Enabling SmartProvisioning
Managing SmartProvisioning Components
SmartProvisioning is an integral part of the Security Management or the Domain Management Server.
To use SmartProvisioning on the Security Management Server or the Domain Management Server, you must obtain and add a SmartProvisioning license to the Security Management Server or Domain Management Server.
Enabling of SmartProvisioning includes configuration of:
- SmartLSM Security Gateways
- Corporate Office Gateways
- Provisioned Gateways
- SmartProvisioning GUI
Activating SmartProvisioning
SmartProvisioning is an integral part of the Security Management Server or Domain Management Server.
To enable SmartProvisioning on the Security Management Server:
- Obtain a SmartProvisioning license. This license is required to activate SmartProvisioning functionality.
- Add the license to the Security Management Server or Domain Management Server, with cpconfig or SmartUpdate.
You can also use the cplic command to add the license.
- For a Domain in a Domain Management Server, do these steps:
- Enable SmartProvisioning.
- From the CLI, set the Domain. Run
mdsenv <Domain IP address or name> - Run
LSMenabler on
This message is displayed: Check Point services should be restarted. Restart now (y/n) [y] ?
- Enter to restart the Check Point services.
To verify that SmartProvisioning is enabled:
- Connect to the Security Management Server or to the Domain Management Server using SmartDashboard.
- Edit the Security Management object.
- In the General Properties page of the Security Management object, in the Software Blades section, Management tab, ensure Provisioning is selected. It is selected if the license for SmartProvisioning is installed.
Preparing Security Gateways
Preparing SmartLSM Security Gateways
SmartLSM Security Gateway is a Check Point gateway that has an assigned SmartLSM Security Profile. SmartLSM Security Gateways may, or may not, be enabled for provisioning.
To prepare a SmartLSM Security Gateway:
- From the CLI, run these commands:
LSMenabler -r on
cpstop
cpstart
- Run
cpconfig The Check Point Configuration Tool (cpconfig ) opens.
- Go to the page and define an interface.
After you finish installing of SmartProvisioning on the Security Gateways and the Security Management Server or Domain Management Server, open SmartDashboard and create a Security Policy and a SmartLSM Security Profile.
To prepare the SmartLSM Security Gateway objects:
- In SmartDashboard select , create a Security Policy and save it.
- In the tree, right-click and select or (for Small Office Appliance and Security Gateway 80 objects).
- In the window, configure the settings for the SmartLSM Security Profile.
- Click .
- Install the Security Policy on the SmartLSM Security Profile.
- Select.
The window opens.
- Select the SmartLSM Security Profile object as an .
- Click .
Do these steps again for each SmartLSM Security Profile. Make a new profile for each type of appliance or server.
- Close SmartDashboard.
- Open SmartProvisioning and add the SmartLSM Security Gateways.
Preparing CO Gateways
A Corporate Office (CO) gateway represents the center of a Star VPN, in which the satellites are SmartLSM Security Gateways. The CO gateway may, or may not, be enabled for provisioning.
To prepare a CO gateway:
- On the Check Point Security Gateway, execute the command:
LSMenabler on - Open SmartDashboard and do the following:
- In the VPN tab, right click and select New Community > Star.
- In the Star Community Properties window, select Center Gateways and add the CO gateway.
- In Satellite Gateways, add SmartLSM Security Profiles as required.
- Close SmartDashboard.
- In SmartProvisioning, right-click the CO gateway and select Update selected CO Gateway.
Preparing UTM-1 Edge Gateways
A UTM-1 Edge device is configured with Safe @ or Edge firmware. Contact Technical Support for the firmware version that supports SmartProvisioning.
Configure SmartProvisioning to recognize the firmware of a UTM-1 Edge gateway.
To configure firmware:
- In a Devices work space, right-click a UTM-1 Edge gateway and select Edit Gateway.
- In the UTM-1 Edge [SmartLSM] Gateway window, select the Firmware tab.
- Select the option for this UTM-1 Edge SmartLSM Security Gateway.
- Use default: Firmware defined as Default in SmartUpdate.
- Use SmartLSM Security Gateway's installed firmware: Firmware currently installed on a UTM-1 Edge SmartLSM Security Gateway.
- Use the following firmware: Firmware to be uploaded (with SmartUpdate) to the UTM-1 Edge gateway.
|
|