Introduction to SmartProvisioning

SmartProvisioning Check Point Software Blade on a Management Server (the actual name is "Provisioning") that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: Large-Scale Management, SmartLSM, LSM. lets you manage multiple gateways from one Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. or Multi-Domain Security Management. SmartProvisioning defines, manages, and provisions (remotely configures) large-scale deployments of Check Point Security Gateways:

• SmartProvisioning helps you manage the load on the Security Gateways. The policy is not installed on all Security Gateways simultaneously, but the gateways fetch the policy at different time intervals.

• The SmartProvisioning management concept is based on profiles, which help you manage your gateways more efficiently. With these profiles, you can define the gateway settings once and then assign each profile to multiple gateways, as needed. For example, when you select which blades to enable in the LSM Profile, the selected blades are enabled on all gateways which are assigned to the Profile.

• SmartProvisioning supports two types of profiles: Security Profiles, which define the security settings, and Provisioning Check Point Software Blade on a Management Server that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: SmartProvisioning, SmartLSM, Large-Scale Management, LSM. Profiles, which define the device settings. SmartProvisioning is efficient for use in large enterprises with many branch offices, where the branch offices have identical or similar characteristics. You can use a relatively small number of Security Profiles or Provisioning Profiles to manage a much larger number of gateways.

Note - SmartProvisioning is not available for members of SmartLSM cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing..

A list of Supported Features

• Central management of security policies Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection., gateway provisioning, remote gateway boot, and Dynamic Object Special object type, whose IP address is not known in advance. The Security Gateway resolves the IP address of this object in real time. value configurations

• Automatic Profile Fetch for large deployment management and provisioning

• All Firewall features supported by DAIP gateways, including DAIP and static IP address gateways

• Easy creation and maintenance of VPN tunnels between SmartLSM Security Gateways and CO gateways, including generation of IKE certificates for VPN, from third-party CA Servers or Check Point CA

• Automatic calculation of anti-spoofing information for SmartLSM Security Gateways

• Log tracking for gateways based on unique, static IDs; with local logging for reduced logging load

• High level and in-depth status monitoring

• Complete management of licenses and packages, Client Authentication, Session Authentication and User Authentication

• Command Line Interface to manage SmartLSM Security Gateways

• Support of Check Point 1100, 1200R, 1400 and 1500 Appliances