Creating a Global Policy in the Global SmartConsole

You create Global Policies in the Global SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.. You create Domain policies in the SmartConsole launched using the Domain Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.. Let us consider an MSP that wants to implement a ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. which blocks unwanted services at Domain sites. The Multi-Domain Security Management Superuser, Carol, wants to set up a rule which lets the Domain administrators decide which computers are allowed to access the Internet.

Source

Destination

VPN

Service

Action

MyRule

Any

Any

Any

Accept

After she created a Global PolicyClosed On a Multi-Domain Security Management Server, a policy defined in the Global Domain. You can assigns this Global Policy to Domains. which includes this rule, she assigns and installs it to specific Domains and their Security Gateways. Each Domain administrator must create a group object with the same name as in the Domain Management ServerClosed Virtual Security Management Server that manages Security Gateways for one Domain, as part of a Multi-Domain Security Management environment. Acronym: DMS. database. This is done in SmartConsole. This way, local administrators translate the dynamic global object into sets of network object from the local database.

For details about how to use the SmartConsole, see the R81 Security Management Administration Guide.

These are the differences between the Domain SmartConsole and the Global SmartConsole:

Feature

Domain SmartConsole

Global SmartConsole

Rule BaseClosed All rules configured in a given Security Policy. Synonym: Rulebase.

Local, applying to the Domain network only.

Global, applying to multiple networks of all Domains assigned this Global Policy.

 

Domain Security Rules and Global Rules (in Read Only mode) if the Global Policy is assigned to the Domain.

Global Rules and a place holder for Domain rules.

 

Not associated with the Domain other security policiesClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection..

Automatically added to all of the assigned security policies of Domains.

 

Each Domain policy is independent, with its own rules.

All the assigned Domain policies share the global rules.

Network Objects

Local to this network only.

Global to multiple networks of all Domains assigned this Global Policy.

Global Properties

Enabled.

Disabled (manipulations is through the Domain SmartConsole).

Saving a Security Policy

Adds the security policy to the list of Domain security policies.

Adds the Global Policy to the Global Policies database (and displays it in the Global Policies Tree of SmartConsole).

Note - You cannot use the Global SmartConsole to create Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. objects. Instead, use a SmartConsole connected to a specific Domain Management Server to create these objects.