Generic Workflow for HSM

This section contains generic workflows for an HSM environment.

Workflow for Configuring a Check Point Security Gateway to Work with HSM

Follow the steps below on the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. / ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members / Scalable Platform Security Group that must work with an HSM.

Note - Instructions for specific HSM vendors are located in the corresponding sections.

Workflow for Configuring an HSM Client Workstation

HSM Client workstation is an external computer, on which you install the HSM Client software of your HSM vendor.

HSM Client workstation can run on Windows, Linux, or other operating system, as required by the HSM vendor.

You use the HSM Client workstation to:

  • Create a CA Certificate on the HSM Server.

    Check Point Security Gateways / Cluster Members / Security Groups use this CA Certificate for HTTPS Inspection when it needs to store and access SSL keys on the HSM Server.

  • Manage keys for a fake certificate created by the Check Point Security Gateway / Cluster Members / Security Group.

Important - You must get the HSM Client package from the HSM vendor.