Contents

Gateways & Servers Welcome to SmartConsole Run One Time Script Understanding One-Time Scripts One Time Script Options Run Repository Script Running Repository Scripts Script Repository Managing Repository Scripts Repository Script - New Running scripts Actions License Report Device & License Information Available Monitoring Information License Status Managing Software Blade Licenses Monitoring Licenses Viewing Licenses System Backup Understanding the Fields System Restore Understanding the Fields Open Shell Service Request Wizard Network Management - Security Gateway Network Management - Security Gateway Cluster Interface - General Interface - Member IPs Interface - Topology Settings Understanding Topology What is IP Spoofing What is Anti-Spoofing Anti-Spoofing Options Interface - QoS Understanding QoS Low Latency QoS Class Avoiding Low Drops DiffServ QoS Class Properties (Interface) Understanding DiffServ Interface - Multicast Restrictions Per Interface Multicast Restrictions Multicast Restriction Options Install Database User Database Installing the User Database Possible Loss of Data During Sync High Availability Status The High Availability Environment Single and Multi-Domain High Availability Uninstall Threat Policy Command Line - API Understanding the API Server Managing Security through API and CLI Management API Settings Where Used? Related Objects Security Policies Access Control Understanding the Rule Base Introducing Policy Layers Introducing the Access Control Policy Types of Rules in the Rule Base Order of Rule Enforcement Configuring the Implied Rules Choosing Rules to Track Configuring Tracking in a policy Rule Tracking Options Searching a Rule Base Rule Base Search Using Boolean Operators in a Search Query Query Examples Stopping a Running Query Keyboard Navigation NAT Rule Base NAT Desktop and QoS Policies Policy Installation Targets Custom Rule Field Settings Policies - Viewing All and Recent Managing Policy Packages Working with Policy Packages Policy Packages Installing a Policy Package Uninstalling a Policy Package Install Policy Install Mode History Verify Policy Policy Verification - Task Details Task Details - Show More Export List Legacy User Access at Location Directional Match Condition Understanding Directional VPN Application - General Application - Match Settings Category - General Category - Match Settings Service with Resource Understanding Services with Resources Action Settings Actions Data Type New User Auth User Auth Options Client Auth Understanding Client Authentication Client Auth - General Options Client Auth - Limits Client Authentication - Limit Options Encrypt Encrypt - Transform Options Client Encrypt Understanding Client Encrypt Client Encrypt - Options Threat Prevention The Threat Prevention Policy Threat Prevention Layer - New or Edit Exceptions New Exceptions Group IPS Static Protections Tracking Options Threat Prevention Track Options Shared Policies Geo Policy Understanding Geo Policy Geo Policy Options Geo Policy - Rule Settings Geo Policy Rule Options Geo Policy - Gateways Geo Policy - Exceptions Rule Columns Exception Rule Options Pre R80 IPS Settings Access Tools & Threat Tools Manage Layers Layer Properties - General Layer - General Layer Properties - Advanced Layers and Implicit Cleanup Layer Properties - Advanced Layer - Permissions Layer Properties - Permissions VPN Communities Understanding VPN Communities VPN Community Options VPN Communities - Gateways VPN Communities Sample Combination VPN Community VPN Communities - Encrypted Traffic Encrypted Traffic Options VPN Communities - Encryption Selecting Encryption Methods Encryption Options VPN Communities - Tunnel Management Understanding VPN Tunnels VPN Tunnel Options Tunnel Management - Select Gateways Tunnel Management - Permanent Tunnel Tracking Up and Down Track Options Tunnel Management - Permanent Tunnel Tracking - Specific Tunnels Configuring Permanent Tunnels Tunnel Selection in Mesh VPN Communities Configuring Permanent Tunnels Route Injection Mechanism (RIM) Understanding RIM RIM - Options VPN Communities - VPN Routing Understanding VPN Routing VPN Routing Options VPN Communities - MEP Multiple Entry Point Multiple Entry Point - Options Multiple Entry Point - Advanced Return Packet Routing Configuring IP