Configuring Security Groups in Gaia Portal
This section provides the configuration instructions for Gaia Portal Web interface for the Check Point Gaia operating system..
To start working in Gaia Portal on the Quantum Maestro Orchestrator:
Step |
Instructions |
||
---|---|---|---|
1 |
With a web browser, connect to the Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Portal on the Quantum Maestro Orchestrator A scalable Network Security System that connects multiple Check Point Security Appliances into a unified system. Synonyms: Orchestrator, Quantum Maestro Orchestrator, Maestro Hyperscale Orchestrator. Acronym: MHO.:
|
||
2 |
Log in to the Gaia Portal with these default credentials:
|
||
3 |
From the left navigation tree, click Orchestrator page. |
The Topology section contains the table that shows these sections (from left to right):
Item |
Description |
---|---|
Unassigned Gateways |
All detected Security Appliances that are not part of configured Security Groups. Quantum Maestro Orchestrator listens on the ports and automatically detects the connected Security Appliances. |
Topology |
Configured Security Groups with their assigned Security Appliances and ports. |
Unassigned Interfaces |
All interfaces on Quantum Maestro Orchestrators that are not part of configured Security Groups. |
Applicable configuration procedures are provided below.
See Workflow for Configuring Security Groups.
Step |
Instructions |
||||
---|---|---|---|---|---|
1 |
In the Topology column, click the [+] on the left side of the Security Groups. |
||||
2 |
In the Topology column, right-click on the Security Groups and select New Security Group. |
||||
3 |
Enter the required Management interface settings.
|
||||
4 |
Click OK. |
||||
5 |
Click the [+] on the left side of the Security Groups and the new Security Group. |
||||
6 |
In the Unassigned Gateways column, select the applicable Security Appliances.
|
||||
7 |
Drag-and-drop the selected Security Appliances from the Unassigned Gateways column to the Gateways section in the new Security Group. |
||||
8 |
In the Unassigned Interfaces column, select the applicable data and management interfaces.
|
||||
9 |
Drag-and-drop the selected interfaces from the Unassigned Interfaces column to the Interfaces section in the new Security Group. |
||||
10 |
In the bottom left corner, click Apply.
|
|
Notes:
|
Step |
Instructions |
---|---|
1 |
In the Topology column, click the [+] on the left side of the Security Groups. |
2 |
In the Topology column, right-click on the Security Group. |
3 |
From the menu, click Delete Security Group. Important - There is no prompt to confirm. |
4 |
In the bottom left corner, click Apply. |
Step |
Instructions |
---|---|
1 |
In the Topology column, click the [+] on the left side of the Security Groups. |
2 |
In the Topology column, right-click on the Security Group. |
3 |
Click Set Security Group configuration. |
4 |
In the Network settings section:
|
5 |
In the First Time Wizard settings section, configure the initial settings for Security Appliances assigned to this Security Group.
|
6 |
Click OK. |
7 |
In the bottom left corner, click Apply. |
|
Warning - If you enable the Set FTW configuration option in an existing Security Group (in which you already ran the First Time Configuration Wizard), then the change applies only after you reset each Security Appliance in that Security Group to factory defaults. |
Step |
Instructions |
---|---|
1 |
In the Topology column, click the [+] on the left side of the Security Groups. |
2 |
In the Topology column, right-click on the Security Group. |
3 |
From the menu, click Clear network configuration. Important - There is no prompt to confirm. |
4 |
In the bottom left corner, click Apply. |
|
Note - This configuration option is available only in the Gaia Portal. |
|
Best Practice:
|
Step |
Instructions |
||
---|---|---|---|
1 |
In the Topology column, click the [+] on the left side of the Security Groups. |
||
2 |
Click the [+] on the left side of the applicable Security Group. |
||
3 |
In the Unassigned Gateways column, select the applicable Security Appliances.
|
||
4 |
Drag-and-drop the selected Security Appliances from the Unassigned Gateways column to the Gateways section in the applicable Security Group.
