Print Download PDF Send Feedback

Previous

Next

Installing an Endpoint Server

In This Section:

Installing an Endpoint Security Management Server

Installing an Endpoint Policy Server

Services Connection Port on an Endpoint Security Management Server

Disk Space on an Endpoint Security Management Server

Installing an Endpoint Security Management Server

Workflow:

  1. Install the Endpoint Security Management Server.
  2. Configure the Endpoint Security Management Server object in SmartConsole.

Step 1 of 2: Install the Endpoint Security Management Server

Step

Description

1

Install the Gaia Operating System:

2

Run the Gaia First Time Configuration Wizard.

3

During the First Time Configuration Wizard, you must configure these settings:

  • In the Installation Type window, select Security Gateway and/or Security Management.
  • In the Products window:
    1. In the Products section, select Security Management only.
    2. In the Clustering section, in the Define Security Management as field, select Primary.
  • In the Security Management GUI Clients window, configure the applicable allowed computers:
    • Any IP Address - Allows all computers to connect.
    • This machine - Allows only the single specified computer to connect.
    • Network - Allows all computers on the specified network to connect.
    • Range of IPv4 addresses - Allows all computers in the specified range to connect.

Step 2 of 2: Perform initial configuration in SmartConsole

Step

Description

1

Connect with SmartConsole to the Security Management Server.

2

From the left navigation panel, click Gateways & Servers.

3

Open the Security Management Server object.

4

On the General Properties page, click the Management tab.

5

Enable the Endpoint Policy Management blade.

6

Click OK.

7

In the SmartConsole top left corner, click Menu > Install database.

8

Select all objects.

9

Click Install.

10

Click OK.

For more information:

See the R80.20 Endpoint Security Management Server Administration Guide.

Installing an Endpoint Policy Server

Workflow:

  1. Install a dedicated Endpoint Security Management Server.
  2. Install a dedicated Endpoint Policy Server.
  3. Configure the Endpoint Policy Server object in SmartConsole.

Step 1 of 3: Install the dedicated Endpoint Security Management Server

Follow the instructions in Installing an Endpoint Security Management Server.

Step 2 of 3: Install the dedicated Endpoint Policy Server

Follow the instructions in Installing a Dedicated Log Server or SmartEvent Server (only the installation step).

Step 3 of 3: Perform initial configuration in SmartConsole

Step

Description

1

Connect with SmartConsole to the Endpoint Security Management Server.

2

From the left navigation panel, click Gateways & Servers.

3

Create a new Check Point Host object that represents the Endpoint Policy Server in one of these ways:

  • From the top toolbar, click the New (Star icon) > More > Check Point Host.
  • In the top left corner, click Objects menu > More object types > Network Object > Gateways & Servers > New Check Point Host.
  • In the top right corner, click Objects Pane > New > More > Network Object > Gateways and Servers > Check Point Host.

4

Click the General Properties page.

5

In the Name field, enter the desired name.

6

In the IPv4 Address and IPv6 Address fields, enter the applicable IP addresses.

7

In the Platform section:

  • In the Hardware field, select the applicable option
  • In the Version field, select R80.20
  • In the OS field, select Gaia

8

On the Management tab, select both the Endpoint Policy Management and Logging & Status Software Blades.

9

Establish the Secure Internal Communication (SIC) between the Endpoint Security Management Server and the Endpoint Policy Server:

  1. In the Secure Internal Communication field, click Communication.
  2. Enter the same Activation Key you entered during the First Time Configuration Wizard of this dedicated Log Server.
  3. Click Initialize. The Trust state field must show Established.
  4. Click Close.

10

Click OK.

11

In the SmartConsole top left corner, click Menu > Install database.

12

Select all objects.

13

Click Install.

14

Click OK.

For more information:

See the R80.20 Endpoint Security Management Server Administration Guide.

Services Connection Port on an Endpoint Security Management Server

When you enable the Endpoint Policy Management blade on a Security Management Server, the connection to these services automatically changes from the default port 443 to port 4434:

Service

URL

 

Gaia Portal

Default

https://<Gaia IP Address>

 

New

https://<Gaia IP Address>:4434

SmartView Web Application

Default

https://<Management Server IP Address>/smartview/

 

New

https://<Management Server IP Address>:4434/smartview/

Management API Web Services

Default

https://<Management Server IP Address>/web_api/<command>

 

New

https://<Management Server IP Address>:4434/web_api/<command>

If you disable the Endpoint Policy Management blade, the services connection port automatically changes back to the default 443.

Disk Space on an Endpoint Security Management Server

We recommend that you have at least 10 GB available for Endpoint Security in the root partition.

Client packages and main release files are stored in the root partition:

Note - To make future upgrades easier, we recommend that you use a larger disk size than necessary in this deployment.