Requirements

Threat Extraction Requirements for Web-downloaded Documents

Supported with appliance series 5000, 6000, 7000, and higher.

Logging Requirements

Logs can be stored on:

A Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. that collects logs from the Security Gateways. This is the default.
A Log Server Dedicated Check Point server that runs Check Point software to store and process logs. on a dedicated server. This is the recommendation for environments that generate many logs.

A dedicated Log Server has greater capacity and performance than a Management Server with the activated Logging & Status Check Point Software Blade on a Management Server to view Security Logs from the managed Security Gateways. Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities..

The dedicated Log Server must run the same version as the Management Server.

SmartEvent Requirements

The dedicated SmartEvent Server Dedicated Check Point server with the enabled SmartEvent Software Blade that hosts the events database. must run the same version as the Management Server or the dedicated Log Server.

SmartEvent and a SmartEvent Correlation Unit SmartEvent software component on a SmartEvent Server that analyzes logs and detects events. are usually installed on the same server. You can also install them on different servers, for example, to balance the load in large logging environments. The SmartEvent Correlation Unit must run the same version as the SmartEvent Server.

To deploy SmartEvent and to generate reports, a valid license or contract is required.

Hardware Requirements

For an average rate of 500 logs per second:

Total CPU Cores: 4
RAM: 16GB

SmartConsole Requirements

Desktop SmartConsole Hardware Requirements

This table shows the minimum hardware requirements for the Desktop SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. applications:

Component	Minimum Requirement
CPU	Supported Intel® Core™ i3 or equivalent processor
Memory	4 GB
Available Disk Space	2 GB
Video Adapter	Minimum resolution: 1024 x 768
Disk Partition	NTFS

Desktop SmartConsole Software Requirements

Microsoft .NET framework 4.8.
Microsoft Visual C++ Redistributable 2019.

Desktop SmartConsole is supported on:

Windows 11, Windows 10 (all editions).
Windows Server 2022, 2019.

Gaia Portal Requirements

The Gaia Portal requirements on Security Gateways, Cluster Members, Management Servers, and Log Servers

To connect to Gaia Portal Web interface for the Check Point Gaia operating system. on R82 Security Gateways, Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members, Scalable Platform Security Groups A logical group of Security Appliances (in Maestro) / Security Gateway Modules (on Scalable Chassis) that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances / Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. In Maestro, each Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected., Security Management Servers, Log Servers, SmartEvent Servers, Multi-Domain Security Management Servers, Multi-Domain Log Servers, Endpoint Security Management Servers, and Endpoint Policy Servers, you must use one of these web browsers:

Browser	Supported Versions
Microsoft Edge	All versions
Google Chrome	14 and higher
Mozilla Firefox	6 and higher
Apple Safari	5 and higher

The Gaia Portal requirements on Quantum Maestro Orchestrators

To connect to Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Portal on R82 Quantum Maestro Orchestrators A scalable Network Security System that connects multiple Check Point Security Appliances into a unified system. Synonyms: Orchestrator, Quantum Maestro Orchestrator, Maestro Hyperscale Orchestrator. Acronym: MHO., you must use one of these web browsers:

Browser	Supported Versions
Microsoft Edge	85.0 and higher
Google Chrome	85.0 and higher
Mozilla Firefox	79.0 and higher

Mobile Access Requirements

You must use one of these operating systems:

**OS Compatibility**
Endpoint Computer OS Compatibility	Windows	Linux	macOS	iOS	Android
Mobile Access Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB. Portal	Yes	Yes	Yes	Yes	Yes
Clientless access to web applications (Link Translation)	Yes	Yes	Yes	Yes	Yes
Compliance Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration. Scanner	Yes	Yes	Yes	No	No
Secure Workspace	Yes	No	No	No	No
SSL Network Extender A secure connectivity framework for remote access VPN to a corporate network. SSL Network Extender uses a thin VPN client installed on the user's remote computer that connects to an SSL-enabled web server on a VPN Gateway. Acronym: SNX. - Network Mode	Yes	Yes	Yes	No	No
SSL Network Extender - Application Mode	Yes	No	No	No	No
Downloaded from Mobile Access applications	Yes	Yes	Yes	No	No
Citrix	Yes	Yes	Yes	No	No
File Shares - Web-based file viewer (HTML)	Yes	Yes	Yes	Yes	Yes
Web mail	Yes	Yes	Yes	Yes	Yes

