Академический Документы
Профессиональный Документы
Культура Документы
Security
Product Suite
NGX (R61)
For additional technical information about Check Point products, consult Check Point’s
SecureKnowledge at:
https://secureknowledge.checkpoint.com
See the latest version of this document in the User Center at:
http://www.checkpoint.com/support/technical/documents
Chapter 1
Enterprise Security Product Suite NGX R61 5
Welcome 5
In this Guide 6
NGX R61 Documentation 6
Chapter 2
Introduction 7
Overview 7
Product CD-ROMs 8
Customers New to Check Point 12
What’s New in NGX R61 13
Expanded Management Support 13
SmartPortal 14
Integrity NGX 14
VPN-1 Edge 14
Eventia Reporter 15
SmartView Monitor 16
SmartView Tracker 16
SmartUpdate 16
SmartDashboard 17
SmartDefense Services 17
Provider-1/SiteManager-1 18
Licensing Provider-1/SiteManager-1 20
Obtaining Software Installation Packages 21
Chapter 3
Getting Started 23
VPN-1 Pro/Express Terminology 24
Provider-1/SiteManager-1 Terminology 25
Minimum Hardware Requirements 27
Windows & Linux Platforms 27
Solaris Platforms 30
SecurePlatform 32
Minimum Software Requirements 34
Solaris Platform 34
Windows Platform 35
Nokia Platform 35
Linux Platform 36
Compatibility Table 36
Supported Upgrade Paths and Interoperability 39
Licensing NGX R61 40
Licensing VPN-1Pro/Express 40
Licensing Provider-1/SiteManager-1 41
Upgrading Licenses 42
Obtaining VPN-1Pro/Express Licenses 42
Upgrading VPN-1 Pro/Express Licenses 43
Chapter 4
Performing a Fresh Installation 45
Overview 45
VPN-1 Pro/Express 46
NGX R61 Fresh Installation on SecurePlatform 47
NGX R61 Fresh Installation on a Windows Platform 52
NGX R61 Fresh Installation on Solaris 54
NGX R61 Fresh Installation on Linux 56
NGX R61 Fresh Installation on a Nokia Platform 58
Initial Configuration 61
Provider-1/SiteManager-1 69
Overview 69
Building the Basic Provider-1 Network 71
Install and Configure the MDS 72
Install the SmartConsole and the MDG Client 75
Log in to the MDG for the First Time 76
Workflow for Creating Customers 77
Configure a New Customer 78
Create the Customer Network 82
Create a Global Security Policy 83
Configure Global SmartDefense and Web Intelligence 83
Assign Global Policy 85
Operation and Maintenance 88
Where to From Here? 95
In This Chapter
Welcome page 5
In this Guide page 6
NGX R61 Documentation page 6
Welcome
Thank you for choosing Check Point Enterprise Suite NGX. It is
our sincere hope that you will be completely satisfied with this
solution and the service we deliver to you. When you choose Check
Point, you can rely on us to provide your business with the most
secure solutions available.
Check Point also delivers Worldwide Technical Services including
educational, professional and support services through a network of
Authorized Training Centers, Certified Support Partners and
CheckPoint itself to help you get the most out of your security
investment.
To extend your security infrastructure as your network and
application security requirements grow, look to OPSEC
(OpenPlatform for Security), the industry's open, multi-vendor
security framework. With over 350 partners, OPSEC guarantees the
broadest choice of best-of-breed integrated applications and
deployment platforms.
5
In this Guide
Should you wish to obtain more information about this and other
security solutions, please visit us at http://www.checkpoint.com or
call us at 1(800) 829-8391. For additional technical information
consult us at: http://support.checkpoint.com.
Welcome to the Check Point family. We look forward to meeting all
your network and application security and management needs now
and in the future.
In this Guide
This guide provides:
• A brief overview of NGX R61 Enterprise Suite applications
• Installation procedures
Introduction
In This Chapter
Overview page 7
Product CD-ROMs page 8
Customers New to Check Point page 12
What’s New in NGX R61 page 13
Obtaining Software Installation Packages page 21
Overview
NGX is a Check Point release that focuses on usability and smarter
management. SmartCenter is now integrated with Connectra,
InterSpect and Integrity, allowing for centralized management and
monitoring of all security enforcement points. IT organizations and
executive management now have full visibility over their entire
security environment.
