Configuring Software Blades

Enable and configure the Software Blades on your Quantum Spark Gateways.

These settings are available when you edit a Plan object (see Plans) and a Gateway object (see Gateways).

You can configure these settings in several ways:

  • Configure the settings in Quantum Spark Management in a Plan object.

    Settings in a Plan object apply to all Quantum Spark Gateways that use this Plan.

  • Configure the settings in Quantum Spark Management in a Gateway object (to override the settings in a Plan object).

  • Disable the Quantum Spark Management settings in a Gateway object and configure the local settings on the Quantum Spark Gateway.

SD-WAN

Note - Requires the Quantum Spark Gateway to run the firmware R81.10.10 and higher.

SD-WAN Policy controls which traffic for different applications to send over which ISP Link.

  1. From the left navigation panel, click Plans.

  2. In the Name column, click the applicable Plan object.

  3. In the Plan Edit page, click Security Software Blades > SD-WAN.

  4. Enable the toggle Manage in SMP.

  5. Enable the toggle Enable.

  6. Configure the required settings based on the Quantum SD-WAN Administration Guide.

  7. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Security Software Blades > SD-WAN.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Enable the toggle Manage in SMP.

  6. Enable the toggle Enable.

  7. Configure the required settings based on the Quantum SD-WAN Administration Guide.

  8. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Security Software Blades > SD-WAN.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Disable the toggle Manage in SMP.

  6. Click Save in the bottom right corner.

  7. Configure the local settings in the Quantum Spark Gateway WebUI > in the Access Policy view > Firewall section > SD-WAN page.

    See the Quantum Spark Appliances Locally Managed Administration Guide for your version (2000 models, 1900 models, 1800 models, 1600 models, 1500 models).

Firewall

The Firewall Software Blade blocks undesired incoming traffic and allows internal and outgoing traffic, based on the policy you define to ensure a safe and secure work environment.

  1. From the left navigation panel, click Plans.

  2. In the Name column, click the applicable Plan object.

  3. In the Plan Edit page, click Security Software Blades > Firewall.

  4. Enable the toggle Manage in SMP.

  5. Enable the toggle Enable.

  6. In the Policy section, select the applicable option:

    • Strict

      Blocks all traffic (incoming and outgoing) that is not allowed in the Firewall Access Policy.

    • Standard

      Blocks incoming traffic that is not allowed in the Firewall Access Policy.

      Allows traffic to the Internet to all destination ports.

      Allows traffic between internal networks.

      Allows traffic between trusted wireless networks.

  7. Optional: Select the Log [ ] blocked traffic option and select which blocked traffic to log:

    • All

    • Outgoing

    • Incoming, Internal

  8. Optional: Select the Log [ ] allowed traffic option and select which allowed traffic to log:

    • All

    • Outgoing

    • Incoming, Internal

  9. Click Save in the bottom right corner.

  10. Click the link Firewall Access Policy to configure the Access Policy (see Access Policy).

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Security Software Blades > Firewall.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Enable the toggle Manage in SMP.

  6. Enable the toggle Enable.

  7. In the Policy section, select the applicable option:

    • Strict

      Blocks all traffic (incoming and outgoing) that is not allowed in the Firewall Access Policy.

    • Standard

      Blocks incoming traffic that is not allowed in the Firewall Access Policy.

      Allows traffic to the Internet to all destination ports.

      Allows traffic between internal networks.

      Allows traffic between trusted wireless networks.

  8. Optional: Select the Log [ ] blocked traffic option and select which blocked traffic to log:

    • All

    • Outgoing

    • Incoming, Internal

  9. Optional: Select the Log [ ] allowed traffic option and select which allowed traffic to log:

    • All

    • Outgoing

    • Incoming, Internal

  10. Click Save in the bottom right corner.

  11. Click the link Firewall Access Policy to configure the Access Policy (see Access Policy).

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Security Software Blades > Firewall.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Disable the toggle Manage in SMP.

  6. Click Save in the bottom right corner.

  7. In the bottom left corner, click the link Access Gateway: Firewall.

    A browser page opens and shows the progress of the connection to the Quantum Spark Gateway.

    Note - If a local administrator is already logged in, click OK to override that connection. Click Cancel to cancel your login attempt.

  8. Configure the local settings in the Access Policy view > Firewall section > Blade Control page > Firewall Policy section.

    See the Quantum Spark Appliances Locally Managed Administration Guide for your version (2000 models, 1900 models, 1800 models, 1600 models, 1500 models).

  9. Configure the local rules in the Access Policy view > Firewall section > Policy page.

    See the Quantum Spark Appliances Locally Managed Administration Guide for your version (2000 models, 1900 models, 1800 models, 1600 models, 1500 models).

Access Policy

Important - Read the explanations and limitations in sk118035.

The Access Policy controls which traffic to allow or block in your networks.

Quantum Spark Management supports several types of Access Policy:

  • Legacy - for R80.20.25 and lower

  • Access policy - for R80.20.30 and higher

  • Access policy (Multiple objects) - for R81.10.15 and higher

On the Access Policy page, the policy view is different for each Access Policy type.

To select a different Access Policy type, click the Change version link > click the applicable policy type > click Finish.

Important -You can configure rules in all types of Access Policy, but only the selected Access Policy type is applied to the Gateway.

For example, if you configured rules in the 'Legacy' type and then selected the 'Access policy (Multiple objects)' type, the rules you configured in the 'Legacy' type are not applied to the Gateway.

In each Access Policy type, the rules appear in these sections:

  • Outgoing access to the Internet

  • Incoming, Internal and VPN traffic

The Quantum Spark Gateway applies the configured rules in this order:

  1. Pre local rules configured by the Quantum Spark Management administrator.

  2. Local rules configured by the Quantum Spark Gateway local administrator.

  3. Post local rules configured by the Quantum Spark Management administrator.

Important:

  • The Quantum Spark Gateway local administrator cannot edit these "Pre local rules" and "Post local rules.

  • The Quantum Spark Gateway local administrator cannot override these "Pre local rules" and "Post local rules with local rules.

  • When the Quantum Spark Management administrator disables the Manage in SMP toggle, the Quantum Spark Gateway deletes these "Pre local rules" and "Post local rules.

  • When the Quantum Spark Gateway local administrator disables Cloud Services, the Quantum Spark Gateway deletes these "Pre local rules" and "Post local rules.

  • There is no repository for network objects. You create them in each rule.

  1. From the left navigation panel, click Plans.

  2. In the Name column, click the applicable Plan object.

  3. In the Plan Edit page, click Security Software Blades > Access Policy.

  4. Enable the toggle Manage in SMP.

  5. Enable the toggle Enable.

  6. Configure the required settings (see the corresponding sections below).

  7. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Security Software Blades > Access Policy.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Enable the toggle Manage in SMP.