|
||
5 |
In the bottom left corner, click Apply. |
|
Important:
|
|
Best Practice for Dual Site - Assign the same number (as possible) of Security Appliances from each site to the Security Group. If a failover occurs between the sites, Security Appliances on the new Active site must be able to process all the traffic. |
Step |
Instructions |
---|---|
1 |
In the Topology column, click the [+] on the left side of the Security Groups. |
2 |
Click the [+] on the left side of the applicable Security Group. |
3 |
Click the [+] on the left side of the Gateways section. |
4 |
Select the Security Appliance it is necessary to remove from the Security Group. |
5 |
Right-click on the selected Security Appliance. |
6 |
From the menu, click Detach Gateway. Important - There is no prompt to confirm. |
7 |
In the bottom left corner, click Apply. |
|
Important - The Security Appliance must perform a reset to factory defaults and reboot after you remove it from a Security Group. This is to make sure that no security configuration is left behind. |
Step |
Instructions |
---|---|
1 |
In the Topology column, click the [+] on the left side of the Security Groups. |
2 |
Click the [+] on the left side of the applicable Security Group. |
3 |
Left-click on the Gateways section to select it. |
4 |
Right-click on the Gateways section. |
5 |
From the menu, click Detach all Gateways. |
6 |
In the bottom left corner, click Apply. |
|
Important - The Security Appliances must perform a reset to factory defaults and reboot after you remove them from a Security Group. This is to make sure that no security configuration is left behind. |
|
Note - This configuration option is available only in the Gaia Portal. |
|
Best Practice:
|
Step |
Instructions |
---|---|
1 |
In the Topology column, click the [+] on the left side of the Security Groups. |
2 |
Click the [+] on the left side of the applicable source Security Group. |
3 |
Click the [+] on the left side of the applicable target Security Group. |
4 |
Select the applicable Security Appliances. Note - To select multiple Security Appliances, press and hold the CTRL key and left-click the objects with the mouse cursor. |
5 |
Drag-and-drop the selected Security Appliances from the Gateways section of the source Security Group to the Gateways section of the target Security Group. Note - If such operation is allowed, Gaia Portal shows a green plus icon. Otherwise, it shows a red blocking icon. |
6 |
In the bottom left corner, click Apply. |
|
Important - The Security Appliance must perform a reset to factory defaults and reboot after you remove it from a Security Group. This is to make sure that no security configuration is left behind. |
|
Note - This configuration option is available only in the Gaia Portal. |
Step |
Instructions |
---|---|
1 |
In the Topology column, click the [+] on the left side of the Security Groups. |
2 |
Click the [+] on the left side of the applicable Security Group. |
3 |
In the Unassigned Interfaces column, select the applicable interfaces. Note - To select multiple interfaces, press and hold the CTRL key and left-click the objects with the mouse cursor. |
4 |
Drag-and-drop the selected interfaces from the Unassigned Interfaces column to the Interfaces section in the applicable Security Group. Note - If such operation is allowed, Gaia Portal shows a green plus icon. Otherwise, it shows a red blocking icon. |
5 |
In the bottom left corner, click Apply. |
Step |
Instructions |
---|---|
1 |
In the Topology column, click the [+] on the left side of the Security Groups. |
2 |
Click the [+] on the left side of the applicable Security Group. |
3 |
Click the [+] on the left side of the Interfaces section. |
4 |
Right-click on the applicable interface. |
5 |
From the menu, click Detach Interface. Important - There is no prompt to confirm. |
6 |
In the bottom left corner, click Apply. |
Step |
Instructions |
---|---|
1 |
In the Topology column, click the [+] on the left side of the Security Groups. |
2 |
Click the [+] on the left side of the applicable Security Group. |
3 |
Right-click on the Interfaces section. |
4 |
From the menu, click Detach Security Group Interfaces. Important - There is no prompt to confirm. |
5 |
In the bottom left corner, click Apply. |
|
Note - This configuration option is available only in the Gaia Portal. |
Step |
Instructions |
---|---|
1 |
In the Topology column, click the [+] on the left side of the Security Groups. |
2 |
Click the [+] on the left side of the applicable source Security Group. |
3 |
Click the [+] on the left side of the applicable target Security Group. |
4 |
Select the applicable interfaces. Note - To select multiple interfaces, press and hold the CTRL key and left-click the objects with the mouse cursor. |
5 |
Drag-and-drop the selected interfaces from the Interfaces section of the source Security Group to the Interfaces section of the target Security Group. Note - If such operation is allowed, Gaia Portal shows a green plus icon. Otherwise, it shows a red blocking icon. |
6 |
In the bottom left corner, click Apply. |
|
Note - This configuration option is available only in the Gaia Portal. |
See Configuring VLAN Interfaces on Uplink Ports.
Step |
Instructions |
---|---|
1 |
On the Orchestrator page, in the Topology section, expand Security Groups. |
2 |
Expand your Security Group. |
3 |
Expand Interfaces. |
4 |
Put the mouse cursor on an interface. VLAN information appears in the tooltip. |
|
Note - If this is a Dual Site deployment, and the Security Group contains Security Appliances that are located only at one of the sites (for example, Site 2), then the tooltip that shows VLAN interfaces appears only in Gaia Portal of the Orchestrator (for example, on Site 2) that is located at the same site as Security Appliances. |