Creating Small Office Appliances Gateways in SmartProvisioning

Make sure you have a SmartLSM Security Profile for Small Office Appliance gateways defined in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. before you create a gateway in SmartProvisioning Check Point Software Blade on a Management Server (the actual name is "Provisioning") that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: Large-Scale Management, SmartLSM, LSM. (see Creating SmartLSM Security Profiles).

1. In the navigation tree, click Devices.

2. From the Launch Menu, select File > New > Small Office Appliance Gateway.

   The SmartLSM Security Gateway General Properties page opens.

3. Enter a Name for the SmartLSM Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. and optional comments. The name cannot contain spaces or non-alphanumeric characters.

4. Click Next.

5. In the More Information page, configure these settings:

   1. Hardware - Select the gateway hardware.

   2. SmartLSM gateway - Select the firmware version of the installed Small Office Appliance.

   3. Security Profile - Select the SmartLSM Security Profile to which the Security Gateway is assigned.

   4. Select Enable Provisioning to enable gateway management with provisioning configurations.

      • Select No Provisioning Profile to enable provisioning without assigning a specific profile.

      • Select Provisioning Profile to assign a provisioning profile to this gateway. Select the provisioning profile from the drop-down list.

6. Click Next.

   The SmartLSM Gateway Communication Properties page opens.

7. In the Authentication section, select one of these options:

   • Initiate trusted communication securely by using a one-time password.

     Enter a password, and then enter it again in the Confirm one-time password field.

   • Initiated trusted communication with an auto-generated one-time password.

     1. Click Generate.

        The Generated Activation Key window opens and displays the key in clear text.

     2. Save this key to enter it later on the Security Gateway for SIC Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. initialization.

     3. Click Accept.

8. In the Trusted Communication Initiation section:

   • If you do not know the IP address of the SmartLSM Security Gateway, select Initiate trusted communication automatically when the Gateway connects to the Security Management Server for the first time.

   • If you know the IP address of the SmartLSM Security Gateway, select Initiate trusted communication now using the following IP address, and enter the IP address in the field. When you complete this step, the SIC certificate is pushed to the Security Gateway.

   Note - The Activation Key sets up Secure Internal Communication (SIC) Trust between the SmartLSM Security Gateway and the Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.. With this SmartLSM wizard, you create the key on the Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. (the SIC certificate and the IKE certificate for the selected gateway are created when you finish this wizard). The certificate is pulled by the gateway when it first connects to the Security Management Server after it is configured with the gateway First Time Configuration Wizard.

9. Click Next.

10. Select how to create a VPN certificate:

    • To create a VPN certificate from the Internal Check Point CA, select I wish to create a VPN Certificate from the Internal CA.

    • To create a VPN certificate from a third party CA (for example, if your organization already has certificates from an external CA for other devices), clear this checkbox and request the certificate from the appropriate CA server.

11. Optional: Select Edit SmartLSM gateway properties after creation.

12. Click Finish.

13. Click Publish from the top toolbar.