  6. Enable the toggle Enable.

  7. Configure the required settings (see the corresponding sections below).

  8. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Device Settings > NTP.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Disable the toggle Manage in SMP.

  6. Click Save in the bottom right corner.

  7. In the bottom left corner, click the link Access Gateway: Firewall.

    A browser page opens and shows the progress of the connection to the Quantum Spark Gateway.

    Note - If a local administrator is already logged in, click OK to override that connection. Click Cancel to cancel your login attempt.

  8. Configure the local rules in the Access Policy view > Firewall section > Policy page.

    See the Quantum Spark Appliances Locally Managed Administration Guide for your version (2000 models, 1900 models, 1800 models, 1600 models, 1500 models).

In the 'Legacy' policy type, the Source field supports these object types:

  • Any

  • Single IP address

  • IP address range

  • Network

  • Zone

    • All identified users

    • DMZ network

    • LAN networks

    • LAN, DMZ networks

    • This Gateway

    • Trusted Wireless Networks

    • Untrusted Wireless Networks

In the 'Legacy' policy type, the Destination field supports these object types:

  • Internet

  • Single IP address

  • IP address range

  • Network

In the 'Legacy' policy type, the Service field supports these object types:

  • Any

  • Custom

  • Any TCP

  • Any UDP

  • HTTP

  • HTTPS

  • FTP

  • SNMP

  • SSH

  • TFTP

  • TELNET

  • POP3

  • ICMP

  • IMAP

  • SMTP

  • DHCP

  • CIFS

  • DNS_TCP

  • DNS_UDP

  • LDAP

  • SIP_TCP

  • SIP_UDP

To create new Pre local rules and Post local rules in the 'Legacy' policy type:

  1. In the applicable section with rules:

    • Outgoing access to the Internet

    • Incoming, Internal and VPN traffic

    in the applicable section:

    • Pre local rules

    • Post local rules

    click the New icon.

    Note - The new rule always appears at the bottom of the section. You can move it to the required position later.

  2. Configure these fields:

    • Source

    • Destination

    • Service

    • Action

    • Log

    • Description (optional)

  3. To enable the new rule, select Enabled.

  4. Click Finish.

To change the order of rules in the 'Legacy' policy type:

  1. Click anywhere in the rule and hold the mouse button.

  2. Drag the rule to the required position.

  3. Release the mouse button.

The section automatically updates the rule numbers.

To edit an existing rule in the 'Legacy' policy type:

  1. In the applicable rule, click the pencil icon.

  2. Edit the applicable fields.

  3. Click Finish.

To disable a rule in the 'Legacy' policy type:

The rule status appears in the rightmost column Enabled.

  1. In the applicable rule, click the pencil icon.

  2. Clear the Enabled checkbox.

  3. Click Finish.

To enable a disabled rule in the 'Legacy' policy type:

The rule status appears in the rightmost column Enabled.

  1. In the applicable rule, click the pencil icon.

  2. Select the Enabled checkbox.

  3. Click Finish.

To delete a rule in the 'Legacy' policy type:

  1. Select the checkbox of the applicable rule.

  2. Below the title of the main section (outgoing or incoming), click the Delete icon.

In the 'Access policy' policy type, the Source field supports these object types:

  • Any

  • Single IP address

  • IP address range

  • Network

  • Single IPv6 address

  • IPv6 address range

  • IPv6 network

  • Zone

    • This Gateway

    • VPN Remote Access

    • All identified users

    • Blocked_hosts

    • Blocked_infected_hosts

    • DMZ network

    • LAN networks

    • LAN, DMZ networks

    • Trusted Wireless Networks

    • Untrusted Wireless Networks

    • Wireless Networks

  • Domain Name

  • Updatable Objects

In the 'Access policy' policy type, the Destination field supports these object types:

  • Internet

  • Single IP address

  • IP address range

  • Network

  • Single IPv6 address

  • IPv6 address range

  • IPv6 network

  • Zone

    • This Gateway

    • VPN Remote Access

    • All identified users

    • Blocked_hosts

    • Blocked_infected_hosts

    • DMZ network

    • LAN networks

    • LAN, DMZ networks

    • Trusted Wireless Networks

    • Untrusted Wireless Networks

    • Wireless Networks

  • Domain Name

  • Updatable Objects

In the 'Access policy' policy type, the Service field supports these object types:

  • Custom

  • Any

  • Any TCP

  • TCP/UDP

  • Any UDP

  • CIFS

  • Delay_Sensitive_Services

  • DHCP

  • DNS

  • DNS_TCP

  • DNS_UDP

  • FTP

  • Guaranteed_Bandwidth_Services

  • HTTP

  • HTTPS

  • ICMP

  • IMAP

  • LDAP

  • Mail

  • NetBios

  • POP3

  • SIP

  • SIP_TCP

  • SIP_UDP

  • SMTP

  • SNMP

  • SSH

  • TELNET

  • TFTP

  • VoIP

  • Web Browsing

In the 'Access policy' policy type, the Application field supports these object types (available only in outgoing rules):

  • Any

  • Predefined

    You can select only one application or category.

  • URL

To create new Pre local rules and Post local rules in the 'Access policy' policy type:

  1. In the applicable section with rules:

    • Outgoing access to the Internet

    • Incoming, Internal and VPN traffic

    in the applicable section:

    • Pre local rules

    • Post local rules

    click the applicable rule - above which or below which you need to add a new rule.

  2. Below the title of the main section (outgoing or incoming), click the applicable button:

    • Add rule below

    • Add rule above

    The applicable window opens to edit the new rule.

    The title of this window depends on the main section, in which you add this rule:

    • Edit Outgoing Firewall Rule

    • Edit Incoming-Internal Firewall Rule

  3. Configure these fields:

    • Source

    • Destination

    • Service

    • Action

    • Log

    • Description (optional)

  4. To enable the new rule, select Enabled.

  5. Click Finish.

To edit an existing rule in the 'Access policy' policy type:

  1. Click the applicable rule.

  2. Below the title of the main section (outgoing or incoming), click the Edit icon.

  3. Edit the applicable fields.

  4. Click Finish.

To disable a rule in the 'Access policy' policy type:

  1. Click the applicable rule.

  2. Below the title of the main section (outgoing or incoming), click the Edit icon.

  3. Clear the Enabled checkbox.

  4. Click Finish.

To enable a disabled rule in the 'Access policy' policy type:

Disabled rules appear grayed out, and the # column shows the icon of a crossed circle.

  1. Click the applicable rule.

  2. Below the title of the main section (outgoing or incoming), click the Edit icon.

  3. Select the Enabled checkbox.

  4. Click Finish.

To delete a rule in the 'Access policy' policy type:

  1. Click the applicable rule.

  2. Below the title of the main section (outgoing or incoming), click the Delete rule icon.

  3. Click OK to confirm.

This policy type supports multiple objects in the Source, Destination, and Services & Applications columns.

