Print Download PDF Send Feedback

Previous

Next

Preferences and Management Settings

In This Section:

Database Revisions

Setting IP Address Versions of the Environment

Restoring Window Defaults

Configuring the Login Window

Testing New SmartConsole Features

Sync with User Center

Inspection Settings

Database Revisions

The Security Management architecture has built-in revisions. Each revision is a new restore point in the database. It contains only the changes from the previous revision. Revisions therefore need only a small amount of disk space, and are created fast. Other benefits of this architecture are:

This diagram shows the database revisions over time:

Database_Revisions

  1. Install
  2. Upgrade
  3. Publish
  4. Publish
  5. Publish

Working with Database Revisions

To see saved database versions:

In SmartConsole, go to Manage & Settings > Revisions.

To see the changes made during a specific revision:

  1. In the Manage & Settings > Revisions window, select revision.

    The bottom pane shows the audit logs of the changes made in the revision.

  2. Optional: Click View.

    A separate read-only SmartConsole session opens.

To delete all versions of the database that are older than the selected version:

  1. In the Manage & Settings > Revisions window, select a revision.
  2. Click Purge.
  3. In the confirmation window that opens, click Yes.

    Important - Deletion is irreversible. When you purge, that revision and older revisions are deleted permanently.

Managing a Crisis Using Database Revisions

Case

A connectivity or security problem after making changes to the policy and installing the policy

Solution

  1. Go to Security Policies > Installation History.
  2. In the Policy Installation History, choose the last known good version and click Install specific version.

    After a Gateway is safely installed, the Gateway has the last good revision, and the Security Management Server has the most recent revision.

  3. To see the changes made in the revision, browse the audit logs in the bottom pane of the revision.

 

 

Case

Network problem after downloading a Threat Prevention update and installing it on gateways.

Solution

  1. From Security Policies > Threat Prevention > Threat Tools > Updates, in the IPS section, choose an update that is known to be good.
  2. Click Switch to Version.
  3. Install the Threat Prevention Policy.

The Gateway gets that version of the IPS protections. Other network objects and policies do not change.

More Database Revision Scenarios:

Setting IP Address Versions of the Environment

Many objects and rules use IP addresses. Configure the version that your environment uses to see only relevant options.

To set IP address version:

  1. Click Manage & Settings.
  2. Click Preferences.
  3. Select the IP address version that your environment uses: IPv4, IPv6, or IPv4 and IPv6.
  4. Select how you want to see subnets: Mask Length or Subnet Mask.

Restoring Window Defaults

Some windows in the SmartConsole offer administrators the option to not see the window again. You can undo this selection, and restore all windows to show again.

This option is available only if administrators selected do not show in a window.

To restore windows from "do not show":

  1. Click Manage & Settings.
  2. Click Preferences.
  3. In the User Preferences area, click Restore All Messages.

Configuring the Login Window

Administrators in your environment use SmartConsole daily. Customize the Login window, to set the environment to comply with your organization's culture.

To customize the Login window:

  1. Click Manage & Settings.
  2. Click Preferences > Login Message.

    The Login Message window opens.

  3. Select Show custom message during login.
  4. In Customize Message, enter a Header and Message for administrators to see.

    The default suggestion is:
    Warning
    This system is for authorized use only

  5. If you want the message to have a warning icon, in Customize Layout, select Add warning sign.
  6. If you want the Login window to show your organization's logo, in Customize Layout, select Add logo and then Browse to an image file.

Testing New SmartConsole Features

You can influence Check Point product development by selecting and testing one or more of the new features listed here.

To test a new SmartConsole feature:

  1. Click Manage & Settings.
  2. Click Preferences.
  3. In the Check Point Lab area, select the feature you want to test:
    • Enable Session pane - Review all changes before you publish

Sync with User Center

You can add information regarding your environment to User Center, such as gateway name, version, and active blades. Check Point uses this additional information for better inventory management, pro-active support, and more efficient ticket resolution.

To learn more, see sk94064.

To sync with User Center:

  1. In SmartConsole, click Manage & Settings.
  2. Click Sync with User Center
  3. Select Synchronize information once a day.

Inspection Settings

You can configure inspection settings for the Firewall:

The Security Management Server comes with two preconfigured inspection profiles for the Firewall:

When you configure a Security Gateway, the Default Inspection profile is enabled for it. You can also assign the Recommended Inspection profile to the Security Gateway, or to create a custom profile and assign it to the Security Gateway.

To activate the Inspection Settings, install the Access Control Policy.

Note - In a pre-R80 SmartConsole, Inspection Settings are configured as IPS Protections.

Configuring Inspection Settings

To configure Inspection Settings:

  1. In SmartConsole, go to the Manage & Settings > Blades view.
  2. In the General section, click Inspection Settings.

    The Inspection Settings window opens.

You can:

To edit a setting:

  1. In the Inspection Settings > General view, select a setting.
  2. Click Edit.
  3. In the window that opens, select a profile, and click Edit.

    The settings window opens.

  4. Select the Main Action:
    • Default Action - preconfigured action
    • Override with Action - from the drop-down menu, select an action with which to override the default - Accept, Drop, Inactive (the setting is not activated)
  5. Configure the Logging Settings

    Select Capture Packets, if you want to be able to examine packets that were blocked in Drop rules.

  6. Click OK.
  7. Click Close.

For advanced configuration of SYN attacks, please see sk120476.

To view settings for a certain profile:

  1. In the Inspection Settings > General view, click View > Show Profiles.
  2. In the window that opens, select Specific Inspection settings profiles.
  3. Select profiles.
  4. Click OK.

    Only settings for the selected profiles are shown.

You can add, edit, clone, or delete custom Inspection Settings profiles.

To edit a custom Inspection Settings profile:

  1. In the Inspection Settings > Profiles view, select a profile.
  2. Click Delete, to remove it, or click Edit to change the profile name, associated color, or tag.
  3. If you edited the profile attributes, click OK to save the changes.

To add a new Inspection Settings profile:

  1. In the Profiles view, click New.
  2. In the New Profile window that opens, edit the profile attributes:
  3. Click OK.

To assign an Inspection Settings profile to a Security Gateway:

  1. In the Inspection Settings > Gateways view, select a gateway, and click Edit.
  2. In the window that opens, select an Inspection Settings profile.
  3. Click OK.

To configure exceptions to inspection settings:

  1. In the Inspection Settings > Exceptions view, click New to add a new exception, or select an exception and click Edit to modify an existing one.

    The Exception Rule window opens.

  2. Configure the exception settings:
    • Apply To - select the Profile to which to apply the exception
    • Protection - select the setting
    • Source - select the source Network Object, or select IP Address and enter a source IP address
    • Destination - select the destination Service Object
    • Service - select Port/Range, TCP or UDP, and enter a destination port number or a range of port numbers
    • Install On - select a gateway on which to install the exception
  3. Click OK.

To enforce the changes, install the Access Control Policy.