Setting the Management Mode

The Home > Security Management page shows information for the management mode of the appliance. You can also test Internet Connectivity from this page.

To set the management type:

Select one of the options:

When centrally managed, it shows the trust status between the appliance and the Security Management ServerClosed A Check Point Security Management Server or a Multi-Domain Security Management Server.. When a policy is prepared in SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. you can fetch the policy from this window.

Security Management Server

In this section you can view the status of the management connection, last policy installation, adjust trust settings, and initialize a connection.

  1. In the Security Management Server section, click Settings to adjust trust settings or Setup to initialize a connection.

    The Welcome to the Security Management Server Configuration Wizard opens.

    Click Next.

  2. In the One Time Password (SIC) page, select an option for authenticating trusted communication:

    • Initiate trusted communication securely by using a one-time password - The one-time password is used to authenticate communication between the appliance and the Security Management Server in a secure manner.

      Enter a one-time password and confirm it. This password is only used to establish the initial trust. When established, trust is based on security certificates.

      Important - This password must be identical to the Secure Communication authentication one-time password configured for the appliance object in the SmartConsole of the Security Management Server.

    • Initiate trusted communication without authentication (not secure) - Select this option only if you are sure that there is no risk of imposture (for example, when in a lab setting).

    Click Next.

  3. In the Security Management Server Connection page, select a connection method:

    • To connect to the Security Management Server now, select Connect to the Security Management Server now, enter the Security Management Server IP or name and click Connect. When you successfully connect to the Security Management Server, the security policy is automatically fetched and installed.

      If the Security Management Server is deployed behind a 3rd party NAT device, select Always use this IP address and manually enter the IP address the appliance used to reach the Security Management Server. This IP address overrides, from this point on, the automatic calculating mechanism that determines the routeable IP address of the Security Management Server for each appliance.

      If trust was established but the gateway could not fetch the policy, you can investigate the issue with the Security Management Server administrator. When the issue is resolved, click the Fetch Policy button that shows instead of the Connect button.

    • To connect to the Security Management Server later, select Connect to the Security Management Server later.

  4. Click Finish.

To reinitialize trusted communication with the Security Management Server:

  1. In the Security Management Server section, click Advanced to reinitialize trusted communication.

  2. Click Reinitialize Trusted Communication.

    A warning message appears.

  3. Click Yes.

    Note - You need to coordinate this operation with the Security Management Server administrator, as reinitialization is necessary on both sides.

Security Policy

To obtain the security policy from the Security Management Server, click Fetch Policy. This option is available only if trust is established with the Security Management Server.

Quantum Smart-1 Cloud

Quantum Smart-1 Cloud provides full management capabilities including policy management, log analysis, and report log retention, and increases operational efficiency.

This feature is configured in the Infinity Portal. Go here to register the new Security GatewayClosed A dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. and get the authentication token to enable Quantum Smart-1 Cloud on the gateway WebUI.

Use Case

A company wants to make it easier to manage their network security. With Quantum Smart-1 Cloud, you can keep up to date with the latest software version and security updates, run backups, and align new security solutions as the company grows.

Workflow:

  1. In the SMB Security Gateway WebUI, go to Home > Security Management.

  2. Select Central as the Security Management Option.

  3. In the Infinity Portal, register your Security Gateway and follow the instructions to connect your gateway.

  4. Copy the authentication token.

  5. In the SMB Gateway WebUI Security Management page, configure the Security Management Server.

  6. Run the Security Management Server Configuration wizard and paste the authentication token in the relevant field.

  7. Complete the rest of the Security Management Server Configuration Wizard:

    1. Set One Time Password (SICClosed Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server.).

    2. Set log forwarding policy.

Note - The IP address is the internal IP for the Quantum Smart-1 Cloud server.

After you complete these procedures, the Security Management page in the WebUI shows that Quantum Smart-1 Cloud is enabled.

To disable Quantum Smart-1 Cloud:

Click Disable.

Other options:

  • Stop Using Service – Allows you to discontinue Quantum Smart-1 Cloud without disabling it on the gateway.

  • Change Token – When the service is disabled, there is an option to reconnect with a new activation token. To generate a new activation token, go to the Infinity Portal.

Quantum Smart-1 Cloud Administration Guide

Internet

To test connectivity, click Test Connection Status. A status message shows the results of the test. You can click Settings to configure Internet connections.