In the 'Access policy (Multiple objects)' policy type, the Source column supports these object types:

  • Any

  • Single IP address

  • IP address range

  • Network

  • Single IPv6 address

  • IPv6 address range

  • IPv6 network

  • Zone

    • This Gateway

    • VPN Remote Access

    • All identified users

    • Blocked_hosts

    • Blocked_infected_hosts

    • DMZ network

    • LAN networks

    • LAN, DMZ networks

    • Trusted Wireless Networks

    • Untrusted Wireless Networks

    • Wireless Networks

  • Domain Name

  • Updatable Objects

In the 'Access policy (Multiple objects)' policy type, the Destination column supports these object types:

  • Any

  • Single IP address

  • IP address range

  • Network

  • Single IPv6 address

  • IPv6 address range

  • IPv6 network

  • Zone

    • This Gateway

    • VPN Remote Access

    • All identified users

    • Blocked_hosts

    • Blocked_infected_hosts

    • DMZ network

    • LAN networks

    • LAN, DMZ networks

    • Trusted Wireless Networks

    • Untrusted Wireless Networks

    • Wireless Networks

  • Domain Name

  • Updatable Objects

  • Wildcard

In the 'Access policy (Multiple objects)' policy type, the Services & Applications column supports these object types:

  • Service

    • Custom

    • TCP/UDP

    • Any TCP

    • Any UDP

    • CIFS

    • Delay_Sensitive_Services

    • DHCP

    • DNS

    • DNS_TCP

    • DNS_UDP

    • FTP

    • Guaranteed_Bandwidth_Services

    • HTTP

    • HTTPS

    • ICMP

    • IMAP

    • LDAP

    • Mail

    • NetBios

    • POP3

    • SIP

    • SIP_TCP

    • SIP_UDP

    • SMTP

    • SNMP

    • SSH

    • TELNET

    • TFTP

    • VoIP

    • Web Browsing

  • Application

    • Predefined

    • URL

  • Any

To create new Pre local rules and Post local rules in the 'Access policy (Multiple objects)' policy type:

  1. In the applicable section with rules:

    • Outgoing access to the Internet

    • Incoming, Internal and VPN traffic

    in the applicable section:

    • Pre local rules

    • Post local rules

    click the applicable rule - above which or below which you need to add a new rule.

  2. Below the title of the main section (outgoing or incoming), click the applicable button:

    • Add rule below

    • Add rule above

    The new default rule appears:

    Source

    Destination

    Services & Applications

    Action

    Log

    Description

    Any

    Any

    Any

    Block

    Log

     

  3. Select the applicable objects in these columns.

    • Source

    • Destination

    • Service

  4. Select the applicable option in the Action column:

    • Accept

    • Block

  5. Select the applicable option in the Log column:

    • None

    • Log

    • Alert

    • Account

  6. Optional: Enter the applicable text in the Description column and press Enter.

To edit an existing rule in the 'Access policy (Multiple objects)' policy type:

  1. Select the applicable objects in the applicable columns.

  2. Optional: Enter the applicable text in the Description column and press Enter.

To disable a rule in the 'Access policy (Multiple objects)' policy type:

  1. Click the applicable rule.

  2. Below the title of the main section (outgoing or incoming), click the Disable rule icon.

To enable a disabled rule in the 'Access policy (Multiple objects)' policy type:

Disabled rules appear grayed out, and the # column shows the icon of a crossed circle.

  1. Click the applicable rule.

  2. Below the title of the main section (outgoing or incoming), click the Enable rule icon.

To delete a rule in the 'Access policy (Multiple objects)' policy type:

  1. Click the applicable rule.

  2. Below the title of the main section (outgoing or incoming), click the Delete rule icon.

  3. Click OK to confirm.

IoT

The IoT Software Blade inspects traffic from IoT devices.

  1. From the left navigation panel, click Plans.

  2. In the Name column, click the applicable Plan object.

  3. In the Plan Edit page, click Security Software Blades > IoT.

  4. Enable the toggle Manage in SMP.

  5. Enable the toggle Enable.

  6. Click the link Advanced policy settings and select which DNS servers to trust:

    • Trust custom DNS servers (this is the default option)

    • Trust custom and popular DNS servers

    • Trust all DNS servers

    Click Close.

  7. Select the applicable option:

    • Check Point Recommended IoT policy

      If you select this option, then you cannot change the predefined IoT policy.

    • Custom IoT Policy

      You can configure the required rules based on the predefined IoT policy.

  8. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Security Software Blades > IoT.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Enable the toggle Manage in SMP.

  6. Enable the toggle Enable.

  7. Click the link Advanced policy settings and select which DNS servers to trust:

    • Trust custom DNS servers (this is the default option)

    • Trust custom and popular DNS servers

    • Trust all DNS servers

    Click Close.

  8. Select the applicable option:

    • Check Point Recommended IoT policy

      If you select this option, then you cannot change the predefined IoT policy.

    • Custom IoT Policy

      You can configure the required rules based on the predefined IoT policy.

  9. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Device Settings > IoT.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Disable the toggle Manage in SMP.

  6. Click Save in the bottom right corner.

  7. Configure the local settings in the Quantum Spark Gateway WebUI > in the Access Policy view > Firewall section > IoT page.

    See the Quantum Spark Appliances Locally Managed Administration Guide for your version (2000 models, 1900 models, 1800 models, 1600 models, 1500 models).

Applications and URLs

These settings define the organization's outgoing policy to the Internet and filter inappropriate and dangerous web sites and applications.

For more information, see Check Point AppWiki.

  1. From the left navigation panel, click Plans.

  2. In the Name column, click the applicable Plan object.

  3. In the Plan Edit page, click Security Software Blades > Applications and URLs.

  4. Enable the toggle Manage in SMP.

  5. Enable the toggle Enable.

  6. Select the applicable options:

    • Block security risk categories

      Blocks these categories: Spyware, Phishing, Botnet, Spam, Anonymizer, and Hacking.

      This content group is predefined, and you cannot change it.

    • Block file sharing applications

      Blocks these applications: Torrent trackers, BitTorrent protocol, File storage and sharing, Share music, Facebook file-sharing, and Gnutella protocol.

      This content group is predefined, and you cannot change it.

    • Block inappropriate content

      Blocks this content: Weapons, Violence, Sex, Gambling, Hate, Illegal/Questionable, and Illegal drugs.

      This content group is predefined, and you cannot change it.

    • Block other undesired applications

      1. Click the link other undesired applications.

      2. Select the applications you want to block.

        Note - Custom applications are not supported.

