The Home Tab

In This Section: System Security Dashboard Security Management License Site Map Active Computers Monitoring Reports Tools

System

The Home > System page shows an overview of the Check Point Appliance.

The Check Point Appliance requires only minimal user input of basic configuration elements, such as IP addresses, routing information, and blade configuration. The initial configuration of the Check Point Appliance can be done through a First Time Configuration Wizard. When initial configuration is completed, every entry that uses http://my.firewall shows the WebUI Home > System page.

• System Information - Shows the appliance model, installed software version, name, MAC address, system date and time (with the GMT setting), and system uptime.
• Network - Shows Internet information and (where applicable) the wireless network status. Click the links to configure these options.
• Security Management - Shows authentication status of the Security Management Server and security policy data. You can click the link to open the Security Management Server page.
• Network Activity - Shows live data graphs of packet rate and throughput.

Security Dashboard

The Home > Security Dashboard page shows you the active blades.

The software blades are shown in these groups:

• Access Policy - Contains the Firewall, Application Control and URL Filtering, User Awareness, and QoS blades.
• Threat Prevention - Contains the Intrusion Prevention (IPS), Anti-Virus, Anti-Bot, Threat Emulation, and Anti-Spam blades.

  Note - The Threat Emulation Software Blade is only supported in R80.10 management and higher. This blade is not supported for 1100 appliances.

• VPN - Contains the Remote Access and Site to Site VPN blades. It also contains certificate options.

The software blades are enabled through SmartDashboard. For more information, see the Threat Prevention Administration Guide.

To view blade and license information:

Click the information icon.

To view statistics:

1. Click the bar graph icon.

   The blade statistics window opens.

2. If the blade is turned on:
   • View the graph and details.
   • To go to other blade statistics, click the arrows in the header.
3. If the blade is turned off or has no license:

   Click View demo to see an example of the statistics shown and then click Close.

Security Management

The Home > Security Management page shows information for the management mode of the Check Point Appliance. You can also test Internet Connectivity from this page.

To set the management type:

Select one of the options:

• Locally - To manage the Check Point Appliance using the local web application (WebUI). Click Apply and then Yes when asked to confirm.
• Centrally - To manage the Check Point Appliance using the Security Management Server.

When centrally managed, it shows the trust status between the Check Point Appliance and the Security Management Server. When a policy is prepared in SmartDashboard, you can fetch the policy from this window.

Security Management Server

In this section you can view the status of the management connection, last policy installation, adjust trust settings, and initialize a connection.

1. In the Security Management Server section, click Settings to adjust trust settings or Setup to initialize a connection. The Welcome to the Security Management Server Configuration Wizard shows.
2. Click Next. In the One Time Password (SIC) page, select an option for authenticating trusted communication:
   • Initiate trusted communication securely by using a one-time password - The one-time password is used to authenticate communication between the Check Point Appliance and the Security Management Server in a secure manner.
     Enter a one-time password and confirm it. This password is only used to establish the initial trust. When established, trust is based on security certificates.

     Important - This password must be identical to the Secure Communication authentication one-time password configured for the Check Point Appliance object in the SmartDashboard of the Security Management Server.

   • Initiate trusted communication without authentication (not secure) - Select this option only if you are sure that there is no risk of imposture (for example, when in a lab setting).
3. Click Next. In the Security Management Server Connection page, select a connection method:
   • To connect to the Security Management Server now, select Connect to the Security Management Server now, enter the Security Management Server IP or name and click Connect. When you successfully connect to the Security Management Server, the security policy is automatically fetched and installed.

     If the Security Management Server is deployed behind a 3rd party NAT device, select Always use this IP address and manually enter the IP address the appliance used to to reach the Security Management Server. This IP address overrides, from this point on, the automatic calculating mechanism that determines the routeable IP address of the Security Management Server for each appliance.

     If trust was established but the gateway could not fetch the policy, you can investigate the issue with the Security Management Server administrator. When the issue is resolved, click the Fetch Policy button that shows instead of the Connect button.

   • To connect to the Security Management Server later, select Connect to the Security Management Server later.
4. Click Finish.

To reinitialize trusted communication with the Security Management Server:

1. In the Security Management Server section, click Advanced to reinitialize trusted communication.
2. Click Reinitialize Trusted Communication.

   A Warning message shows.

3. Click Yes.

   Note - You need to coordinate this operation with the Security Management Server administrator, as reinitialization is necessary on both sides.

