Security Administration
Overview
Again the SMS is the controller. Multiple Security Gateways on different sites can be controlled by a single Security Management Server.
Communications are encrypted via TLS and the certificates
SmartConsole Objects
Objects are used in security policies and rules to define and control network flow
Physical Components
Check Point Security Gateway and Management Servers
Domain Name Servers (DNS)
Demilitarized zones (DMZ)
Users
Logical Components
Check Point and third-party services
IP address ranges
Third-party applications
Object Types
Object Creation Methods
Workflow for Object Creation
Specify general properties
Initiate trusted communication
Activate available Software Blades (license dependant)
Two objects cannot have the same name
These objects can be created and then used later in Security Policy rules (e.g. File Sever at 10.20.10.3 with the mac XXXXXXX)
Secure Trusted Communications
Secure Internal Communication
Define a one-time password to initialize SIC. The password must match the password defined when the device was installed
Trusted Communication
Classic Mode - Manual Configuration
Administrator Management
Different Administrator accounts can be delegated via permissions.
Three default profiles:
Super User
Full permissions, including management of other users and their sesisons
Read Write All
Full Read and Write permissions
Read Only All
Full Read permissions only
Account properties
Users can authenticate ans use credentials from other servers/services (e.g. RADIUS server)
Administrator Collaboration
User login sessions can be seen by super users along with all of the changes and actions they do.
If someone is working on a rule/object, a lock icon will be on the rule indicating that someone is modifying the rule/object.
These sessions can be disconnected and cut off by super users, this applies to GUI and CLI sessions.
Concurrent Policy Installation
One administrator or more can run different policy installation tasks on multiple GWs at the same time
Five is the maximum number of policy installation tasks run a the same time. Everything after is queued
Access Control needs to be finished being configured before Threat Management; Threat Management will be queued before Access Control always
Logs for all of these configurations of objects are logged for revisions and also timestamped.
With revisions, you can go back in time with the configurations like a snapshot.
Restoring and reverting using revisions cannot be reversed once it's done.
Backup SMS's won't have the revisions of the main server
Administrators can define an Approval Cycle for Sessions
This ensures configuration changes are reviewed and approved by multiple administrators before they are committed.
Practice Questions
Last updated
Was this helpful?