      3. Click Apply.

  7. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Security Software Blades > Applications and URLs.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Enable the toggle Manage in SMP.

  6. Enable the toggle Enable.

  7. Select the applicable options:

    • Block security risk categories

      Blocks these categories: Spyware, Phishing, Botnet, Spam, Anonymizer, and Hacking.

      This content group is predefined, and you cannot change it.

    • Block file sharing applications

      Blocks these applications: Torrent trackers, BitTorrent protocol, File storage and sharing, Share music, Facebook file-sharing, and Gnutella protocol.

      This content group is predefined, and you cannot change it.

    • Block inappropriate content

      Blocks this content: Weapons, Violence, Sex, Gambling, Hate, Illegal/Questionable, and Illegal drugs.

      This content group is predefined, and you cannot change it.

    • Block other undesired applications

      1. Click the link other undesired applications.

      2. Select the applications you want to block.

        Note - Custom applications are not supported.

      3. Click Apply.

  8. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Device Settings > Applications and URLs.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Disable the toggle Manage in SMP.

  6. Click Save in the bottom right corner.

  7. In the bottom left corner, click the link Access Gateway: Application Control.

    A browser page opens and shows the progress of the connection to the Quantum Spark Gateway.

    Note - If a local administrator is already logged in, click OK to override that connection. Click Cancel to cancel your login attempt.

  8. Configure the local settings in the Quantum Spark Gateway WebUI:

    • Access Policy view > Firewall section > Blade Control page > Application & URL Filtering section.

    • Access Policy view > Firewall section > Policy page.

    See the Quantum Spark Appliances Locally Managed Administration Guide for your version (2000 models, 1900 models, 1800 models, 1600 models, 1500 models).

IPS

The IPS Software Blade inspects the traffic based on malicious protocol signatures.

  1. From the left navigation panel, click Plans.

  2. In the Name column, click the applicable Plan object.

  3. In the Plan Edit page, click Security Software Blades > IPS.

  4. Enable the toggle Manage in SMP.

  5. Enable the toggle Enable.

  6. Select the applicable option:

    • Strict

      Uses the IPS profile with most of the protection categories enabled.

    • Typical

      Uses the IPS profile that blocks the most dangerous threats.

    • Custom

      Changes the policy for which protection groups (by confidence level, severity, performance, and impact) are enabled or disabled.

  7. Optional: Select Detect-only mode to apply IPS protections without blocking the traffic.

    This is useful in a new deployment.

    Clear this checkbox to block traffic (this is the default).

  8. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Security Software Blades > IPS.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Enable the toggle Manage in SMP.

  6. Enable the toggle Enable.

  7. Select the applicable option:

    • Strict

      Uses the IPS profile with most of the protection categories enabled.

    • Typical

      Uses the IPS profile that blocks the most dangerous threats.

    • Custom

      Changes the policy for which protection groups (by confidence level, severity, performance, and impact) are enabled or disabled.

  8. Optional: Select Detect-only mode to apply IPS protections without blocking the traffic.

    This is useful in a new deployment.

    Clear this checkbox to block traffic (this is the default).

  9. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Device Settings > IPS.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Disable the toggle Manage in SMP.

  6. Click Save in the bottom right corner.

  7. In the bottom left corner, click the link Access Gateway: IPS.

    A browser page opens and shows the progress of the connection to the Quantum Spark Gateway.

    Note - If a local administrator is already logged in, click OK to override that connection. Click Cancel to cancel your login attempt.

  8. Configure the local settings in the Quantum Spark Gateway WebUI:

    • Threat Prevention view > Threat Prevention section > Blade Control page.

    • Threat Prevention view > Protections section > IPS Protections page and Engine Settings page.

    See the Quantum Spark Appliances Locally Managed Administration Guide for your version (2000 models, 1900 models, 1800 models, 1600 models, 1500 models).

Traditional Anti-Virus

Important - Quantum Spark Gateways R77.20.x and higher automatically use the Threat Prevention Anti-Virus Software Blade (see Anti-Virus).

The Traditional Anti-Virus Software Blade scans for viruses, worms, and other malware.

  1. From the left navigation panel, click Plans.

  2. In the Name column, click the applicable Plan object.

  3. In the Plan Edit page, click Security Software Blades > Traditional Anti-Virus.

  4. Enable the toggle Manage in SMP.

  5. Enable the toggle Enable.

  6. Select the applicable option:

    • Scan incoming files

      Scans incoming files on the Gateway.

    • Scan outgoing files

      Scans sent files. This option is cleared by default.

    • Scan files between networks

      Scans files sent between internal networks or from the DMZ to internal. You can filter to scan only the files that use selected protocols.

  7. In the Tracking Options, select the applicable option:

    • Log

    • Alert (as defined in the System Settings)

    • None

  8. Optional: Select Detect-only mode to apply Traditional Anti-Virus protections without blocking the traffic.

    This is useful in a new deployment.

    Clear this checkbox to block traffic (this is the default).

  9. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Security Software Blades > Traditional Anti-Virus.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Enable the toggle Manage in SMP.

  6. Enable the toggle Enable.

  7. Select the applicable option:

    • Scan incoming files

      Scans incoming files on the Gateway.

    • Scan outgoing files

      Scans sent files. This option is cleared by default.

    • Scan files between networks

      Scans files sent between internal networks or from the DMZ to internal. You can filter to scan only the files that use selected protocols.

  8. In the Tracking Options, select the applicable option:

    • Log

    • Alert (as defined in the System Settings)

    • None

  9. Optional: Select Detect-only mode to apply Traditional Anti-Virus protections without blocking the traffic.

    This is useful in a new deployment.

    Clear this checkbox to block traffic (this is the default).

  10. Click Save in the bottom right corner.

Anti-Spam

The Anti-Spam Software Blade blocks spam emails.

  1. From the left navigation panel, click Plans.

  2. In the Name column, click the applicable Plan object.

  3. In the Plan Edit page, click Security Software Blades > Anti-Spam.

  4. Enable the toggle Manage in SMP.

  5. Enable the toggle Enable.

  6. Enable Filter spam based on email content.

  7. Select the applicable option:

    • Block spam emails

    • Flag spam email subject

    • Flag spam email header

  8. Set Tracking:

    • Log

    • Alert (as defined in the System Settings)

    • None

  9. Optional: Select Detect-only mode to apply Anti-Virus protections without blocking the traffic.

    This is useful in a new deployment.

    Clear this checkbox to block traffic (this is the default)

  10. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Security Software Blades > Anti-Spam.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Enable the toggle Manage in SMP.