Pool NAT MEP - Manual Priority List Understanding MEP Manual Priority VPN Communities - Excluded Services Understanding Excluded Services VPN Communities - Shared Secret Understanding Shared Secrets Shared Secret - Editing VPN Communities - Wire Mode Understanding Wire Mode Configuring Wire Mode VPN Communities - Advanced IKE and NAT inside the Community Remote Access Community - Participating Gateways Remote Access Community - Participating User Groups UserCheck UserCheck Interaction Objects UserCheck Page Application and URL Filtering UserCheck Page Localizing and Customizing the UserCheck Portal UserCheck - Message UserCheck - settings UserCheck Setting Options Updates - Access Policy Updates - Threat Policy - IPS Update Statuses - Threat Policy Installation History Updates - Status and Details Schedule Update Updating the Application and URL Filtering Database Connecting to the Internet for Updates Scheduling Updates Scheduled Update - Security Management Server - Configure Scheduled Update - Security Gateway - Configure Profiles New Threat Profile - Task Details Profile - General Policy IPS - Additional Activation IPS - Updates Policy Handling Newly Downloaded Protections IPS Staging Configuration Staging Exclusions Anti-Bot Anti-Virus UserCheck Custom Frequency Configuring Anti-Virus Settings Anti-Virus Settings of the Threat Prevention Profile Anti-Virus Mail Configuration Threat Prevention and Anti-Virus Mail Configuration File Types File Types Configuration Archive Scanning Archive Scanning Configuration Threat Emulation - General Threat Emulation Supported File Types Threat Emulation - Emulation environment Threat Emulation - Excluded Mail Addresses Threat Emulation - Advanced Custom Emulation Connection Handling Mode Service Mode Options Using an MTA Malware DNS Trap IPS Protections IPS Protections - Show Profiles IPS Actions - Add Exception IPS Actions - Add Exception - Go to IPS Protection - General IPS Protection - Gateways IPS Protection - Exceptions IPS Protection - Actions IPS Protection - Protection Details IPS Protections - General Properties IPS Protections - Advanced Inbound DNS Requests - Advanced IPS Protection - Unknown SMTP Commands - Advanced IPS Protection - Scrambling - Advanced IPS Protection - FTP Commands - Advanced IPS Protection - Directory Traversal - Advanced IPS Protection - Spoofed Reset - Advanced IPS Protection - SQL Injection - Advanced IPS Protection - Cross-Site Scripting - Advanced Cross-Site Scripting Attack Description IPS Protection - CIFS (SMB) File Name Patterns - Advanced HTTP Header Patterns HTTP Header Patterns - Detection Properties LDAP Injection - Advanced HTTP Header Spoofing - Advanced Header Spoofing Settings Sweep Scan - Advanced Enforcing Servers SMTP Content Protection Details Updates - Threat Prevention Updating the IPS and Malware Databases Updating IPS Protections Scheduling Updates IPS Update Summary IPS Scheduled Update Scheduling Updates Switch to Version Updating IPS Protections Malware Database Scheduled Update Scheduling Updates Malware Protections Threat Emulation Scheduled Update Engine and Image updates Threat Emulation Image or Engine Update Image Update Protections Whitelist Files Using the Whitelist Whitelist File - New Adding a File to the Whitelist Data Center Data Center Object Select Data Center Objects Logs & Monitor SmartEvent SmartEvent Views Event Analysis with SmartEvent Logs Showing Query Results Customizing the Results Pane Log Analysis Audit Logs Understanding Logging Compliance Task Details Compliance Alerts Widget Settings Types of Widget View Description, View Filter, View Settings Tasks Install Policy Details Working with Queries Running Queries Configuring Query Defaults Working with the Favorites List Creating Custom Queries SmartConsole and SmartView Query Language Query Syntax Reference Manage & Settings Administrators Administrator Properties - General Configuring Administrator Properties Administrator - Additional Contact Options Connected Administrators Creating, Changing, or removing an Administrator Configuring Default Expiration for Administrators Permission Profiles Assigning Permission Profiles to Administrators For Multi-Domain Permission Profiles Custom Permission Profile - Overview New Profile - Permissions Overview Custom