Configuring Inspection Settings in SmartConsole

There are many Inspection Settings profiles in SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. that add means of protection to your Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. and protect against malicious attacks. You can configure the Inspection Settings to:

Inspection Settings can be configured for each profile and can prevent, detect, or be inactive.

To configure Inspection Settings for VoIP:

Watch the Video

  1. In the Manage & Settings tab, go to Blades > General, select Inspection Settings.

    The Inspection Settings window opens.

  2. From the General page, in the search window, enter <your_protocol >.

  3. Double-click the Setting you want to configure.

  4. Double-click the applicable Inspection Profile.

  5. On every page in this window, configure the applicable settings.

  6. Click OK > Close.

  7. Close the Inspection Settings window.

  8. In SmartConsole, install the policy.

Note for MGCP:

The Security Gateway has a number of Inspection Settings for MGCP. The inspection settings identify attack signatures and packets with protocol anomalies . Strict compliance is enforced with RFC-2705, RFC-3435 (version 1.0), and ITU TGCP specification J.171. Additionally, all inspection settings network security capabilities are supported, such as inspection of fragmented packets, anti-spoofing, and protection against Denial of Service (DoS) attacks.

Note for H.323:

  • Inspection Settings does these application layer checks for H.323:

  • Strict protocol enforcement, including the order and direction of packets

  • Message length restrictions

  • Stateful checks on RAS messages

Configuring VoIP Ports in SmartConsole

Use SmartConsole to configure VoIP phone and proxy ports. The Security Gateway enforces security on that port. Each protocol uses port 5060 as a default port, but you can also configure new ports for your Security Gateway.

To configure VoIP on a port:

  1. Open SmartConsole.

  2. From the Objects Explorer, click More object types > Service.

  3. Select <your_protocol >.

    The New Protocol Service window shows.

  4. In the General tab, enter an object name.

    1. In the General section > Protocol, select <your_protocol >

    2. In the Match By section, enter either the Standard Port or Customize your port..

  5. Click OK.