SmartProvisioning User Interface

In This Section: Main Window Panes SmartProvisioning Menus and Toolbar Working with SmartProvisioning Menus and Options

Main Window Panes

The main SmartProvisioning window has a tree pane with separate nodes, each with its own purpose:

• Devices workspace - Use this workspace to manage gateways and other device objects, such as clusters.
• Profiles workspace - Use this workspace to manage Provisioning Profiles. Click Profiles in the tree.
• Status - Shows dynamic status of devices. Click Status in the tree.
• Device Configuration - Displays information about the gateway configuration in the assigned Provisioning Profiles.

Status View

The information in the Status View pane depends on whether you select Action Status or Critical Notifications.

Action Status

You can see the Action Status for each action you do on a device:

• Name: The name of the action.
• Action type: The type of action. See SmartProvisioning Menus and Toolbar
• Start Time: The time the action began on the selected gateway.
• Status: The current status of the action, dynamically updated.
• Details: Relevant notes.
• Results: Click the Result link to open the Run Script window and see the results of this script.

Critical Notifications

For each device that has a critical status or error, you can view the gateway status, its Security Policy (if the device is a SmartLSM Security Gateway), and its Provisioning Profile (if it is assigned to a Provisioning Profile).

Gateway Status Indicators

Indicator	Description
OK	Gateway is up and performing correctly
Waiting	SmartProvisioning is waiting for status from the Security Management Server or Domain Management Server
Unknown	Status of gateway is unknown
Not Responding	Gateway has not communicated with Security Management Server or Domain Management Server
Needs Attention	Gateway has an issue and needs to be examined
Untrusted	SIC Trust is not established between gateway and Security Management Server or Domain Management Server

Policy Status Indicators

Indicator	Description
OK	Gateway is up and performing correctly
Waiting	SmartProvisioning is waiting for status from Security Management Server or Domain Management Server
Unknown	Status of gateway is unknown
Not installed	Security policy is not installed on this gateway
Not updated	Installed security policy has been changed; gateway should fetch new policy from Security Management Server or Domain Management Server
May be out of date	Security Policy was not retrieved within the fetch interval

Provisioning Profile Indicators

Indicator	Description
OK	SmartProvisioning Agent is installed and operating
Needs Attention	Device has an issue and needs to be examined
Agent is in local mode	Device is in maintenance mode
Uninitialized	Device has not yet received any provisioning configurations
Unknown	Status of provisioning is unknown

SmartProvisioning Menus and Toolbar

This section is a reference for the menus and toolbar buttons in SmartProvisioning. The available menu commands depend on the list that is displayed in the work space.

To access menu options, click the Launch Menu button on the toolbar and then access the specified menu.

For example, the File > New command enables you to create new SmartLSM Security Gateways when the Devices work space is displayed. When the Profiles work space is displayed, File > New enables you to create a new Provisioning Profile.

The table below lists the menus and explains their commands. Some of the commands have toolbar buttons that you can use to access the same functionality.

Menu	Command	Description	For further information
File	New	Define new SmartLSM Security Gateway/Cluster or Provisioning Profile	See: Adding Check Point Appliance/Open Server Security Gateways Adding UTM-1 Edge SmartLSM Security Gateways Check Point Small Office Appliance Centrally Managed Gateways Configuring SmartLSM Clusters Creating Provisioning Profiles
	Export to file	Export objects list to file	See Export to File
	Exit	Close SmartProvisioning
Edit	Edit gateway	Edit selected gateway	See Overview of Managing Gateways
	Delete SmartLSM Gateway	Delete selected gateway; only for devices with SmartLSM Security Profiles	See Deleting Gateway Objects
	Profile Details	Edit selected Provisioning Profile	See Using Profiles to Provision Gateways
	Find	Find specific object in visible list	See Find
View	Toolbar	Show/Hide Toolbar
	Status bar	Show/Hide Status View pane	See Main Window Panes
	Status View	Show/Hide Status View pane	See Status View
	Menu Bar	Show/Hide Menu Bar above Toolbar
	Clear All Filters	Clears all the configured filters	See Filtering Columns
	Show/Hide columns	Open the Show/Hide Columns window and select the data to be displayed in the work space	See Show/Hide Columns
Manage	Custom Commands	Add/Edit user-defined executables to run on remote gateways	See Executing Commands
	Select SSH Application	Provide pathname to SSH application for remote management of devices	See SSH Applications
Actions	Push Settings and Actions	Immediate execute of Backup and fetch of profile settings	See Applying Changes
	Get Actual Settings	Fetch configuration settings from device to management server	See Configuring Interfaces
	Push Policy	Push values resolved in SmartProvisioning to SmartLSM Security Gateway	See Immediate Gateway Actions
	Push Dynamic Objects	Push values resolved in SmartProvisioning to SmartLSM Security Gateway	See Using Dynamic Objects
	Stop Gateway	Stop Check Point services on selected gateway	See Remotely Controlling Gateways
	Start Gateway	Start Check Point services on selected gateway
	Restart Gateway	Restart Check Point services on selected gateway
	Reboot Gateway	Reboot the device
	Get Status Details	Open Gateway Status Details	See Viewing Status of Remote Gateways
	Packages	Software management	See Managing Software
	Updated Selected Corporate Office Gateway	Update selected CO (available when CO gateway is selected)
	Backup	Create a backup image	See Immediate Backup of Security Gateways
	Define UTM-1 Edge Cluster	Configure two UTM-1 Edge SmartLSM Security Gateways for high availability	See UTM-1 Edge clusters
	Remove UTM-1 Edge Cluster	Disassociate the two members of a UTM-1 Edge Cluster
Window	Access SmartEvent
Help	View version information and open online help

Working with SmartProvisioning Menus and Options

This section describes SmartProvisioning customizations and general functions.

