Basic Multi-Domain Security Management Components

This section is a brief introduction to the main components of the Multi-Domain Security Management environment.

The Multi-Domain Server

A Multi-Domain Server is a physical server that contains the Domain Management ServersClosed Virtual Security Management Server that manages Security Gateways for one Domain, as part of a Multi-Domain Security Management environment. Acronym: DMS., Security PoliciesClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection., system data, and Multi-Domain Security Management system software. You connect to a Multi-Domain ServerClosed Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. to work with Multi-Domain Security Management features, objects, and configuration settings. This includes:

  • Domain Management Servers and their configuration settings

  • Global Policies and objects

  • Administrators and permission profiles

  • Logs and monitoring features

  • System configuration settings

You can create a High Availability and/or Load Sharing deployment with two or more, synchronized Multi-Domain Servers.

Domain Management Servers

A Domain is a virtual object that defines a network or a collection of networks related to an entity. You can define a Domain for a company, business unit, department, branch or geographical location. For example, a cloud service provider typically has one Domain for each customer. A bank can have one Domain for each geographical region, state, or country.

A Domain Management Server is the functional equivalent of a Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. in a single-domain environment. You connect directly to a Domain Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. with SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to manage a Domain and its components:

  • Domain Security Gateways

  • Domain Security Policies, rules, and other Domain level security settings

  • Domain system objects, such as services, users, and VPN Communities.

  • Domain Software Blades and their related configuration settings

To learn more about working with SmartConsole to manage Domains, see the R81 Security Management Administration Guide.

There can be more than one Domain Management Server for a Domain in a High Availability deployment, each on a different Multi-Domain Server. One Domain Management Server is Active, and the other, fully synchronized Domain Management Servers are Standby.

Domain Log Servers

A typical Multi-Domain Security Management deployment includes, at least one Multi-Domain Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs in a Multi-Domain Security Management environment. The Multi-Domain Log Server consists of Domain Log Servers that store and process logs from Security Gateways that are managed by the corresponding Domain Management Servers. Acronym: MDLS. to hold log files generated by Domain Security Gateways. Each Domain can have its own Domain Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs. on the Multi-Domain Log Server. This deployment strategy keeps log traffic isolated from other network traffic for better throughput.

This illustration shows a sample deployment with two Multi-Domain Servers and two Domains. The Multi-Domain Log Server contains two Domain Log Servers, one for each Domain.

Item

Description

1

London Multi-Domain Server with an Active Domain Management Server for London and a Standby Domain Management Server for Tokyo

2

Multi-Domain Log Server with Domain Log Servers for London and Tokyo

3

Tokyo Multi-Domain Server with an Active Domain Management Server for Tokyo and a Standby Domain Management Server for London

4

Tokyo network

5

London network

6

Internet

Active Domain Management Server

Standby Domain Management Server

Domain Log Server