Download Complete PDF Send Feedback Print This Page

Synchronize Contents

Next

Introducing SmartView Monitor

Corporate networks in today's dynamic business environment are often comprised of many networks and gateways that support a diverse set of products and user needs. The challenge of managing an increasing array of system traffic can put enormous pressure on IT staffing capacity and network resources. With SmartView Monitor, Check Point offers you a cost effective solution to obtain a complete picture of network and security performance; and to respond quickly and efficiently to changes in gateways, tunnels, remote users and traffic flow patterns or security activities.

SmartView Monitor is a high-performance network and security analysis system that helps you easily administer your network by establishing work habits based on learned system resource patterns. Based on Check Point's Security Management Architecture, SmartView Monitor provides a single, central interface for monitoring network activity and performance of Check Point Software Blades.

Related Topics

SmartView Monitor Features

SmartView Monitor Considerations

Terminology

Understanding the User Interface

SmartView Monitor Features

SmartView Monitor allows administrators to easily configure and monitor different aspects of network activities. Graphical views can easily be viewed from an integrated, intuitive interface.

Pre-defined views include the most frequently used traffic, counter, tunnel, gateway, and remote user information. For example, Check Point System Counters collect information on the status and activities of Check Point products (for example, VPN or NAT). Using custom or pre-defined views, administrators can drill down on the status of a specific gateway and/or a segment of traffic to identify top bandwidth hosts that may be affecting network performance. If suspicious activity is detected, administrators can immediately apply a Firewall rule to the appropriate Security Gateway to block that activity. These Firewall rules can be created dynamically via the graphical interface and be set to expire within a certain time period.

Real-time and historical reports (that is, flexible, graphical reporting) of monitored events can be generated to provide a comprehensive view of gateways, tunnels, remote users, network, security and gateway performance over time.

The following list describes the key features of SmartView Monitor and how it is employed.

  • Gateways Status

    SmartView Monitor enables information about the status of all gateways in the system to be collected from these gateways. This information is gathered by the Security Management server and can be viewed in an easy-to-use SmartConsole. The views can be customized so that details about the gateway(s) can be shown in a manner that best meets the administrator's needs.

  • Traffic / System Counters

    SmartView Monitor delivers a comprehensive solution for monitoring and analyzing network traffic and network usage. You can generate fully detailed or summarized graphs and charts for all connections when monitoring traffic and for numerous rates and figures when counting usage throughout the network. The Traffic view also enables filtering according to categories (for example, services, IP addresses, interfaces or Firewall rules).

  • Tunnels

    SmartView Monitor enables system administrators to monitor connectivity between gateways. With the information collected by SmartView Monitor system administrators are able to sustain privacy, authentication and integrity. By showing real-time information about active tunnels (for example, information about its state and activities, volume of traffic or which hosts are most active), administrators can verify whether the tunnel(s) is working properly.

  • Users

    The Remote User Monitor is an administrative feature allowing you to keep track of VPN remote users currently logged on (that is, SecuRemote, Endpoint Security Secure Client and SSL Network Extender, and in general any IPSec client connecting to the VPN gateway). It provides you with a comprehensive set of filters which enables you to navigate easily through the obtained results.

    With information regarding, for example, current open sessions, overlapping sessions, route traffic, connection time, the Remote User Monitor is able to provide detailed information about remote users' connectivity experience. This feature enables you to view real-time and historical statistics about open remote access sessions.

  • Cooperative Enforcement

    Cooperative Enforcement is a feature that works in conjunction with Endpoint Security client. This feature utilizes Endpoint Security client compliance capability in order to verify connections arriving from the various hosts across the internal network. The firewall generates logs for unauthorized hosts. The logs generated for both authorized and unauthorized hosts can be viewed in SmartView Monitor.

SmartView Monitor Considerations

In view of the fact that SmartView Monitor enables graphical views of different types of measurements such as bandwidth, round trip time, packet rate or CPU usage, the most efficient way to yield helpful information is to create a view based on your specific needs.

With SmartView Monitor it is possible to create customized views for view types (for example, status, traffic, system statistics and tunnels). The customization allows control over filtering what to view, and over the values to display (for example, the columns in the Gateway Status view).

The following are just two examples of the numerous scenarios for which SmartView Monitor can offer information:

  • If a company's Internet access is slow, a Traffic view and report can be created to ascertain what may be clogging up the company's gateway interface. The view can be based on a review of, for example, specific Services, Firewall rules or Network Objects, that may be known to impede the flow of Internet traffic. If the SmartView Monitor Traffic view indicates that users are aggressively using such Services or Network Objects (for example, Peer to Peer application or HTTP), the cause of the slow Internet access has been determined. If aggressive use is not the cause, the network administrator will have to look at other avenues (for instance, performance degradation may be the result of memory overload).
  • If employees who are working away from the office cannot connect to the network a Counter view and report can be created to determine what may be prohibiting network connections. The view can be based on, for example, CPU Usage %, Total Physical Memory or VPN Tunnels, to collect information about the status, activities hardware and software usage of different Check Point products in real-time. If the SmartView Monitor Counter view indicates that there are more failures than successes, it is possible that the company cannot accommodate the mass number of employees attempting to log on at once.

Terminology

These are terms that you should be familiar with, to understand the information that is presented throughout this guide.

