Gateway Objects

Important - Before you start, sure you have these configured:

Important - These actions (from top toolbar) require the Gateway to have a public IP address: Reboot, Fetch Now, Backup Now, Send Daily Report, Send Weekly Report, Send Monthly Report.

  1. In the left navigation tree, click Gateways.

  2. From the top toolbar, click New.

  3. Enter and select the applicable information in these fields:

    Field Name

    Field Type

    Description

    Type

    Mandatory

    Select the Quantum Spark configuration:

    • Small Office Appliance

      Select this option if you connect a single Quantum Spark Appliance.

    • Small Office HA

      Select this option if you connect a cluster of Quantum Spark Appliances.

      Important - Before you configure a cluster of Quantum Spark Appliances, you must connect each Quantum Spark Appliance to Quantum Spark Management.

    Name

    Mandatory

    Enter a name, or click Generate.

    • Maximum of 20 characters

    • Must begin with a letter

    • Can contain only these characters:

      • a-z

      • A-Z

      • 0-9

      • _ (underscore)

      • - (dash)

    Description

    Optional

    Enter a desired text (a maximum of 1000 characters).

    Plan

    Mandatory

    Select the required plan.

    Registration Key

    Mandatory

    The wizard generates a key automatically.

    You can:

    • Click Generate to get a different key.

    • Enter your own key.

      • Minimum 1 character

      • Must begin with a letter

      • Can contain only these characters:

        • a-z

        • A-Z

        • 0-9

    Owner ID

    Optional

    Do one of these:

    • Click Search to select an existing owner object.

    • Click New to create a new owner object.

  4. Click Finish.

  5. Click the new Gateway object.

  6. In the left navigation tree, click General.

  7. Copy the activation key from the Activation Details section.

  8. In the Quantum Spark Gateway's WebUI:

    1. In the left navigation tree, click Home.

    2. In the Overview section, click > Cloud Services.

    3. Select On.

    4. Click Edit.

    5. Select Activation key.

    6. Paste the activation key you copied in the Gateway object.

    7. Click Save.

    Note - You can also perform this step in Gaia Clish. See the R81.10.X Quantum Spark CLI Reference Guide for 1500, 1600, 1800, 1900, 2000 Appliances.

  1. In the left navigation tree, click Gateways.

  2. In the Name column, click the applicable Gateway object.

  3. Configure the required settings.

    Here you can configure these settings:

    • Enabled

    • Managed by SMP

    • Mac Address

    • Edit Static IP in VPN Community

    Here you can see these settings:

    • Last connected IP address

    • Activation key

    Configures the Owner of this Gateway object.

    Configures these settings:

    Page

    Description

    NTP

    Configures the:

    • NTP Servers

    • NTP Authentication

    Time Zone

    Configures the Time Zone

    DNS

    Configures the:

    • DNS Servers

    • DNS Proxy

    • Domain Name

    Administrators

    Configures the administrators.

    Self-Serve Portal

    Configures the allowed modules to manage.

    Requires the Quantum Spark appliance to run the firmware R81.10.10 and higher.

    Two Factor Authentication

    Configures the Two-Factor Authentication for all administrators.

    Users

    Configures the local users.

    Requires the Quantum Spark appliance to run the firmware R81.10.05 and higher.

    Local network

    Important:

    • This feature is available on Gateways running R81.10.10 or higher firmware versions.

    • The 1600 / 1800 / 1900 / 2000 series must serve as the center Gateway. The center Gateway must have a static IP (or VIP, in the case of a cluster).

    The Local Network Management feature enables the automatic assignment of a unique network to a Gateway's local network interface through Quantum Spark Management, ensuring that each local network address does not overlap with other assignments in your tenant.

    To add another Gateway to a VPN Community, simply create the Gateway and associate it with the plan configured for Local Network Management. You can also assign a network address manually or automatically from the available network pools to an existing Gateway, with uniqueness enforced and guaranteed.

    1. In Quantum Spark Management, select the applicable Gateway.

    2. Click Gateway in the left navigation tree of the Quantum Spark Management > Device Settings > Local Network.

    3. Click Manage in SMP.

      Note - Networks configured in this section will be set as local networks on the Gateway device, and added to the Internal Network Topology

    4. Click Add.

      Note - This action is applied immediately after you click Apply and could impact the existing connection on the Gateway.

    5. In the Add Local Network window:

      1. Select a Network Interface.

      2. Select SSID to Match (Optional, only used for Wi-Fi networks): If you select this option, the Wi-Fi network will be selected based on the SSID. Otherwise, the first network available will be chosen.

