Requirements

Threat Extraction Requirements for Web-downloaded Documents

  • Supported with appliance series 5000, 6000, 7000, and higher.

Logging Requirements

Logs can be stored on:

A dedicated Log Server has greater capacity and performance than a Management Server with the activated Logging & StatusClosed Check Point Software Blade on a Management Server to view Security Logs from the managed Security Gateways. Software BladeClosed Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities..

The dedicated Log Server must run the same version as the Management Server.

SmartEvent Requirements

SmartEvent R81.20 can connect to a Log Server that runs the R81 or R81.10 version.

SmartEvent and a SmartEvent Correlation UnitClosed SmartEvent software component on a SmartEvent Server that analyzes logs and detects events. are usually installed on the same server. You can also install them on different servers, for example, to balance the load in large logging environments. The SmartEvent Correlation Unit must run the same version as the SmartEvent ServerClosed Dedicated Check Point server with the enabled SmartEvent Software Blade that hosts the events database..

To deploy SmartEvent and to generate reports, a valid license or contract is required.

Hardware Requirements

For an average rate of 500 logs per second:

  • Total CPU Cores: 4

  • RAM: 16GB

SmartConsole Requirements

Desktop SmartConsole Hardware Requirements

This table shows the minimum hardware requirements for the Desktop SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. applications:

Component

Minimum Requirement

CPU

Intel Pentium Processor E2140, or 2 GHz equivalent processor

Memory

4 GB

Available Disk Space

2 GB

Video Adapter

Minimum resolution: 1024 x 768

Disk Partition

NTFS

Desktop SmartConsole Software Requirements

  • Microsoft .NET framework 4.5.

  • Microsoft Visual C++.

SmartConsole is supported on:

  • Windows 11, Windows 10 (all editions).

  • Windows Server 2022, 2019, 2016, 2012, 2012 R2.

    Important - Support for Windows Server 2012 and 2012 R2 was removed in the R81.20 Jumbo Hotfix Accumulator, starting from Take 79. See sk181879.

Gaia Portal Requirements

The Gaia Portal requirements on Security Gateways, Cluster Members, Management Servers, and Log Servers

To connect to Gaia PortalClosed Web interface for the Check Point Gaia operating system. on R81.20 Security Gateways, ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members, Scalable Platform Security GroupsClosed A logical group of Security Appliances (in Maestro) / Security Gateway Modules (on Scalable Chassis) that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances / Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. In Maestro, each Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected., Security Management Servers, Log Servers, SmartEvent Servers, Multi-Domain Security Management Servers, Multi-Domain Log Servers, Endpoint Security Management Servers, and Endpoint Policy Servers, you must use one of these web browsers:

Browser

Supported Versions

Microsoft Edge

Any

Google Chrome

14 and higher

Mozilla Firefox

6 and higher

Apple Safari

5 and higher

Microsoft Internet Explorer

8 and higher

(If you use Internet Explorer 8, file uploads
in the GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Portal are limited to 2 GB)

The Gaia Portal requirements on Quantum Maestro Orchestrators

To connect to Gaia Portal on R81.20 Quantum Maestro OrchestratorsClosed A scalable Network Security System that connects multiple Check Point Security Appliances into a unified system. Synonyms: Orchestrator, Quantum Maestro Orchestrator, Maestro Hyperscale Orchestrator. Acronym: MHO., you must use one of these web browsers:

Browser

Supported Versions

Microsoft Edge

40.15063 and higher

Google Chrome

71.0 and higher

Mozilla Firefox

64.0 and higher

Microsoft Internet Explorer

11.0.50 and higher

Mobile Access Requirements

Browser Compatibility

Endpoint Browser Compatibility

Microsoft
Edge

Google
Chrome

Mozilla
Firefox

Apple
Safari

Opera for
Windows

Microsoft
Internet
Explorer

Mobile Access Portal

Clientless access to web applications (Link Translation)

Compliance Scanner

Secure Workspace (2), (3)

SSL Network Extender - Network Mode

SSL Network Extender - Application Mode (2)

Downloaded from Mobile Access applications

Citrix

File Shares - Web-based file viewer (HTML)

Limited support

Web mail

Notes:

  1. For a list of the prerequisites necessary to use the Mobile Access Portal on-demand clients, such as SSL Network Extender Network mode, SSL Network Extender Application Mode, Secure Workspace and Compliance Scanner, refer to sk113410.

