SmartProvisioning User Interface
Main Window Panes
The main SmartProvisioning window has separate panes, each with its own purpose and each with a different connection to the other panes.
Tree Pane
The tree pane provides easy access to the list of objects that you can view and manage in the work space.
Work Space Pane
The view of the work space pane changes according to the object selected in the tree.
- Devices work space - Use this work space to manage gateways and other device objects, such as clusters.
- To show the Devices work space, click Devices in the tree.
- To see a Device work space by type of configuration, select Device Configuration > Networking, and then the tree item that describes the configuration you want (DNS, Routing, Interfaces, Hosts, Domain Name, Host Name).
- Profiles work space - Use this work space to manage Provisioning Profiles. Click Profiles in the tree.
- Status - Shows dynamic status of devices. Click Status in the tree.
Status View
The information in the Status View pane depends on whether you select Action Status or Critical Notifications.
- Action Status: For each device upon which you initiate an action, you can view the status and details of the action performance:
- : The name of the action.
- : The type of action. See SmartProvisioning Menus and Toolbar
- : The time when the action actually began on the selected gateway.
- : The current status of the action, dynamically updated.
- : Relevant notes.
- Click the Result link to open the window and see the results of this script.
- Critical Notifications: For each device that has a critical status or error, you can view the status of the gateway, its Security Policy (if the device is a SmartLSM Security Gateway), and its Provisioning Profile (if it is assigned to a Provisioning Profile).
Gateway Status Indicators
Indicator
|
Description
|
OK
|
Gateway is up and performing correctly
|
Waiting
|
SmartProvisioning is waiting for status from the Security Management Server or Domain Management Server
|
Unknown
|
Status of gateway is unknown
|
Not Responding
|
Gateway has not communicated with Security Management Server or Domain Management Server
|
Needs Attention
|
Gateway has an issue and needs to be examined
|
Untrusted
|
SIC Trust is not established between gateway and Security Management Server or Domain Management Server
|
Policy Status Indicators
Indicator
|
Description
|
OK
|
Gateway is up and performing correctly
|
Waiting
|
SmartProvisioning is waiting for status from Security Management Server or Domain Management Server
|
Unknown
|
Status of gateway is unknown
|
Not installed
|
Security policy is not installed on this gateway
|
Not updated
|
Installed security policy has been changed; gateway should fetch new policy from Security Management Server or Domain Management Server
|
May be out of date
|
Security Policy was not retrieved within the fetch interval
|
Provisioning Profile Indicators
Indicator
|
Description
|
OK
|
SmartProvisioning Agent is installed and operating
|
Needs Attention
|
Device has an issue and needs to be examined
|
Agent is in local mode
|
Device is in maintenance mode
|
Uninitialized
|
Device has not yet received any provisioning configurations
|
Unknown
|
Status of provisioning is unknown
|
SmartProvisioning Menus and Toolbar
This section is a reference for the menus and toolbar buttons in SmartProvisioning. The menu commands that are available at any time depend on the list that is displayed in the work space.
To access menu options, click the Launch Menu button on the toolbar and then access the specified menu.
For example, the File > New command enables you to create new SmartLSM Security Gateways when the Devices work space is displayed. When the Profiles work space is displayed, File > New enables you to create a new Provisioning Profile.
The table below lists the menus and explains their commands. Some of the commands have toolbar buttons that you can use to access the same functionality.
SmartProvisioning Menus
|
|
|
|
|
Menu
|
Command
|
Description
|
For further information
|
File
|
New
|
Define new SmartLSM Security Gateway or Provisioning Profile
|
See Creating Security Gateway SmartLSM Security Profiles
See Adding UTM-1 Edge SmartLSM Security Gateways
See Creating Provisioning Profiles
|
Export to file...
