What can I do here?
Use this window to:
Getting Here - SmartConsole for Multi-Domain Server > Multi Domain > Global Assignments |
The Global Domain is a collection of rules, objects and settings shared with all Domains or with specific Domains. The system automatically creates the Global Domain when you install Multi-Domain Security Management. You cannot delete the Global Domain.
You organize global rules, objects and settings into global configurations. Each global configuration can include one or more of these components:
To connect to the Global Domain:
A SmartConsole instance opens for the Global Domain.
This section includes basic procedures for working the contents of the Global Domain.
When connected to the Global Domain you can:
These activities are not supported in this release:
This section is a general overview of the procedure for defining rules in global Policies. To learn more about Policy rules and their configuration procedures, see the R80.10 Security Management Administration Guide .
Global Policy Layers have one placeholder for local Domain rules. You can create global rules above and below this placeholder. In the local Domain Policy Layer, you define local rules in the placeholder. If there are no local Domain rules, the placeholder can be empty.
The position of rules in Domain Policy Layers defines the order in which they are enforced. It is important to put rules in the correct sequence. Global Policy Layers do not have implied rules, but implied rules can be inherited from global properties in local Domains.
Best Practice - Define a global cleanup rule in each Policy Layer.
There is no NAT Rule Base in the Global Domain and you cannot define NAT settings there. You must define NAT rules manually in Domain Policy Layers.
Workflow for global Domain Policy Layers:
A SmartConsole instance opens for the Global Domain.
The system creates a task, during which these actions occur:
Use global objects in global configuration rules. Global objects work much in the same way as objects in local Policy rules.
The Global Domain includes many, predefined global objects for your convenience. These default global objects are visible (read only), in the Global Domain. You cannot delete or change them.
You can create, change or delete user-defined global objects in the Global Domain only. Global objects are visible in local Domains in the read-only mode.
Important - Before you delete a global object, make sure that no global or local policy rules use this global object. This can cause errors when you reassign global configurations.
To add a new global object:
You can also create a new global object with the Object Explorer.
To change a user-defined global object, select it in the Object Explorer, and then change the applicable settings.
To delete a user-defined object, select it in the Object Explorer and click Delete.
Important - After you complete the global object task, assign or reassign the global configuration to the applicable Domains. This action automatically:
Check Point continuously develops and improves its protections against emerging threats. You can manually update the database with latest IPS protections. You must also configure the Global Domain to automatically download contracts and other important data.
Note - Security Gateways with IPS enabled only get the updates after you install Policy.
For troubleshooting or for performance tuning, you can revert to an earlier IPS protection package.
To manually update the IPS protections:
To revert to an earlier protection package:
To make sure that Contract Downloads is enabled:
This parameter is enabled by default. If it is not enabled, select it.
Check Point constantly develops and improves its protections against the latest threats. You can manually update the Application and URL Filtering database with the latest applications and URLs.
To manually update the Application and URL Filtering protections: