The Home Tab

In This Section: System Security Dashboard Cloud Services License Site Map Active Devices Monitoring Reports Tools

System

The Home > System page shows an overview of the Check Point Appliance.

The Check Point Appliance requires only minimal user input of basic configuration elements, such as IP addresses, routing information, and blade configuration. The initial configuration of the Check Point Appliance can be done through a First Time Configuration Wizard. When initial configuration is completed, every entry that uses http://my.firewall shows the WebUI Home > System page.

• System Information - Shows the appliance model, installed software version, name, MAC address, system date and time (with the GMT setting), and system uptime.
• Network - Shows Internet information and wireless network/radio status

  If applicable, click the links to configure Internet and Wireless options.

• Statistics - Shows live data graphs of packet rate and throughput.

Security Dashboard

The Home > Security Dashboard page shows you the active blades and lets you quickly navigate to the blade configuration page.

It also gives you:

• Access to the basic settings of the blades with the Settings button (cogwheel icon) and lets you activate the blades.
• Access to statistics for each blade (graph icon)
• Alerts you if there are blades that are missing licenses, service blades which are not up-to-date, and active blades which require additional configuration (for example, site-to-site VPN where the user did not configure any sites). When applicable, there is a triangle in the upper right hand corner of the specified blade.

The software blades are shown in these groups on this page based on where they are configured in the WebUI:

• Access Policy - Contains the Firewall, Applications & URL Filtering, User Awareness, and QoS blades.
• Threat Prevention - Contains the Intrusion Prevention (IPS), Anti-Virus, Anti-Bot, Threat Emulation, and Anti-Spam blades.
• VPN - Contains the Remote Access and Site to Site VPN blades. It also contains certificate options.

You can click the tab name link or software blade link to access the tab for further configuration.

To turn a software blade on or off:

Slide the lever of the specified blade to the necessary ON or OFF position. When you turn off the Firewall blade, click Yes in the confirmation message.

Note - Software blades that are managed by Cloud Services show a lock icon. You cannot toggle between on and off states. If you change other policy settings, the change is temporary. Any changes made locally are overridden in the next synchronization between the gateway and Cloud Services.

To see or edit setting information:

1. Click the cogwheel icon next to the On/Off lever.

   The blade settings window opens.

2. View the details or select options to change current settings.
3. Click Apply.

To view statistics:

1. Click the bar graph icon.

   The blade statistics window opens.

2. If the blade is turned on:
   1. View the graph and details.
   2. To go to other blade statistics, click the arrows in the header.
3. If the blade is turned off:
   1. Click View demo to see an example of the statistics shown.
   2. Click the X icon to close the demo.

To view an alert:

1. Hover over the alert triangle.
2. Click the applicable link.

Cloud Services

On the Home > Cloud Services page, you can connect the appliance to Cloud Services. The Cloud Services Provider uses a Web-based application to manage, configure, and monitor your appliance.

To connect the appliance to Cloud Services:

1. Click the activation link in the email that the Security Gateway owner gets from the Cloud Services Provider.
2. Log in.

   A window opens and shows the activation details sent in the email.

3. Make sure the activation details are correct and click Connect.

   If the appliance is connected to a different Cloud Services Provider, you are asked if you want to continue.

Alternatively, follow the connection procedure below.

When you successfully connect, a security policy and other settings are pushed to the appliance. The settings defined by Cloud Services contain your activated blades, security policy, and service settings.

After Cloud Services are turned on, these identification details are shown in the WebUI:

• At the bottom of the login page - The name defined by the Cloud Services Provider for your Security Gateway and the MAC address of the Check Point Appliance.
• At the top of the WebUI application (near the search box) - The name of your Check Point Appliance.