Permission Profile - Gateways Gateways Custom Permission Profile - Access Control Access Permission Profile Custom Permission Profile - Threat Threat Permission Profile Custom Permission Profile - Others Other Permission Profiles Custom Permission Profile - Monitoring and Logging Monitoring and Logging Custom Permission Profile - Events and Reports Event and Reports Custom Permissions Profile - Management Management Permissions and Administrators - Advanced Trusted Clients Assigning Trusted Clients to Domains Trusted Client - General Trusted Client Object Editor Sessions - View Sessions Working with Sessions and Database Versions Session Settings Session Details Blades Inspection Settings - General Inspection Settings Table Inspection Settings - Protections - Advanced Options Aggressive Aging - Advanced Aggressive Aging Timeouts - Advanced ASCII Only Request - Advanced Block MGCP or SIP Messages with Binary Characters - Advanced Directory Listing - Advanced DNS - General Settings - Advanced DNS Maximum Request Length - Advanced Dynamic Ports - Advanced FTP Security Server - General Settings - Advanced Gzip Enforcement - Advanced H.323 - Advanced H.323 Max Allowed Phone's Extension Length - Advanced HTTP Format Sizes - Advanced Header Length Editor HTTP Methods - Advanced Blocked HTTP Methods HTTP Protocol - General Settings - Advanced IP Fragments Mail and Recipient Content Mail Global Protection Scope - Advanced Max Allowed H.245 Message Length - Advanced Max Allowed Q.931 Message Length - Advanced Max Allowed RAS Message Length - Advanced Max Allowed SCCP Message Length - Advanced Maximum Bad POP3 Commands Enforcement - Advanced Maximum Bad SMTP Commands Enforcement - Advanced Maximum No-Effect Commands Enforcement - Adanced Maximum Number of Recipient Enforcement - Advanced Maximum POP3 Command Line Length Enforcement - Advanced Maximum POP3 Commands Per Connection Enforcement - Advanced Maximum SMTP Command line length Enforcement - Advanced Maximum SMTP Commands Per Connection Enforcement - Advanced MGCP - Advanced MGCP Command MGCP Command Filtering - Advanced MGCP - General Settings - Advanced MGCP Max Allowed Call-ID Length - Advanced MGCP Max Allowed Connection Mode Length - Advanced MGCP Max Allowed Domain Name Length - Advanced MGCP Max Allowed EndpointID Length - Advanced MGCP Max Allowed TransactionslD Length - Advanced MGCP Max Length of Header Value - Advanced Minimum Command Line Length Enforcement - Advanced Network Quota - Advanced Non Compliant HTTP - Advanced Non-TCP Flooding - Advanced Packet Sanity - Advanced POP3/IMAP Security - Advanced Pattern Name for Inspection Settings and IPS Protections Edit Pattern String Worm Pattern Definitions SCCP (Skinny) - Advanced SCCP General Settings - Advanced Sequence Verifier - Advanced SIP General Settings - Advanced SIP Method Filtering - Advanced SIP Custom Properties - Advanced SIP Filtering - Advanced SIP Max Allowed Content Length - Advanced SIP Max Allowed Call-ID Length - Advanced SIP Max Allowed Domain Length - Advanced SIP Max Allowed Header Name Length - Advanced SIP Max Allowed Header Value Length - Advanced SIP Max Allowed Occurrences of the Same Field - Advanced SIP Max Allowed SDP Length - Advanced SIP Max Allowed Tag Length - Advanced SIP Max Allowed URI Length - Advanced SIP Max Allowed Retransmissions - Advanced SIP Min Allowed 'Max-forwards' Value - Advanced SIP Protections - Advanced Small PMTU - Advanced SNMP - Advanced SYN Attack - Advanced SNMP - Drop requests with Default Community Strings Syslog Relay Server List - Advanced VoIP Call Initiations Rate Limiting - Advanced VoIP Denial of Service - Advanced Inspection Settings - Profiles Inspection Settings - Profile Inspection Settings - Gateways Gateway Profile Assignment Inspection Settings - Exceptions New Exception Rule Application and URL Filtering - Advanced Settings Advanced Settings on a SmartConsole connected to a Multi-Domain Server Fail Mode URL Filtering Connection Unification Application Control Web Browsing Services Web Browsing HTTP Inspection Compatibility with R75 and R75.10 Gateway Settings Application and URL Filtering - Check Point Online Web Service Check Point Online Web Service Enforcing Gateway's Proxy Threat Prevention Engine Settings - General Engine Settings Check Point Online