Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

Enabling SmartProvisioning

In This Section:

Managing SmartProvisioning Components

Activating SmartProvisioning

Preparing Security Gateways

Preparing UTM-1 Edge Gateways

Managing SmartProvisioning Components

SmartProvisioning is an integral part of the Security Management or the Domain Management Server.

To use SmartProvisioning on the Security Management Server or the Domain Management Server, you must obtain and add a SmartProvisioning license to the Security Management Server or Domain Management Server.

Enabling of SmartProvisioning includes configuration of:

  • SmartLSM Security Gateways
  • Corporate Office Gateways
  • Provisioned Gateways
  • SmartProvisioning GUI

Activating SmartProvisioning

SmartProvisioning is an integral part of the Security Management Server or Domain Management Server.

To enable SmartProvisioning on the Security Management Server:

  1. Obtain a SmartProvisioning license. This license is required to activate SmartProvisioning functionality.
  2. Add the license to the Security Management Server or Domain Management Server, with cpconfig or SmartUpdate.

    You can also use the cplic command to add the license.

  3. For a Domain in a Domain Management Server, do these steps:
    1. Enable SmartProvisioning.
    2. From the CLI, set the Domain. Run mdsenv <Domain IP address or name>
    3. Run LSMenabler on

    This message is displayed: Check Point services should be restarted. Restart now (y/n) [y] ?

  4. Enter y to restart the Check Point services.

To verify that SmartProvisioning is enabled:

  1. Connect to the Security Management Server or to the Domain Management Server using SmartDashboard.
  2. Edit the Security Management object.
  3. In the General Properties page of the Security Management object, in the Software Blades section, Management tab, ensure Provisioning is selected. It is selected if the license for SmartProvisioning is installed.

Preparing Security Gateways

Preparing SmartLSM Security Gateways

SmartLSM Security Gateway is a Check Point gateway that has an assigned SmartLSM Security Profile. SmartLSM Security Gateways may, or may not, be enabled for provisioning.

To prepare a SmartLSM Security Gateway:

  1. From the CLI, run these commands:

    LSMenabler -r on

    cpstop

    cpstart

  2. Run cpconfig

    The Check Point Configuration Tool (cpconfig) opens.

  3. Go to the ROBO Interfaces page and define an External interface.

    After you finish installing of SmartProvisioning on the Security Gateways and the Security Management Server or Domain Management Server, open SmartDashboard and create a Security Policy and a SmartLSM Security Profile.

To prepare the SmartLSM Security Gateway objects:

  1. In SmartDashboard select File > New, create a Security Policy and save it.
  2. In the Network Objects tree, right-click Check Point and select SmartLSM Profile > Check Point Appliance/Open Server Gateway or Small Office Appliance Gateway (for Small Office Appliance and Security Gateway 80 objects).
  3. In the SmartLSM Security Profile window, configure the settings for the SmartLSM Security Profile.
  4. Click OK.
  5. Install the Security Policy on the SmartLSM Security Profile.
    1. Select Policy > Install.

      The Install Policy window opens.

    2. Select the SmartLSM Security Profile object as an Installation Target.
    3. Click OK.

      Do these steps again for each SmartLSM Security Profile. Make a new profile for each type of appliance or server.

  6. Close SmartDashboard.
  7. Open SmartProvisioning and add the SmartLSM Security Gateways.

Preparing CO Gateways

A Corporate Office (CO) gateway represents the center of a Star VPN, in which the satellites are SmartLSM Security Gateways. The CO gateway may, or may not, be enabled for provisioning.

To prepare a CO gateway:

  1. On the Check Point Security Gateway, execute the command:
    LSMenabler on
  2. Open SmartDashboard and do the following:
    1. In the VPN tab, right click and select New Community > Star.
    2. In the Star Community Properties window, select Center Gateways and add the CO gateway.
    3. In Satellite Gateways, add SmartLSM Security Profiles as required.
  3. Close SmartDashboard.
  4. In SmartProvisioning, right-click the CO gateway and select Update selected CO Gateway.

Preparing UTM-1 Edge Gateways

A UTM-1 Edge device is configured with Safe @ or Edge firmware. Contact Technical Support for the firmware version that supports SmartProvisioning.

Configure SmartProvisioning to recognize the firmware of a UTM-1 Edge gateway.

To configure firmware:

  1. In a Devices work space, right-click a UTM-1 Edge gateway and select Edit Gateway.
  2. In the UTM-1 Edge [SmartLSM] Gateway window, select the Firmware tab.
  3. Select the option for this UTM-1 Edge SmartLSM Security Gateway.
    • Use default: Firmware defined as Default in SmartUpdate.
    • Use SmartLSM Security Gateway's installed firmware: Firmware currently installed on a UTM-1 Edge SmartLSM Security Gateway.
    • Use the following firmware: Firmware to be uploaded (with SmartUpdate) to the UTM-1 Edge gateway.
  
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print