Configuring Cloud Services

On the Home > Cloud Services page, you can connect the appliance to Cloud Services. The Cloud Services Provider uses a Web-based application to manage, configure, and monitor your appliance.

To connect the appliance to Cloud Services:

  1. Click the activation link in the email that the Security Gateway owner gets from the Cloud Services Provider.

  2. Log in.

    A window opens and shows the activation details sent in the email.

  3. Make sure the activation details are correct and click Connect.

If the appliance is connected to a different Cloud Services Provider, you are asked if you want to continue.

Alternatively, follow the connection procedure below.

When you successfully connect, a security policy and other settings are pushed to the appliance. The settings defined by Cloud Services contain your activated blades, security policy, and service settings.

After Cloud Services are turned on, these identification details are shown in the WebUI:

  • At the bottom of the login page - The name defined by the Cloud Services Provider for your Security Gateway and the MAC address of the Check Point Appliance.

  • At the top of the WebUI application (near the search box) - The name of your Check Point Appliance.

These are the sections on this page:

  • Cloud Services - This section shows Cloud Services details.

    • The Configure option lets you configure initial connectivity.

    • When connected, you can click Details to see connectivity details and Fetch now to get updated activated blades, security policy and service settings.

    • When disconnected, you can click Refresh to try and reconnect to Cloud Services.

  • Managed Security Blades - Shows a colorful or black and white icon for defined security blades. You can click the icon text to open the corresponding page in the WebUI.

    • Dark blue icon - Shown for a blade that is remotely managed by Cloud Services. The blade is turned on in the plan.

      Remotely managed blade pages show a lock icon. You cannot toggle between the on and off states. If you change other policy settings, the change is temporary. Any changes made locally are overridden in the next synchronization between the gateway and Cloud Services.

    • Gray icon - Shown for a blade that is remotely managed by Cloud Services. The blade is turned off in the plan.

    • No icon - Shown for a security blade that is locally managed in the Check Point1550 Appliance. The blade is not managed by Cloud Services.

      If no blades are remotely managed, all of the blades icons are gray.

  • Available Services - Shows the services that are managed by the Cloud Services Provider. If a service has a Settings button, you can click it to show read-only setting information. You cannot change the setting information. Services in a gray font show services that are not provided by Cloud Services.

These are the available services:

  • Reports - Periodic network and security reports sent by email. Click Settings to see the time frames set for your gateway.

  • Logs - Logs are stored with the Cloud Services Provider.

  • Dynamic DNS - A persistent domain name is set by Cloud Services.

  • Firmware Upgrades - Firmware upgrades are managed remotely by Cloud Services.

  • Periodic Backup - Backups are scheduled by Cloud Services.

Before you can connect to Cloud Services, make sure you have:

  • Received an email from your Cloud Services Provider that contains an activation key for your Check Point1550 Appliance and also an activation link

    Or

  • The Service Center IP address, the Check Point1550 Appliance gateway ID, and the registration key

Workflow to connect to Cloud Services:

  1. Connect to Cloud Services Provider and establish a secure connection.

    Make sure the gateway registration information is correct.

  2. Get the security policy and settings.

  3. Install the security policy and settings.

When you connect for the first time, the appliance must verify the certificate of the Cloud Services Provider against its trusted Certificate Authority list. If verification fails, you get a notification message. You can stop or ignore the verification message and continue.

To connect to Cloud Services:

  1. Click Configure or Edit.

    The Configure Cloud Services window opens.

  2. Select Activation key or Activation details and enter the specified information.

  3. Click Apply.

    The Check Point Appliance tries to connect to the Cloud Services Provider. The Cloud Services section shows a progress indicator and shows the connection steps.

Note - If you see a message that the identity of your Cloud Services Provider cannot be verified but you are sure of its identification, click Resolve and then Ignore and reconnect.

When connectivity is established, the Cloud Services section at the top of the page shows:

  • The date of the synchronization

  • The On/Off lever shows that Cloud Services is turned on.

A Cloud Services Server widget is shown on the status bar and shows Connected. If you click this widget, the Cloud Services page opens.

To test connectivity to the Cloud Services:

  1. Open a console connection.

  2. Log in.

  3. Run this CLI command:

    test cloud-connectivity <service-center-addr> <addr>

To get an updated security policy, activated blades, and service settings:

Click Fetch now.

The Check Point Appliance gets the latest policy, activated blades, and service settings from Cloud Services.