Creating a New Domain

Use this procedure to create a new Domain together with the first Domain Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. for this Domain.

To create a New Domain

1. Connect to the Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. with SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..

2. In the Multi-Domain > Domains view, click New.

3. In the Domain window, enter a unique Domain name.

4. Click the + icon in the General > Domain Servers section.

   In a Management High Availability deployment, you must select a Multi-Domain Server from the list.

   1. Enter a unique Domain Management Server Virtual Security Management Server that manages Security Gateways for one Domain, as part of a Multi-Domain Security Management environment. Acronym: DMS. name or accept the default name.

   2. Enter the Domain Management Server IP address, or click Resolve IP to get the IP Address from the Multi-Domain Server address pool.

   3. Accept the default Domain Management Server type and click OK.

   4. Click Trusted Clients and select one or more trusted clients from the list that can connect to this Domain Management Server.

   5. Optional: Click Additional Information and enter contact information for the person responsible for this Domain Management Server.

5. Click OK to save the new Domain and Domain Management Server.

   Notes: When you create a new Domain, you must always create at least one new Domain Management Server with it. You can also use this procedure to create Standby Domains and Domain Management Servers for Domain Management Server for redundancy and Load Sharing. To do this, there must be at least one Secondary Multi-Domain Server in the deployment. To create a Log Server Dedicated Check Point server that runs Check Point software to store and process logs., you must have a Multi-Domain Log Server Dedicated Check Point server that runs Check Point software to store and process logs in a Multi-Domain Security Management environment. The Multi-Domain Log Server consists of Domain Log Servers that store and process logs from Security Gateways that are managed by the corresponding Domain Management Servers. Acronym: MDLS. or a Secondary Multi-Domain Server in your environment.

Assigning Trusted Clients to Domains

You must assign one or more trusted SmartConsole clients to Domains before you can connect to them. If you do not do this, an error message shows when you try to connect.

Each Domain assignment identifies trusted SmartConsole clients based on one of these criteria:

• An IP address

• A host name

• A range of IP addresses

• Net mask

• IP addresses with wildcard characters

• Any - All SmartConsole clients can connect

Configuring Automatic Domain IP Address Assignment

You can configure a Multi-Domain Server to assign an IP address to Domain Management Servers managed by this Multi-Domain Server from a predefined pool of IP addresses. This makes sure that the assigned IP address is not in use by other Multi-Domain Servers or Domain Management Servers.

To configure a Multi-Domain Server to assign IP addresses to Domain Management Servers

1. Connect to the Multi-Domain Server with SmartConsole

2. From the left tree, click Multi-Domain > Domains.

3. Right-click a Multi-Domain Server and select Edit.

   The Multi-Domain Server window opens.

4. From the left tree, click Multi-Domain.

5. In the IP Range section, enter the first and last IP address in the range.

6. Click OK.