|
Export objects list to file
|
See Export to File
|
Exit
|
Close SmartProvisioning
|
Edit
|
Edit gateway
|
Edit selected gateway
|
See All Gateway Management Overview
|
Delete SmartLSM Security Gateway
|
Delete selected gateway; only for devices with SmartLSM Security Profiles
|
See Deleting Gateway Objects
|
Edit Provisioning profile
|
Edit Provisioning Profile of selected gateway
|
See Provisioning
|
Find
|
Find specific object in visible list
|
See Find
|
View
|
Toolbar
|
Show/Hide Status Bar
|
|
Status bar
|
Show/Hide Status View pane
|
See Main Window Panes
|
Status View
|
Show/Hide Status View pane
|
See Status View
|
Clear All Filters
|
Clears all the configured filters
|
See Filtering Columns
|
Show/Hide columns
|
Open the Show/Hide Columns window and select the data to be displayed in the work space
|
See Show/Hide Columns
|
Manage
|
Open Selected Policy
|
Open SmartDashboard to edit Security Policy installed on selected SmartLSM Security Gateway
|
SmartLSM Security Policies
|
|
Open Selected Policy
(Read Only)
|
Open SmartDashboard to view Security Policy of selected SmartLSM Security Gateway
|
|
Custom Commands
|
Add/Edit user-defined executables to run on remote gateways
|
See Executing Commands
|
|
Select SSH Application
|
Provide pathname to SSH application for remote management of devices
|
See SSH Applications
|
Actions
|
Push Dynamic objects
|
Push values resolved in SmartProvisioning to SmartLSM Security Gateway
|
See Dynamic Objects
|
|
Push Policy
|
Push values resolved in SmartProvisioning to SmartLSM Security Gateway
|
See Immediate Gateway Actions
|
|
Maintenance > Stop Gateway
|
Stop Check Point services on selected gateway
|
See Remotely Controlling Gateways
|
|
Maintenance > Start Gateway
|
Start Check Point services on selected gateway
|
|
Maintenance >
Restart Gateway
|
Restart Check Point services on selected gateway
|
|
Maintenance > Reboot Gateway
|
Reboot the device
|
|
Get Status Details
|
Open Gateway Status Details
|
See Viewing Status of Remote Gateways
|
|
Get actual settings
|
Fetch configuration settings from device to management server
|
|
|
Packages
|
Software management
|
See Actions > Packages
|
|
Update Corporate office gateway
|
Update a CO Gateway to reflect changes in managed gateways
|
See Remotely Controlling Gateways
|
|
Updated Selected Corporate Office Gateway
|
Update selected CO (available when CO gateway is selected)
|
|
Advanced Permissions
|
Create a custom script
|
See Running Scripts
|
|
Backup
|
Create a backup image
|
See Immediate Backup of Security Gateways
|
|
Push Settings and Action
|
Immediate execute of Backup and fetch of profile settings
|
See Applying Changes
|
|
Define UTM-1 Edge cluster
|
Configure two UTM-1 Edge SmartLSM Security Gateways for high availability
|
See UTM-1 Edge clusters
|
|
Remove UTM-1 Edge clusters
|
Disassociate the two members of a UTM-1 Edge Cluster
|
|
Run SmartProvisioning Wizard
|
Opens SmartProvisioning wizard from Overview page
|
See SmartProvisioning Wizard
|
Window
|
Access other SmartConsole clients
|
Help
|
View version information and open online help
|
Actions > Packages
The Actions menu also includes the Packages menu. Package commands enable you to manage software on Security Gateways and SmartLSM Security Gateways.
These commands are not relevant or available for UTM-1 Edge gateways. To manage the software of UTM-1 Edge devices, use the UTM-1 Edge portal (right-click > Launch UTM-1 Edge Portal).
The table below describes the commands of the Packages menu. See Managing Software to learn more about managing Check Point software packages with SmartProvisioning.
Working with the SmartProvisioning GUI
This section describes SmartConsole customizations and general functions.
Find
You can search for strings in the SmartProvisioning console.
To open the Find window
- Select Edit > Find.
- In the Look in field, select a column header to search for the string in a specific data type:
- All Fields
- Name
- IP/ID: Format of IP address; tracking ID for logs
- Product: Check Point product, platform, or operating system
- Security Profile
- Provisioning Profile
- Policy Name
- Last Applied Settings
- Gateway Status: Use a valid status string
- Policy Status: Use a valid status string
- Provisioning Status: Use a valid status string
- Maintenance Mode: Yes or No
Show/Hide Columns
You can customize the information displayed in Device lists.
