Print Download PDF Send Feedback

Previous

Next

Getting Started

In This Section:

Welcome

About this Guide

Basic Multi-Domain Management Components

SmartConsole

Welcome

Check Point Multi-Domain Security Management is a centralized management solution for large-scale, distributed environments with many discrete network segments, each with different security requirements. This solution lets administrators create Domains based on geography, business units or security functions to strengthen security and simplify management.

Each Domain has its own Security Policies, network objects and other configuration settings. You use the Global Domain for common security Policies that apply to all or to specified Domains. The Global Domain also includes network objects and other configuration settings that are common to all or to specified Domains.

About this Guide

This Administration Guide includes conceptual information and procedures for working with Check Point Multi-Domain Management features only.

Basic Multi-Domain Management Components

This section is a brief introduction to the main components of the Multi-Domain Management environment.

The Multi-Domain Server

A Multi-Domain Server is a physical server that contains the Domain Management Servers, Security Policies, system data, and Multi-Domain Management system software. You connect to a Multi-Domain Server to work with Multi-Domain Management features, objects, and configuration settings. This includes:

You can create a High Availability and/or Load Sharing deployment with two or more, synchronized Multi-Domain Servers.

Domain Management Servers

A Domain is a virtual object that defines a network or a collection of networks related to an entity. You can define a Domain for a company, business unit, department, branch or geographical location. For example, a cloud service provider typically has one Domain for each customer. A bank can have one Domain for each geographical region, state, or country.

A Domain Management Server is the functional equivalent of a Security Management Server in a single-domain environment. You connect directly to a Domain Management Server with SmartConsole to manage a Domain and its components:

To learn more about working with SmartConsole to manage Domains, see the R80.30 Security Management Administration Guide.

There can be more than one Domain Management Server for a Domain in a High Availability deployment, each on a different Multi-Domain Server. One Domain Management Server is Active, and the other, fully synchronized Domain Management Servers are Standby.

Domain Log Servers

A typical Multi-Domain Management deployment includes, at least one Multi-Domain Log Server to hold log files generated by Domain Security Gateways. Each Domain can have its own Domain Log Server on the Multi-Domain Log Server. This deployment strategy keeps log traffic isolated from other network traffic for better throughput.

This illustration shows a sample deployment with two Multi-Domain Servers and two Domains. The Multi-Domain Log Server contains two Domain Log Servers, one for each Domain.

Item

Description

1

London Multi-Domain Server with an Active Domain Management Server for London and a Standby Domain Management Server for Tokyo

2

Multi-Domain Log Server with Domain Log Servers for London and Tokyo

3

Tokyo Multi-Domain Server with an Active Domain Management Server for Tokyo and a Standby Domain Management Server for London

4

Tokyo network

5

London network

6

Internet

Active Domain Management Server

Standby Domain Management Server

Domain Log Server

SmartConsole

SmartConsole is the unified application of Check Point R80.x Security Management. The SmartConsole provides a consolidated solution for everything that is necessary for the security of your organization:

SmartConsole makes it easy to manage your Multi-Domain Management environment. Before you start to configure your cyber security environment and Policies, we recommend that you know the SmartConsole application.

Multi-Domain View

Use the Multi-Domain view to manage Multi-Domain Servers, Domains, system objects, configuration settings and other features. You must log into a Multi-Domain Server to see the Multi-Domain view.

For a guided tour of Multi-Domain view, click the What's New button at the bottom left of the window. Click the < and > icons to scroll between the different What's New screens.

Multi-Domain view elements

Item

Description

1

View, as selected from the Navigation Toolbar and View tree
(This example shows the Multi-Domain > Domains view)

2

Navigation toolbar

3

Menu

4

View tree

5

Actions toolbar

6

Session Management toolbar

7

Validation tab

8

Logged in administrator

9

Server details area

10

Task information area

11

Management script commands and API

Connecting to SmartConsole

Use SmartConsole to connect to a Multi-Domain Server when you work with Multi-Domain Management objects and settings. Use SmartConsole to connect to a Domain Management Server when you work with Domain Security Policies, rules, objects and configuration settings. You can also connect to Domains or specified Domain Management Servers from within the Multi-Domain view.

To connect to a Multi-Domain Server:

  1. Run SmartConsole.
  2. Enter your user name and password.
  3. Enter the Multi-Domain Server IP address, and then click Login.
  4. In the Welcome screen, select MDS from the list, and then click Proceed.

    SmartConsole opens in the Domains view.

To connect directly to a Domain:

  1. Run SmartConsole.
  2. Enter your user name and password.
  3. Enter the Multi-Domain Server IP address, and then click Login.
  4. In the Welcome screen, select a Domain from the list, and then click Proceed.

    SmartConsole opens with the selected Domain Management Server.

To connect to a Domain Management Server from the SmartConsole Multi-Domain view:

  1. Connect to a Multi-Domain Server with SmartConsole.
  2. In the Multi-Domain > Domains view, right-click the required Domain Management Server in the grid.
  3. Select Connect to Domain Server.

Note - In a High Availability deployment, you can only make changes to a Domain from the active Domain Management Server. The active Domain Management Server shows with a black icon. If you connect to a standby Domain Management Server (white icon), SmartConsole opens in the Read Only mode.

Gateways & Servers View

The Gateways & Servers view shows all Security Gateway, Domain Management Server, and Domain Log Server objects in the Multi-Domain Management environment. This feature lets administrators, with applicable permissions, see and work with them in one convenient location.

You can double-click an object in this view to open its configuration window in the Domain's SmartConsole. For example, if you double-click, GW105 on the example below, the London_Server Domain Management Server opens in SmartConsole and shows the GW105 configuration window.

The Gateways & Servers view