  • Views generate reports about the network according to network targets, filters and specific settings (for example, Monitor Rate).
    • Custom View a view generated by the SmartView Monitor user. This type of view is created from scratch or is based on a modified version of an existing out of the box view for common network scenarios.
  • System Counters generates reports about the status, activities, hardware and software usage of different Check Point products in real-time or history mode.
  • Traffic provides transaction information about network sessions in a given time interval
  • Tunnel an encrypted connection between two gateways.
  • Gateways Status provides information about the status of all Check Point supported hosts.
  • Users provides information about remote access VPN clients (for example, Endpoint Connect, Mobile Access, and others that are interoperable with VPN clients).
  • Cooperative Enforcement is a feature that works in conjunction with Endpoint Security client. This feature utilizes Endpoint Security client compliance capability in order to verify connections arriving from the various hosts across the internal network. The firewall generates logs for unauthorized hosts. The logs generated for both authorized and unauthorized hosts can be viewed in SmartView Monitor.
  • History provides information about previous Traffic or System Counters data.
  • Real-Time provides information about Traffic or System Counters data as it is generated.
  • Suspicious Activity Rules Firewall rules that are applied immediately. These rules can instantly block suspicious connections that are not restricted by the currently enforced security policy.
  • Threshold contains actions that are triggered when the status of a blade is changed or when an event has occurred.
  • Cluster indicates a group of servers and resources that act like a single system. This group enables high availability and in some cases, load balancing and parallel processing.
  • High Availability is a system or component that is continuously operational for a long length of time. Availability can be measured relative to "100% operational" or "never failing."

Understanding the User Interface

The SmartView Monitor is divided into a number of features. Refer to the following sections for a visual representation of each SmartView Monitor view.

The type of view results that appear on the screen are directly related to whether a Traffic, Counter, Tunnel, Gateway or Remote User view is selected.

Gateways Status View

To understand the following Gateways Status view, refer to the numbers in the figure and the list preceding it.

  1. Tree View lists all the views.
  2. Toolbars include shortcuts of SmartView Monitor options. The same options can also be accessed from the SmartView Monitor menus. The lower of the two toolbars is view specific and the same options can be found in the Gateways menu.
  3. Results View provides information about all the gateways in the organization as well as pertinent information about the gateway (such as its IP Addresses, the last time it was updated as well as its status). This information is directly linked to the view selected in the Tree View. Each row in the table represents a Gateway.
  4. Gateway Details is an HTML view that behaves like a browser and allows the user to hit links associated with a variety of data about the selected gateway.
  5. There are tabs for every view that is currently running in SmartView Monitor. As the number of running views grows they are added to a More tab from which you can select a view.

Traffic View

To understand the following Traffic view, refer to the numbers in the figure and the list preceding it.

  1. Tree View lists all the Custom and views.
  2. Toolbars include shortcuts of SmartView Monitor options. The same options can also be accessed from the SmartView Monitor menus. The lower of the two toolbars is view specific and the same options can be found in the Traffic menu.
  3. Results View (that is, bar, line, pie chart) provides information that is directly linked to the view selected and run from the Tree View.
  4. Legend includes a textual view (that is, report) of the Traffic view results
  5. Traffic Status Bar displayed at the bottom of the SmartView Monitor contains system information (for example, system uptime or traffic flow) about the gateway associated with the selected view.
  6. There are tabs for every view that is currently running in SmartView Monitor. As the number of running views grows they are added to a More tab from which you can select a view.

System Counters View

To understand the following System Counters view, refer to the numbers in the figure and the list preceding it.

  1. Tree View lists all the Custom and views.
  2. Toolbars include shortcuts of SmartView Monitor options. The same options can also be accessed from the SmartView Monitor menus. The lower of the two toolbars is view specific and the same options can be found in the Counters menu.
  3. Results View (that is, bar, line, pie chart) provides information that is directly linked to the view selected and run from the Tree View.
  4. Legend includes a textual view (that is, report) of the System Counters view results
  5. Counter Status Bar displayed at the bottom of the SmartView Monitor contains system information (for example, system uptime or traffic flow) about the gateway associated with the selected view.
  6. There are tabs for every view that is currently running in SmartView Monitor. As the number of running views grows they are added to a More tab from which you can select a view.

Tunnels View

To understand the following Tunnels view, refer to the numbers in the figure and the list preceding it.

  1. Tree View lists all the Custom and views.
  2. Toolbars include shortcuts of SmartView Monitor options. The same options can also be accessed from the SmartView Monitor menus. The lower of the two toolbars is view specific and the same options can be found in the Tunnels menu.
  3. Results View provides information that is directly linked to the view selected in the Tree View. Each row in the table represents a Tunnel.
  4. There are tabs for every view that is currently running in SmartView Monitor. As the number of running views grows they are added to a More tab from which you can select a view.

Users View

To understand the following Users view, refer to the numbers in the figure and the list preceding it.

  1. Tree View lists all the Custom and views.
  2. Toolbars include shortcuts of SmartView Monitor options. The same options can also be accessed from the SmartView Monitor menus. The lower of the two toolbars is view specific and the same options can be found in the Users menu.
  3. Results View provides information that is directly linked to the view selected in the Tree View. Each row in the table represents a User.
  4. There are tabs for every view that is currently running in SmartView Monitor. As the number of running views grows they are added to a More tab from which you can select a view.

Cooperative Enforcement View

To understand the following Cooperative Enforcement view, refer to the numbers in the figure and the list preceding it.

  1. Tree View lists all the available views.
  2. Toolbars include shortcuts of SmartView Monitor options. The same options can also be accessed from the SmartView Monitor menus. The lower of the two toolbars is view specific.
  3. Results View provides information that is directly linked to the view selected in the Tree View.
  4. There are tabs for every view that is currently running in SmartView Monitor. As the number of running views grows they are added to a More tab from which you can select a view.
 
Top of Page ©2013 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print