Security Policy

To obtain the security policy from the Security Management Server, click Fetch Policy. This option is available only if trust is established with the Security Management Server.

Internet

To test connectivity, click Test Connection Status. A status message shows the results of the test. You can click Settings to configure Internet connections.

License

The Home > License page shows the license state for the software blades. From this page, the appliance can connect to the Check Point User Center with its credentials to pull the license information and activate the appliance.

In most cases, you must first register the appliance in your Check Point User Center account or create one if you don't already have one. A User Center account is necessary to receive support and updates.

If you have Internet connectivity configured:

1. Click the Activate License link on this page to be directed to the registration form in the User Center.
2. If registration information is not successfully retrieved, browse to the applicable URL:
   • For 1100 Appliances: https://register.checkpoint.com
   • For 1200R and 1400 Appliances: https://smbregistration.checkpoint.com
3. Complete the applicable fields in the User Center registration.
   • Appliance MAC address
   • Appliance registration key
   • Select Hardware Platform
   • Select Hardware Model
4. Return to this page and click Activate License.

   You are notified that you successfully activated the appliance. After initial activation, the Activate License button shows Reactivate. If changes are made to your license, click Reactivate to get the updated license information.

If you work offline while configuring the appliance:

1. Browse to https://usercenter.checkpoint.com and fill out the requested information. You must enter the appliance's credentials, MAC address and registration key, that can be found on the Home > License page.
2. After you complete the registration wizard, you are prompted to download the activation file. Download it to a local location. This is needed for the next step.
3. In the Home > License page, click Offline.

   The Import Activation File window opens.

4. Browse to the activation file you downloaded and click Import. The activation process starts.

If there is a proxy between your appliance and the Internet, you must configure the proxy details before you can activate your license.

To configure the proxy details:

1. Click Set proxy.
2. Select Use proxy server and enter the proxy server Address and Port.
3. Click Apply.
4. Click Activate License.
5. Click Activate License.

Site Map

The Home > Site Map page shows a site map of the WebUI. It shows all of the tabs and the pages they contain.

Click the link to any page directly from the Site Map page.

Active Computers

The Active Computers page shows a list of the devices identified in internal networks. The information includes:

• Object name
• MAC Address
• IP address

  Note - 1100 appliances only support IPv4 addresses. 1200R and 1400 appliances support both IPv4 and IPv6 addresses. If a host has both IPv4 and IPv6 addresses, there will be a single entry in the table.

• Device/User Name - Shows a device/user name if the information is available to the appliance through DHCP or user awareness.
• Services - Shows incoming and outgoing services. Incoming services usually indicate servers.
• Zone - Shows if the appliance is connected physically or through a wireless connection.
• Traffic - Shows upload and download packet rates for all IP addresses when traffic monitoring is active.

  Note - Traffic monitoring does not differentiate between IPv4 and IPv6 addresses.

Manage the display:

• Save as - Save a selected device as a network object or server.

  When you select this option, the New Network Object window or New Server Wizard opens. Enter the information in the fields and click Apply. Use these objects to reserve IP addresses to MAC addresses in the DHCP server and also add this object name as a host in the local DNS service. Network objects and server objects can be used in the security configurations, for example in the Access Policy and IPS exceptions.

  A server object also allows you to configure access and NAT if applicable as part of the object. If access and/or NAT are configured, automatic access rules are created in the Access Policy Rule Base.

• Filter - Filter the list by servers, active devices, or known devices.
• Details - Select a row in the list and click Details to show additional properties of the device.
• Refresh - Refresh the information in the list.
• Start/Stop Traffic Monitor - Gather upload and download packet rates for active computers. The information is shown in the added Traffic column in the table.

  This operation may affect performance.
  To stop, click Stop Traffic Monitoring.

The display shows the devices connected to the gateway through a Hotspot. You can revoke the Hotspot access for one or more devices. This disconnects the device from the gateway and requires the device to log in again through the Hotspot.

To revoke the Hotspot access:

1. Click the record for the relevant device.
2. Click Revoke Hotspot Access.

   The access for that device is revoked. You must log in again through the Hotspot to reconnect the device to the gateway.

Note - If there is no IPv6 activity in a dual stack host, the Active computers do not show the IPv6 address.

Note - This page is available from the Home and Logs & Monitoring tabs.