With NGX R61, Check Point has expanded intelligent inspection
technologies in VPN-1 Pro, incorporating additional complex
application support into state of the art Stateful-Inspection and
Application Intelligence technology.
SmartCenter is now integrated with Connectra, InterSpect and
Integrity, allowing for centralized management and monitoring of
all security enforcement points.
7
Product CD-ROMs
Product CD-ROMs
The NGX R61 media pack contains four CD-ROMs:
CD1: Linux
CD2: Windows
Windows Contains...
Packages
CPvpn Check Point VPN-1 Pro/Express,
SmartCenter Pro/Express
CPclnt SmartConsole
CPdesktop VPN-1
SecuRemote/SecureClient for
Windows
CPrt Eventia Reporter
CPportal SmartPortal
CD3: Solaris2
Solaris2 Contains...
Packages
CPvpn Check Point VPN-1 Pro/Express,
SmartCenter Pro/Express
CPclnt SmartConsole
CPrt Eventia Reporter
CPportal SmartPortal
CPppack Performance Pack
CPedgecmp VPN-1 Edge Compatibility
package
Chapter 2 Introduction 9
Product CD-ROMs
Solaris2 Contains...
Packages
CPngcmp R55 compatibility package
CPR55Wcmp R55W compatibility package
CPvsxngxcmp VSX NGX compatibility package
CPdr Advanced Routing
CPuas UserAuthority Server
CPacc2 VPN-1 Accelerator Card II
CPacc3 VPN-1 Accelerator Card III
CPinfo CPinfo Utility
Chapter 2 Introduction 11
Customers New to Check Point
In This Section:
What’s New
SmartCenter is the only centralized management solution for
perimeter, internal, Web and endpoint security. It offers an
easy-to-use graphical interface that allows for centralized object
creation and policy definition for all security products in every
geography.
Customer Benefits
• Reduces administration overhead
• Ensures consistent security policies across the network
• Centralized monitoring capability of network and security
events
Chapter 2 Introduction 13
What’s New in NGX R61
SmartPortal
What’s New
• SmartPortal can now display SmartDefense and Web
Intelligence settings
• With SmartPortal you can now edit, create, and modify
internal users
Customer Benefits
• Auditors will have a more complete view of security policies
within the organization
• Users without access to SmartDashboard (e.g. technical support
teams) will be able to better troubleshoot network problems
• Users without access to SmartDashboard (e.g. technical support
teams) will be able to manage users, thereby facilitating task
delegations within the organization
Integrity NGX
What’s New
Integrity can now be managed from the same SmartCenter console,
on the same server, and by the same administrators who manage
other Check Point products using the SmartCenter unified
management platform.
Customer Benefits
• Makes enterprise-wide security administration more efficient
for Check Point customers
• Integration lowers IT costs by eliminating the need for separate
management log-ins, servers, and reports
VPN-1 Edge
What’s New
• Centralized management of VPN-1 Edge SmartDefense
protections
Customer Benefits
• Ensures consistent policy management across hundreds to
thousands of remote networks
• Quick deployment and ease of administration for
hundreds of remote sites
• Ability to globally update Edge devices on latest
SmartDefense and AV helps ensure that the remote site
does not become the weakest link in the network
Eventia Reporter
What’s New
• Expanded and new reports for Connectra, InterSpect,
Integrity, Express CI and Edge
• Unified product reporting for security and network
activity. For example, the Approved Traffic report now
shows network actions that were accepted by a variety of
Check Point products.
• Ability to filter SmartDefense logs specific to InterSpect
devices
• More granularity in filtering a report by user name.
Customer Benefits
• Customers who have Connectra, InterSpect, Integrity
and/or Express CI will now be able to take advantage of
the flexible and in-depth reporting capabilities of Eventia
Reporter which were previously only available to VPN-1
users
• Provides administrator with a more holistic picture of
their security and network activity trends
Chapter 2 Introduction 15
What’s New in NGX R61
SmartView Monitor
What’s New
• Ability to refresh information about a specific gateway and filter
views by gateway types. For example, it is now possible to only
view monitoring information for VPN-1 Edge gateways
• Other usability enhancements include extra menus specific to
each view and ability to set the view that will display first at
startup
Customer Benefits
Increased visibility into real-time detection of security problems and
anomalies.
