Provisioning Settings for Security Gateways Configured in SmartConsole
This section describes how to configure the Provisioning
Check Point Software Blade on a Management Server that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: SmartProvisioning, SmartLSM, Large-Scale Management, LSM. settings that are common to all the Security Gateways that you created in SmartConsole.
Before you begin, make sure that your administrator user name has Write permissions for SmartLSM Gateway Database (see Defining SmartProvisioning Administrators).
From the Devices pane, double-click the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. object.
The window opens and shows the General tab.
Assigning a Provisioning Profile
-
Click the General tab.
-
In the Provisioning section, select Enable Provisioning.
-
Click Provisioning Profile.
-
From the drop-down menu, select the required Provisioning Profile, or click New and create a new Provisioning Profile.
-
Click OK.
-
Click Publish from the top toolbar.
Configuring Interfaces
You can configure the interfaces of the individual Security Gateway, or view how they are managed with the assigned Provisioning Profile.
You can select to use SmartProvisioning Check Point Software Blade on a Management Server (the actual name is "Provisioning") that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: Large-Scale Management, SmartLSM, LSM. to manage the interface settings, or configure them locally on the Security Gateway.
Configure interfaces with SmartProvisioning
-
Click the Interfaces tab.
-
Click Use the following settings.
-
Click Add and select the applicable interface type.
-
Configure the interface settings.
-
Click OK to close the interface properties.
-
Click OK to close the Security Gateway object properties.
-
Click Publish from the top toolbar.
Configure interfaces on the Security Gateway
-
Click the Interfaces tab.
-
Click Manage settings locally on the device.
-
Click OK.
-
Click Publish from the top toolbar.
Configuring Routing
You can configure the routing settings of individual Security Gateways in the Devices pane in SmartProvisioning. You cannot configure these settings in a Provisioning Profile. You must configure the interfaces before the routes, because there are different types of routing configurations for different interfaces.
You can also configure the routing settings on the local appliance or server.
Configuring and Managing the routing settings with SmartProvisioning
Configure the routing settings with SmartProvisioning
-
Click the Routing tab.
-
Click Use the following settings.
-
Click Add.
-
Select a route type:
-
Network Route - Configure internal network routes (see Configuring Network Route).
-
Host Route - Configure access to a specific host (see Configuring Host Route).
-
Default Route - Configure the default route to access external destinations (see Configuring Default Route).
A different Routing window opens for each type.
-
-
Enter the data.
Click OK.
Some of the options are different for different appliances.
- Click OK.
-
Click Publish from the top toolbar.
Configure the routing settings on the Security Gateway
-
Click the Routing tab.
-
Click Manage settings locally on the device.
- Click OK.
-
Click Publish from the top toolbar.
Configuring Network Route
Configure these settings for the internal network routes:
-
Destination IP Address - Destination IP address for this route (for example, the IP address of the CO Security Gateway or the Security Management Server
Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server./Domain Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.). -
Destination Netmask - Net mask of the destination network.
-
Interface - Select a pre-configured interface for this route.
-
Gateway - IP address of the Security Gateway, which provides access to this route (for the Gaia
Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. gateways also assign a priority). -
Next Hop Type - For Gaia and the IP Appliances:
-
Normal - Allow traffic to the Security Gateway.
-
Reject - Block traffic where the gateway is the destination, and acknowledge.
-
Black Hole - Block traffic without acknowledgment.
-
Configuring Host Route
Configure these settings for host routes:
-
Destination IP Address - IP address of the destination host.
-
Interface - Select a pre-configured interface for this route.
-
Gateway - IP address of the gateway providing access to this host.
-
Metric - Distance in hops to the destination. If the host is on your local site, this must be a very low number. If the host is not behind routers, the metric must be zero.
Configuring Default Route
Configure these settings for default routes to external destinations:
-
Gateway - IP address of the gateway providing access to the default external route.
-
Metric - Distance in hops to the gateway (this value must be as accurate as possible: too low a value can cause lost communications with looping; too high a value may cause security issues). You can define only one default route per gateway.
Configuring DNS Servers
You can configure the DNS servers of the individual Security Gateway, or view how they are managed with the assigned Provisioning Profile.
You can select to use SmartProvisioning to manage the DNS settings, or configure on the local appliance or server.
Configure DNS servers with SmartProvisioning
-
Click the DNS tab.
-
Click Use the following settings.
-
Enter the IP addresses of the First, Second, and Third DNS servers.
- Click OK.
-
Click Publish from the top toolbar.
Configure the DNS servers on the Security Gateway
-
Click the DNS tab.
-
Click Manage settings locally on the device.
- Click OK.
-
Click Publish from the top toolbar.
Configuring Hosts
You can set up the host list of the individual Security Gateway, or view how it is managed centrally with the assigned Provisioning Profile.
You can use SmartProvisioning to manage the host list, or configure it on the local appliance or server.
Configure the host list with SmartProvisioning
-
Click the Hosts tab.
-
Click Use the following settings.
-
Click New.
-
Provide the Hostname and IP address.
- Click OK.
-
Click Publish from the top toolbar.
Configure the host list on the Security Gateway
-
Click the Hosts tab.
-
Click Manage settings locally on the device.
- Click OK.
-
Click Publish from the top toolbar.
Configuring Domain Name
You can set up the domain of the individual Security Gateway, or view how it is managed centrally with the assigned Provisioning Profile.
You can select to use SmartProvisioning to manage the domain settings, or configure on the local appliance or server.
Configure domain settings with SmartProvisioning
-
Click the Domain Name tab.
-
Click Use the following settings.
-
Enter the Domain name.
- Click OK.
-
Click Publish from the top toolbar.
Configure the domain settings on the Security Gateway
-
Click the Domain Name tab.
-
Click Manage settings locally on the device.
- Click OK.
-
Click Publish from the top toolbar.
Configuring Host Name
You can see or change the host name of the individual Security Gateway in SmartProvisioning. You cannot use a Provisioning Profile to change the host name.
You can select to use SmartProvisioning to manage the host name settings, or configure on the local appliance or server.
Configure host name with SmartProvisioning
-
Click the Host Name tab.
-
Click Use the following settings.
-
Enter the Hostname of the gateway.
- Click OK.
-
Click Publish from the top toolbar.
Configure the host name on the Security Gateway
-
Click the Host Name tab.
-
Click Manage settings locally on the device.
- Click OK.
-
Click Publish from the top toolbar.