  6. Enable the toggle Enable.

  7. Enable Filter spam based on email content.

  8. Select the applicable option:

    • Block spam emails

    • Flag spam email subject

    • Flag spam email header

  9. Set Tracking:

    • Log

    • Alert (as defined in the System Settings)

    • None

  10. Optional: Select Detect-only mode to apply Anti-Virus protections without blocking the traffic.

    This is useful in a new deployment.

    Clear this checkbox to block traffic (this is the default)

  11. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Device Settings > Anti-Spam.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Disable the toggle Manage in SMP.

  6. Click Save in the bottom right corner.

  7. Configure the local settings in the Quantum Spark Gateway WebUI:

    • Threat Prevention view > Anti-Spam section > Blade Control page.

    • Threat Prevention view > Anti-Spam section > Exceptions page.

    See the Quantum Spark Appliances Locally Managed Administration Guide for your version (2000 models, 1900 models, 1800 models, 1600 models, 1500 models).

QoS

The QoS Software Blade configures guaranteed bandwidth for the specified traffic.

  1. From the left navigation panel, click Plans.

  2. In the Name column, click the applicable Plan object.

  3. In the Plan Edit page, click Security Software Blades > QoS.

  4. Enable the toggle Manage in SMP.

  5. Enable the toggle Enable.

  6. Select Ensure low latency for delay sensitive services to give more bandwidth to delay-sensitive traffic.

    These services are defined by default as delay-sensitive:

    • H323 and SIP services for Video over IP

    • MGCP services for media

    • SCCP services for Voice over IP.

      You can change the list of application categories the Quantum Spark Gateway WebUI.

  7. Select Guarantee % of the bandwidth to set a minimum ratio of the bandwidth for traffic that is not preferred.

  8. Select Limit bandwidth consuming applications to set the limits for upload and download for applications that are defined as bandwidth consuming.

    These application types are defined by default:

    • P2P file sharing

    • Media sharing and streaming

    You can change the list of application categories in the Quantum Spark Gateway WebUI.

  9. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Security Software Blades > QoS.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Enable the toggle Manage in SMP.

  6. Enable the toggle Enable.

  7. Select Ensure low latency for delay sensitive services to give more bandwidth to delay-sensitive traffic.

    These services are defined by default as delay-sensitive:

    • H323 and SIP services for Video over IP

    • MGCP services for media

    • SCCP services for Voice over IP.

      You can change the list of services in the Quantum Spark Gateway WebUI.

  8. Select Guarantee % of the bandwidth to set a minimum ratio of the bandwidth for traffic that is not preferred.

  9. Select Limit bandwidth consuming applications to set the limits for upload and download for applications that are defined as bandwidth consuming.

    These application types are defined by default:

    • P2P file sharing

    • Media sharing and streaming

    You can change the list of application categories in the Quantum Spark Gateway WebUI.

  10. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Device Settings > QoS.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Disable the toggle Manage in SMP.

  6. Click Save in the bottom right corner.

  7. Configure the local settings in the Quantum Spark Gateway WebUI:

    • Access Policy view > QoS section > Blade Control page.

    • Access Policy view > QoS section > Policy page.

    See the Quantum Spark Appliances Locally Managed Administration Guide for your version (2000 models, 1900 models, 1800 models, 1600 models, 1500 models).

Remote Access

The Remote Access VPN Software Blade enable access to your VPN from authenticated remote users.

  1. From the left navigation panel, click Plans.

  2. In the Name column, click the applicable Plan object.

  3. In the Plan Edit page, click Security Software Blades > Remote Access.

  4. Enable the toggle Manage in SMP.

  5. Enable the toggle Enable.

  6. Select Allow traffic from Remote Access users (by default) to enable log in to the network from a remote site.

    It does not give access without authentication.

  7. Select Log traffic from Remote Access users - (by default) to log this traffic.

  8. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Security Software Blades > Remote Access.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Enable the toggle Manage in SMP.

  6. Enable the toggle Enable.

  7. Select Allow traffic from Remote Access users (by default) to enable log in to the network from a remote site.

    It does not give access without authentication.

  8. Select Log traffic from Remote Access users - (by default) to log this traffic.

  9. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Device Settings > Remote Access.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Disable the toggle Manage in SMP.

  6. Click Save in the bottom right corner.

  7. In the bottom left corner, click the link Access Gateway: Remote Access.

    A browser page opens and shows the progress of the connection to the Quantum Spark Gateway.

    Note - If a local administrator is already logged in, click OK to override that connection. Click Cancel to cancel your login attempt.

  8. Configure the local settings in the VPN view > Remote Access section > Blade Control page.

    See the Quantum Spark Appliances Locally Managed Administration Guide for your version (2000 models, 1900 models, 1800 models, 1600 models, 1500 models).

Site to Site VPN

The Site to Site VPN Software Blade performs encrypted connectivity between the networks of your organization.

Make sure that the required Site to Site VPN settings are configured correctly on each Quantum Spark Gateway.

  1. From the left navigation panel, click Plans.

  2. In the Name column, click the applicable Plan object.

  3. In the Plan Edit page, click Security Software Blades > Site to Site VPN.

  4. Enable the toggle Manage in SMP.

  5. Enable the toggle Enable.

  6. Select Allow traffic from remote VPN sites (by default) to enable VPN traffic.

  7. Select Log VPN sites traffic (by default) to log this traffic.

  8. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Security Software Blades > Site to Site VPN.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Enable the toggle Manage in SMP.

  6. Enable the toggle Enable.

  7. Select Allow traffic from remote VPN sites (by default) to enable VPN traffic.

  8. Select Log VPN sites traffic (by default) to log this traffic.

  9. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Device Settings > Site to Site VPN.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Disable the toggle Manage in SMP.

  6. Click Save in the bottom right corner.

  7. In the bottom left corner, click the link Access Gateway: Site to Site.

    A browser page opens and shows the progress of the connection to the Quantum Spark Gateway.

    Note - If a local administrator is already logged in, click OK to override that connection. Click Cancel to cancel your login attempt.

  8. Configure the local settings in the VPN view > Site to Site section > Blade Control page.

    See the Quantum Spark Appliances Locally Managed Administration Guide for your version (2000 models, 1900 models, 1800 models, 1600 models, 1500 models).

User Awareness

The User Awareness Software Blade performs user identification in the local network.

You can track user traffic and set policy rules for user requirements.

Roadmap - This feature is planned.

  1. From the left navigation panel, click Plans.

  2. In the Name column, click the applicable Plan object.

  3. In the Plan Edit page, click Security Software Blades > User Awareness.

  4. Enable the toggle Manage in SMP.

  5. Enable the toggle Enable.

  6. Configure the required settings.

  7. Click Save in the bottom right corner.

Roadmap - This feature is planned.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Security Software Blades > User Awareness.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Enable the toggle Manage in SMP.

