Data Center Protection

Security Challenge

The Data Center contains sensitive corporate resources and information that you must safely protect from access that is not approved. You must in addition protect it from malware and viruses that can harm databases and steal corporate information. Only compliant users and computers must get access to the Data Center and especially to some applications.

Configuration Scenario

  1. Configure the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. inline in front of the Date Center core switch.

    This procedure protects access to the Data Center from the LAN.

    >

    Best Practice - We recommend that you configure the Security Gateway in the Bridge ModeClosed Security Gateway or Virtual System that works as a Layer 2 bridge device for easy deployment in an existing topology. to prevent all the changes in the network.

  2. Specify minimum two interfaces on the Security Gateway and configure them to be internal or bridged.

  3. Make sure that the Security Gateway has connectivity to the Active Directory and all applicable internal domain controllers in the network (LAN).

  4. Make sure that users from the LAN can connect to the Data Center through the Security Gateway with an "Any Any Any Accept" policy.

  5. Make sure that you do not have a proxy or NAT device between the Security Gateway and users or the LAN.

Configuration Procedure

  1. Enable Identity AwarenessClosed Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. on the Security Gateway and select identity sources.

  2. Create Access Roles for users and apply the Access Roles to applicable Access Control Policy rules.