These are the sections on this page:

• Cloud Services - This section shows Cloud Services details.
  • The Configure option lets you configure initial connectivity.
  • When connected, you can click Details to see connectivity details and Fetch now to get updated activated blades, security policy and service settings.
  • When disconnected, you can click Refresh to try and reconnect to Cloud Services.
• Managed Security Blades - Shows a colorful or black and white icon for defined security blades. You can click the icon text to open the corresponding page in the WebUI.
  • Dark blue icon - Shown for a blade that is remotely managed by Cloud Services. The blade is turned on in the plan.

    Remotely managed blade pages show a lock icon. You cannot toggle between the on and off states. If you change other policy settings, the change is temporary. Any changes made locally are overridden in the next synchronization between the gateway and Cloud Services.

  • Gray icon - Shown for a blade that is remotely managed by Cloud Services. The blade is turned off in the plan.
  • No icon - Shown for a security blade that is locally managed in the Check Point Appliance. The blade is not managed by Cloud Services.

  If no blades are remotely managed, all of the blades icons are gray.

• Available Services - Shows the services that are managed by the Cloud Services Provider. If a service has a Settings button, you can click it to show read-only setting information. You cannot change the setting information. Services in a gray font show services that are not provided by Cloud Services.

  These are the available services:

  • Reports - Periodic network and security reports sent by email. Click Settings to see the time frames set for your gateway.
  • Logs - Logs are stored with the Cloud Services Provider.
  • Dynamic DNS - A persistent domain name is set by Cloud Services.
  • Firmware Upgrades - Firmware upgrades are managed remotely by Cloud Services.
  • Periodic Backup - Backups are scheduled by Cloud Services.

Before you can connect to Cloud Services, make sure you have:

• Received an email from your Cloud Services Provider that contains an activation key for your Check Point Appliance and also an activation link

Or

• The Service Center IP address, the Check Point Appliance gateway ID, and the registration key

Workflow to connect to Cloud Services:

1. Connect to Cloud Services Provider and establish a secure connection.

   Make sure the gateway registration information is correct.

2. Get the security policy and settings.
3. Install the security policy and settings.

When you connect for the first time, the appliance must verify the certificate of the Cloud Services Provider against its trusted Certificate Authority list. If verification fails, you get a notification message. You can stop or ignore the verification message and continue.

To connect to Cloud Services:

1. Click Configure or Edit.

   The Configure Cloud Services window opens.

2. Select Activation key or Activation details and enter the specified information.
3. Click Apply.

   The Check Point Appliance tries to connect to the Cloud Services Provider. The Cloud Services section shows a progress indicator and shows the connection steps.

Note - If you see a message that the identity of your Cloud Services Provider cannot be verified but you are sure of its identification, click Resolve and then Ignore and reconnect.

When connectivity is established, the Cloud Services section at the top of the page shows:

• The date of the synchronization
• The On/Off lever shows that Cloud Services is turned on.

A Cloud Services Server widget is shown on the status bar and shows Connected. If you click this widget, the Cloud Services page opens.

To test connectivity to the cloud service:

1. Open a console connection.
2. Log in.
3. Enter this CLI command:
   test cloud-connectivity <service-center-addr> addr

To get an updated security policy, activated blades, and service settings:

Click Fetch now.

The Check Point Appliance gets the latest policy, activated blades, and service settings from Cloud Services.

License

The Home > License page shows the license state for the software blades. From this page, the appliance can connect to the Check Point User Center with its credentials to pull the license information and activate the appliance.

In most cases, you must first register the appliance in your Check Point User Center account or create one if you don't already have one. A User Center account is necessary to receive support and updates.

If you have Internet connectivity configured:

1. Go to Home > License.
2. Click Activate License.

   You are notified that you successfully activated the appliance license.

If you were not able to activate the license, it may be because:

• There is a connectivity issue such as a proxy between your appliance and the Internet.

  Or

• Your appliance is not registered.

If there is a proxy between your appliance and the Internet, you must configure the proxy details before you can activate your license.

To configure the proxy details:

1. Click Set proxy.
2. Select Use proxy server and enter the proxy server Address and Port.
3. Click Apply.
4. Click Activate License.

