Configuring Security Policy
This section describes how to work with Security Policy
A collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. in large-scale deployment.
Installing a Security Policy
Use this procedure to prepare the policy for automatic installation when the gateway connects.
|
|
Note - If the Quantum Spark appliance is physically set up and configured, when you successfully complete this step, the policy is pushed to the gateway. For a list of possible statuses, see Viewing the Policy Installation Status. |
At the end of the Install Policy process, the policy status for a Quantum Spark appliance that is not yet set up is "waiting for first connection." This implies that trusted communication is not yet established between the Security Management Server A dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. and the Quantum Spark appliance. When the gateway connects, it establishes trust and attempts to install the policy automatically.
To install a Security Policy in SmartProvisioning GUI:
-
Click Policy > Install from the menu.
The Install Policy window opens.
-
Select the installation targets - the Quantum Spark appliance Security Gateways on which to install the policy and the policy components (such as Network Security or QoS).
By default, all gateways that are managed by the Security Management Server
A Check Point Security Management Server or a Multi-Domain Security Management Server. are available for selection. -
In the Installation Mode section, select how the Security Policy should be installed:
-
On each selected gateway independently.
-
On all selected gateways, if it fails do not install on gateways of the same version.
-
-
Click OK.
The Installation Process window shows the status of the Network Security Policy for the selected target.
Important - If the Quantum Spark appliance object is defined by the appliance is not set up and it is in the "Waiting for first connection status", you see a message that says "Installation completed successfully". This means that the policy is successfully prepared for installation.
Continue tracking the status of the Security Policy installation with the Policy Installation and the status bar.
Viewing the Policy Installation Status
You can see the installation status of managed gateways with the status bar that shows at the bottom of the SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. window. The status bar shows how many gateways are in Pending or Failed mode.
-
Pending - gateways that are in the waiting for first connection status or are in the pending status (see below for detailed explanations).
-
Failed - gateways that have failed to install the policy.
The status bar is updated dynamically each time a gateway tries to install a policy or tries to connect to the Security Management Server. The results of these actions are also shown in SmartConsole popup notification balloons when such events occur. You can configure these notifications.
To monitor the status of the last policy installed on each gateway, you can use the Policy Installation Status window.
The window has two sections. The top section shows a list of gateways and status details regarding the installed policy. You can use the filter fields to see only policies of interest and hide other details by defining the applicable criteria for each field. After you apply the filtering criteria, only entries that match the selected criteria are shown. If the system logs trusted communication (SIC Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server.) attempts from unknown gateways, a yellow status bar opens below the filter fields.
The bottom section shows details of a row you select in the gateway list (errors that occurred, the date the policy was prepared, verification warnings). If there is a yellow status bar, click Show details to show the details of unknown gateways that try to connect to the Security Management Server.
These are the different statuses in this window:
|
Icon |
Policy Status |
Description |
|---|---|---|
|
|
Succeeded |
Policy installation succeeded. |
|
|
Succeeded |
Policy installation succeeded but there are verification warnings. |
|
|
Waiting for first connection |
A Check Point appliance object is configured, but the gateway is not connected to the Security Management Server (initial trust is not established).
|
|
|
Waiting for first connection |
Same as above, with warnings that attempts to establish trust failed or there are verification warnings. |
|
|
Pending |
The policy remains in the pending status until the gateway successfully connects to the Security Management Server and retrieves the policy. This status is shown only if there was at least one successful policy installation. For example, when the Security Management Server has problems connecting to the Gateway (the Gateway is unavailable for receiving communication, as in behind NAT). |
|
|
Pending |
Same as above but there are verification warnings. |
|
|
Warning |
Warning |
|
|
Information |
Information |
|
|
Failed |
Policy not installed due to a verification error. |
|
|
Failed |
Policy installation failed. |
You can access the Policy Installation Status window in these ways:
-
From the menu bar - Click Policy > Policy Installation Status.
-
From the toolbar - Click the Policy Installation Status icon.
-
From the status bar - Click Failed or Pending. The contents of the Policy Installation Status window are shown filtered according to the link clicked.
-
From notification balloons - Click See Details in the balloon.