsole:

    1. Click Menu > Global properties.

    2. In the left tree, click NAT - Network Address Translation.

    3. Select Automatic ARP configuration.

    4. Select Merge manual proxy ARP configuration.

    5. Click OK.

Important - Create the Security Gateway objects in SmartConsole only after you configure the applicable interfaces on the Security Gateways. This makes sure the Security Gateway objects automatically get the correct interface topology.

Part 2 - Configure Object Sharing and Log Sharing

It is necessary to enable Object Sharing on the on-premises Management Server to use the configured objects in Infinity Portal.

It is necessary to enable Log Sharing on the on-premises Management Server if you want to see the applicable logs in Infinity Portal.

The procedure below is based on the Management Server that meets the requirements in sk180557 for automatic on-boarding of supported Security Gateways.

  1. You must register in Infinity Portal.

    See Step 1 - Configuration in Infinity Portal.

  2. Connect to the command line on the Management Server.

  3. Log in to the Expert mode.

  4. Connect to the Management Server in one of these ways:

    • With the Desktop SmartConsole connect to:

      IP Address of your Management Server

    • With a web browser, open Web SmartConsole at this URL:

      https://<IP Address of your Management Server>/smartconsole

  5. Enable the Upload Consent:

    You must enable the "Upload Information" consent flag (see sk175504):

    1. In SmartConsole top left corner, click the Menu button.

    2. Click Global properties.

    3. From the left tree, click Data Access Control.

    4. Select Help Check Point improve the products by sending anonymous information.

    5. Click OK.

    6. Install the Access Control Policy.

  6. From the left navigation panel, click Infinity Services.

  7. Click the Get Started button.

    Example:

  8. The Instructions window opens.

  9. Click Get Token.

    Web browser opens Infinity Portal Login page. Log in.

  10. Select the applicable account, if you have more than one account, and click Next.

  11. Select I wish to connect my Self-hosted Security Management environment and Security Gateways to the Infinity Portal and click Next.

  12. The page shows the required token.

    Click Copy Token.

  13. In SmartConsole, paste the token.

    54A6F92C

  14. Enable the automatic onboarding of Security Gateways:

    1. Move the toggle Connect your Security Gateways to Infinity Portal from OFF to ON.

    2. Expand the section Gateways Connection Details.

  15. In the section Select Security Gateways to connect, select which supported Security Gateways to onboard:

    For more information, click the (i) icon and see sk180557.

    • All

      All supported Security Gateways establish connection with Infinity Portal.

    • Specific

      Only the selected supported Security Gateways establish connection with Infinity Portal.

    Note - You can always change this setting later in SmartConsole > Infinity Services view > in the bottom right corner, on the right of Gateways Connector, click Edit.

  16. In the section Establish connection to Security Gateways, select when to onboard the supported Security Gateways:

    For more information, click the (i) icon and see sk180557.

    • Immediately

      This is the default. Supported SD-WAN Security Gateways try to establish an immediate connection with Infinity Portal and then during every subsequent policy installation.

    • After policy installation

      Supported SD-WAN Security Gateways try to establish a connection with Infinity Portal only after you complete this procedure and install the Access Control policy.

    Note - You can always change this setting later in SmartConsole > Infinity Services view > in the bottom right corner, on the right of Gateways Connector, click Edit.

  17. At the bottom, click Connect.

  18. SmartConsole must show Connected to Infinity Portal and Status: Active.

    Example:

  19. Enable Configuration Sharing:

    1. In SmartConsole, in the bottom left section Infinity Portal Settings, on the right of Configuration Sharing, click Edit.

      Example:

    2. The Configuration Sharing window opens.

    3. Near the Enable option, click the OFF button.

      It must change to ON.

      Click OK.

    4. The configuration sharing starts, and after some time its status changes from Initializing to Active.

      Example:

      Example:

    From this point, objects configured in SmartConsole on the on-premises Management Server appear in Infinity Portal as assets.

  20. Optional: Enable Log Sharing:

    Note - This configuration is required if you want to see the logs in Infinity Portal.

    1. In SmartConsole, in the bottom left section Infinity Portal Settings, on the right of Log Sharing, click Edit.

      Example:

    2. The Configure Log Sharing window opens.

    3. Near the Enable option, click the OFF button.

      It must change to ON.

      Notes:

      • To share logs from all products, select All products.

      • To share logs only from specific products, select Specific products and select the required products.

        You must select these:

      Click OK.

    4. The log sharing starts, and its status changes to Active.

      Example:

What is Next?

Follow Step 3 - Configuration on Security Gateways