If your appliance is not registered:

1. Browse to https://smbregistration.checkpoint.com.
2. Enter the MAC address and Registration key. These values can be found on the Home > License page.
3. Select Hardware Platform.
4. Select Hardware Model.
5. Click Activate License.

   You are notified that you successfully activated the appliance license.

After initial activation, the Activate License button shows as Reactivate. If you make changes to your license, click Reactivate to get the updated license information.

If you are offline while configuring the appliance:

1. Browse to https://usercenter.checkpoint.com.
2. Enter the appliance's credentials, MAC address, and registration key from the Home > License page.
3. After you complete the registration wizard, you are prompted to download the activation file. Download it to a local location. This is needed for the next step.
4. In Home > License, click Offline.

   The Import Activation File window opens.

5. Browse to the activation file you downloaded and click Import.

   The activation process starts.

Site Map

The Home > Site Map page shows a site map of the WebUI. It shows all of the tabs and the pages they contain.

Click the link to any page directly from the Site Map page.

Active Devices

The Active Devices page shows a list of the devices identified in internal networks. The information includes:

• Object name
• MAC Address
• IP addresses

  Note - If a host has both IPv4 and IPv6 addresses, there will be a single entry in the table.

• Device/User Name - Shows a device/user name if the information is available to the Check Point Appliance through DHCP or user awareness.
• Services - Shows incoming and outgoing services. Incoming services usually indicate servers.
• Zone - Shows if the appliance is connected physically or through a wireless connection.
• Traffic - Shows upload and download packet rates for all IP addresses when traffic monitoring is active. Note - Traffic monitoring does not differentiate between IPv4 and IPv6 addresses.

Manage the display:

• Save as - Save a selected device as a network object or server.

  When you select this option, the New Network Object window or New Server Wizard opens. Enter the information in the fields and click Apply. Use these objects to reserve IP addresses to MAC addresses in the DHCP server and also add this object name as a host in the local DNS service. Network objects and server objects can be used in the security configurations, for example in the Access Policy and IPS exceptions.

  A server object also allows you to configure access and NAT if applicable as part of the object. If access and/or NAT are configured, automatic access rules are created in the Access Policy Rule Base.

• Filter - Filter the list by servers, active devices, or known devices.
• Details - Select a row in the list and click Details to show additional properties of the device.
• Refresh - Refresh the information in the list.
• Start/Stop Traffic Monitor - Gather upload and download packet rates for active devices. The information is shown in the added Traffic column in the table.

  This operation may affect performance.
  To stop, click Stop Traffic Monitoring.

The display shows the devices connected to the gateway through a Hotspot. You can revoke the Hotspot access for one or more devices. This disconnects the device from the gateway and requires the device to log in again through the Hotspot.

To revoke the Hotspot access:

1. Click the record for the relevant device.
2. Click Revoke Hotspot Access.

   The access for that device is revoked. You must log in again through the Hotspot to reconnect the device to the gateway.

Note - If there is no IPv6 activity in a dual stack host, the Active devices do not show the IPv6 address.

Note - This page is available from the Home and Logs & Monitoring tabs.

Monitoring

The Monitoring page shows network, security, and troubleshooting information. When you enter this page, the latest data shows. You can click Refresh to update information. To see a sample monitoring report, click Demo. To close the sample reports, click Back.

The number of current connections in the system is shown for VPN Tunnels, Active Devices, and Connections. You can click the links to open the corresponding WebUI pages.

The Monitoring page is divided into these sections:

• Network
• Security
• Troubleshooting

To expand or collapse the sections, click the arrow icon in the section's title bar.

Network

By default, network statistics are shown for the last hour. You can also see statistics for the last day. Select the applicable option Last hour or Last day from the Network section's title bar.

The data is automatically refreshed for the time period:
Last hour - At one minute intervals. For example, if you generate a report at 10:15:45 AM, the report represents data from 9:15 to 10:15 AM.
Last day - At hourly intervals. For example, if you generate a report at 10:15 AM, the report represents data from the last 24 hours ending at 10:00 AM of the current day.