  6. Enable the toggle Enable.

  7. Configure the required settings.

  8. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Device Settings > User Awareness.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Disable the toggle Manage in SMP.

  6. Click Save in the bottom right corner.

  7. In the bottom left corner, click the link Access Gateway: User Awareness.

    A browser page opens and shows the progress of the connection to the Quantum Spark Gateway.

    Note - If a local administrator is already logged in, click OK to override that connection. Click Cancel to cancel your login attempt.

  8. Configure the local settings in the Users view > Users Management section > User Awareness page.

    See the Quantum Spark Appliances Locally Managed Administration Guide for your version (2000 models, 1900 models, 1800 models, 1600 models, 1500 models).

Anti-Virus

Note - Applies only to Anti-Virus on the Quantum Spark models 1400 / 1200R / 1100 / 900 / 700 / 600. Later Quantum Spark models (1500 and higher) use Unified Threat Prevention (see Unified Threat Prevention).

The Threat Prevention Anti-Virus Software Blade scans for viruses, worms, and other malware.

  1. From the left navigation panel, click Plans.

  2. In the Name column, click the applicable Plan object.

  3. In the Plan Edit page, click Security Software Blades > Anti-Virus.

  4. Enable the toggle Manage in SMP.

  5. Enable the toggle Enable.

  6. Optional: Select Detect-only mode to apply Anti-Virus protections without blocking the traffic.

    This is useful in a new deployment.

    Clear this checkbox to block traffic (this is the default).

  7. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Security Software Blades > Anti-Virus.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Enable the toggle Manage in SMP.

  6. Enable the toggle Enable.

  7. Optional: Select Detect-only mode to apply Anti-Virus protections without blocking the traffic.

    This is useful in a new deployment.

    Clear this checkbox to block traffic (this is the default).

  8. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Device Settings > Anti-Virus.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Disable the toggle Manage in SMP.

  6. Click Save in the bottom right corner.

  7. In the bottom left corner, click the link Access Gateway: Threat Prevention.

    A browser page opens and shows the progress of the connection to the Quantum Spark Gateway.

    Note - If a local administrator is already logged in, click OK to override that connection. Click Cancel to cancel your login attempt.

  8. Configure the local settings in the Quantum Spark Gateway WebUI:

    • Threat Prevention view > Threat Prevention section > Blade Control page.

    • Threat Prevention view > Protections section > Engine Settings page.

    See the Quantum Spark Appliances Locally Managed Administration Guide for your version (2000 models, 1900 models, 1800 models, 1600 models, 1500 models).

Anti-Bot

Note - Applies only to Anti-Bot on the Quantum Spark models 1400 / 1200R / 1100 / 900 / 700 / 600. Later Quantum Spark models (1500 and higher) use Unified Threat Prevention.

The Anti-Bot Software Blade scan for bot-infected hosts and for communications with a C&C (Command and Control).

  1. From the left navigation panel, click Plans.

  2. In the Name column, click the applicable Plan object.

  3. In the Plan Edit page, click Security Software Blades > Anti-Bot.

  4. Enable the toggle Manage in SMP.

  5. Enable the toggle Enable.

  6. Optional: Select Detect-only mode to apply Anti-Bot protections without blocking the traffic.

    This is useful in a new deployment.

    Clear this checkbox to block traffic (this is the default).

  7. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Security Software Blades > Anti-Bot.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Enable the toggle Manage in SMP.

  6. Enable the toggle Enable.

  7. Optional: Select Detect-only mode to apply Anti-Bot protections without blocking the traffic.

    This is useful in a new deployment.

    Clear this checkbox to block traffic (this is the default).

  8. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Device Settings > Anti-Bot.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Disable the toggle Manage in SMP.

  6. Click Save in the bottom right corner.

  7. In the bottom left corner, click the link Access Gateway: Threat Prevention.

    A browser page opens and shows the progress of the connection to the Quantum Spark Gateway.

    Note - If a local administrator is already logged in, click OK to override that connection. Click Cancel to cancel your login attempt.

  8. Configure the local settings in the Quantum Spark Gateway WebUI:

    • Threat Prevention view > Threat Prevention section > Blade Control page.

    • Threat Prevention view > Protections section > Engine Settings page.

    See the Quantum Spark Appliances Locally Managed Administration Guide for your version (2000 models, 1900 models, 1800 models, 1600 models, 1500 models).

Threat Emulation

Note - Applies only to Threat Emulation on the Quantum Spark models 1400 / 1200R / 1100 / 900 / 700 / 600. Later Quantum Spark models (1500 and higher) use Unified Threat Prevention.

The Threat Emulation Software Blade scans files for malicioous content and malicious behavior.

  1. From the left navigation panel, click Plans.

  2. In the Name column, click the applicable Plan object.

  3. In the Plan Edit page, click Security Software Blades > Threat Emulation.

  4. Enable the toggle Manage in SMP.

  5. Enable the toggle Enable.

  6. Select the HTTP Connection handling mode:

    • Background

      Allows traffic to pass while it is inspected (default).

      This option has less impact on performance.

    • Hold

      Traffic cannot pass until it is inspected and found not to contain malicious files.

      This option can impact performance but is more secure.

  7. Optional: Select Detect-only mode to apply Threat Emulation protections without blocking the traffic.

    This is useful in a new deployment.

    Clear this checkbox to block traffic (this is the default).

  8. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Security Software Blades > Threat Emulation.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Enable the toggle Manage in SMP.

  6. Enable the toggle Enable.

  7. Select the HTTP Connection handling mode:

    • Background

      Allows traffic to pass while it is inspected (default).

      This option has less impact on performance.

    • Hold

      Traffic cannot pass until it is inspected and found not to contain malicious files.

      This option can impact performance but is more secure.

  8. Optional: Select Detect-only mode to apply Threat Emulation protections without blocking the traffic.

    This is useful in a new deployment.

    Clear this checkbox to block traffic (this is the default).

  9. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Device Settings > Threat Emulation.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Disable the toggle Manage in SMP.

  6. Click Save in the bottom right corner.

  7. In the bottom left corner, click the link Access Gateway: Threat Prevention.

    A browser page opens and shows the progress of the connection to the Quantum Spark Gateway.

    Note - If a local administrator is already logged in, click OK to override that connection. Click Cancel to cancel your login attempt.

  8. Configure the local settings in the Quantum Spark Gateway WebUI:

    • Threat Prevention view > Threat Prevention section > Blade Control page.

    • Threat Prevention view > Protections section > Engine Settings page.

    See the Quantum Spark Appliances Locally Managed Administration Guide for your version (2000 models, 1900 models, 1800 models, 1600 models, 1500 models).

Threat Prevention

Note - Applies only to Anti-Virus, Anti-Bot, and Threat Emulation on the Quantum Spark models 1400 / 1200R / 1100 / 900 / 700 / 600. Later Quantum Spark models (1500 and higher) use Unified Threat Prevention.