Web Service - Custom Resource Categorization Mode Options Anti-Bot Threat Prevention - Threat Emulation Settings Emulation Limits Configuring Emulation Limits Changing the Local Cache Changing the Size of the Local Cache Threat Emulation - File Type support Proxy Configuration Management API Settings Managing Security through API and CLI Management API Settings Revisions Revision Options Revision Details Tags Preferences Debugging SmartConsole Tags Management Network Object Explorer Network Networks NAT Translating IP Addresses Using Hide NAT Host - General Host - Network Management Host - Interface Host - Interface Options Host - Advanced SNMP Host - Servers Web Server - Configuration Understanding Web Servers Web Server Options Web Server Protections Web Security Malicious Code Protector Malicious Code Protector - Options Cross Site Scripting Cross Site Scripting Options LDAP Injection Components of LDAP Injection Protection LDAP Injection Options SQL Injection Understanding SQL Injection SQL Injection Options Command Injection Understanding Command Injection Command Injection Options Error Concealment Detection of Status Codes and Application Engines Error Concealment Options Directory Listing Directory Listing Options HTTP Methods Understanding HTTP Methods HTTP Method Block Options Mail Server - Configuration Mail Server - Protections DNS Server - Configuration Authorization Domain List DNS Server Protections Cache Poisoning Cache Poisoning Options Network Group - New Network Groups Group with Exclusions GSN Handover Group Understanding Handover Groups User Authority Server Group User Authority Server Groups Address Range Address Ranges Multicast Address Range Entering Address Ranges Dynamic Object Dynamic Objects Security Zone Domain Domains VoIP Domain - SIP Proxy VoIP Domains Supported SIP Deployments and NAT Support Additional Conditions for Using NAT in SIP Networks VoIP Domain - H.323 Gatekeeper Introduction to H.323 Supported H.323 Deployments and NAT VoIP Domain - H.323 Gatekeeper Routing Mode VoIP Domain - H.323 Gateway VoIP Domain - H.323 Gateway Routing Mode VoIP Domain - MGCP Call Agent MGCP Rules for a Call Agent in the External Network Defining an MGCP Rule for a Call Agent in the External Network VoIP Domain - SCCP Call Manager Introduction to SCCP Security and Connectivity SCCP Supported Deployments Logical Server Logical Servers Balance Method Access Point Name Access Point Name Configuring APN Options TCP, UDP, and SCTP Services - General Understanding TCP, UDP, and SCTP Resources TCP, UDP, and SCTP General Options Understanding SCTP Configuring SCTP Inspection Configuring SCTP Acceleration Configuring SCTP NAT TCP Service - Advanced TCP - Advanced Options UDP - Advanced Options SCTP - Advanced Options RPC SunRPC Overview RPC DCE-RPC The DCE-RPC Protocol DCE-RPC Properties ICMP ICMP Properties GTP Tunnel Management Service V0 - General Rules for PLMN GTP GTP Tunnel Management Service V1 - General Rules for PLMN GTP GTP Tunnel Management Service V0 and V1 - Match PDP Matched PDP Contexts GTP Tunnel Management Service V0 and V1 - Actions GTP - Action Options Mobility Management Service V1 Mobility Management Service Options Mobility Management Service V0 Mobility Management Service Options Compound TCP Service Compound TCP Citrix TCP Other Service - General Other Service Properties Other Service - Advanced User defined Services Other Service Options Services Group Understanding Service Groups Custom Application or Site - General Creating Custom Applications and Sites Custom Application Options Custom Application or Site - Additional Categories Custom User Category Custom Applications/Site Group Application Group Properties Override Categorization for URL Overriding Categorization Overriding Categorization for a URL LDAP Group - New Understanding LDAP Groups LDAP Group Options Access Role - Networks Using Access Roles Access Role - Network Options Access Role - Users Access Role - Users Options Access Roles - Machines Access Role - Options Access Role - Remote Access Clients Enforcing Access Roles on Remote Client Connections Remote Access Clients - Allowed Clients User Group User - General User Objects User - Authentication User Authentication Options User - Location User - Time User - Certificates Managing