In This Section: |
The Security Management architecture has built-in revisions. Each revision is a new restore point in the database. It contains only the changes from the previous revision. Revisions therefore need only a small amount of disk space, and are created fast. Other benefits of this architecture are:
This diagram shows the database revisions over time:
To see saved database versions:
In SmartConsole, go to Manage & Settings > Revisions.
To see the changes made during a specific revision:
The bottom pane shows the audit logs of the changes made in the revision.
A separate read-only SmartConsole session opens.
To delete all versions of the database that are older than the selected version:
Important - Deletion is irreversible. When you purge, that revision and older revisions are deleted permanently.
Case |
A connectivity or security problem after making changes to the policy and installing the policy |
---|---|
Solution |
|
|
|
Case |
Network problem after downloading a Threat Prevention update and installing it on gateways. |
Solution |
The Gateway gets that version of the IPS protections. Other network objects and policies do not change. |
More Database Revision Scenarios:
Best Practice: Use Restore Backup. All work done after the backup is lost. To learn more, see the R80.30 Gaia Administration Guide.
Many objects and rules use IP addresses. Configure the version that your environment uses to see only relevant options.
To set IP address version:
Some windows in the SmartConsole offer administrators the option to not see the window again. You can undo this selection, and restore all windows to show again.
This option is available only if administrators selected do not show in a window.
To restore windows from "do not show":
Administrators in your environment use SmartConsole daily. Customize the Login window, to set the environment to comply with your organization's culture.
To customize the Login window:
The Login Message window opens.
The default suggestion is: Warning
This system is for authorized use only
You can influence Check Point product development by selecting and testing one or more of the new features listed here.
To test a new SmartConsole feature:
You can add information regarding your environment to User Center, such as gateway name, version, and active blades. Check Point uses this additional information for better inventory management, pro-active support, and more efficient ticket resolution.
To learn more, see sk94064.
To sync with User Center:
You can configure inspection settings for the Firewall:
The Security Management Server comes with two preconfigured inspection profiles for the Firewall:
When you configure a Security Gateway, the Default Inspection profile is enabled for it. You can also assign the Recommended Inspection profile to the Security Gateway, or to create a custom profile and assign it to the Security Gateway.
To activate the Inspection Settings, install the Access Control Policy.
Note - In a pre-R80 SmartConsole, Inspection Settings are configured as IPS Protections.
To configure Inspection Settings:
The Inspection Settings window opens.
You can:
To edit a setting:
The settings window opens.
Select Capture Packets, if you want to be able to examine packets that were blocked in Drop rules.
For advanced configuration of SYN attacks, please see sk120476.
To view settings for a certain profile:
Only settings for the selected profiles are shown.
You can add, edit, clone, or delete custom Inspection Settings profiles.
To edit a custom Inspection Settings profile:
To add a new Inspection Settings profile:
To assign an Inspection Settings profile to a Security Gateway:
To configure exceptions to inspection settings:
The Exception Rule window opens.
To enforce the changes, install the Access Control Policy.