Security Profiles for Small Office Appliance Gateways

For more about how to use SmartProvisioning with Check Point Small Office Appliances, visit the Check Point Support Center and search for the relevant appliance to you.

Creating a Small Office Appliance Gateway in SmartProvisioning

Make sure you have a SmartLSM Security Profile for Small Office Appliance gateways defined in SmartConsole before you create a gateway in SmartProvisioning.

To create a new gateway:

1. In the navigation tree, click Devices.
2. From the Launch Menu, select File > New > Small Office Appliance Gateway.

   The SmartLSM Security Gateway General Properties page opens.

3. Enter a Name for the SmartLSM Security Gateway and optional comments. The name cannot contain spaces or non-alphanumeric characters.
4. Click Next.
5. In the More Information page, configure these settings:
   1. Hardware - Select the gateway hardware.
   2. SmartLSM gateway - Select the firmware version of the installed Small Office Appliance.
   3. Security Profile - Select the SmartLSM Security Profile to which the Security Gateway is assigned.
   4. Select Enable Provisioning to enable gateway management with provisioning configurations.
      • Select No Provisioning Profile to enable provisioning without assigning a specific profile.
      • Select Provisioning Profile to assign a provisioning profile to this gateway. Select the provisioning profile from the drop-down list.
6. Click Next.

   The SmartLSM Gateway Communication Properties page opens.

7. In the Authentication section, select one of these options:
   1. Initiate trusted communication securely by using a one-time password. Enter a password, and then enter it again in the Confirm one-time password field.
   2. Initiated trusted communication with an auto-generated one-time password. Click Generate. The Generated Activation Key window opens and displays the key in clear text. Save this key to enter it later on the Security Gateway for SIC initialization, and click Accept.
8. In the Trusted Communication Initiation section:
   • If you do not know the IP address of the SmartLSM Security Gateway, select Initiate trusted communication automatically when the Gateway connects to the Security Management Server for the first time.
   • If you know the IP address of the SmartLSM Security Gateway, select Initiate trusted communication now using the following IP address, and enter the IP address in the field. When you complete this step, the SIC certificate is pushed to the Security Gateway.

   Note - The Activation Key sets up Secure Internal Communication (SIC) Trust between the SmartLSM Security Gateway and the Security Management Server. With this SmartLSM wizard, you create the key on the Security Management Server (the SIC certificate and the IKE certificate for the selected gateway are created when you finish this wizard). The certificate is pulled by the gateway when it first connects to the Security Management Server after it is configured with the gateway First Time Configuration Wizard.

9. Click Next.
10. Select how to create a VPN certificate:
    • To create a VPN certificate from the Internal Check Point CA, select I wish to create a VPN Certificate from the Internal CA.
    • To create a VPN certificate from a third party CA (for example, if your organization already has certificates from an external CA for other devices), clear this checkbox and request the certificate from the appropriate CA server.
11. Select Edit SmartLSM gateway properties after creation to work with the newly created object.
12. Click Finish to complete the SmartLSM Security Gateway creation.