      3. Select Assign Automatically or Assign Manually.

        Notes:

        • If you Select Assign Automatically, select the network range pool from which to generate the Local Network and click Apply.

        • If you select Assign Manually, enter the IP Address and Subnet Mask and click Apply.

    Internet Monitoring Settings

    Configures how to monitor the Internet connections (the probing destinations and the link parameters).

    Requires the Quantum Spark appliance to run the firmware R81.10.10 and higher.

    Personalization

    Note - Requires the Quantum Spark appliance to run the firmware R81.10.10 and higher.

    Configures:

    • The logo image for WebUI that appears:

      • On the login page

      • In the top right corner

    • The background color (the color theme) of the top section of WebUI

    • The branding name (the title) for WebUI that appears:

      • On the login page

      • In the top left corner

    Possible scenarios and workflows:

    1. Do not upload a logo to the Infinity Portal account.

    2. There is nothing else to do.

    1. Upload a logo to the Infinity Portal account.

    2. In the applicable Gateways:

      1. Click Unlocked to plan to override the settings configured in the assigned plan.

      2. Enable Manage in SMP.

      3. Enable Personalization.

      4. Optional: Select the Color theme.

      5. Optional: Configure the Title.

      6. Optional: Configure the Subtitle.

      7. Click Save in the bottom right corner of this page.

    1. Upload a logo to the Infinity Portal account.

    2. In the left navigation tree, click Plans.

    3. Edit the applicable plan.

    4. Open the section Device Settings.

    5. Click the Personalization page.

    6. Enable Manage in SMP.

    7. Enable Personalization.

    8. Optional: Select the Color theme.

    9. Optional: Configure the Title.

    10. Optional: Configure the Subtitle.

    11. Click Save in the bottom right corner of this page.

    12. In the left navigation tree, click Gateways.

    13. Edit the Gateways, on which you do not want to add the logo:

      1. Click Locked to plan to override the settings configured in the assigned plan.

      2. Enable Manage in SMP.

      3. Disable Personalization.

      4. Click Save in the bottom right corner of this page.

    1. Upload a logo to the Infinity Portal account.

    2. In the left navigation tree, click Plans.

    3. Edit the applicable plan.

    4. Open the section Device Settings.

    5. Click the Personalization page.

    6. Enable Manage in SMP.

    7. Enable Personalization.

    8. Optional: Select the Color theme.

    9. Optional: Configure the Title.

    10. Optional: Configure the Subtitle.

    11. Click Save in the bottom right corner of this page.

    Configures the settings for the enabled Software Blades.

    Note - To override the settings configured in the assigned Plan, click Locked to plan (it must change to Unlocked from plan).

    Page

    Description and Procedure

    SD-WAN

    Note - Requires the Quantum Spark appliance to run the firmware R81.10.10 and higher.

    Configures the SD-WAN settings:

    1. Enable Manage in SMP.

    2. Enable SD-WAN.

    3. Configure the applicable settings based on the Quantum SD-WAN Administration Guide.

    4. In the bottom right corner, click Save.

    Firewall

    Configures the Firewall settings:

    1. Enable Manage in SMP.

    2. Configure the required settings.

    3. In the bottom right corner, click Save.

    Access Policy

    Important - Read the explanations and limitations in sk118035.

    Configures the Access Policy rules:

    1. Enable Manage in SMP.

    2. In the Outgoing access to the Internet section:

      1. Configure the required rules in the Pre local rules section.

      2. Configure the required rules in the Post local rules section.

      Note - On a Quantum SparkGateway, these "Pre local rules" and "Post local rules" have a higher priority than local rules that a local administrator configured.

    3. In the Incoming, Internal and VPN traffic section:

      1. Configure the required rules in the Pre local rules section.

      2. Configure the required rules in the Post local rules section.

      Note - The Quantum SparkGateway enforces the rules in this order:

      1. "Pre local rules" configured in Quantum Spark Management (appear as read-only on the Quantum SparkGateway)

      2. Local rules configured on the Quantum SparkGateway

      3. "Post local rules" configured in Quantum Spark Management (appear as read-only on the Quantum SparkGateway)

    4. In the bottom right corner, click Save.

    IoT

    Note - Requires the Quantum Spark appliance to run the firmware R81.10.10 and higher.

    Configures the IoT Policy settings:

    1. Enable Manage in SMP.

    2. Enable IoT Protection is enabled.

    3. Click Advanced policy settings > select the applicable option for DNS servers to trust > click Close.

    4. Select the applicable IoT Policy:

      1. Check Point Recommended IoT policy.

      2. Custom IoT Policy

        To add custom rule, click New and follow the wizard.