The Threat Prevention Policy configures the Anti-Virus, Anti-Bot, and Threat Emulation settings for a set of activated protections and instructions for how to handle traffic inspection that matches activated protections. These protections help manage the threats against the network.

  1. From the left navigation panel, click Plans.

  2. In the Name column, click the applicable Plan object.

  3. In the Plan Edit page, click Security Software Blades > Threat Prevention.

  4. Enable the toggle Manage in SMP.

  5. Enable the toggle Enable.

  6. In the fields High confidence, Medium confidence, and Low confidence, select the applicable protection action.

    • Confidence level

      How confident the Threat Prevention Software Blade is that recognized attacks are actually bot traffic or malicious files. Some attack types are more subtle than others, and legitimate traffic is sometimes mistakenly recognized as a threat.

      The higher the confidence level of a protection, the more confident Check Point is that recognized attacks are indeed attacks.

      Lower confidence levels indicate that some legitimate traffic may be identified as an attack.

    • Protection action

      The action that the Quantum Spark Gateway enforces on matching traffic.

      Notifications for these actions are set based on the select tracking option.

      • Ask - Traffic is blocked until the user confirms that it is allowed.

        To configure the user message, in the Quantum Spark Gateway's WebUI, refer to the Threat Prevention view > Protections section > Engine Settings page.

      • Prevent - Blocks identified bot traffic.

      • Detect - Allows identified bot traffic to pass through the Gateway, but detects and logs it.

      • Inactive - The protection is deactivated.

  7. In the field Performance impact, select which protections to enable based on their impact on the Quantum Spark Gateway performance:

    • Low - Enables protections with only the low impact on the performance.

    • Medium or lower - Enables protections with only the medium and lowe impact on the performance.

    • High or lower - Enables protections with only the high and lowe impact on the performance.

    Some protections require more CPU power to inspect the traffic.

    Check Point assigns the impact level to protections based on internal tests.

  8. In the field Tracking options, select the applicable option:

    • Log – Create a log.

    • Alert – Create a log with an alert.

    • None – Do not create a log.

  9. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Security Software Blades > Threat Prevention.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Enable the toggle Manage in SMP.

  6. Enable the toggle Enable.

  7. In the fields High confidence, Medium confidence, and Low confidence, select the applicable protection action.

    • Confidence level

      How confident the Threat Prevention Software Blade is that recognized attacks are actually bot traffic or malicious files. Some attack types are more subtle than others, and legitimate traffic is sometimes mistakenly recognized as a threat.

      The higher the confidence level of a protection, the more confident Check Point is that recognized attacks are indeed attacks.

      Lower confidence levels indicate that some legitimate traffic may be identified as an attack.

    • Protection action

      The action that the Quantum Spark Gateway enforces on matching traffic.

      Notifications for these actions are set based on the select tracking option.

      • Ask - Traffic is blocked until the user confirms that it is allowed.

        To configure the user message, in the Quantum Spark Gateway's WebUI, refer to the Threat Prevention view > Protections section > Engine Settings page.

      • Prevent - Blocks identified bot traffic.

      • Detect - Allows identified bot traffic to pass through the Gateway, but detects and logs it.

      • Inactive - The protection is deactivated.

  8. In the field Performance impact, select which protections to enable based on their impact on the Quantum Spark Gateway performance:

    • Low - Enables protections with only the low impact on the performance.

    • Medium or lower - Enables protections with only the medium and lowe impact on the performance.

    • High or lower - Enables protections with only the high and lowe impact on the performance.

    Some protections require more CPU power to inspect the traffic.

    Check Point assigns the impact level to protections based on internal tests.

  9. In the field Tracking options, select the applicable option:

    • Log – Create a log.

    • Alert – Create a log with an alert.

    • None – Do not create a log.

  10. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Device Settings > Threat Prevention.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Disable the toggle Manage in SMP.

  6. Click Save in the bottom right corner.

  7. In the bottom left corner, click the link Access Gateway: Threat Prevention.

    A browser page opens and shows the progress of the connection to the Quantum Spark Gateway.

    Note - If a local administrator is already logged in, click OK to override that connection. Click Cancel to cancel your login attempt.

  8. Configure the local settings in the Quantum Spark Gateway WebUI:

    • Threat Prevention view > Threat Prevention section > Blade Control page.

    • Threat Prevention view > Protections section > Engine Settings page.

    See the Quantum Spark Appliances Locally Managed Administration Guide for your version (2000 models, 1900 models, 1800 models, 1600 models, 1500 models).

Unified Threat Prevention

Note - Applies only to Anti-Virus, Anti-Bot, IPS, and Threat Emulation on the Quantum Spark models 2000 / 1900 / 1800 / 1600 / 1500.

The Unified Threat Prevention Policy configures the Anti-Virus, Anti-Bot, IPS, and Threat Emulation settings for a set of activated protections and instructions for how to handle traffic inspection that matches activated protections. These protections help manage the threats against the network.

  1. From the left navigation panel, click Plans.

  2. In the Name column, click the applicable Plan object.

  3. In the Plan Edit page, click Security Software Blades > Unified Threat Prevention.

  4. Enable the toggle Manage in SMP.

  5. Enable the toggle Enable.

  6. Configure the required settings (see the corresponding section below).

  7. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Security Software Blades > Unified Threat Prevention.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Enable the toggle Manage in SMP.

  6. Enable the toggle Enable.

  7. Configure the required settings (see the corresponding section below).

  8. Click Save in the bottom right corner.

One policy is configured for all the Unified Threat Prevention Software Blades:

  • Strict – Focuses on security. Creates more CPU load.

  • Recommended – Provides the best combination of security and performance.

  • Custom – Manually defined by the user.

To create a custom policy for Unified Threat Prevention:

  1. Select Custom.

  2. In the Tracking options field, select the applicable option:

    • Log – Create a log.

    • Alert – Create a log with an alert.

    • None – Do not create a log.

  3. In the fields High confidence, Medium confidence, and Low confidence, select the applicable protection action.

    • Confidence level

      How confident the Unified Threat Prevention Software Blade is that recognized attacks are actually bot traffic or malicious files. Some attack types are more subtle than others, and legitimate traffic is sometimes mistakenly recognized as a threat.

      The higher the confidence level of a protection, the more confident Check Point is that recognized attacks are indeed attacks.

      Lower confidence levels indicate that some legitimate traffic may be identified as an attack.

    • Protection action

      The action that the Quantum Spark Gateway enforces on matching traffic.

      Notifications for these actions are set based on the select tracking option.

      • Ask - Traffic is blocked until the user confirms that it is allowed.

