Download Complete PDF Send Feedback Print This Page

Previous

Synchronize Contents

Next

UTM-1 Edge SmartLSM Security Gateways

Related Topics

Creating UTM-1 Edge SmartLSM Security Profiles

Adding UTM-1 Edge SmartLSM Security Gateways

Handling New UTM-1 Edge SmartLSM Messages

Customized UTM-1 Edge Configurations

Creating UTM-1 Edge SmartLSM Security Profiles

When a SmartLSM Security Gateway is installed on a UTM-1 Edge device, the Check Point software is embedded. Features and maintenance for SmartLSM Security Gateways on UTM-1 Edge are somewhat different from similar procedures for SmartLSM Security Gateways on other hardware platforms.

Every SmartLSM Security Gateway must have a SmartLSM Security Profile, which fetches a Check Point Security Policy from the Security Management Server or Domain Management Server. This Security Policy determines the settings of the firewall. Before you can add any SmartLSM Security Gateway to SmartProvisioning, have the SmartProvisioning SmartLSM Security Profiles prepared in SmartDashboard.

This procedure describes how to create a SmartLSM Security Profile for UTM-1 Edge SmartLSM Security Gateways. After you have completed this, you can add the gateway objects to SmartProvisioning.

To create a UTM-1 Edge SmartLSM Security Profile:

  1. In SmartDashboard, open the Security Policy for your SmartLSM Security Gateways. If necessary, edit the policy. See the SmartDashboard online help or the R76 Security Management Administration Guide.
  2. Right-click the Network Objects tab and select New > SmartLSM Profile > UTM-1 Edge Gateway.

    The SmartLSM UTM-1 Edge/Embedded Profile window opens.

  3. Define the SmartLSM Security Profile in this window. Refer to the online help for more information.
  4. Install the policy.

    The new profile is not available until the policy is installed.

Adding UTM-1 Edge SmartLSM Security Gateways

This procedure describes how to add a UTM-1 Edge SmartLSM Security Gateway to the SmartProvisioning management.

Before you begin, you must have at least one SmartLSM Security Profile for UTM-1 Edge gateways. See Creating UTM-1 Edge SmartLSM Security Profiles for details.

To add a UTM-1 Edge SmartLSM Security Gateway to SmartProvisioning management:

  1. In the SmartProvisioning tree, click Devices.

    From the SmartProvisioning menu, select File > New > UTM-1 Edge SmartLSM Security Gateway. A wizard opens, taking you through the definition steps.

  2. In the New UTM-1 Edge SmartLSM Gateway window, enter a name and optional comments. This name is used by Multi-Domain Security Management. It need not be the name of the gateway device, but should be easily recognizable by users.
  3. In the More Information window, define the SmartLSM Security Gateway as follows:
    • SmartLSM Security Gateway - Select the gateway hardware.
    • Security Profile - Select a SmartLSM Security Profile created in SmartDashboard.
    • OS - Select the operating system of the gateway.
    • Enable Provisioning - Select to enable provisioning for this gateway. Clear this option if you are sure that this gateway should be managed in a unique way; if you are sure that Provisioning Profiles would not be useful in the management, or might be harmful to the operations, of this gateway.
    • No Provisioning Profile - Select to leave the actual assignment of Provisioning Profile for later.
    • Provisioning Profile - Select a Provisioning Profile to assign to this gateway.

    Note - This option is disabled for platforms that do not support SmartProvisioning.
  4. In the SmartLSM Security Gateway Communication Properties window, establish SIC Trust between the gateway and the management server using one of the below methods:
    • Select Generate Registration Key automatically and click Generate. The Generated Registration Key window opens, displaying the key in clear text. Make note of the key (to enter it on the SmartLSM Security Gateway for SIC initialization) and then click Accept.
    • Select Registration Key and provide an eight-character string to be the key. Enter it again in the Confirm Registration Key field.

    In SmartLSM Gateway VPN Properties window, enable the I wish to create a VPN Certificate from the Internal CA option if the gateway is part of a VPN. If the gateway is not part of a VPN community in SmartDashboard, clear this option.

  5. In the Finished window, select the Edit SmartLSM Security Gateway properties after creation check box if you wish to edit or configure additional properties.

Handling New UTM-1 Edge SmartLSM Messages

This section explains how to handle a message that may appear after you finish the wizard to add a UTM-1 Edge SmartLSM Security Gateway, during the SmartProvisioning processing of the gateway object.

Registration Key is Missing

If you did not generate or select a Registration Key for SIC setup, a message opens:

'Registration Key' for the Gateway SIC setup is missing.
Do you want to continue?

Click Yes to let SmartProvisioning add the gateway now and handle the SIC setup later, or click No and then Back to the Communication Properties page.

To handle the SIC setup after the gateway is added:

  1. Select the gateway in the work space and then select Edit > Edit Gateway.
  2. In the General tab, click New Key.
  3. In the Registration Key window, click Generate Key. After the key is provided, click Set.
  4. Click OK to close the Edit window.

Customized UTM-1 Edge Configurations

In SmartDashboard, you can view and edit the configuration script to ensure that a specific gateway will perform those commands when it rises. Any changes that you make to the script will be performed when the gateway fetches its SmartProvisioning settings.

For more detailed information about configuration scripts, see the R76 Command Line Interface Reference Guide.

To open the Configuration Scripts:

In the UTM-1 Edge SmartLSM Security Gateway window, click Configuration Script.

  
Top of Page ©2013 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print