Welcome to SmartConsole

Use the What's New window for a quick tour of SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. and its major features.

Understanding SmartConsole

Check Point SmartConsole makes it easy to manage security for complex networks. Before you start to configure your cyber security environment and policies, become familiar with Check Point SmartConsole.

SmartConsole

Item	Description	Item	Description
1	Global Toolbar	5	Objects Bar (F11)
2	Session Management Toolbar	6	Validations pane
3	Navigation Toolbar	7	Command line interface button
4	System Information Area

Multi-Domain View

Use the Multi-Domain view to manage Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. Domains, system objects, configuration settings and other features. You must log into a Multi-Domain Server to see the Multi-Domain view.

For a guided tour of Multi-Domain view, click the What's New button at the bottom left of the window. Click the < and > icons to scroll between the different What's New screens.

Multi-Domain view elements

Item	Description
1	View, as selected from the Navigation Toolbar and View tree (This example shows the Multi-Domain > Domains view)
2	Navigation toolbar
3	Menu
4	View tree
5	Actions toolbar
6	Session Management toolbar
7	Validation tab
8	Logged in administrator
9	Server details area
10	Task information area
11	Management script commands and API

SmartConsole Toolbars

Global Toolbar (top of SmartConsole)

Icon	Description
	The main SmartConsole Menu. When SmartConsole is connected to a Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server., this includes: Manage policies and layers Open Object Explorer New object (opens menu to create a new object) Publish session Discard session Session details Install policy Verify Access Control Policy Install Database Uninstall Threat Prevention policy Management High Availability Deployment and configuration mode of two Check Point Management Servers, in which they automatically synchronize the management databases with each other. In this mode, one Management Server is Active, and the other is Standby. Acronyms: Management HA, MGMT HA. Manage Licenses and Packages SmartProvisioning Check Point Software Blade on a Management Server (the actual name is "Provisioning") that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: Large-Scale Management, SmartLSM, LSM. SmartEndpoint Global Properties View (opens menu to select a View to open)
	Create new objects or open the Object Explorer
	Install policy on managed gateways
	Align session toolbar places the session toolbar left, right, or center.

Session Management Toolbar (top of SmartConsole)

Icon	Description
	Discard changes made during the session
	Enter session details and see the number of changes made in the session.
	Publish changes, to make them visible to other administrators, and ready to install on gateways. Note - When the policy is installed, published changes are installed on the gateways and enforced.

Navigation Toolbar (left side of SmartConsole)

Icon	Keyboard Shortcut	Description
	Ctrl+1	Gateways & Servers configuration view: Manage Security Gateways Activate Software Blades Add, edit, or delete gateways and clusters (including virtual clusters) Run scripts Backup and restore gateways Open a command line interface on the gateway View gateway status
	Ctrl+2	Security Policies Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. Access Control view: Manage Access Control: Content Awareness Check Point Software Blade on a Security Gateway that provides data visibility and enforcement. Acronym: CTNT., VPN, Application and URL Filtering Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF. , and Mobile Access Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB. Edit multiple policies at the same time Add, edit, or delete NAT rules Use the Access Tools Security Policies Threat Prevention view: Manage Threat Prevention: IPS Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System)., Anti-Bot Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT., Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV., Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. Edit the unified threat Rule Base All rules configured in a given Security Policy. Synonym: Rulebase. Configure threat profiles Add, edit, or delete exceptions and exception groups Use the Custom Policy Tools HTTPS Inspection Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi. Edit the HTTPS Inspection policy Shared Policies Views: Manage Mobile Access, DLP and inspection Settings
	Ctrl+3	Logs & Monitor view: See high level graphs and plots Search through logs Schedule customized reports Monitor gateways See compliance information
	Ctrl+4	Manage & Settings view - review and configure the Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. settings: Administrators Permissions profiles Trusted clients Administrator sessions, and session settings Blades Revisions Preferences Sync with User Center

Command Line Interface Button (left bottom corner of SmartConsole)

Icon	Keyboard Shortcut	Description
	F9	Open a command line interface for management scripting and API

For more SmartConsole shortcuts, see Keyboard Shortcuts for SmartConsole.

Objects Bar (right side of SmartConsole)

Item	Description
Objects	Manage security and network objects

Validations Pane (right side of SmartConsole)

Item	Description
Validations	See validation errors

System Information Area (bottom of SmartConsole)

Item	Description
Task List	See management tasks in progress and expand to see recent tasks
Server Details	See the IP address of the server to which SmartConsole is connected. If Management High Availability is configured, click to see the details.
Session Status	See the number of changes made in the session and the session status.
Connected administrators	See connected administrators: Yourself and others.

