Requirements
Threat Extraction Requirements for Web-downloaded Documents
-
A minimum of 2.3GB free RAM must be available, regardless of the number of cores or connection used by the Security Gateway
Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.. -
Supported with appliance series 5000, 6000, 7000, and higher.
Threat Emulation Requirements
Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. that uses ThreatCloud The cyber intelligence center of all of Check Point products. Dynamically updated based on an innovative global network of threat sensors and invites organizations to share threat data and collaborate in the fight against modern malware. requires Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. operating system (64 or 32-bit).
Logging Requirements
Logs can be stored on:
-
A Management Server
Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. that collects logs from the Security Gateways. This is the default. -
A Log Server
Dedicated Check Point server that runs Check Point software to store and process logs. on a dedicated server. This is the recommendation for environments that generate many logs.
A dedicated Log Server has greater capacity and performance than a Management Server with an activated logging service. On dedicated Log Servers, the Log Server must be the same version as the Management Server.
SmartEvent Requirements
SmartEvent R81 can only connect to a Log Server that runs the R81 version.
SmartEvent and a SmartEvent Correlation Unit SmartEvent software component on a SmartEvent Server that analyzes logs and detects events. are usually installed on the same server. You can also install them on different servers, for example, to balance the load in large logging environments. The SmartEvent Correlation Unit must be the same version as the SmartEvent Server Dedicated Check Point server with the enabled SmartEvent Software Blade that hosts the events database..
To deploy SmartEvent and to generate reports, a valid license or contract is required.
Hardware Requirements
For an average rate of 500 logs per second:
-
Total CPU Cores: 4
-
RAM: 16GB
Desktop SmartConsole Requirements
Desktop SmartConsole Hardware Requirements
This table shows the minimum hardware requirements for SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. applications:
|
Component |
Minimum Requirement |
|---|---|
|
CPU |
Intel Pentium Processor E2140, or 2 GHz equivalent processor |
|
Memory |
4 GB |
|
Available Disk Space |
2 GB |
|
Video Adapter |
Minimum resolution: 1024 x 768 |
Desktop SmartConsole Software Requirements
-
Microsoft .NET framework 4.5.
-
Microsoft Visual C++.
SmartConsole is supported on:
-
Windows 10 (all editions), Windows 8.1 (Pro), and Windows 7 (SP1, Ultimate, Professional, and Enterprise)
-
Windows Server 2019, 2016, 2012, 2012 R2, 2008 (SP2), and 2008 R2 (SP1)
Gaia Portal Requirements
The Gaia Portal requirements on Security Gateways, Cluster Members, Management Servers, and Log Servers
To connect to Gaia Portal Web interface for the Check Point Gaia operating system. on R81 Security Gateways, Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members, Scalable Platform Security Groups A logical group of Security Appliances (in Maestro) / Security Gateway Modules (on Scalable Chassis) that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances / Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. In Maestro, each Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected., Security Management Servers, Log Servers, SmartEvent Servers, Multi-Domain Security Management Servers, Multi-Domain Log Servers, Endpoint Security Management Servers, and Endpoint Policy Servers, you must use one of these web browsers:
|
Browser |
Supported Versions |
|---|---|
|
Microsoft Edge |
Any |
|
Google Chrome |
14 and higher |
|
Mozilla Firefox |
6 and higher |
|
Apple Safari |
5 and higher |
|
Microsoft Internet Explorer |
8 and higher |
Mobile Access Requirements
|
Endpoint Computer OS Compatibility |
Windows |
Linux |
macOS |
iOS |
Android |
|---|---|---|---|---|---|
|
|
|
|
|
|
|
|
Clientless access to web applications (Link Translation) |
|
|
|
|
|
|
|
|
|
|
|
|
|
Secure Workspace |
|
|
|
|
|
|
|
|
|
|
|
|
|
SSL Network Extender - Application Mode |
|
|
|
|
|
|
Downloaded from Mobile Access applications |
|
|
|
|
|
|
Citrix |
|
|
|
|
|
|
File Shares - Web-based file viewer (HTML) |
|
|
|
|
|
|
Web mail |
|
|
|
|
|
|
Endpoint Browser Compatibility |