Monitoring

The Monitoring page shows network, security, and troubleshooting information. When you enter this page, the latest data shows. You can click Refresh to update information. To see a sample monitoring report, click Demo. To close the sample reports, click Back.

The number of current connections in the system is shown for VPN Tunnels, Active Computers, and Connections. You can click the links to open the corresponding WebUI pages.

The Monitoring page is divided into these sections:

• Network
• Security
• Troubleshooting

To expand or collapse the sections, click the arrow icon in the section's title bar.

Network

By default, network statistics are shown for the last hour. You can also see statistics for the last day. Select the applicable option Last hour or Last day from the Network section's title bar.

The data is automatically refreshed for the time period:
Last hour - At one minute intervals. For example, if you generate a report at 10:15:45 AM, the report represents data from 9:15 to 10:15 AM.
Last day - At hourly intervals. For example, if you generate a report at 10:15 AM, the report represents data from the last 24 hours ending at 10:00 AM of the current day.

• Bandwidth Usage - The doughnut chart shows the top 10 applications or users that consumed the most bandwidth in the selected time frame (last hour or last day). Click the Applications or Users links to toggle between the statistics. To show user information the User Awareness blade must be activated.
• Top Bandwidth Consuming - Shows statistics for the top bandwidth consuming application, category, site, and user in percentages and the amount of traffic (MB or GB).
• Traffic - By default, shows the total amount of traffic received and sent in an area graph. The time axis reflects the time frame (last hour or last day) selected for the Network section. For last hour, the graph shows 5 minute intervals and for last day, hourly intervals. You can click the Received and Sent links to see only the amount of traffic received or sent. The orange area on the graph represents sent traffic. The blue area represents received traffic.

  If you hover over a time interval, a popup box shows:

  • The date and time
  • The traffic sent or received
  • The total traffic for that time interval
• Total traffic statistics - Next to the area graph you can see total traffic statistics for the last day or hour.

Security

• Infected hosts - Shows the number of:
  • Infected hosts
  • Infected servers
  • Recently active infected hosts

  You can click All Infected Hosts to open the Logs & Monitoring > Infected Hosts page.

• High risk applications - Shows:
  • The number of high risk applications
  • The most used high risk applications
  • The top users of high risk applications.

  You can click Applications Blade Control to open the Access Policy > Firewall Blade Control page to see Applications and URL Filtering settings.

• Security events - Shows the number of:
  • Anti-Bot - Malwares detected by the Security Gateway.
  • Anti-Virus - Malwares detected by the Security Gateway.
  • Threat Emulation - Malicious files found since the last reboot and how many files scanned.
  • The number of IPS attacks.

  You can click the links to open the Threat Prevention > Blade Control page.

Troubleshooting

• System Resources - Click CPU, memory and disk usage to see CPU, memory, and disk usage information.
• Device Info - Shows Security Gateway information.
• Links to pages that can be useful for monitoring and troubleshooting purposes.

Note - This page is available from the Home and Logs & Monitoring tabs.

Reports

The Reports page shows network analysis, security analysis, and infected hosts reports by a selected time frame (monthly, weekly, daily, and hourly).

These elements influence the times shown in reports:

• Rounding off of time
• System reboot

Rounding Off of Time

The times shown in generated reports are rounded down:

• For hourly reports - At one minute intervals. For example, if you generate a report at 10:15:45 AM, the report represents data from 9:15 to 10:15.
• For daily reports - At hourly intervals. For example, if you generate a report at 10:15 AM, the report represents data from the last 24 hours ending at 10:00 AM of the current day.
• For weekly reports - At four hour intervals, starting with 00:00, 04:00, 08:00 and so on. For example, if you generate a report at 11:55 AM, the report represents data from the last week ending at 08:00 AM of the current day.
• For monthly reports - At four hour intervals, starting with 00:00, 04:00, 08:00, 12:00 and so on. For example, if you generate a report at 11:15 AM, the report represents data from the last month ending at 08:00 AM of the current day.

System Reboot

In the first 24 hour cycle after an appliance starts up (after installation or an update), the system adds one more time interval to the delta of the next applicable report interval.

For example, for weekly reports that are generated at pair hour intervals, the appliance requires 1 more hours plus the delta for the first applicable pair hour.