• Bandwidth Usage - The doughnut chart shows the top 10 applications or users that consumed the most bandwidth in the selected time frame (last hour or last day). Click the Applications or Users links to toggle between the statistics. To show user information the User Awareness blade must be activated.
• Top Bandwidth Consuming - Shows statistics for the top bandwidth consuming application, category, site, and user in percentages and the amount of traffic (MB or GB).
• Traffic - By default, shows the total amount of traffic received and sent in an area graph. The time axis reflects the time frame (last hour or last day) selected for the Network section. For last hour, the graph shows 5 minute intervals and for last day, hourly intervals. You can click the Received and Sent links to see only the amount of traffic received or sent. The orange area on the graph represents sent traffic. The blue area represents received traffic.

  If you hover over a time interval, a popup box shows:

  • The date and time
  • The traffic sent or received
  • The total traffic for that time interval
• Total traffic statistics - Next to the area graph you can see total traffic statistics for the last day or hour.

Security

• Infected hosts - Shows the number of:
  • Infected hosts
  • Infected servers
  • Recently active infected hosts

  You can click All Infected Hosts to open the Logs & Monitoring > Infected Hosts page.

• High risk applications - Shows:
  • The number of high risk applications
  • The most used high risk applications
  • The top users of high risk applications.

  You can click Applications Blade Control to open the Access Policy > Firewall Blade Control page to see Applications and URL Filtering settings.

• Security events - Shows the number of:
  • Anti-Bot - Malwares detected by the Security Gateway.
  • Anti-Virus - Malwares detected by the Security Gateway.
  • Threat Emulation - Malicious files found since the last reboot and how many files scanned.
  • The number of IPS attacks.

  You can click the links to open the Threat Prevention > Blade Control page.

Troubleshooting

• System Resources - Click CPU, memory and disk usage to see CPU, memory, and disk usage information.
• Device Info - Shows Security Gateway information.
• Links to pages that can be useful for monitoring and troubleshooting purposes.

Note - This page is available from the Home and Logs & Monitoring tabs.

Reports

The Reports page shows network analysis, security analysis, and infected hosts reports by a selected time frame (monthly, weekly, daily, and hourly).

These elements influence the times shown in reports:

• Rounding off of time
• System reboot

Rounding Off of Time

The times shown in generated reports are rounded down:

• For hourly reports - At one minute intervals. For example, if you generate a report at 10:15:45 AM, the report represents data from 9:15 to 10:15.
• For daily reports - At hourly intervals. For example, if you generate a report at 10:15 AM, the report represents data from the last 24 hours ending at 10:00 AM of the current day.
• For weekly reports - At four hour intervals, starting with 00:00, 04:00, 08:00 and so on. For example, if you generate a report at 11:55 AM, the report represents data from the last week ending at 08:00 AM of the current day.
• For monthly reports - At four hour intervals, starting with 00:00, 04:00, 08:00, 12:00 and so on. For example, if you generate a report at 11:15 AM, the report represents data from the last month ending at 08:00 AM of the current day.

System Reboot

In the first 24 hour cycle after an appliance starts up (after installation or an update), the system adds one more time interval to the delta of the next applicable report interval.

For example, for weekly reports that are generated at pair hour intervals, the appliance requires 1 more hours plus the delta for the first applicable pair hour.

• For an appliance that started at 00:00 AM - The first weekly report is generated at 04:00 AM. The total of 4 hours derives from the first delta of the first applicable pair hour which is 02:00 and the added 2 hours. The total wait is 4 hours.
• For an appliance that started at 01:59 AM - The first weekly report is generated at 04:00 AM. The generated time derives from the delta of the first applicable pair hour which is 02:00 and the added 2 hours. The total wait is 2 hours.

After you start up an appliance, reports are generated:

• Hourly reports - 2-3 minutes from startup.
• Daily reports - 1-2 hours from startup.
• Weekly reports - 2-4 hours from startup.
• Monthly reports - 4-8 hours from startup.

