Print Download PDF Send Feedback

Previous

Next

Managing UTM-1 Edge Gateways

In This Section:

UTM-1 Edge Portal

UTM-1 Edge Ports

UTM-1 Edge Gateway Provisioned Settings

UTM-1 Edge Portal

Some configurations for UTM-1 Edge gateways, SmartLSM and Provisioning are managed through the UTM-1 Edge Portal. SmartProvisioning gives access to these configurations through the Gateway window, and for some sets of configurations, with UTM-1 Edge Provisioning Profiles.

To access the UTM-1 Edge Portal:

  1. In the Devices work space, right-click a UTM-1 Edge device
  2. Select Launch UTM-1 Edge Portal.

    Your default browser opens to the Web User Interface of UTM-1 Edge management.

For more information on UTM-1 Edge configuration, see the R75.40 UTM-1 Edge Administration Guide.

UTM-1 Edge Ports

The UTM-1 Edge Portal Web UI has a Ports tab. In this tab you configure the valid use of the physical ports of the selected UTM-1 Edge device. For example, you can assign a LAN port to be used for a LAN network or a VLAN network. You can assign a RS232 port for a dial-up modem or for a serial console.

You can edit port usage through SmartProvisioning. This is available to UTM-1 Edge SmartLSM Security Gateways and to UTM-1 Edge Provisioned gateways. SmartProvisioning settings affect the device, only if the device topology is set to All IP addresses behind the gateway based on Interfaces information.

To manage UTM-1 Edge device ports:

  1. From the Devices pane, double-click the UTM-1 Edge gateway.

    The window opens and shows the General tab.

  2. Click the Ports tab.
  3. Decide if you want to manage the ports of the selected UTM-1 Edge device from SmartProvisioning, or if you want to make sure that local configurations are used.
    • Manage settings locally on the device: Disable SmartProvisioning management of the physical ports of the UTM-1 Edge device and enforce local management.
    • Use the following settings: Configure port settings of the UTM-1 Edge device here. When local administrators access the Ports tab of the UTM-1 Edge Portal, they can edit these settings and add more ports for configuration.

    If you select Use the following settings, the table and Edit button are enabled.

  4. Select a port from the list and click Edit.

    You cannot add port assignments from SmartProvisioning. This must be done locally, to prevent configurations of ports that are not on the device.

    The window that opens depends on the type of port you selected, and on the options that were set on the UTM-1 Edge Portal.

    For example, if a local administrator set a LAN port to have no settings for port security, when you click Edit on the LAN port, the security setting is disabled.

    If the local administrator enabled Port Security to enforce 802.1x authentication, you can disable this temporarily (until the local administrator changes it back) and set a quarantine network for clients that failed authentication.

UTM-1 Edge Gateway Provisioned Settings

Some management configurations are common to all UTM-1 Edge gateways that are assigned to a Provisioning Profile.

You can manage the provisioned settings if the Profile Settings are set for central management and you use the Use the following settings option. See Configuring Settings for Provisioning to learn more about local and central management of gateways from Provisioning Profiles.

Before you begin, make sure that your administrator has Write permissions for SmartLSM Gateway Database.

Synchronizing Date and Time on UTM-1 Edge Gateways

You can configure the date and time of the individual UTM-1 Edge gateway, and synchronize it with a specified Network Time Protocol server, or view how it is managed centrally with a Provisioning Profile.

To configure date and time on a UTM-1 Edge gateway:

  1. From the Devices pane, double-click the UTM-1 Edge gateway.

    The window opens and shows the General tab.

  2. Click the Date and Time tab.
  3. Select one of these options:
    • If the gateway is assigned to a Provisioning Profile, to use the profile settings select Use profile settings
    • If you do not use SmartProvisioning to manage the date and time settings, select Manage settings locally on the device
    • If you use SmartProvisioning to manage the date and time settings, select Use the following settings
  4. If you selected Use the following settings, select Show profile settings to see how the synchronization is configured by the Provisioning Profile. This way, you can make sure that an individual schedule for this gateway is necessary.
  5. Clear Use Network Time Protocol (NTP) to synchronize the clock to synchronize this gateway to the clock of the Security Management Server or Domain Management Server.
  6. If you select the Use Network Time Protocol (NTP) to synchronize the clock, enter these settings:
    • Enter the IP address of the Primary NTP Server, and if available, the Secondary NTP Server
    • Select the Time Zone
  7. Click OK.

    The changes made here affect the selected gateway, and override the settings configured for the gateway by the assigned Provisioning Profile.

  8. To apply these settings to the gateway, select Actions > Push Policy.

Configuring Routing for UTM-1 Edge Gateways

You can manage the valid routes of the individual gateway, or view how they are managed centrally with a Provisioning Profile.

To add a route to the gateway's routing table:

  1. From the Devices pane, double-click the UTM-1 Edge gateway.

    The window opens and shows the General tab.

  2. Click the Routing tab.
    • If the gateway has an assigned Provisioning Profile, select Use profile settings to leave the profile configuration unchanged (If the gateway does not have a Provisioning Profile, this option is not available.)
    • To manage the settings on the device, and prevent changes in SmartProvisioning from affecting the device, select Manage settings locally on the device.
    • To configure settings through SmartProvisioning, and override the profile and the local settings, select Use the following settings.

    If you select Use the following settings is selected, the Routing table and controls are available.