Keyboard Shortcuts for SmartConsole

From R80.20, there are additional keyboard shortcuts that you can use to navigate between the different SmartConsole fields:

Keyboard Shortcut	Description
Ctrl+S	Publish session
Ctrl+Alt+S	Discard session
Shift+Alt+Enter	Install policy
F10	Show/hide task details
F11	Show/hide the Object Categories bar
Ctrl+O	Manage policies and layers
Ctrl+E	Open Object Explorer
Ctrl+F3	Switch to high-contrast theme
Alt+Space	System menu
F1	Open the relevant online help
Alt+F4	Close SmartConsole

Shortcuts for the specific views that support them:

Keyboard Shortcut	Description
Ctrl+T	Open new tab
Ctrl+W or Ctrl+F4	Close current tab
Ctrl+Tab	Move to the next tab
Ctrl+Shift+Tab	Move to the previous tab
Delete	Delete the currently selected item
Ctrl+A	Select all elements
Esc	Cancel operation to close window
Enter or mouse double-click	Edit item

Shortcuts for views that contain a Rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. Base:

Keyboard Shortcut	Description
Ctrl+G	Go to rule (in the Access Control Rule Base)
Ctrl+X	Cut rule
Ctrl+C	Copy rule
Ctrl+V	Paste rule below the selected rule
Delete	Remove a used item from a rule cell
Ctrl+F	Open Rule Base search
F3	Navigate to the next Rule Base search result
Ctrl+arrow up	Go to the first rule in the Rule Base
Ctrl+arrow down	Go to the last rule in the Rule Base
Space or +	Open drop-down menu for the current cell in the Rule Base
Shift+arrow up/down	Move between objects in the Rule Base

Shortcuts for the Logs & Monitor view:

Keyboard Shortcut	Description
Ctrl+G	Switch to grid view (in the Logs and Audit Logs views)
Ctrl+L	Switch to table view (in the Logs and Audit Logs views)
Ctrl+R	Resolve objects
F5	Refresh query
F6	Enable auto-refresh
Ctrl+D	Add to favorites
Ctrl+S	Organize favorites

Search Engine

In each view you can search the Security Management Server database for information relevant to the view. For example:

Gateway, by name or IP address
Access Control rule
NAT rule
Threat Prevention profile
Specific threat or a threat category
Object tags

You can search for an object in the Security Management Server database in two ways:

Enter the prefix of the object's name. For example, to find USGlobalHost, you can enter USG in the search box.
Enter any sequence of characters in the object's name and add an asterisk (*) before such sequence.

For example, to find USGlobalHost, you can enter *oba, *host, *SG and so on in the search box.

Access Tools and Custom Policy Tools

The Security Policies > Access Control > Access Tools section and the Security Policies > Threat Prevention > Custom Policy Tools section give you more management and data collection tools.

Access Tools in the Security Policies > Access Control view:

Tool	Description
VPN Communities	Create, edit, or delete VPN Communities.
Updates	Update the Application and URL Filtering database, schedule updates, and configure updates.
UserCheck	Configure UserCheck Functionality in your Security Gateway or Cluster and endpoint clients that gives users a warning when there is a potential risk of data loss or security violation. This helps users to prevent security incidents and to learn about the organizational security policy. interaction objects for Access Control policy actions.
Client Certificates	Create and distribute client certificates that allow users to authenticate to the Gateway from handheld devices.
Application Wiki	Browse to the Check Point AppWiki. Search and filter the Web 2.0 Applications Database, to use Check Point security research in your policy rules for actions on applications, apps, and widgets.
Installation History	See the Policy installation history for each Gateway, and who made the changes. See the revisions that were made during each installation, and who made them. Install a specific version of the Policy.