  2. Secure Workspace and SSL Network Extender Application Mode are available for Windows platforms only.

  3. Microsoft Internet Explorer is only browser supported in Secure Workspace.

Harmony Endpoint Management Server Requirements

Hardware Requirements

These are the minimum requirements to enable Endpoint Security management on a Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.:

Component

Requirement

Number of CPU cores

4

Memory

16 GB

Disk Space

845 GB

The requirements for dedicated Endpoint Security Management Servers are similar.

Resource consumption is based on the size of your environment. For larger environments, more disk space, memory, and CPU are required.

Software Requirements

For more information, see the R81.20 Harmony Endpoint Security Server Administration Guide.

Anti-Malware Signature Updates

  • To allow Endpoint Security clients to get Anti-Malware signature updates from a cleanly installed R81.20 Primary Endpoint Security Management Server, follow the instructions in the R81.20 Harmony Endpoint Security Server Administration Guide when you select the Anti-Malware component.

  • For a new R81.20 Endpoint Policy Server that was installed from scratch (not upgraded), you must follow sk127074.

    No additional steps are required, if you upgrade the Primary Endpoint Security Management Server to R81.20.

  • Endpoint Security Clients can continue to acquire their Anti-Malware signature updates directly from an external Check Point signature server or other external Anti-Malware signature resources, if your organization's Endpoint Anti-Malware policy allows it.

Scalable Platform Requirements

Supported Network Cards on Maestro Security Appliances

To connect a Maestro Security Appliance to Quantum Maestro Orchestrators with DAC cables, one of these Check Point cards has to be installed in the Maestro Security Appliance:

Network Card

Notes

10/25/40/100G Fiber QSFP28+

(2-Port Dual-Width 10/25/40/100G QSFP28 Card)

SKU:

CPAC-2-40/100F-C

Important - For the minimum software requirements, see the home page article for your appliance model. You can find the corresponding links in sk96246.

Important - To connect to Quantum Maestro Orchestrators, you must use only the 10/25/40/100G ports. It is not supported to connect other ports to Orchestrators.

Note - You can connect all available 10/25/40/100G ports on a Security Appliance to Quantum Maestro Orchestrators on the Maestro Site.

Example for QLS450 (that has two 10/25/40/100G cards):

100/25 GbE Fiber QSFP+

SKU:
CPAC-2-100/25F-B

The minimal required card firmware version is 12.22.1002

To make sure the version is correct, run this single long command in the Expert mode on the Security Appliance:

for NIC in $(ifconfig | grep ethsBP | awk '{print $1}') ; do echo $NIC: ; ethtool -i $NIC | grep firmware ; done

Example output:

ethsBP4-01:

firmware-version: 12.22.1002

ethsBP4-02:

firmware-version: 12.22.1002

40 GbE Fiber QSFP+

SKU:
CPAC-2-40F-B

The minimal required card firmware version is 12.22.1002

To make sure the version is correct, run this single long command in the Expert mode on the Security Appliance:

for NIC in $(ifconfig | grep ethsBP | awk '{print $1}') ; do echo $NIC: ; ethtool -i $NIC | grep firmware ; done

Example output:

ethsBP4-01:

firmware-version: 12.22.1002

ethsBP4-02:

firmware-version: 12.22.1002

10 GbE Fiber SFP+

SKUs:
CPAC-4-10F-B
CPAC-4-10F-6500/6800-C

Output of the "lspci -v" command must show:

Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection

To verify, run this command in the Expert mode on the Security Appliance:

lspci -v | grep 'Ethernet controller' | grep Intel

Supported Hardware and Firmware on 60000 / 40000 Scalable Chassis

All information is documented in sk93332.