        To configure the user message, in the Quantum Spark Gateway's WebUI, refer to the Threat Prevention view > Protections section > Engine Settings page.

      • Prevent - Blocks identified bot traffic.

      • Detect - Allows identified bot traffic to pass through the Gateway, but detects and logs it.

      • Inactive - The protection is deactivated.

  4. In the field Severity, select which protections to enable based on their attack severity verdict:

    • Low or above - Enables protections that block attacks whose severity is low and higher.

    • Medium or above - Enables protections that block attacks whose severity is medium and higher.

    • High or above - Enables protections that block attacks whose severity is high and higher.

    • Critical - Enables protections that block attacks whose severity is critical.

    Check Point assigns the severity level to protections based on the official data and internal analysis.

  5. Click Save in the bottom right corner..

  6. In the field Performance impact, select which protections to enable based on their impact on the Quantum Spark Gateway performance:

    • Low - Enables protections with only the low impact on the performance.

    • Medium or lower - Enables protections with only the medium and lowe impact on the performance.

    • High or lower - Enables protections with only the high and lowe impact on the performance.

    Some protections require more CPU power to inspect the traffic.

    Check Point assigns the impact level to protections based on internal tests.

  7. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Device Settings > Unified Threat Prevention.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Disable the toggle Manage in SMP.

  6. Click Save in the bottom right corner.

  7. Configure the local settings in the Quantum Spark Gateway WebUI:

    • Threat Prevention view > Threat Prevention section > Blade Control page.

    • Threat Prevention view > Protections section > Engine Settings page.

    See the Quantum Spark Appliances Locally Managed Administration Guide for your version (2000 models, 1900 models, 1800 models, 1600 models, 1500 models).

Threat Prevention Exceptions

Note - Requires the Quantum Spark Gateway to run the firmware R80.20.35 and higher.

  1. From the left navigation panel, click Plans.

  2. In the Name column, click the applicable Plan object.

  3. In the Plan Edit page, click Security Software Blades > Threat Prevention Exceptions.

  4. Enable the toggle Manage in SMP.

  5. Enable the toggle Enable.

  6. Configure the required settings (see the corresponding section below).

  7. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Security Software Blades > Threat Prevention Exceptions.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Enable the toggle Manage in SMP.

  6. Enable the toggle Enable.

  7. Configure the required settings (see the corresponding section below).

  8. Click Save in the bottom right corner.

To add URLs to the Allowlist:

  1. From the top toolbar, click New.

  2. Enter the URL of the site to allow.

  3. Click Finish.

  4. Click Save in the bottom right corner.

To edit a URL:

  1. Click the pencil icon next to the URL name.

  2. Enter the URL of the site to allow.

  3. Click Finish.

  4. Click Save in the bottom right corner.

To delete a URL from the Allowlist:

  1. Select the checkbox next to the URL name.

  2. From the top toolbar, click Delete.

  3. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Device Settings > Threat Prevention Exceptions.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Disable the toggle Manage in SMP.

  6. Click Save in the bottom right corner.

  7. In the bottom left corner, click the link Access Gateway: Threat Prevention Exceptions.

    A browser page opens and shows the progress of the connection to the Quantum Spark Gateway.

    Note - If a local administrator is already logged in, click OK to override that connection. Click Cancel to cancel your login attempt.

  8. Configure the local settings in the Threat Prevention view > Threat Prevention section > Exceptions page.

    See the Quantum Spark Appliances Locally Managed Administration Guide for your version (2000 models, 1900 models, 1800 models, 1600 models, 1500 models).

SSL Inspection

  1. From the left navigation panel, click Plans.

  2. In the Name column, click the applicable Plan object.

  3. In the Plan Edit page, click Security Software Blades > SSL Inspection.

  4. Enable the toggle Manage in SMP.

  5. Enable the toggle Enable.

  6. Configure the required settings (see the corresponding section below).

  7. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Security Software Blades > SSL Inspection.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Enable the toggle Manage in SMP.

  6. Enable the toggle Enable.

  7. Configure the required settings (see the corresponding section below).

  8. Click Save in the bottom right corner.

  1. In the Policy section, select the aplicable option:

    • SSL traffic inspection

      Performs SSL Inspection of SSL traffic.

      For each Quantum Spark Gateway, you must:

      1. Disable Smart Accel on the Quantum Spark Gateway.

      2. Download the CA certificate from the Quantum Spark Gateway.

      3. Install this CA certificate on each host behind this Quantum Spark Gateway.

      See the Quantum Spark Appliances Locally Managed Administration Guide for your version (2000 models, 1900 models, 1800 models, 1600 models, 1500 models).

    • HTTPS Categorization

      Performs URL Filtering for HTTPS sites and applications based on the HTTPS server’s certificate, without activating SSL Inspection.

  2. If you selected SSL traffic inspection, then configure the aplicable options:

    1. In the Protocols to inspect section, select the aplicable options:

      • HTTPS

      • IMAPS

    2. In the Wireless networks to bypass section, select the aplicable options:

      • Trusted networks

        Performs the SSL Inspection bypass on trusted wireless networks that are not assigned to a bridge or switch in the Quantum Spark Gateway.

      • Untrusted networks

        Performs the SSL Inspection bypass on untrusted wireless networks that are not assigned to a bridge or switch in the Quantum Spark Gateway.

    3. In the Categories to bypass section, select the aplicable options:

      • Health (this is a predefined category)

      • Government/Military (this is a predefined category)

      • Financial Services (this is a predefined category)

      • Media Streams (this is a predefined category)

      • Well known update services (this is a predefined category)

      • Bypass other categories (you can select additional predefined categories)

      • Bypass custom sites (you can add HTTPS sites)

    4. In the Tracking section, select the aplicable options:

      • Enable inspect logs

        Generates an SSL Inspection log. You can see the logs of the security policy that is enforced on SSL traffic without enabling this feature.

      • Enable bypass logs

        Generates an SSL bypass log for SSL traffic that was not inspected by SSL Inspection.

      • Enable wireless bypass logs

        Generates an SSL bypass log for SSL traffic, on wireless network, that was not inspected by SSL Inspection.

  3. Click Save in the bottom right corner.

  1. From the left navigation panel, click Gateways.

  2. In the Name column, click the applicable Quantum Spark Gateway object.

  3. In the Gateway Edit page, click Device Settings > SSL Inspection.

  4. Click Locked to plan (it must change to Unlocked from plan).

  5. Disable the toggle Manage in SMP.

  6. Click Save in the bottom right corner.

  7. Configure the local settings in the Quantum Spark Gateway WebUI > in the Access Policy view > SSL Inspection section > Policy page.

    See the Quantum Spark Appliances Locally Managed Administration Guide for your version (2000 models, 1900 models, 1800 models, 1600 models, 1500 models).