Custom Policy Tools in the Security Policies > Threat Prevention view:

Tool	Description
Profiles	Create, edit, or delete profiles.
IPS Protections	Edit IPS protections per profile.
Protections	See statistics on different protections
Whitelist Files	Configure Whitelist Files list
Indicators	Configure indicators of malicious activity and how to handle it
Updates	Configure updates to the Malware database, Threat Emulation engine and images, and the IPS database.
UserCheck	Configure UserCheck interaction objects for Threat Prevention policy actions.
Threat Wiki	Browse to the Check Point ThreatWiki. Search and filter Check Point's Malware Database The Check Point database of commonly used signatures, URLs, and their related reputations, installed on a Security Gateway and used by the ThreatSpect engine., to use Check Point security research to block malware before it enters your environment, and to best respond if it does get in.
Installation History	See the Policy installation history for each Gateway, and who made the changes. See the revisions that were made during each installation, and who made them. Install a specific version of the Policy.

Shared Policies

The Shared Policies section in the Security Policies shows the policies that are not in a Policy package. They are shared between all Policy packages.

Shared policies are installed with the Access Control Policy.

Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities.	Description
Mobile Access	Launch Mobile Access policy in a SmartConsole. Configure how your remote users access internal resources, such as their email accounts, when they are mobile.
DLP	Launch Data Loss Prevention Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP. policy in a SmartConsole. Configure advanced tools to automatically identify data that must not go outside the network, to block the leak, and to educate users.
HTTPS Inspection	The HTTPS Policy allows the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. to inspect HTTPS traffic to prevent security risks related to the SSL protocol. The HTTPS Policy shows if HTTPS Inspection is enabled on one or more Gateways.
Inspection Settings	You can configure Inspection Settings - General for the Firewall: Deep packet inspection settings Protocol parsing inspection settings VoIP packet inspection settings

API Command Line Interface

You can also configure objects and rules through the API command line interface, which you can access from SmartConsole.

Icon	Description
	Click to open the command line interface.
	Click to open the API reference (in the command line interface). Use the Command Line Reference to learn about Session management commands, Host commands, Network commands, and Rule commands.

Icon

Description

Click to open the command line interface.

Click to open the API reference (in the command line interface).

Use the Command Line Reference to learn about Session management commands, Host commands, Network commands, and Rule commands.

In addition to the command line interface, you can create and run API scripts to manage configuration and operations on the Security Management Server.

Object Categories

Objects in SmartConsole represent networks, devices, protocols and resources. SmartConsole divides objects into these categories:

Icon	Object Type	Examples
	Network Objects	Gateways, hosts, networks, address ranges, dynamic objects, security zones
	Services	Services, Service groups
	Custom Applications/Sites	Applications, Categories, Mobile applications
	VPN Communities	Site to Site or Remote Access communities
	Users	Users, user groups, and user templates
	Data Types	International Bank Account Number - IBAN, HIPAA - Medical Record Number - MRN, Source Code.
	Servers	Trusted Certificate Authorities, RADIUS, TACACS
	Time Objects	Time, Time groups
	UserCheck Interactions	Message windows: Ask UserCheck rule action that blocks traffic and files and shows a UserCheck message. The user can agree to allow the activity., Cancel, Certificate Template, Inform, and Drop
	Limit	Download and upload bandwidth

Working with Objects

You can add, edit, delete, and clone objects. A clone is a copy of the original object, with a different name. You can also replace one object in the Policy with another object.

Important - Do not create two objects with the same name. You will see a validation error when you try to publish. To resolve, change one of the object names.

To work with objects, right-click the object in the object tree or in the Object Explorer, and select the action.

You can delete objects that are not used, and you can find out where an object is used.

To clone an object:

In the object tree or in the Object Explorer, right-click the object and select Clone.

The Clone Object window opens.
Enter a name for the cloned object.
Click OK.

To find out where an object is used:

In the object tree or in the Object Explorer, right-click the object and select Where Used.

To replace an object with a different object:

In the object tree or in the Object Explorer, right-click the object and select Where Used.
Click the Replace icon.
From the Replace with list, select an item.
Click Replace.

To delete all instances of an object:

In the object tree or in the Object Explorer, right-click the object and select Where Used.
Click the Replace icon.
From the Replace with list, select None (remove item).
Click Replace.

Object Tags

Object tags are keywords or labels that you can assign to the network objects or groups of objects for search purposes. These are the types of tags you can assign:

User tags - Assigned manually to individual objects or groups of objects
System tags - Predefined keywords, such as "application"

Each tag has a name and a value. The value can be static, or dynamically filled by detection engines.

Adding a Tag to an Object

To add a tag to an object:

Open the network object for editing.
In the Add Tag field, enter the label to associate with this object.
Press Enter.

The new tag shows to the right of the Add Tag field.
Click OK.