SmartView Tracker
What’s New
• New predefined queries for Integrity and Express CI
• Express CI offers a description of the specific exposed virus
Customer Benefits
Expanded accessibility to anti-virus and endpoint security logs to
facilitate security analysis and intrusion detection
SmartUpdate
What’s New
• Upgrade process will upgrade both software package and
related HFA in the same process
• Ability to create connection with VPN-1 Edge devices in order
to access the latest software package(s)
• SmartUpdate identifies gateways that do not have the latest
HFAs
• New “Check for Updates” feature checks the Download
Center and local repository for the latest HFAs, and
recommends upgrading where appropriate
Customer Benefits
• Enables immediate distribution of latest software to
remote sites to ensure consistent network protection across
the enterprise
• Automated checking for the latest updates help
administrators streamline the maintenance of software and
licenses across the organization
SmartDashboard
What’s New
• Increased administrator flexibility in changing passwords
(administrator who does not manage others can now
change his own password)
• Ability to customize NAT rule sets (give title to a set of
NAT rules)
• Ability to remove or add columns to the Objects List
Customer Benefits
• Improved ease of definition and refinement of security
policies
• Streamlines delegation of administrator access management
SmartDefense Services
What’s New
New SmartDefense Services console integrated into
SmartCenter provides administrators with the ability to check
deployment status and globally push updates for VPN-1 Pro,
VPN-1 Edge, VSX, Express CI, InterSpect and Connectra.
Global SmartDefense for Provider-1 NGX R61 enables
customer to centrally push SmartDefense updates out to
customer SmartCenters.
Chapter 2 Introduction 17
What’s New in NGX R61
Customer Benefits
Universal updateability delivering enterprises the power to update
Check Point solutions in real-time against the known and new,
evolving threats:
• Centrally maintain the most current preemptive security for the
Check Point security infrastructure.
• Allow MSPs to sell an additional service at very little additional
investment
• Streamlines management of SmartDefense policies for SP and
large enterprises – e.g. users will know which update was
downloaded as well as which gateway is enforcing that update
Provider-1/SiteManager-1
Provider-1/SiteManager-1 is the only security management solution
that addresses the unique requirements of large multi-policy
environments. For service providers, it consolidates and centralizes
the management of security policies for thousands of customers. For
enterprise network operations centers, Provider-1 simplifies a
complex security policy by segmenting it into manageable sub-
policies for geographic, functional, or other groupings.
NGX R61 contains expanded management support for Perimeter,
Internal, Web and Endpoint Security. Specifically:
What’s New
• SmartDefense and Web Intelligence settings can be configured
globally and assigned to selected Customers
• Dynamic SmartDefense updates can be downloaded and
applied to all selected customers who have been assigned the
global SmartDefense settings.
Customer Benefits
• Universal updateability delivering Service Providers and large
enterprises the power to update each Check Point solution in
real-time against the latest known and unknown security threats
Integrity NGX
What’s New
Integrity can now be managed via a Provider-1 CMA enabling:
• The same administrator definitions for Integrity and
VPN-1 solutions
• Endpoint security logs to be displayed in SmartView
Tracker
• New Integrity reports in Eventia Reporter
• Integrity to be launched via SmartDashboard
• Integrity server status to be displayed via SmartView
Monitor
Customer Benefits
• Enables Service Providers and large enterprises to manage
end-point security more efficiently across their networks.
The same administrators dealing with VPN-1 gateways
can now manage Integrity servers.
• Integration lowers IT costs by eliminating the need for
separate management log-ins, servers, and reports.
Eventia Analyzer
What's New
Eventia Analyzer can now be globally defined and configured
to generate centralized, real-time security events for Check
Point and third party devices
Chapter 2 Introduction 19
What’s New in NGX R61
Customer Benefit:
• The ability to perform centralized security event correlation
across multiple customer networks (CMAs) enables the Service
Provider or central administrator of a distributed enterprise to
quickly detect security anomalies across their entire networking
environment.
• The flexibility of being able to configure event policies at the
level of the customer (CMA) enables Service Provider and large
enterprise administrators to set up event correlation policies
unique to the customer, and targeted at specific devices
generating logs in that customer's location.