    5. In the bottom right corner, click Save.

    Applications and URLs

    Configures the Application Control and URL Filtering settings:

    1. Enable Manage in SMP.

    2. Configure the required settings.

    3. In the bottom right corner, click Save.

    IPS

    Configures the IPS settings:

    1. Enable Manage in SMP.

    2. Configure the required settings.

    3. In the bottom right corner, click Save.

    Traditional Anti-Virus

    Configures the Traditional Anti-Virus settings:

    1. Enable Manage in SMP.

    2. Configure the required settings.

    3. In the bottom right corner, click Save.

    Anti-Spam

    Configures the Anti-Spam settings:

    1. Enable Manage in SMP.

    2. Configure the required settings.

    3. In the bottom right corner, click Save.

    QoS

    Configures the QoS settings:

    1. Enable Manage in SMP.

    2. Configure the required settings.

    3. In the bottom right corner, click Save.

    Remote Access

    Configures the Remote Access VPN settings:

    1. Enable Manage in SMP.

    2. Configure the required settings.

    3. In the bottom right corner, click Save.

    Site to Site VPN

    Configures the Site to Site VPN settings:

    1. Enable Manage in SMP.

    2. Configure the required settings.

    3. In the bottom right corner, click Save.

    User Awareness

    Configures the User Awareness settings:

    1. Enable Manage in SMP.

    2. Configure the required settings.

    3. In the bottom right corner, click Save.

    Anti-Virus

    Configures the Anti-Virus settings:

    1. Enable Manage in SMP.

    2. Configure the required settings.

    3. In the bottom right corner, click Save.

    Anti-Bot

    Configures the Anti-Bot settings:

    1. Enable Manage in SMP.

    2. Configure the required settings.

    3. In the bottom right corner, click Save.

    Threat Emulation

    Configures the Threat Emulation settings:

    1. Enable Manage in SMP.

    2. Configure the required settings.

    3. In the bottom right corner, click Save.

    Threat Prevention

    Note - Applies only to Anti-Virus, Anti-Bot, and Threat Emulation on 1400 / 1200R / 1100 / 900 / 700 / 600 appliances.

    Configures the Threat Prevention settings:

    1. Enable Manage in SMP.

    2. Configure the required settings.

    3. In the bottom right corner, click Save.

    Unified Threat Prevention

    Note - Applies only to Anti-Virus, Anti-Bot, IPS, and Threat Emulation on 2000 / 1900 / 1800 / 1600 / 1500 appliances.

    Configures the Unified Threat Prevention settings:

    1. Enable Manage in SMP.

    2. Configure the required settings.

    3. In the bottom right corner, click Save.

    Threat Prevention Exceptions

    Configures the Threat Prevention Exceptions:

    1. Enable Manage in SMP.

    2. Configure the required settings.

    3. In the bottom right corner, click Save.

    SSL Inspection

    Configures the SSL Inspection settings:

    1. Enable Manage in SMP.

    2. Configure the required settings.

    3. In the bottom right corner, click Save.

    Page 'Managed Services':

    Service

    Description

    Store gateway logs

    Storing the security logs in the cloud.

    Send periodic reports

    Sending periodic reports from the cloud to the configured Gateway owners.

    These reports contain security and network analysis.

    Firmware upgrades

    Support for firmware upgrades.

    Backup

    Support for periodic backups of the appliance settings.

    Dynamic DNS

    Support for Dynamic DNS services.

    Send cloud notifications / Enable events

    Sending of notifications to the configured recipients.

    Requires the Quantum Spark appliance to run the firmware R81.10.10 and higher.

    Enable assets data

    Requires the Quantum Spark appliance to run the firmware R81.10.10 and higher.

    Enable internet monitoring

    Support for monitoring the Internet connections.

    Requires the Quantum Spark appliance to run the firmware R81.10.10 and higher.

    Enable VPN monitoring

    Support for monitoring the VPN tunnels.

    Requires the Quantum Spark appliance to run the firmware R81.10.10 and higher.

    Enable System monitoring

    Requires the Quantum Spark appliance to run the firmware R81.10.10 and higher.

    Page 'Firmware':

    • Which firmware to install

    • The firmware installation schedule

    Page 'Backup':

    • Where to store the backup

    • The backup schedule

    Page 'Reports':

    • Which reports to send

    • The report schedule

    Page 'Notifications':

    • For which events to generate an email with notification

    • To which recipients to send this email

    Page 'Community':

    VPN Communities, in which this Gateway must participate.

