SmartProvisioning

You can create a Security GatewayClosed A dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. or cluster object out of SmartLSM profiles in SmartProvisioning.

You can also manage device settings such as HotspotClosed An area that offers a wireless local area network with Internet access, through a router connected to a link to an Internet service provider., RADIUS, and internet options.

For more information, see the SmartProvisioning Administration Guide for your Management ServerClosed A Check Point Security Management Server or a Multi-Domain Security Management Server. version.

Creating a Gateway

Make sure you define a SmartLSM gateway profile in SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. before you create a gateway in SmartProvisioning.

To create a new gateway:

  1. Open the SmartProvisioning GUI from the SmartConsole Menu.

  2. In the Devices page, right-click an empty row in the table and select New SmartLSM > Small Office Appliance Gateway.

    The SmartLSM Security Gateway General Properties page opens.

General Properties

  1. Enter a Name for the SmartLSM Security Gateway. It cannot contain spaces or non-alphanumeric characters.

  2. Enter an option Comment that identifies the SmartLSM Security Gateway.

  3. Click Next.

More Information

  1. In SmartLSM gateway, select the firmware version of the installed Check Point appliance.

  2. In Security Profile, select the relevant SmartLSM gateway profile that the SmartLSM gateway is mapped to.

  3. In OS, select the operating system of the gateway. Make sure the selection fits the hardware type.

  4. In Enable Provisioning, select this checkbox to enable this gateway to be managed with provisioning configurations. For more information, see Managing Device Settings.

  5. In No Provisioning Profile, select this option if you want to enable provisioning but are not yet ready to assign a specific profile.

  6. In Provisioning Profile, select the provisioning profile to assign to this gateway, from the list of profiles created in SmartProvisioning.

  7. Click Next.

Communication Properties

In the Communication Properties page, you define an Activation Key that is used to set up Secure Internal Communication (SICClosed Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server.) Trust between the SmartLSM Security Gateway and the Security Management ServerClosed A dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.. This is the same key that you should enter in the one-time password field of the Security Management Server Authentication page of the Check Point appliance First Time Configuration Wizard.

To generate a key automatically:

  1. Select Generate Activation Key automatically.

  2. Click Generate.

    The Generated Activation Key window opens.

  3. Click Accept.

    The two Activation Key fields show the new key in hidden text. You cannot view it in clear text again. If you click Cancel, the generated key is discarded.

To define an activation key manually:

  1. Select Activation Key.

  2. Enter your own key, a string of any length.

  3. In Confirm Activation Key, enter the key again. You cannot copy the text from the first field.

To clear the key, click Clear.

To initialize certification:

The SIC certificate must be shared between the Security Management Server and the SmartLSM Security Gateway. With this SmartLSM wizard, you create the key on the Security Management Server (the SIC certificate and the IKE certificate for the selected gateway are created when you finish this wizard). The certificate is pulled by the gateway when it first connects to the Security Management Server after it is configured with the Check Point appliance First Time Configuration Wizard.

  1. If you know the IP address of the SmartLSM Security Gateway, select This machine currently uses this IP address, and enter the IP address.

  2. If you do not know the IP address of the SmartLSM Security Gateway, select I do not know the current IP address.

  3. Click Next.

VPN Properties

  1. Select how to create a VPN certificate:

    • For a CA certificate from the Internal Check Point CA, select I wish to create a VPN Certificate from the Internal CA.

    • For a CA certificate from a third party (for example, if your organization already has certificates from an external CA for other devices), clear this checkbox and request the certificate from the appropriate CA server.

  2. Click Next.

Finish

  1. Select Edit SmartLSM gateway properties after creation to work with the newly created object.

  2. Click Finish to complete the SmartLSM Security Gateway creation.

After the SmartLSM Security Gateway object is created:

  • Update the Corporate Office Gateway.

  • If the VPN option was selected in the VPN Properties page, the Certificate Authority issues a certificate to the appliance. This certificate is installed on the appliance the first time that the SmartLSM Security Gateway connects to the Security Management Server.

Updating the Corporate Office Gateway

  1. Select Update Corporate Office Gateway from the toolbar.

  2. Select the Corporate Office Gateway from the list.

    Important - Update the Corporate Office Gateway whenever SmartLSM Security Gateways are added, deleted, or modified (such as the generation of a new IKE key, a Push Policy action, or a Push Dynamic Objects action).