Licensing Provider-1/SiteManager-1
Similar to other Check Point licenses, Provider-1 licenses are bound
to the IP address of the licensed entity.
• The Provider-1 MDS license is based on the MDS type:
Manager, Container, combined Manager and Container, or LM.
• A Container license sets the maximum number of managed
CMAs. Multiple container licenses can be added together on
one Container to allow it to hold more CMAs, up to a
maximum of 250 CMAs.
• Each CMA requires its own CMA license.
• CMA Pro Add-on licenses can be purchased in bulk. These
purchase packages are called “Pro Add-ons for MDS”.
• An MLM license is comprehensive and includes the CLMs it
manages. There is no need for a separate CLM license, if they
are hosted on an MLM.
• A CLM hosted on a non-MLM server requires its own CLM
license.
• The SiteManager-1 MDS license is an MDS Manager plus a
container of SiteManager-1 CMAs. Each SiteManager-1 CMA
requires its own license.
• Each Enforcement module requires its own license. Licenses are
according to the number of computing devices (nodes)
protected by the Enforcement module.
Chapter 2 Introduction 21
Obtaining Software Installation Packages
Getting Started
In This Chapter :
23
VPN-1 Pro/Express Terminology
• Increase the database and log disk size (for example, by several
gigabytes) to enable the Eventia Reporter to cache information
before generating a report. If a report requires additional space
for caching, this fact is noted in the report’s Generation
Information section.
Solaris Platforms
To optimize performance:
• Disable DNS resolution - consolidation performance may
improve to 32GB of logs per day.
• Configure the network connection between the Eventia
Reporter Server machine and the SmartCenter or the Log
server, to the optimal speed.
• Use the fastest disk available with a high RPM (revolutions per
minute), and a large buffer size.
• Use UpdateMySQLConfig to tune the database configuration
and adjust the consolidation memory buffers to use additional
memory.
• Increase the machine's memory. It significantly improves
performance.
• Increase the database and log disk size (for example, by several
gigabytes) to enable the Eventia Reporter to cache information
before generating a report. If a report requires additional space
for caching, this fact is noted in the report’s Generation
Information section.
SecurePlatform
Solaris Platform
Required Packages
• SUNWlibc
• SUNWlibCx
• SUNWter
• SUNWadmc
• SUNWadmfw
Required Patches
Check Point recommends using the Sun Install Check Tool to
check the patch level of your Solaris machines. The Sun Install
Check Tool is available on the Sun download site at
http://www.sun.com/software/installcheck/download.xml. Use the
tool to make sure your Solaris machines have the following or newer
patches.
Solaris 8: the following patches (or newer) are required on Solaris
8 UltraSPARC platforms.
109147-18 All
109326-07 All
108434-01 32 bit
108435-01 64 bit
112233-12 All
112902-07 All
116561-03 All Only if dmfe(7D) ethernet driver is
defined on the machine
Windows Platform
This release requires that Service Packs be applied to Windows
2000 and Windows 2003 systems. This release supports Service
Packs SP1, SP2, SP3, and SP4.
Nokia Platform
This release supports IPSO 3.9, and 4.0 For the latest
information on which IPSO releases are supported, see the
Nokia Support Web at:
http://support.nokia.com.
Linux Platform
This release supports Red Hat Enterprise Linux 3.0. For Red Hat
kernel installation instructions, visit:
http://www.redhat.com/support/resources/howto/kernel-
upgrade/kernel-upgrade.html
Compatibility Table
While performing an upgrade, the process looks for unsupported
Check Point products that may already be installed on the targeted
computer. If the existing Check Point implementation contains
products that are not supported by NGX R61, the NGX R61
wrapper will exit. The following table lists the Check Point
products and platforms supported by NGX R61.
1
SmartConsole GUI X X X X X X
SmartPortal X X X X X X
VPN-1 Pro Module
X X X X X X X
.(including QoS, Policy Server)
VPN-1 Express CI X
VPN-1 VSX X
2
SmartCenter Server X X X X X X X
ClusterXL (VPN-1 Pro 3 4
X X X X X X X
.Module)
5
UserAuthority X X X X X X X X X
6
Eventia Reporter - Server X X X X X X X
SmartView Monitor X X X X X X X
VPN-1 Accelerator Driver II X
VPN-1 Accelerator Driver III X X X X X X X
7
Performance Pack X X X .