Note - Only the last generated report for each report type is saved in the appliance. When you generate a new report, you override the last saved report for the specified type.

To generate a report:

Click the applicable time frame link at the top of the page (Monthly, Weekly, Daily or Hourly).

The line below the links shows the selected report and its time frame. To refresh the data shown, click Generate.

The report includes these sections:

• Executive Summary
• Table of Contents
• Report Pages

Executive Summary

The first page of the report is the executive summary and shows:

• The number of Anti-Bot, Anti-Virus, and Threat Emulation malware detected by the Security Gateway and the number of IPS attacks.
• Top bandwidth consuming statistics by category, site, and user. You can click the Top category, Top site, or Top user link to get to the applicable report page. It also shows Bandwidth Usage by Applications statistics for the top 5 applications in a doughnut chart and total traffic received and sent.
• The number of infected hosts, servers, and recently active infected hosts.
• The number of high risk applications, the most used high risk applications, and the top users of high risk applications.
• The Security Gateway name, version, and MAC address.

Table of Contents

The table of contents contains links to the network analysis, security analysis, and infected hosts reports. Click a link to go directly to the selected section.

Report Pages

Each report page shows a detailed graph, table, and descriptions.

Note - This page is available from the Home and Logs & Monitoring tabs.

Tools

On the Tools page you can:

• Monitor system resources.
• Show the routing table.
• Verify the appliance connectivity to Cloud Services.
• Display DSL Statistics (DSL models only)
• Generate a CPInfo file.
• Ping or trace an IP address.
• Perform a DNS lookup.
• Capture packets.
• Download the console-USB driver

To monitor system resources:

1. Click Monitor System Resources. The System Resources page opens and shows the following information:
   • CPU Usage History (automatically refreshed)
   • Memory Usage History - memory is calculated without memory that was preallocated to handle traffic and without cache memory. This gives a more accurate picture of the actual memory usage in the appliance but it may differ from figures you receive from Linux tools. The information is automatically refreshed.
   • Disk Usage - click the Refresh button for the most updated disk usage information.
2. Click Close to return to the Tools page.

To show the routing table:

1. Click Show Routing Table. The output appears in the Command Output window.
2. Click Close to return to the Tools page.

To verify the appliance connectivity to Cloud Services:

Click Test Cloud Services Ports.

The Cloud Services Ports Test window opens and shows the available ports and their state.

To display DSL statistics:

Click DSL Statistics. A window opens and shows the statistic parameters.

To generate a CPInfo file:

1. Click Generate CPInfo File. A message next to the button shows the progress.
2. Click Download CPInfo File to view or save the CPInfo file.

To ping or trace an IP address:

1. Enter an IP or host name in the Host Name or IP Address field.
2. Click Ping or Trace Route. The output appears in the Command Output window.
3. Click Close to return to the Tools page.

To perform a DNS lookup:

1. Enter a Host Name or IP Address.
2. Click Lookup. The output appears in the Command Output window.
3. Click Close to return to the Tools page.

To capture packets:

If a packet capture file exists, a note shows the date of the file and you can download it before you start a new packet capture that overwrites the existing file.

1. Select an option from the Select Network list.
2. Click Start and then Stop when you want to stop packet capturing.
3. Click Download File to view or save the capture file.

You can activate packet capture and go to other WebUI application pages while the packet capture runs in the background. However, the packet capture stops automatically if the WebUI session ends. Make sure you return to the packet capture page, stop and download the capture result before you end the WebUI session.

Note - The capture utility uses tcpdump. "fw monitor" is available through the command line interface.

When the mini-USB is used as a console connector, Windows does not automatically detect and download the driver needed for serial communication. You must manually install the driver. For more information, see sk111713.

To download the Windows driver for Mini-USB console socket:

Click the Download link.

Note - This page is available from the Home, Device, and Logs & Monitoring tabs.