• For an appliance that started at 00:00 AM - The first weekly report is generated at 04:00 AM. The total of 4 hours derives from the first delta of the first applicable pair hour which is 02:00 and the added 2 hours. The total wait is 4 hours.
• For an appliance that started at 01:59 AM - The first weekly report is generated at 04:00 AM. The generated time derives from the delta of the first applicable pair hour which is 02:00 and the added 2 hours. The total wait is 2 hours.

After you start up an appliance, reports are generated:

• Hourly reports - 2-3 minutes from startup.
• Daily reports - 1-2 hours from startup.
• Weekly reports - 2-4 hours from startup.
• Monthly reports - 4-8 hours from startup.

Note - Only the last generated report for each report type is saved in the appliance. When you generate a new report, you override the last saved report for the specified type.

To generate a report:

Click the applicable time frame link at the top of the page (Monthly, Weekly, Daily or Hourly).

The line below the links shows the selected report and its time frame. To refresh the data shown, click Generate.

The report includes these sections:

• Executive Summary
• Table of Contents
• Report Pages

Executive Summary

The first page of the report is the executive summary and shows:

• The number of Anti-Bot and Anti-Virus malware detected by the Security Gateway and the number of IPS attacks.
• Top bandwidth consuming statistics by category, site, and user. You can click the Top category, Top site, or Top user link to get to the applicable report page. It also shows Bandwidth Usage by Applications statistics for the top 5 applications in a doughnut chart and total traffic received and sent.
• The number of infected hosts, servers, and recently active infected hosts.
• The number of high risk applications, the most used high risk applications, and the top users of high risk applications.
• The Security Gateway name, version, and MAC address.

Table of Contents

The table of contents contains links to the network analysis, security analysis, and infected hosts reports. Click a link to go directly to the selected section.

Report Pages

Each report page shows a detailed graph, table, and descriptions.

Note - This page is available from the Home and Logs & Monitoring tabs.

Tools

On the Tools page you can:

• Monitor system resources.
• Show the routing table.
• Verify the appliance connectivity to Cloud Services.
• Display DSL Statistics (DSL models only)
• Generate a CPInfo file.
• Ping or trace an IP address.
• Perform a DNS lookup.
• Capture packets.
• Download the console-USB driver (1400 appliances only)

To monitor system resources:

1. Click Monitor System Resources. The System Resources page opens and shows the following information:
   • CPU Usage History (automatically refreshed)
   • Memory Usage History - memory is calculated without memory that was preallocated to handle traffic and without cache memory. This gives a more accurate picture of the actual memory usage in the appliance but it may differ from figures you receive from Linux tools. The information is automatically refreshed.
   • Disk Usage - click the Refresh button for the most updated disk usage information.
2. Click Close to return to the Tools page.

To show the routing table:

1. Click Show Routing Table. The output appears in the Command Output window.
2. Click Close to return to the Tools page.

To verify the appliance connectivity to Cloud Services:

Click Test Cloud Services Ports.

The Cloud Services Ports Test window opens and shows the available ports and their state.

To display DSL statistics:

Click DSL Statistics. A window opens and shows the statistic parameters.

To generate a CPInfo file:

1. Click Generate CPInfo File. A message next to the button shows the progress.
2. Click Download CPInfo File to view or save the CPInfo file.

To ping or trace an IP address:

1. Enter an IP or host name in the Host Name or IP Address field.
2. Click Ping or Trace Route. The output appears in the Command Output window.
3. Click Close to return to the Tools page.

To perform a DNS lookup:

1. Enter a Host Name or IP Address.
2. Click Lookup. The output appears in the Command Output window.
3. Click Close to return to the Tools page.

To capture packets:

If a packet capture file exists, a note shows the date of the file and you can download it before you start a new packet capture that overwrites the existing file.

1. Select an option from the Select Network list.
2. Click Start and then Stop when you want to stop packet capturing.
3. Click Download File to view or save the capture file.

You can activate packet capture and go to other WebUI application pages while the packet capture runs in the background. However, the packet capture stops automatically if the WebUI session ends. Make sure you return to the packet capture page, stop and download the capture result before you end the WebUI session.

Note - The capture utility uses tcpdump. "fw monitor" is available through the command line interface.

When the mini-USB is used as a console connector in 1400 appliances, Windows does not automatically detect and download the driver needed for serial communication. You must manually install the driver. For more information, see sk111713.

To download the Windows driver for Mini-USB console socket (1400 appliances only):

Click the Download link.

Note - This page is available from the Home, Device, and Logs & Monitoring tabs.