SmartLSM - Enabled
X X X X X X X
.Management
SmartLSM - Enabled ROBO
X X X X X X
Gateways
SmartLSM - Enabled CO
X X X X X X X
.Gateways
8
Advanced Routing X X
9
SecureXL Turbocard X
SSL Network Extender
X X X X X X X
.- Server
Provider-1/SiteManager-1
X X X
.Server
Provider-1/SiteManager-1
X X X X X X
.GUI
OSE Supported Routers Nortel Versions: 7.x, 8.x, 9.x, 10.x, 11.x, 12.x, 13, 14
Cisco OS Versions: 9.x, 10.x, 11.x, 12.x
Licensing VPN-1Pro/Express
Check Point software is activated with a Certificate Key. Obtain
thisLicense Key by registering the Certificate Key (that appears on
the back of the software media pack) with the Check Point User
Center: https://usercenter.checkpoint.com.
The Certificate Key is used to generate a License Key for products
that you are either evaluating or purchasing. To purchase the
required Check Point products, contact your reseller.
1 Use the Certificate Key on the back of the media pack to
obtain a License Key from the Check Point User Center. The
activation process consists of:
• Adding the Certificate Key
• Activating the products
• Choosing the type of license
• Entering the software details
2 Once you have a License Key, start the installation and
configuration process. During this process, you will be required
to:
• Read the End Users License Agreement and if you accept
it, click Yes.
• Import the license that you obtained from the User Center
for the product that you are installing. Licenses are
imported via the Check Point Configuration Tool or, using
40 Getting Started Guide
Licensing Provider-1/SiteManager-1
Licensing Provider-1/SiteManager-1
Similar to other Check Point licenses, Provider-1 licenses are
bound to the IP address of the licensed entity.
• The Provider-1 MDS license is based on the MDS type:
Manager, Container, combined Manager and Container,
or LM.
• A Container license sets the maximum number of
managed CMAs. Multiple container licenses can be added
together on one Container to allow it to hold more
CMAs, up to a maximum of 250 CMAs.
• Each CMA requires its own CMA license.
• CMA Pro Add-on licenses can be purchased in bulk.
These purchase packages are called "Pro Add-ons for
MDS".
• An MLM license is comprehensive and includes the CLMs
it manages. There is no need for a separate CLM license,
if they are hosted on an MLM.
• A CLM hosted on a non-MLM server requires its own
CLM license.
• The SiteManager-1 MDS license is an MDS Manager plus
a container of SiteManager-1 CMAs. Each SiteManager-1
CMA requires its own license.
• Each Enforcement module requires its own license. Licenses
are according to the number of computing devices (nodes)
protected by the Enforcement module. Provider-1 licenses
Upgrading Licenses
Customers with versions prior to NGX R60 will be required to
obtain a new license when they upgrade to NGX R61. Check Point
NGX R60 software does not work with licenses from previous NG
versions. The upgrade procedure is free of charge to purchasers of
the Software Subscription service (Enterprise Base Support).
Licenses for versions prior to NG cannot be upgraded directly to
NGX. You must first upgrade to NG and then upgrade the licenses
from NG to NGX. The license upgrade procedure uses the
license_upgrade command line tool, which makes it simple to
automatically upgrade licenses without having to do so manually
though the Check Point User Center Web site.
For detailed information about upgrading licenses, refer to the NGX
R61 Upgrade Guide.
Performing a Fresh
Installation
In This Chapter:
Overview page 45
VPN-1 Pro/Express page 46
Provider-1/SiteManager-1 page 69
Where to From Here? page 95
Overview
Check Point software is designed to work across multiple platforms,
and pre-configured appliances. The “look-and-feel” of each
installation differs depending on the platform. This chapter covers
installing VPN-1 Pro/Express, and Provider-1/SiteManager-1.
45
VPN-1 Pro/Express
VPN-1 Pro/Express
In This Section:
5- Eventia Reporter
6- Performance Pack
7- SmartPortal
8 Scroll down and click the install link that appears. This process
may take several minutes.
Initial Configuration
In this section:
Configuration Tool
When the installation process is complete, the Configuration
Tool runs automatically. The Configuration tool can also be
manually run by typing cpconfig at the command line.