  3. Click Add.
  4. Enter the required data to configure the new route on the selected gateway:
    • Source Network: Source IP address (for example, this gateway's IP address, or the IP address of a source behind the gateway).
    • Source Mask: Net mask of the source network.
    • Destination Network: Destination IP address for this route (for example, the IP address of the CO gateway or the Security Management Server or Domain Management Server).
    • Destination Netmask: Net mask of the destination network.
    • Service: From the drop-down list, select ANY or a specific service that is to be allowed along with route.
    • Next Hop IP or network: IP address of the closest router or default gateway.
    • Metric: Distance in hops to the destination. Make sure this is as accurate as possible, to avoid looped or dropped traffic.
  5. Click OK.

    The changes made here will affect the selected gateway, and override the settings configured for the gateway by the referenced Provisioning Profile.

    To apply these settings to the gateway, select Actions > Push Policy.

Configuring RADIUS Server for SmartProvisioning Gateways

You can view and change the RADIUS server configuration for any connected gateway.

To configure a RADIUS server on a gateway:

  1. From the Devices pane, double-click the UTM-1 Edge gateway.

    The window opens and shows the General tab.

  2. Click the RADIUS tab.
  3. Select one of these options:
    • If the gateway is assigned to a Provisioning Profile, to use the profile settings select Use profile settings
    • If you do not use SmartProvisioning to manage the RADIUS server settings, select Manage settings locally on the device
    • If you use SmartProvisioning to manage the RADIUS server settings, select Use the following settings
  4. If you selected Use the following settings, select the servers that you want to be the RADIUS servers of this gateway.
  5. If you want to configure the RADIUS server permissions, click Advanced.
  6. From the Administrator Level drop-down list, select which permissions to give the gateway administrator on the RADIUS server.
  7. Select the permissions that you want to assign to users on the gateway network, with authentication from the RADIUS server:
    • VPN Remote Access: Allow access to the VPN from a remote station, with authentication through the RADIUS server.
    • Web Filtering Override: Allow authenticated users to see Web sites that are otherwise blocked by the RADIUS server configurations.
    • HotSpot access: Allow users access to the RADIUS server, and therefore to the protected environment, from wireless HotSpot connections.
    • Remote Desktop Access: Allow users to access desktops inside the protected environment from a remote station.
  8. Click OK.

    The changes made here affect the selected gateway, and override the settings configured for the gateway by the referenced Provisioning Profile.

    To apply these settings to the gateway, select Actions > Push Policy.

Configuring HotSpot for SmartProvisioning Gateways

You can configure a HotSpot for wireless access of the individual UTM-1 Edge gateway, or view how it is managed centrally with a Provisioning Profile.

To configure a HotSpot on a UTM-1 Edge gateway:

  1. From the Devices pane, double-click the UTM-1 Edge gateway.

    The window opens and shows the General tab.

  2. Click the HotSpot tab.
  3. Select one of these options:
    • If the gateway is assigned to a Provisioning Profile, to use the profile settings select Use profile settings
    • If you do not use SmartProvisioning to manage the HotSpot settings, select Manage settings locally on the device
    • If you use SmartProvisioning to manage the HotSpot settings, select Use the following settings
  4. If you selected Use the following settings, select Show profile settings to see how the HotSpot is configured by the Provisioning Profile and to make sure that an individual schedule for this gateway is necessary.
  5. Provide the HotSpot Title, which appears as the name of the login window.
  6. In the HotSpot Terms field, specify your organization's terms of use and policies.
  7. If the user must have a valid user name and password to access the HotSpot, select HotSpot is password-protected.
  8. If you selected HotSpot is password-protected, you can select Allow a user to login from more than one computer at the same time. Clear this option to make sure that a user account is used only once for a login session.
  9. If the HotSpot can be reached only over a secure Internet connection with HTTPS, select Use HTTPS.
  10. In the After login, redirect to URL field, provide the URL that users of this HotSpot reach after login. For example, this can be the welcome page of your company site, or the home page of your company intranet.
  11. Click OK.

    The changes made here affect the selected gateway, and override the settings configured for the gateway by the assigned Provisioning Profile. To apply these settings to the gateway, select Actions > Push Policy.

Configuring Firmware Settings on UTM-1 Edge Gateways

A UTM-1 Edge device is configured with Safe @ or Edge firmware. Contact Technical Support for the firmware version that supports SmartProvisioning.

Configure SmartProvisioning to recognize the firmware of a UTM-1 Edge gateway.

To configure firmware:

  1. In a Devices work space, right-click a UTM-1 Edge gateway and select Edit Gateway.
  2. In the UTM-1 Edge SmartLSM Gateway window, go to Firmware.
  3. Select the option for this UTM-1 Edge SmartLSM Security Gateway.
    • Use default: Firmware defined as Default in SmartUpdate.
    • Use SmartLSM Gateway's installed firmware: Firmware currently installed on a UTM-1 Edge SmartLSM Security Gateway.
    • Use the following firmware: Firmware to be uploaded (with SmartUpdate) to the UTM-1 Edge gateway.

Configuring the Automatic VPN Domain Option for UTM-1 Edge

The topology of the VPN domain can be determined automatically on the UTM-1 Edge device.

16 February 2021
Was this helpful?
Incorrect information Not what I'm looking for Too much information Confusing information
© 2019 Check Point Software Technologies Ltd. All rights reserved.