Requirements

Threat Extraction Requirements for Web-downloaded Documents

Logging Requirements

Logs can be stored on:

A dedicated Log Server has greater capacity and performance than a Management Server with an activated logging service. On dedicated Log Servers, the Log Server must be the same version as the Management Server.

SmartEvent Requirements

SmartEvent R81 can only connect to a Log Server that runs the R81 version.

SmartEvent and a SmartEvent Correlation UnitClosed SmartEvent software component on a SmartEvent Server that analyzes logs and detects events. are usually installed on the same server. You can also install them on different servers, for example, to balance the load in large logging environments. The SmartEvent Correlation Unit must be the same version as the SmartEvent ServerClosed Dedicated Check Point server with the enabled SmartEvent Software Blade that hosts the events database..

To deploy SmartEvent and to generate reports, a valid license or contract is required.

Hardware Requirements

For an average rate of 500 logs per second:

  • Total CPU Cores: 4

  • RAM: 16GB

Desktop SmartConsole Requirements

Desktop SmartConsole Hardware Requirements

This table shows the minimum hardware requirements for SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. applications:

Component

Minimum Requirement

CPU

Intel Pentium Processor E2140, or 2 GHz equivalent processor

Memory

4 GB

Available Disk Space

2 GB

Video Adapter

Minimum resolution: 1024 x 768

Desktop SmartConsole Software Requirements

  • Microsoft .NET framework 4.5.

  • Microsoft Visual C++.

SmartConsole is supported on:

  • Windows 10 (all editions), Windows 8.1 (Pro), and Windows 7 (SP1, Ultimate, Professional, and Enterprise)

  • Windows Server 2019, 2016, 2012, 2012 R2, 2008 (SP2), and 2008 R2 (SP1)

Gaia Portal Requirements

The Gaia Portal requirements on Security Gateways, Cluster Members, Management Servers, and Log Servers

To connect to Gaia PortalClosed Web interface for the Check Point Gaia operating system. on R81 Security Gateways, ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members, Scalable Platform Security GroupsClosed A logical group of Security Appliances (in Maestro) / Security Gateway Modules (on Scalable Chassis) that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances / Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. In Maestro, each Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected., Security Management Servers, Log Servers, SmartEvent Servers, Multi-Domain Security Management Servers, Multi-Domain Log Servers, Endpoint Security Management Servers, and Endpoint Policy Servers, you must use one of these web browsers:

Browser

Supported Versions

Microsoft Edge

Any

Google Chrome

14 and higher

Mozilla Firefox

6 and higher

Apple Safari

5 and higher

Microsoft Internet Explorer

8 and higher
(If you use Internet Explorer 8, file uploads
through the Gaia Portal are limited to 2 GB)

Mobile Access Requirements

Browser Compatibility

Endpoint Browser Compatibility

Microsoft
Edge

Google
Chrome

Mozilla
Firefox

Apple
Safari

Opera for
Windows

Microsoft
Internet
Explorer

Mobile Access Portal

Clientless access to web applications (Link Translation)

Compliance Scanner

Secure Workspace (2), (3)

SSL Network Extender - Network Mode

SSL Network Extender - Application Mode (2)

Downloaded from Mobile Access applications

Citrix

File Shares - Web-based file viewer (HTML)

Limited support

Web mail

Notes:

  1. For a list of the prerequisites necessary to use the Mobile Access Portal on-demand clients, such as SSL Network Extender Network mode, SSL Network Extender Application Mode, Secure Workspace and Compliance Scanner, refer to sk113410.

  2. Secure Workspace and SSL Network Extender Application Mode are available for Windows platforms only.

  3. Microsoft Internet Explorer is only browser supported in Secure Workspace.

Harmony Endpoint Management Server Requirements

Hardware Requirements

These are the minimum requirements to enable Endpoint Security management on a Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.:

Component

Requirement

Number of CPU cores

4

Memory

16 GB

Disk Space

845 GB

The requirements for dedicated Endpoint Security Management Servers are similar.

Resource consumption is based on the size of your environment. For larger environments, more disk space, memory, and CPU are required.

Software Requirements

For more information, see the R81 Harmony Endpoint Security Server Administration Guide.

Anti-Malware Signature Updates

  • To allow Endpoint Security clients to get Anti-Malware signature updates from a cleanly installed R81 Primary Endpoint Security Management Server, follow the instructions in the R81 Harmony Endpoint Security Server Administration Guide when you select the Anti-Malware component.

  • For a new R81 Endpoint Policy Server that was installed from scratch (not upgraded), you must follow sk127074. No additional steps are required, if you upgrade the Primary Endpoint Security Management Server to R81.

  • Endpoint Security Clients can continue to acquire their Anti-Malware signature updates directly from an external Check Point signature server or other external Anti-Malware signature resources, if your organization's Endpoint Anti-Malware policy allows it.

Scalable Platform Requirements

Supported Network Cards on Maestro Security Appliances

To connect a Maestro Security Appliance to Quantum Maestro OrchestratorsClosed See "Maestro Orchestrator". with DAC cables, one of these Check Point cards has to be installed in the Maestro Security Appliance:

Network Card

Notes

100/25 GbE Fiber QSFP+

SKU:
CPAC-2-100/25F-B

The minimal required card firmware version is 12.22.1002

To make sure the version is correct, run this single long command in the Expert mode on the Security Appliance:

for NIC in $(ifconfig | grep ethsBP | awk '{print $1}') ; do echo $NIC: ; ethtool -i $NIC | grep firmware ; done

Example output:

ethsBP4-01:

firmware-version: 12.22.1002

ethsBP4-02:

firmware-version: 12.22.1002

40 GbE Fiber QSFP+

SKU:
CPAC-2-40F-B

The minimal required card firmware version is 12.22.1002

To make sure the version is correct, run this single long command in the Expert mode on the Security Appliance:

for NIC in $(ifconfig | grep ethsBP | awk '{print $1}') ; do echo $NIC: ; ethtool -i $NIC | grep firmware ; done

Example output:

ethsBP4-01:

firmware-version: 12.22.1002

ethsBP4-02:

firmware-version: 12.22.1002

10 GbE Fiber SFP+

SKUs:
CPAC-4-10F-B
CPAC-4-10F-6500/6800-C

Output of the "lspci -v" command must show:

Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection

To verify, run this command in the Expert mode on the Security Appliance:

lspci -v | grep 'Ethernet controller' | grep Intel

Supported Hardware and Firmware on 60000 / 40000 Scalable Chassis

All information is documented in sk93332.