3 Click Next.
10 Click Next.
Login Process
Administrators connect to the SmartCenter Server through
SmartDashboard using a process that is common to all
SmartConsole clients. In this process, the administrator and the
SmartCenter Server are authenticated, and a secure channel of
communication created. After successful authentication, the
selected SmartConsole is launched.
After the first login, the administrator can create a certificate
for subsequent logins. To find out how to create a certificate,
see: the SmartCenter User Guide.
Provider-1/SiteManager-1
In This Section:
Overview page 69
Building the Basic Provider-1 Network page 71
Install and Configure the MDS page 72
Install the SmartConsole and the MDG Client page 75
Log in to the MDG for the First Time page 76
Workflow for Creating Customers page 77
Configure a New Customer page 78
Create the Customer Network page 82
Create a Global Security Policy page 83
Configure Global SmartDefense and Web Intelligence page 83
Assign Global Policy page 85
Operation and Maintenance page 88
Overview
A typical Management Service Provider (MSP) handles many
different customer systems. Provider-1/SiteManager-1’s
flexibility ensures compatibility with a wide range of
customers’ security schemes and product deployments.
Set Up Networking
The MDS Server host and the VPN-1 Pro Gateways should be
TCP/IP ready. The MDS Server machine should include at
least one interface with an IP address, and should be able to
query a DNS server in order to resolve the IP addresses of
other machine names.
As applicable, ensure that routing is properly configured to
allow IP communication between:
• a CMA/CLM and its managed gateways
• an MDS and other MDSs in the system
• a CMA and CLMs of the same Customer
• a CMA and its High Availability CMA peer
• a GUI Client and MDS Managers
• a GUI Client and CMAs/CLMs
Note - If your current shell is sh or bash, you must exit the shell after
the MDS has started.
4 You can now run the MDG from the Windows Start
menu, Start > Programs > Check Point SmartConsole
R60A > Provider-1.
Login Process
During the MDG login process, a secure communication channel is
created between the administrator's computer (the GUI Client) and
the MDS. In addition, the administrator is authenticated. After
successful authentication, the MDG starts.
Demo Mode
When starting the MDG, you can elect to open it in Demo mode.
This mode does not require authentication and does not connect to
the MDS. It is used to experiment with different objects and
features, before you create a real system. It demonstrates several
sample Customers, CMAs, gateways and policies that have been pre-
configured.
It is recommended that you use the Demo mode to familiarize
yourself with the MDG’s various views and modes. Operations
performed while in Demo mode are stored in a local database. This
allows you to continue a Demo session from the point that you left
off in a previous session.
Once you log in, you will see the General View - Customer
Contents Mode:
FIGURE 4-3 General View in the MDG
Customer Details
3 Next, fill in the Customer Properties, for example, a
contact person and a contact e-email.
Create a CMA
7 Select to create a single Customer Management
Add-on (CMA).
8 Define the CMA, calling it JustCMA, and select the MDS you
created to house this CMA.
9 Provide a virtual IP address for the CMA. Alternatively, the
Provider-1 system can allocate a virtual IP for the CMA from a
predefined IP range. To use this alternative, select the Get
address... > Get Automatic IP Address option.
Status Description
Status Description
MDS Status
MDSs are managed through the MDG’s General View - MDS
Contents Mode. This mode allows an administrator to perform
MDS management activities and check all MDS statuses at a glance.
FIGURE 4-13 General View — MDS Contents Mode
SmartView Tracker
SmartView Tracker shows all the events that were logged either at
the Provider-1 MDS level or at the Customers' CMAs and CLMs.
Use SmartView Tracker to view history and real-time logs, to view
active connections or to audit administrators' actions. Use
SmartView Tracker queries to search, filter and customize the
displayed events.
• To view customer logs, select a CMA or a CLM, then right
click and choose Launch Application > SmartView Tracker.
• To view Audit logs, select an MDS manager, then right click
and choose Launch SmartView Tracker (Audit Mode).
FIGURE 4-15 SmartView Tracker (Demo Mode)
SmartView Monitor
SmartView Monitor allows you to inspect network traffic and
connectivity. It provides real-time information about
performance, throughput and security operations of your
managed gateways. Traffic flow can be monitored in many
different ways and cross sections. In the MDG, select a CMA,
then right click and choose Launch Application >
SmartView Monitor.