Certificates Certificate Options User - Registration Key for Certificate Enrollment Using Registration Keys Registration Key Fields User - Email Template User - Certificate File (P12) Sending a P12 File Certificate File (P12) - View Details User - Encryption User - IKE Phase2 Properties - Authentication Understanding IKE Phase2 Authentication IKE Phase2 Authentication Options User - IKE Phase2 Properties - Encryption Understanding IKE Phase2 Encryption IKE Phase2 Encryption Options RADIUS Group RADIUS Server Group Options UFP Group UFP Group Options CPMI Group Check Point Management Interface URI - General Understanding URI Resources URI Options URI - Match (Wildcards) URI Wildcards Options URI - Match (UFP) UFP Servers UFP Options URI - Action URI Action Options URI - Content Vectoring Protocol (CVP) CVP Options URI - SOAP Simple Object Access Protocol SOAP Options URI for QoS URI for QoS Options SMTP - General Understanding URI Resources SMTP Options SMTP - Match SMTP - Action 1 SMTP - Action 2 SMTP - Action 2 Options SMTP - CVP SMTP and CVP SMPT - CVP Options FTP FTP Resource Tracking Options FTP - Match (Wildcards) FTP - Match Wildcard Options FTP - CVP FTP - CVP Options TCP - General Understanding TCP Resources TCP - UFP TCP - Understanding UFP UFP Options CIFS Understanding CIFS Configuring CIFS Stateful Inspection CIFS Options MMS The Multimedia Messaging Service MMS Options Time Using Time Objects Time Object Options Time Group Limit Bandwidth Rate Limits Multi-Domain Security Management The Multi-Domain View The Multi-Domain Server Multi-Domain View Domain Management Servers Domain Log Servers Connecting to SmartConsole Gateways & Servers View Multi-Domain Server General Multi-Domain Server General Creating a Secondary Multi-Domain Server Changing an Existing Multi-Domain Server Re-Establishing SIC Trust for a Secondary Multi-Domain Server Deleting a Secondary Multi-Domain Server or Multi-Domain Log Server Working with High Availability Overview of High Availability Multi-Site High Availability Deployment Example Synchronization Multi-Domain Server ICA Database Synchronization Initial Synchronization Periodic Synchronization Manual Synchronization Manually Synchronizing a Multi-Domain Server Manually Synchronizing Domain Management Servers Looking at Synchronization Status Domain Management Server High Availability and Load Sharing Connecting to Domain Management Servers Changing the Active Domain Management Server Multi-Domain Server - Multi-Domain Configuring Automatic Domain IP Address Assignment Configuring Security Gateways to Send Logs to a Log Server Multi-Domain Log Settings - General Creating a Multi-Domain Log Server with Domain Log Servers Configuring Security Gateways to Send Logs to a Log Server Deleting a Domain Log Server Log Management Settings Multi-Domain Log Settings - Advanced Log Management Advanced Settings Domain Editor - General Domain Servers - General Creating a New Domain Assigning Trusted Clients to Domains Changing an Existing Domain Configuration Deleting a Domain Deleting a Domain Management Server Creating a New Domain Management Server for an Existing Domain Global Assignments View The Global Domain Connecting to the Global Domain Changing the Global Domain Working with Global Configuration Rules Working with Global Objects Updating IPS Protections Updating the Application and URL Filtering Database Global Assignment - Reassign or Remove Domain - Trusted Clients Assigning Trusted Clients to Domains Domain - Additional Info New Global Assignment Global Assignments New Global Assignment Global Assignment - Access Control / Threat Prevention - Advanced Global Assignment - Advanced Administrators Accounts Administrator - General Contact Options Configuring Administrators Multi-Domain Permission Profile Predefined Multi-Domain Permission Profiles Working with Multi-Domain Permission Profiles Multi-Domain Permission Profile Parameters Deleting a Permission Profile Domain Permission Profile - Custom Creating Custom Domain Permissions Multi-Domain Server Task Details - Domain Multi-Domain Server Task Details - New, Reassign or Remove Global Assignment General Troubleshooting Unable to Connect to Server Client Server Mismatch Cloud Demo Starting a New Demo Join Existing Demo Cloud Demo Menu Options Index