Configuring Cloud Services

On the Home view > Overview section > Cloud Services page, you can connect the appliance to a Cloud Service.

The Cloud Services Provider uses a Web-based application to manage, configure, and monitor your appliance.

Initial steps to connect the appliance to Cloud Services

  1. Click the activation link in the email that the Security GatewayClosed A dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. owner gets from the Cloud Services Provider.

  2. Log in.

    A window opens and shows the activation details sent in the email.

  3. Make sure the activation details are correct and click Connect.

If the appliance is connected to a different Cloud Services Provider, you are asked if you want to continue.

Alternatively, follow the connection procedure below.

When you successfully connect, a security policy and other settings are pushed to the appliance. The settings defined by Cloud Services contain your activated blades, security policy, and service settings.

After Cloud Services are turned on, these identification details are shown in the WebUI:

  • At the bottom of the login page - The name defined by the Cloud Services Provider for your Security Gateway and the MAC address of the Quantum Spark Appliance.

  • At the top of the WebUI application (near the search box) - The name of your Quantum Spark Appliance.

The page shows these sections

In this section, you connect the Quantum Spark Appliance to the Quantum Spark Management cloud service.

  • In versions R81.10.15 and higher:

    • Manage with Spark Management

      Use this option to manage this Quantum Spark Appliance as one of multiple gateways in the Quantum Spark Management cloud service with full cloud capabilities.

      See the Quantum Spark Management Administration Guide.

    • Use Cloud Capabilities

      Use this option to onboard this Quantum Spark Appliance to Infinity Portal.

      You manage this Quantum Spark Appliance locally, but it store logs and reports in the cloud (in the Quantum Spark Management service).

  • In versions R81.10.00 - R81.10.10:

    Use the Configure option to manage this Quantum Spark Appliance as one of multiple gateways in the Quantum Spark Management cloud service with full cloud capabilities.

When an Quantum Spark Appliance is connected to a Cloud Service, you can:

  • Click Details to see the connection details.

  • Click Fetch now to get updated activated blades, security policy, and service settings.

  • Click Refresh to reconnect to the Cloud Service.

This section shows icons for defined security blades.

You can click the icon text to open the corresponding page in the WebUI.

  • Dark blue icon

    Appears for a blade that is remotely managed by Cloud Services. The blade is turned on in the plan.

    Remotely managed blade pages show a lock icon.

    You cannot toggle between the on and off states.

    If you change other policy settings, the change is temporary.

    Any changes made locally are overridden in the next synchronization between the gateway and Cloud Services.

  • Gray icon

    Appears for a blade that is remotely managed by Cloud Services.

    The blade is turned off in the plan.

    Note - If no blades are remotely managed, all of the blade icons are gray.

  • No icon

    Appears for a security blade that is locally managed in the Quantum Spark Appliance.

    The blade is not managed by Cloud Services.

This section shows the services that are managed by the Cloud Services Provider.

If a service has a Settings button, you can click it to see the settings.

You cannot change these settings.

Services that appears with a gray font are not provided by the Cloud Services Provider.

These are the available services:

  • Reports - Periodic network and security reports sent by email. Click Settings to see the time frames set for your gateway.

  • Logs - Logs are stored with the Cloud Services Provider.

  • Dynamic DNS - A persistent domain name is set by Cloud Services.

  • Firmware Upgrades - Firmware upgrades are managed remotely by Cloud Services.

  • Periodic Backup - Backups are scheduled by Cloud Services.

Workflow to connect to Cloud Services

  1. Connect to Cloud Services Provider.

  2. Get the security policy and settings.

  3. Install the security policy and settings.

When you connect for the first time, the appliance must verify the certificate of the Cloud Services Provider against its trusted Certificate Authority list. If verification fails, you get a notification message. You can stop or ignore the verification message and continue.

Connecting to Cloud Services

Use this procedure to onboard this Quantum Spark Appliance to Infinity Portal.

You manage this Quantum Spark Appliance locally, but it store logs and reports in the cloud (in the Quantum Spark Management service).

  1. Click Use Cloud Capabilities.

    The Configure Cloud Services window opens.

    Follow the instructions in this window.

  2. In a web browser, go to Check Point Infinity Portal.

    • If you do not have an account / tenant yet, then sign up and create a new tenant.

      See the Infinity Portal Administration Guide.

    • If you already have a tenant, then select the required tenant at the top.

  3. In WebUI, click the link to retrieve a token from Infinity Portal.

  4. In the window that opens, select the required tenant and click Continue.

  5. Infinity Portal shows the required token.

    Copy this token.

  6. In WebUI, paste the token.

  7. Click Save.

    The appliance tries to connect to the Cloud Services Provider.

    The Cloud Services section shows a progress indicator and shows the connection steps.

    When the appliance connects to Infinity Portal, the required Gateway object is created in the Quantum Spark Management services, and the applicable Plan is assigned to that Gateway object.

Use this procedure to manage this Quantum Spark Appliance as one of multiple gateways in the Quantum Spark Management cloud service with full cloud capabilities.

For more information, see the Quantum Spark Management Administration Guide.

  1. Click Manage with Spark Management or Edit.

    The Configure Cloud Services window opens.

  2. Select Activation key or Activation details and enter the specified information.

  3. Click Apply

    The appliance tries to connect to the Cloud Services Provider.

    The Cloud Services section shows a progress indicator and shows the connection steps.

Note - If you see a message that the identity of your Cloud Services Provider cannot be verified but you are sure of its identification, click Resolve and then Ignore and reconnect.

Prerequisite to connect to Quantum Spark Management:

Get an email from your Cloud Services Provider that contains these details:

  • An activation key for your appliance,

    or

  • The Service Center IP address, the Gateway ID, and the registration key.

Procedure:

  1. Click Configure or Edit.

    The Configure Cloud Services window opens.

  2. Select Activation key or Activation details and enter the specified information.

  3. Click Apply

    The appliance tries to connect to the Cloud Services Provider.

    The Cloud Services section shows a progress indicator and shows the connection steps.

Note - If you see a message that the identity of your Cloud Services Provider cannot be verified but you are sure of its identification, click Resolve and then Ignore and reconnect.

When connectivity is established, the Cloud Services section shows these details:

  • The date of the synchronization

  • The On/Off toggle shows that Cloud Services is turned on.

A Cloud Services Server widget appears on the status bar and shows Connected. If you click this widget, the Cloud Services page opens.

Test connectivity to the Cloud Services

  1. Connect to the command line on the appliance.

  2. Log in.

  3. If your default shell is Gaia ClishClosed The default shell of the Gaia CLI, then go to the Expert mode:

    expert

  4. Run this command:

    runCliCommand.lua testcloudconnectivity [<IP Address or FQDN>]

Getting an updated security policy, activated blades, and service settings

Click Fetch now in the Cloud Services section.

The appliance gets the latest policy, activated blades, and service settings from Cloud Services.