Guidelines for Basic SmartLSM Security Policies

You can use this procedure as a guideline for the creation of a Security PolicyClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. for a SmartLSM Security Profile. The Security Policy rules depend on the needs of your environment and the requirements of the SmartLSM Security Gateways that reference the SmartLSM Security Profile.

Note - This procedure uses Dynamic Objects. For more details, see Dynamic Objects.

To define a Security Policy for a SmartLSM Security Profile object:

  1. Use the LocalMachine dynamic object to represent any SmartLSM Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

  2. Use the InternalNet, DMZnet, and AuxiliaryNet dynamic objects to represent the respective networks, behind any SmartLSM Security Gateway.

  3. Add rules based on the needs of your organization and the requirements for the SmartLSM Security Gateways, with Dynamic Objects whenever possible.

    Dynamic Objects make the SmartLSM Security Profile applicable to numerous gateways.

  4. To allow Push actions from SmartProvisioningClosed Check Point Software Blade on a Management Server (the actual name is "Provisioning") that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: Large-Scale Management, SmartLSM, LSM., add a ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. that allows an incoming FW1_CPRID service from the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. or Domain Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. to LocalMachine.

  5. Install the Policy on the SmartLSM Security Profile object.

    This action prepares the Security Policy on the Security Management Server or Domain Management Server to be fetched by the SmartLSM Security Gateways that reference this SmartLSM Security Profile.