Workflow for Configuring Security Groups

You can configure the Security Groups in Gaia Portal Web interface for the Check Point Gaia operating system. (see Configuring Security Groups in Gaia Portal), or Gaia Clish The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell). (see Configuring Security Groups in Gaia Clish).

In addition, see Summary of Configuration Options.

Step

Instructions

Create a new Security Group A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected..

Note - Configure only one of the installed Quantum Maestro Orchestrators. The Quantum Maestro Orchestrators synchronize the configuration automatically with each other.

Best Practice - Configure the First Time Wizard settings in the new Security Group.

Assign the applicable Security Appliances to the Security Group.

Important:

You can assign only Security Appliances of the same model to the same Security Group.
Security Appliances assigned to the Security Group automatically reboot after you apply the configuration.

Best Practice for Dual Site - Assign the same number (as possible) of Security Appliances from each site to the Security Group. If a failover occurs between the sites, Security Appliances on the new Active site must be able to process all the traffic.

Assign the applicable Quantum Maestro Orchestrator A scalable Network Security System that connects multiple Check Point Security Appliances into a unified system. Synonyms: Orchestrator, Quantum Maestro Orchestrator, Maestro Hyperscale Orchestrator. Acronym: MHO. ports to the Security Group (Uplink ports Interfaces on the Quantum Maestro Orchestrator used to connect to external and internal networks. Gaia operating system shows these interfaces in Gaia Portal and in Gaia Clish. SmartConsole shows these interfaces in the corresponding SMO Security Gateway object. and a Management interface).

Verify and apply the configuration.

If you did not configure the First Time Wizard settings when you created a Security Group, you must run the Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. First Time Configuration Wizard on the Security Group.

With a web browser, connect to the Gaia Portal of the Security Group:

https://<IP Address of Security Group>

Important - This connection goes through the Quantum Maestro Orchestrator's management interface you assigned to this Security Group.

The Gaia First Time Configuration Wizard starts.

Follow the instructions on the screen.