You must use one of these web browsers:

**Web Browser Compatibility**
Endpoint Web Browser Compatibility	Microsoft Edge	Google Chrome	Mozilla Firefox	Apple Safari	Opera for Windows
Mobile Access Portal	Yes	Yes	Yes	Yes	Yes
Clientless access to web applications (Link Translation)	No	Yes	Yes	Yes	Yes
Compliance Scanner	Yes	Yes	Yes	Yes	No
Secure Workspace ⁽²⁾	Yes	Yes	Yes	No	No
SSL Network Extender - Network Mode	No	Yes	Yes	Yes	No
SSL Network Extender - Application Mode ⁽²⁾	Yes	Yes	Yes	No	No
Downloaded from Mobile Access applications	No	Yes	Yes	Yes	No
Citrix	No	Yes	Yes	No	No
File Shares - Web-based file viewer (HTML)	Yes	Yes	Yes	Yes	Limited support
Web mail	No	Yes	Yes	Yes	Yes

Notes:

For a list of the prerequisites necessary to use the Mobile Access Portal on-demand clients, such as SSL Network Extender Network mode, SSL Network Extender Application Mode, Secure Workspace and Compliance Scanner, refer to sk113410.
Secure Workspace and SSL Network Extender Application Mode are available for Windows platforms only.

Identity Awareness Requirements

Identity Clients

See sk134312.

AD Query

Supported Active Directory versions: Microsoft Windows Server 2019, 2016, 2012 R2, 2012, and 2008 R2.

Browser-Based Authentication (Captive Portal)

You must use one of these web browsers:

Microsoft Edge
Google Chrome
Apple Safari
Mozilla Firefox
Opera for Windows

Harmony Endpoint Management Server Requirements

Hardware Requirements

These are the minimum requirements to enable Endpoint Security management on a Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.:

Component	Requirement
Number of CPU cores	4
Memory	16 GB
Disk Space	845 GB

The requirements for dedicated Endpoint Security Management Servers are similar.

Resource consumption is based on the size of your environment. For larger environments, more disk space, memory, and CPU are required.

Software Requirements

For more information, see the R82 Harmony Endpoint Security Server Administration Guide.

Endpoint Security Management Servers (the "Network Policy Management Check Point Software Blade on a Management Server to manage an on-premises environment with an Access Control and Threat Prevention policies." Software Blade) are supported on Management-only appliances or Open Servers.

Endpoint Security Management Servers do not support Standalone Configuration in which the Security Gateway and the Security Management Server products are installed and configured on the same server. (Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. + Management Server) and Multi-Domain Security Management deployments.
R82 Endpoint Security Management Server can manage:
- E81.00 and higher versions of Endpoint Security Clients for Windows
- E82.00 and higher versions of Clients for macOS
For supported Endpoint Security Clients for each OS version, see the Harmony Endpoint EPMaaS Administration Guide > section "Supported Operating Systems for the Endpoint Client".

Anti-Malware Signature Updates

To allow Endpoint Security clients to get Anti-Malware signature updates from a cleanly installed R82 Primary Endpoint Security Management Server, follow the instructions in the R82 Harmony Endpoint Security Server Administration Guide when you select the Anti-Malware component.
For a new R82 Endpoint Policy Server that was installed from scratch (not upgraded), you must follow sk127074.

No additional steps are required, if you upgrade the Primary Endpoint Security Management Server to R82.
Endpoint Security Clients can continue to acquire their Anti-Malware signature updates directly from an external Check Point signature server or other external Anti-Malware signature resources, if your organization's Endpoint Anti-Malware policy allows it.

