Creating a New Domain

Watch the Video

Use this procedure to create a new Domain together with the first Domain Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. for this Domain.

To create a New Domain

  1. Connect to the Multi-Domain ServerClosed Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. with SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..

  2. In the Multi-Domain > Domains view, click New.

  3. In the Domain window, enter a unique Domain name.

  4. Click the + icon in the General > Domain Servers section.

    In a Management High Availability deployment, you must select a Multi-Domain Server from the list.

    1. Enter a unique Domain Management ServerClosed Virtual Security Management Server that manages Security Gateways for one Domain, as part of a Multi-Domain Security Management environment. Acronym: DMS. name or accept the default name.

    2. Enter the Domain Management Server IP address, or click Resolve IP to get the IP Address from the Multi-Domain Server address pool.

    3. Accept the default Domain Management Server type and click OK.

    4. Click Trusted Clients and select one or more trusted clients from the list that can connect to this Domain Management Server.

    5. Optional: Click Additional Information and enter contact information for the person responsible for this Domain Management Server.

  5. Click OK to save the new Domain and Domain Management Server.

  6. After you created the Domain, you can configure administrator access to your Domain using an Identity Provider. In the Multi-Domain view > Domains, right-click the Domain and select Edit. Go to the Identity Provider tab, and select one of these options:

    • Use the default Identity Provider for Managing Administrator Access to this Domain - Use the Identity Provider selected in the Manage & Settings view > Permissions & Administrators > Advanced > Identity Provider.

    • Use the Domain Identity Provider for Managing Administrator Access to this Domain - Select this option if there is an identity provider which is configured in the Multi-Domain view, but you would like to use a different Identity Provider for the specific Domain.

    For more information on how to create and configure an Identity Provider, see Creating an Administrator Account with SAML Authentication Login.

  7. Click OK.

Notes:

Assigning Trusted Clients to Domains

You must assign one or more trusted SmartConsole clients to Domains before you can connect to them. If you do not do this, an error message shows when you try to connect.

Each Domain assignment identifies trusted SmartConsole clients based on one of these criteria:

  • An IP address

  • A host name

  • A range of IP addresses

  • Net mask

  • IP addresses with wildcard characters

  • Any - All SmartConsole clients can connect

  1. Connect to the Multi-Domain Server with SmartConsole

  2. From the tree, click Multi-Domain.

  3. From the tree, click Permissions & Administrators > Trusted Clients.

  4. Click New.

  5. In the New Trusted Client window, enter a unique name for this Domain assignment.

  6. Select an identification criterion from the Type list and enter the applicable information.

  7. In the Domains Assignment section, add one or more Domains.

  8. Optional: Select Multi-Domain Server Trusted Client to apply this assignment to Multi-Domain Servers in addition to the specified Domains.

  9. Click OK.

  1. Connect to the Multi-Domain Server with SmartConsole

  2. From the tree, click Multi-Domain.

  3. From the tree, click Permissions & Administrators > Trusted Clients.

  4. Double-click the trusted client name.

  5. In the Domains Assignment section, add one or more Domains.

  6. Optional: Select Multi-Domain Server Trusted Client to apply this assignment to Multi-Domain Servers in addition to the specified Domains.

  7. Click OK.

  1. Connect to the Multi-Domain Server with SmartConsole

  2. From the tree, click Multi-Domain.

  3. From the tree, click Permissions & Administrators > Trusted Clients.

  4. Double-click the trusted client name.

  5. Select an identification criterion from the Type list and enter or change the applicable information.

  6. In the Domains Assignment section, add or delete one or more Domains.

  7. Optional: Select Multi-Domain Server Trusted Client to apply this assignment to Multi-Domain Servers in addition to the specified Domains.

  8. Click OK.

To clone an existing Domain:

  1. Connect to the Multi-Domain Server with SmartConsole.

  2. Go to the Multi-Domain view > Domains.

  3. Right-click the required Domain, and select Clone.

  4. In the window that opens, click Continue.

  5. Configure the cloned Domain.

  6. Click OK.

You can see the progress of cloning at the bottom left corner of SmartConsole.

Configuring Automatic Domain IP Address Assignment

You can configure a Multi-Domain Server to assign an IP address to Domain Management Servers managed by this Multi-Domain Server from a predefined pool of IP addresses. This makes sure that the assigned IP address is not in use by other Multi-Domain Servers or Domain Management Servers.

To configure a Multi-Domain Server to assign IP addresses to Domain Management Servers

  1. Connect to the Multi-Domain Server with SmartConsole

  2. From the left tree, click Multi-Domain > Domains.

  3. Right-click a Multi-Domain Server and select Edit.

    The Multi-Domain Server window opens.

  4. From the left tree, click Multi-Domain.

  5. In the IP Range section, enter the first and last IP address in the range.

  6. Click OK.