To customize Device list columns:
- Select View > Show/Hide Columns.
- In the Show/Hide Columns window, select the check boxes of the columns that you would like to be displayed.
- Clear the check boxes of the columns that you would like to hide.
It is also possible to hide a column by right-clicking the column header selecting Hide Column from the popup menu.
Filter
You can filter a Devices work space for more convenient displays.
To filter the list:
- Select the Devices work space.
- In , enter the filter number or text.
- From the drop-down list, select the filter category that you want. You can select one of these filter categories:
- All: The filter number or text is applied to all the filter categories. (Default)
- Name: name of the gateway and icon indicating its type (Security Management server, Domain Management Server, SmartLSM Security Gateway, UTM-1 Edge SmartLSM Security Gateway, Check Point host, Mobile Access).
- IP/ID: unique ID in the form of an IP address, used to track logs generated from a Gateway, even if it changed its external IP address.
- Product: Name of the Check Point platform used for the Security Gateway.
- Version: Check Point software version for the Security Gateway.
- Provisioning Profile: Name of the Provisioning Profile.
This field is blank if the Security Gateway is not enabled for provisioning. - Last Applied Settings: Date and time that the Security Gateway definition was last changed.
- Security Profile: Name of the last installed Security Profile.
- Gateway Status: Current status of the Security Gateway.
- Policy Status: Current status of the Security Profile.
- Provisioning Status: Security Gateway provisioning status.
- DNS Overrides Profile: The Devices work space is filtered to display only the objects (gateways, servers, clusters and so on) that match the filter number or text for that category.
Filtering Columns
You can filter columns in and displays according to the content of that column.
To filter a column:
- In the tree, select or the display.
- Right-click the column heading and select .
The Advanced Filter window is displayed.
- Configure the filter settings for that column.
- Click .
- To clear the filter settings, right-click the column heading and select .
Export to File
If you prefer to track your managed devices in other programs, you can export the SmartProvisioning objects list.
To export SmartProvisioning data to a file:
- Select File > Export to File.
- Click Export To.
The Export to File window opens.
- Provide a name for the file and select a type: MS Excel, Web, CSV, Text, or All (to create your own extension).
- Click Save.
- Select the file options that you want:
- Show Headers: Select to include the column headers.
- Use the following Delimiter: Select Tab as a delimiter between data, or select Other and specify the delimiter you want. (This is disabled for MS Excel and Web page file types.)
- Click OK.
The file is created. A dialog box opens, with the message
File '<pathname>' created successfully.
- Click Open File to view the exported file in a relevant application.
SSH Applications
SSH applications provide management features for remote devices. This feature is supported by SecurePlatform devices.
Selecting a Default SSH Application
If you have not yet opened an SSH application, you can provide the path from within SmartProvisioning. The first time you select an SSH application, choose a default application from Manage > Select SSH Application. Each subsequent time that you want to open an SSH terminal, you can right-click on any object whose operating system is SecurePlatform and select Launch SSH Terminal.
To select an SSH application for the first time:
- Select Manage > Select SSH Application.
- Select Your SSH Client.
- In the SSH Client Connection Attributes section, choose a predefined application template, such as Putty or SecureCRT, or create your own by selecting Custom. Verify that the Connection Attributes match the syntax required for your selected SSH terminal application, where <IP> refers to the device's IP address.
- When the required syntax for the specific application appears in the Connection Attributes field. Click OK.
Launching an SSH Application from Network Objects
After you have selected a default SSH application for the first time, you can launch it from any object whose operating system is SecurePlatform.
To launch the default SSH application from a Network object:
- Right-click on a Network object
- Select Launch SSH Terminal.
The SSH terminal opens and automatically calls the object's IP address from its last known IP address.
Web Management
You can use the Web management portal to manage SecurePlatform gateways. This is especially useful with remote gateways that need individual changes, or system administration management.
To manage a SecurePlatform gateway through its Web portal:
- Right-click a SecurePlatform gateway and select Launch Device Management Portal.
A web browser opens to https://<IP_address>.
- Log in with the administrator user name and password.
The features available from the Web portal enable you to manage networking, routing, servers, and many other local device configurations.
|
|