Scalable Platforms Requirements

To manage R82 Security Groups in Maestro configuration, use:
1. R82 Quantum Maestro Orchestrator See "Maestro Orchestrator"..
2. R82 Security Management Server or Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS..
  
  In addition, see sk113113 > section "Management Servers and Security Gateways they can manage".
For the list of available Maestro Security Appliances, see sk162373.
To manage R82 Security Groups on Scalable Chassis The container that contains the all the components of a 60000 / 40000 Appliance. Synonym: Chassis., use:
- R82 Security Management Server or Multi-Domain Server.
  
  In addition, see sk113113 > section "Management Servers and Security Gateways they can manage".
For the list of compatible transceivers for Check Point Appliances, see sk92755.
For comparison between different software versions for Scalable Platforms (Maestro and Chassis), see sk173183.

Supported Network Cards on Maestro Security Appliances

To connect a Maestro Security Appliance to Quantum Maestro Orchestrators with DAC cables, one of these Check Point cards has to be installed in the Maestro Security Appliance:

Network Card

Notes

10/25/40/100G Fiber QSFP28+

(2-Port Dual-Width 10/25/40/100G QSFP28 Card)

SKU:

CPAC-2-40/100F-C

Important - For the minimum software requirements, see the home page article for your appliance model. You can find the corresponding links in sk96246.

Important - To connect to Quantum Maestro Orchestrators, you must use only the 10/25/40/100G ports. It is not supported to connect other ports to Orchestrators.

Note - You can connect all available 10/25/40/100G ports on a Security Appliance to Quantum Maestro Orchestrators on the Maestro Site.

Example for QLS450 (that has two 10/25/40/100G cards):

The first 10/25/40/100G card connects to each Orchestrator on the Site:
- The first port on the card connects to one of the Downlink ports Interfaces on the Quantum Maestro Orchestrator used to connect to Check Point Security Appliances. You use DAC cables, Fiber cables (with transceivers), or Breakout cables to connect between the Downlink ports and Security Appliances. The Check Point Management traffic (policy, logs, synchronization, and so on) co-exists with the data (user) traffic on the Downlink ports. Bandwidth is guaranteed for the Check Point Management traffic (portion of the downlink bandwidth). These ports form the system backplane (management, data plane, synchronization). on the first Orchestrator
- The second port on the card connects to one of the Downlink ports on the second Orchestrator
The second 10/25/40/100G card connects to each Orchestrator on the Site:
- The first port on the card connects to another Downlink port on the first Orchestrator
- The second port on the card connects to another Downlink port on the second Orchestrator

100/25 GbE Fiber QSFP+

SKU:
CPAC-2-100/25F-B

The minimum required card firmware version is 12.22.1002

To make sure the version is correct, run this single long command in the Expert mode on the Security Appliance:

for NIC in $(ifconfig | grep ethsBP | awk '{print $1}') ; do echo $NIC: ; ethtool -i $NIC | grep firmware ; done

Example output:

ethsBP4-01:

firmware-version: 12.22.1002

ethsBP4-02:

firmware-version: 12.22.1002

You cannot use this network card with a splitter cable to split a port on an appliance.

40 GbE Fiber QSFP+

SKU:
CPAC-2-40F-B

The minimum required card firmware version is 12.22.1002

To make sure the version is correct, run this single long command in the Expert mode on the Security Appliance:

for NIC in $(ifconfig | grep ethsBP | awk '{print $1}') ; do echo $NIC: ; ethtool -i $NIC | grep firmware ; done

Example output:

ethsBP4-01:

firmware-version: 12.22.1002

ethsBP4-02:

firmware-version: 12.22.1002

You cannot use this network card with a splitter cable to split a port on an appliance.

10 GbE Fiber SFP+

SKUs:
CPAC-4-10F-B
CPAC-4-10F-6500/6800-C

Output of the "lspci -v" command must show:

Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection

To verify, run this command in the Expert mode on the Security Appliance:

lspci -v | grep 'Ethernet controller' | grep Intel

Supported Hardware and Firmware on 60000 / 40000 Scalable Chassis

All information is documented in sk93332.