UTM-1 Edge SmartLSM Security Gateways
Creating UTM-1 Edge SmartLSM Security Profiles
When a SmartLSM Security Gateway is installed on a UTM-1 Edge device, the Check Point software is embedded. Features and maintenance for SmartLSM Security Gateways on UTM-1 Edge are somewhat different from similar procedures for SmartLSM Security Gateways on other hardware platforms.
Every SmartLSM Security Gateway must have a SmartLSM Security Profile, which fetches a Check Point Security Policy from the Security Management Server or Domain Management Server. This Security Policy determines the settings of the firewall. Before you can add any SmartLSM Security Gateway to SmartProvisioning, have the SmartLSM Security Profiles prepared in SmartDashboard.
This procedure describes how to create a SmartLSM Security Profile for UTM-1 Edge SmartLSM Security Gateways. After you have completed this, you can add the gateway objects to SmartProvisioning.
To create a UTM-1 Edge SmartLSM Security Profile:
- In SmartDashboard, open the Security Policy for your SmartLSM Security Gateways. If necessary, edit the policy. See the SmartDashboard online help or the R77 Security Management Administration Guide.
- Right-click the Network Objects tab and select New > SmartLSM Profile > UTM-1 Edge Gateway.
The SmartLSM UTM-1 Edge/Embedded Profile window opens.
- Define the SmartLSM Security Profile in this window. Refer to the online help for more information.
- Install the policy.
The new profile is not available until the policy is installed.
Adding UTM-1 Edge SmartLSM Security Gateways
This procedure describes how to add a UTM-1 Edge SmartLSM Security Gateway to the SmartProvisioning management.
Before you begin, you must have at least one SmartLSM Security Profile for UTM-1 Edge gateways.
To add a UTM-1 Edge SmartLSM Gateway to SmartProvisioning:
- In the SmartProvisioning navigation tree, click Devices.
From the SmartProvisioning menu, select File > New > UTM-1 Edge Gateway. A wizard opens, taking you through the definition steps.
- In the New UTM-1 Edge SmartLSM Gateway window, enter a name and optional comments.
Multi-Domain Security Management uses this name and we recommend that it is easy for those administrators to identify.
- In the More Information window, define these settings:
- SmartLSM Security Gateway - Select the gateway hardware.
- Security Profile - Select a SmartLSM Security Profile created in SmartDashboard.
- OS - Shows .
- Enable Provisioning - Select to enable provisioning for this gateway.
Clear this option if you are sure that Provisioning Profiles can have a negative impact on the gateway.
- No Provisioning Profile - Select to leave the actual assignment of Provisioning Profile for later.
- Provisioning Profile - Select a Provisioning Profile to assign to this gateway.
|
Note - This option is disabled for platforms that do not support SmartProvisioning.
|
- In the SmartLSM Security Gateway Communication Properties window, establish SIC Trust between the gateway and the management server using one of the below methods:
- Select Generate Registration Key automatically and click Generate. The Generated Registration Key window opens, displaying the key in clear text. Make note of the key (to enter it on the SmartLSM Security Gateway for SIC initialization) and then click Accept.
- Select Registration Key and provide an eight-character string to be the key. Enter it again in the Confirm Registration Key field.
In SmartLSM Gateway VPN Properties window, enable the I wish to create a VPN Certificate from the Internal CA option if the gateway is part of a VPN. If the gateway is not part of a VPN community in SmartDashboard, clear this option.
- In the Finished window, select the Edit SmartLSM Security Gateway properties after creation check box if you wish to edit or configure additional properties.
Handling New UTM-1 Edge SmartLSM Messages
This section explains how to handle a message that may appear after you finish the wizard to add a UTM-1 Edge SmartLSM Security Gateway, during the SmartProvisioning processing of the gateway object.
Registration Key is Missing
If you did not generate or select a Registration Key for SIC setup, a message opens:
'Registration Key' for the Gateway SIC setup is missing. Do you want to continue?
Click Yes to let SmartProvisioning add the gateway now and handle the SIC setup later, or click No and then Back to the Communication Properties page.
To handle the SIC setup after the gateway is added:
- Select the gateway in the work space and then select Edit > Edit Gateway.
- In the General tab, click New Key.
- In the Registration Key window, click Generate Key. After the key is provided, click Set.
- Click OK to close the Edit window.
Customized UTM-1 Edge Configurations
In SmartDashboard, you can view and edit the configuration script to ensure that a specific gateway will perform those commands when it rises. Any changes that you make to the script will be performed when the gateway fetches its SmartProvisioning settings.
To open the Configuration Scripts:
In the UTM-1 Edge SmartLSM Security Gateway window, click Configuration Script.
|