Find

You can search for strings in SmartProvisioning.

To open the Find window:

1. Go to the Launch Menu, and select Edit > Find.
2. In the Look in field, select a column header to search for the string in a specific data type:
   • All Fields
   • Name
   • IP/ID: Format of IP address; tracking ID for logs
   • Product: Check Point product, platform, or operating system
   • Version
   • Provisioning Profile
   • Last Applied Settings
   • Security Profile
   • Gateway Status: Use a valid status string
   • Policy Status: Use a valid status string
   • Provisioning Status: Use a valid status string

Show/Hide Columns

You can customize the information displayed in Device lists.

To customize Device list columns:

1. Go to the Launch Menu and select View > Show/Hide Columns.
2. In the Show/Hide Columns window, select the columns to display.
3. Clear the columns that you do not want to display.
4. Click OK.
5. To hide a column, right-click the column header and select Hide Column.

Filter

You can filter a Devices workspace for more convenient displays.

To filter the list:

1. Select the Devices workspace.
2. In Look for, enter the filter text.
3. From the In drop-down list, select the filter category that you want. You can select one of these filter categories:
   • All: The filter number or text is applied to all the filter categories. (Default)
   • Name: name of the gateway and icon which indicates its type (Security Management Server, Domain Management Server, SmartLSM Security Gateway, UTM-1 Edge SmartLSM Security Gateway, Check Point host, Mobile Access).
   • IP/ID: unique ID in the form of an IP address, used to track logs generated from a Gateway, even if it changed its external IP address.
   • Product: Name of the Check Point platform used for the Security Gateway.
   • Version: Check Point software version for the Security Gateway.
   • Provisioning Profile: Name of the Provisioning Profile.
     This field is blank if the Security Gateway is not enabled for provisioning.
   • Last Applied Settings: Date and time that the Security Gateway definition was last changed.
   • Security Profile: Name of the last installed Security Profile.
   • Gateway Status: Current status of the Security Gateway.
   • Policy Status: Current status of the Security Policy.
   • Provisioning Status: Current status of the provisioning settings.

Filtering Columns

You can filter columns in Devices and Devices Configuration displays according to the content of that column.

To filter a column:

1. In the tree, select Devices or the Device Configuration display.
2. Right-click the column heading and select Filter > Add/Edit Filter.

   The Advanced Filter window opens.

3. Configure the filter settings for that column.
4. Click OK.
5. To clear the filter settings, right-click the column heading and select Filter > Clear Filter.

Export to File

If you prefer to track your managed devices in other programs, you can export the SmartProvisioning objects list.

To export SmartProvisioning data to a file:

1. From the Launch Menu, select File > Export to File.
2. Click Export To.

   The Export to File window opens.

3. Provide a name for the file and select a type: MS Excel, Web, CSV, Text, or All (to create your own extension).
4. Click Save.
5. Select the file options that you want:
   • Show Headers: Select to include the column headers.
   • Use the following Delimiter: Select Tab as a delimiter between data, or select Other and specify the delimiter you want. (This is disabled for MS Excel and Web page file types.)
6. Click OK.

   The file is created. A dialog box opens, with the message
   File '<pathname>' created successfully

7. Click Open File to view the exported file in a relevant application.

SSH Applications

SSH applications let you connect to devices remotely.

Selecting a Default SSH Application

If you did not yet open an SSH application, you can provide the path from within SmartProvisioning. The first time you select an SSH application, select a default application from the Launch Menu > Manage > Select SSH Application. Each subsequent time that you want to open an SSH terminal, you can right-click the required device and select Launch SSH Terminal.

To select an SSH application for the first time:

1. Select Manage > Select SSH Application.
2. Select your SSH Client.
3. In the SSH Client Connection Attributes section, select a predefined application template, such as Putty or SecureCRT, or select Custom to create your own. Make sure that the Connection Attributes match the syntax required for your selected SSH terminal application, where <IP> refers to the device's IP address.
4. When the required syntax for the specific application appears in the Connection Attributes field. Click OK.

Launching an SSH Application from Devices

After you selected a default SSH application for the first time, you can launch it from any supported device.

To launch the default SSH application from a device:

1. Right-click a device.
2. Select Launch SSH Terminal.

   The SSH terminal opens and automatically calls the object's IP address from its last known IP address.

Web Management

You can use the Web management portal to manage Security Gateways. This is especially useful with remote gateways that need individual changes, or system administration management.

To use the Portal to manage a Security Gateway:

1. Right-click a Security Gateway and select Launch Device Management Portal.

   A web browser opens to:

   https://<IP_address> - for Gaia devices.

   https://<IP_address>:981 - for UTM-1 Edge devices.

   https://<IP_address>:4434 - for Small Office Appliance devices.

2. Log in with the administrator user name and password.

   The features available from the Portal enable you to manage networking, routing, servers, and many other local device configurations.