    Page 'Authentication Method':

    Authentication Method for Site to Site VPN.

    Page 'Internal Network Topology':

    Encryption Domain.

    Page 'Administrator Access':

    Configures the allowed source IP addresses for the Web (HTTPS) and SSH access to the connected Quantum SparkGateways.

    Page 'Gateways Behind NAT':

    Configures the required NAT settings on the connected Quantum SparkGateways if they connect to the Internet though a NAT device.

    Configures scripts with Gaia Clish commands to be executed on the connected Quantum SparkGateways.

  4. In the bottom right corner, click Save.

  1. In the left navigation tree, click Gateways.

  2. In the Name column, select the checkboxes of the applicable Gateway objects.

  3. From the top toolbar, click Delete.

  4. When prompted, click OK.

  1. In the left navigation tree, click Gateways.

  2. In the Name column, click the applicable Gateway object.

  3. In the left navigation tree, click Status.

  1. In the left navigation tree, click Gateways.

  2. In the Name column, click the applicable Gateway object.

  3. In the left navigation tree, click Location.

  1. In the left navigation tree, click Gateways.

  2. In the Name column, click the applicable Gateway object.

  3. In the left navigation tree, click Services > Backup.

  4. In the Backup field, enter the applicable information.

  5. Click Save.

  1. In the left navigation tree, click Gateways.

  2. In the Name column, select the checkboxes of the applicable Gateway objects.

  3. From the top toolbar, click Actions > Reboot.

  4. When prompted, click OK.

  1. In the left navigation tree, click Gateways.

  2. In the Name column, select the checkboxes of the applicable Gateway objects.

  3. From the top toolbar, click Actions and click the applicable option:

    • Send Daily Report

    • Send Weekly Report

    • Send Monthly Report

  1. In the left navigation tree, click Gateways.

  2. In the Name column, select the checkboxes of the applicable Gateway objects.

  3. From the top toolbar, click Actions > Move to Plan.

  4. From the drop-down menu below Move to Plan, select the required Plan.

  1. In the left navigation tree, click Gateways.

  2. In the Name column, select the checkboxes of the applicable Gateway objects.

  3. From the top toolbar, click Actions > Fetch Now.

  1. In the left navigation tree, click Gateways.

  2. In the Name column, select the checkboxes of the applicable Gateway objects.

  3. From the top toolbar, click Actions > To Excel.

Note - This feature requires the firmware R81.10.15 and higher.

  1. In the left navigation tree, click Gateways.

  2. In the Name column, click the applicable Gateway object.

  3. From the top toolbar:

    • To access the WebUI, click one of these:

      • Access Gateway button

      • Actions menu > Access Gateway - IP

      Infinity Portal takes the IP address from the General page > Last connected IP address field, and opens a new tab with this URL and automatically logs you in:

      https://<IP Address>:4434

      Prerequisite:

      Make sure the Quantum Spark Gateway allows access to WebUI from the Internet.

    • To access the WebUI through the Reach My Device service, click the Actions menu > Access Gateway - RMD.

      Infinity Portal opens a new tab with this URL and automatically logs you in:

      https://<Gateway_Name>-web.smbrelay.checkpoint.com

      Prerequisite:

      Make sure the Quantum Spark Gateway uses the Dynamic DNS service - either in the assigned Plan (Configuring Plans > Section 'Services') or in the Gateway object (Editing an Existing Gateway Object > Section 'Services').

    • To access the CLI through the Reach My Device service, click the Actions menu > Access GW Shell- RMD.

      Infinity Portal opens a new tab with this URL and automatically logs you in:

      https://<Gateway_Name>-shell.smbrelay.checkpoint.com

      Prerequisite:

      Make sure the Quantum Spark Gateway uses the Dynamic DNS service - either in the assigned Plan (Configuring Plans > Section 'Services') or in the Gateway object (Editing an Existing Gateway Object > Section 'Services').

Notes:

  • If you signed in to Infinity Portal with a limited user that has a read-only role for the managed Quantum Spark gateways, then your access to the Gateway's WebUI is read-only. For information about User Roles, see the Infinity Portal Administration Guide.

  • This feature is available for Quantum Spark gateways that run R81.10.15 and higher.

  • When you are connected to the Quantum Spark gateway over the seamless login:

    • The logs show the interface name LANW instead of WAN.

    • Only VLAN interfaces are supported over the Flexi-WAN interface.