|
|
|
In This Section: |
Check Point Multi-Domain Security Management is a centralized management solution for large-scale, distributed environments with many discrete network segments, each with different security requirements. This solution lets administrators create Domains based on geography, business units or security functions to strengthen security and simplify management.
Each Domain has its own Security Policies, network objects and other configuration settings. You use the Global Domain for common security Policies that apply to all or to specified Domains. The Global Domain also includes network objects and other configuration settings that are common to all or to specified Domains.
This Administration Guide includes conceptual information and procedures for working with Check Point Multi-Domain Management features only.
This section is a brief introduction to the main components of the Multi-Domain Management environment.
A Multi-Domain Server is a physical server that contains the Domain Management Servers, Security Policies, system data, and Multi-Domain Management system software. You connect to a Multi-Domain Server to work with Multi-Domain Management features, objects, and configuration settings. This includes:
You can create a High Availability and/or Load Sharing deployment with two or more, synchronized Multi-Domain Servers.
A Domain is a virtual object that defines a network or a collection of networks related to an entity. You can define a Domain for a company, business unit, department, branch or geographical location. For example, a cloud service provider typically has one Domain for each customer. A bank can have one Domain for each geographical region, state, or country.
A Domain Management Server is the functional equivalent of a Security Management Server in a single-domain environment. You connect directly to a Domain Management Server with SmartConsole to manage a Domain and its components:
To learn more about working with SmartConsole to manage Domains, see the R80.30 Security Management Administration Guide.
There can be more than one Domain Management Server for a Domain in a High Availability deployment, each on a different Multi-Domain Server. One Domain Management Server is Active, and the other, fully synchronized Domain Management Servers are Standby.
A typical Multi-Domain Management deployment includes, at least one Multi-Domain Log Server to hold log files generated by Domain Security Gateways. Each Domain can have its own Domain Log Server on the Multi-Domain Log Server. This deployment strategy keeps log traffic isolated from other network traffic for better throughput.
This illustration shows a sample deployment with two Multi-Domain Servers and two Domains. The Multi-Domain Log Server contains two Domain Log Servers, one for each Domain.
Item |
Description |
|---|---|
1 |
London Multi-Domain Server with an Active Domain Management Server for London and a Standby Domain Management Server for Tokyo |
2 |
Multi-Domain Log Server with Domain Log Servers for London and Tokyo |
3 |
Tokyo Multi-Domain Server with an Active Domain Management Server for Tokyo and a Standby Domain Management Server for London |
4 |
Tokyo network |
5 |
London network |
6 |
Internet |
|
Active Domain Management Server |
|
Standby Domain Management Server |
|
Domain Log Server |
SmartConsole is the unified application of Check Point R80.x Security Management. The SmartConsole provides a consolidated solution for everything that is necessary for the security of your organization:
SmartConsole makes it easy to manage your Multi-Domain Management environment. Before you start to configure your cyber security environment and Policies, we recommend that you know the SmartConsole application.
Use the Multi-Domain view to manage Multi-Domain Servers, Domains, system objects, configuration settings and other features. You must log into a Multi-Domain Server to see the Multi-Domain view.
For a guided tour of Multi-Domain view, click the What's New button 
at the bottom left of the window. Click the < and > icons to scroll between the different What's New screens.
Multi-Domain view elements
Item |
Description |
|---|---|
1 |
View, as selected from the Navigation Toolbar and View tree |
2 |
Navigation toolbar |
3 |
Menu |
4 |
View tree |
5 |
Actions toolbar |
6 |
Session Management toolbar |
7 |
Validation tab |
8 |
Logged in administrator |
9 |
Server details area |
10 |
Task information area |
11 |
Management script commands and API |
Use SmartConsole to connect to a Multi-Domain Server when you work with Multi-Domain Management objects and settings. Use SmartConsole to connect to a Domain Management Server when you work with Domain Security Policies, rules, objects and configuration settings. You can also connect to Domains or specified Domain Management Servers from within the Multi-Domain view.
To connect to a Multi-Domain Server:
SmartConsole opens in the Domains view.
To connect directly to a Domain:
SmartConsole opens with the selected Domain Management Server.
To connect to a Domain Management Server from the SmartConsole Multi-Domain view:
Note - In a High Availability deployment, you can only make changes to a Domain from the active Domain Management Server. The active Domain Management Server shows with a black icon. If you connect to a standby Domain Management Server (white icon), SmartConsole opens in the Read Only mode.
The Gateways & Servers view shows all Security Gateway, Domain Management Server, and Domain Log Server objects in the Multi-Domain Management environment. This feature lets administrators, with applicable permissions, see and work with them in one convenient location.
You can double-click an object in this view to open its configuration window in the Domain's SmartConsole. For example, if you double-click, GW105 on the example below, the London_Server Domain Management Server opens in SmartConsole and shows the GW105 configuration window.
The Gateways & Servers view