FIGURE 4-16 SmartView Monitor (Demo Mode)
Eventia Reporter
Use Eventia Reporter to generate information rich reports about
different aspects of your network.
In the MDG, select Launch Eventia Reporter from the Manage
menu.
FIGURE 4-17 Eventia Reporter (Demo Mode)
A Configuration
Enforcement Module 61
SmartCenter Server 61
Activation process 42 Configuration Tool 51, 53, 61, 62,
add customer wizard 65, 66, 68
GUI clients 80 Connectra 7
Add Driver 47 console-based connection 58
administrator cpconfig 59
adding 80
administrator authentication 68,
76
Administrators 61
authenticating the SmartCenter
D
Server 68, 76 Demo Mode 76
authentication Device List 47
fingerprint 68, 76 Devices 47
Distributed deployment 24
distributed deployment 46
B
backward compatibility 39 E
End Users License Agreement 43
C Enforcement Module 24, 27, 30,
32, 46, 51, 53, 57, 61, 66
Enforcement module 24
centralized management 7, 13 Enforcement Modules 40
Certificate Authority 61 Enterprise Base Support 43
Certificate Authority (ICA) 64, 66 Enterprise SmartCenter 51, 53, 66
Certificate Key 42 Eventia Reporter 28, 29, 31
Check Point Configuration Tool
43
Check Point Enterprise 46
Check Point Enterprise/Pro 50, F
52
Check Point Express 50, 52 Fetch Import file from TFTP
Check Point Licenses Server 50
Certificate Key 42 Fingerprint 62, 64
Compatibility Table 36 fingerprint 68, 76
INDEX 97
FTP server 58 Linux 27, 56
Linux Platform 36
Log server 29, 32
Logging on
G first time 67, 76
Login
general view authenticating the administrator
overview 90 68, 76
GUI Clients 61
M
H
Minimum Hardware
Hardware Scan Details 47 Requirements 27
HTTPS Server Configuration 48 Windows or Linux 27
Minimum Requirements 27
multiple platforms 45
I
ICA 61 N
Import Check Point Products
Configuration 50 Network Interface Configuration
Installation 48
Enforcement Module 61 Nokia Horizon Manager 58
Integrity 7
Internal Certificate Authority 61
InterSpect 7
IP address 61 O
IPSO 27
IPSO Wrapper 58 Obtaining Licenses 42
OPSEC 64, 66
K
P
Key Hit Session 61
Paste License 81
Provider
Configuring the MDS 72
L Installation 69
Installing gateways 72
License Installing MDG client 75
get details 81 licensing 20
paste 81 MDG hardware requirements on
Licenses 40, 61 Solaris 31
98 INDEX
MDS hardware requirements on SmartView Monitor 28
SecurePlatform 33 SmartView Tracker 24, 28, 30
MDS hardware requirements on Software Requirements 34
Solaris 30 Solaris 30, 56
Networking 71 Solaris 8 UltraSPARC platforms
34
Operations Center 71 Solaris 9 UltraSPARC platforms
Terminology 25 35
Uninstalling MDS and MDG 76 Standalone deployment 24
What’s new 18 standalone deployment 46
provider
login 76
T
R TCP/IP network protocol 46
Time and Date Configuration 50
Red Hat Enterprise Linux 3.0 36
Required Packages 34
Required Patches 34
U
S Upgrade 39
Upgrading Licenses 43
User Center 40
Secure Internal Communication
(SIC) 64, 66
SecureClient 28
SecuRemote 28 V
SecurePlatform 32, 48
Security Policy 24, 46 views
selection bar views general 90
general 90 VPN-1 on SecurePlatform 49
SIC certificate 64, 67 VPN-1 Pro 24, 27, 30, 32, 46
SMART Client machine( 64
SmartCenter 13
SmartCenter Server 24, 27, 30, 32,
67
fingerprint 68, 76
W
SmartConsole 24
SmartConsole clients 46 WEB UI 48
SmartConsole management 40 WebUI 51
SmartDashboard 24, 46 Windows or Linux 27
SmartLSM 28 Windows Platform 35
SmartUpdate 28, 30, 43
INDEX 99
100 INDEX