Microsoft |
Google |
Mozilla |
Apple |
Opera for |
Microsoft |
|---|---|---|---|---|---|---|
|
Mobile Access Portal |
|
|
|
|
|
|
|
Clientless access to web applications (Link Translation) |
|
|
|
|
|
|
|
Compliance Scanner |
|
|
|
|
|
|
|
Secure Workspace (2), (3) |
|
|
|
|
|
|
|
SSL Network Extender - Network Mode |
|
|
|
|
|
|
|
SSL Network Extender - Application Mode (2) |
|
|
|
|
|
|
|
Downloaded from Mobile Access applications |
|
|
|
|
|
|
|
Citrix |
|
|
|
|
|
|
|
File Shares - Web-based file viewer (HTML) |
|
|
|
|
Limited support |
|
|
Web mail |
|
|
|
|
|
|
|
|
Notes:
|
Identity Awareness Requirements
Identity Clients
See Check Point Clients and Agents for Windows OS and Check Point Clients and Agents for macOS for:
-
Identity Agent for a Terminal Server
AD Query and Identity Collector
Supported Active State of a Cluster Member that is fully operational: (1) In ClusterXL, this applies to the state of the Security Gateway component (2) In 3rd-party / OPSEC cluster, this applies to the state of the cluster State Synchronization mechanism. Directory versions: Microsoft Windows Server 2008 R2, 2012, 2012 R2, 2016, and 2019.
Harmony Endpoint Management Server Requirements
Hardware Requirements
These are the minimum requirements to enable Endpoint Security management on a Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.:
|
Component |
Requirement |
|---|---|
|
Number of CPU cores |
4 |
|
Memory |
16 GB |
|
Disk Space |
845 GB |
The requirements for dedicated Endpoint Security Management Servers are similar.
Resource consumption is based on the size of your environment. For larger environments, more disk space, memory, and CPU are required.
Software Requirements
For more information, see the R81 Harmony Endpoint Security Server Administration Guide.
-
Endpoint Security Management Servers are supported on Management-only appliances or Open Servers. Endpoint Security Management Servers do not support Standalone
Configuration in which the Security Gateway and the Security Management Server products are installed and configured on the same server. (Security Gateway + Management Server) and Multi-Domain Security Management deployments. -
Endpoint Security Management Servers is not supported on Red Hat Enterprise Linux releases.
-
R81 Endpoint Security Management Server can manage:
-
E81.00 and higher versions of Endpoint Security Clients for Windows
-
E82.00 and higher versions of Clients for macOS
-
Anti-Malware Signature Updates
-
To allow Endpoint Security clients to get Anti-Malware signature updates from a cleanly installed R81 Primary Endpoint Security Management Server, follow the instructions in the R81 Harmony Endpoint Security Server Administration Guide when you select the Anti-Malware component.
-
For a new R81 Endpoint Policy Server that was installed from scratch (not upgraded), you must follow sk127074. No additional steps are required, if you upgrade the Primary Endpoint Security Management Server to R81.
-
Endpoint Security Clients can continue to acquire their Anti-Malware signature updates directly from an external Check Point signature server or other external Anti-Malware signature resources, if your organization's Endpoint Anti-Malware policy allows it.
Scalable Platform Requirements
-
To manage R81 Security Groups on Maestro, use:
-
R81 Security Management Server or Multi-Domain Server
Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS..In addition, see sk113113 > section "Management Servers and Security Gateways they can manage".
For the list of available Maestro Security Appliances, see sk162373.
-
To manage R81 Security Groups on Scalable Chassis
The container that contains the all the components of a 60000 / 40000 Appliance. Synonym: Chassis., use:-
R81 Security Management Server or Multi-Domain Server.
In addition, see sk113113 > section "Management Servers and Security Gateways they can manage".
-
-
For the list of compatible transceivers for Check Point Appliances, see sk92755.
-
For comparison between different software versions for Scalable Platforms (Maestro and Chassis), see sk173183.
Supported Network Cards on Maestro Security Appliances
To connect a Maestro Security Appliance to Quantum Maestro Orchestrators See "Maestro Orchestrator". with DAC cables, one of these Check Point cards has to be installed in the Maestro Security Appliance:
Supported Hardware and Firmware on 60000 / 40000 Scalable Chassis
All information is documented in sk93332.