Provider-1/SiteManager-1 - Check Point

More documents

Recommendations

Info

The Need for <strong>Provider</strong>-1/<strong>SiteManager</strong>-1Data CentersThe data service provider is a type of service center, a company that provides computerdata storage and related services, such as backup and archiving, for other companies.For example, let’s examine the network of a fictitious Data Center:FIGURE 1-2Example of a Data CenterSimilar to the MSP, the Data Center manages its own environment, whereas individualcustomer administrators and customers cannot have access to other customers'environments.Large EnterprisesBusinesses that expand through lateral and horizontal integration, such as conglomeratesor holding companies, face security policy challenges due to the diverse nature of theirsubsidiaries’ businesses. In these complex environments, security managers need theright tools to manage multiple policies efficiently. Central management of securitypolicy changes, which are enforced by the different firewalls throughout the system,ensure that the entire corporate IT architecture is adequately protected.Let’s look at a sample deployment for an automotive manufacturing concern:12
FIGURE 1-3Conglomerate’s networkCorporate IT departments must manage security services for a wide-spread system,with link-ups with vendors, external inventory systems, billing inputs, and reportingrequirements. Different branches are geographically distributed and have independentnetwork management. Yet the network security personnel must support acorporate-wide security policy, with rules enforcing access for appropriate users,preventing attacks, enabling secure communication and fail-over capabilities.IT departments must often delegate levels of authority among administrators, so thatthere is a hierarchy of access even within systems support. Whereas some administratorswill have global authorities to maintain the system backbone, others may handlespecialized activities and only require permissions for certain parts of the system. Forexample, an IT support person in a manufacturing branch would not necessarily needto have total administrator privileges for the logistics headquarters network, and avendor administrator that handles network maintenance would not need corporatewidepermissions.Chapter 1 Introduction 13
Page 1 and 2: Check PointProvider-1/SiteManager-1
Page 3 and 4: Table Of ContentsChapter 1Chapter 2
Page 5 and 6: Chapter 5Chapter 6Chapter 7Global P
Page 7: Setting up a new MDS and initiating
Page 10 and 11: The Need for Provider-1/SiteManager
Page 14 and 15: The Check Point SolutionIT services
Page 16 and 17: The Check Point SolutionThe Multi-D
Page 18 and 19: The Check Point SolutionExample: En
Page 20 and 21: The Check Point SolutionLeased line
Page 22 and 23: The Check Point SolutionLet’s loo
Page 24 and 25: The Check Point SolutionProvider-1/
Page 26 and 27: The Management ModelThe High Availa
Page 28 and 29: The Management ModelTABLE 1- 1Admin
Page 30 and 31: The Management ModelFIGURE 1-15MDG
Page 32 and 33: The Management ModelFIGURE 1-16 Ros
Page 34 and 35: The Provider-1/SiteManager-1 Trust
Page 40 and 41: Asking yourself the right questions
Page 42 and 43: Consider the following scenario...C
Page 44 and 45: MDS Managers and Containers in the
Page 46 and 47: Setting up the Provider-1/SiteManag
Page 52 and 53: Hardware Requirements and Recommend
Page 54 and 55: Licensing and Deployment• Custome
Page 56 and 57: Licensing and DeploymentTABLE 2-2MD
Page 58 and 59: Licensing and DeploymentMulti-Custo
Page 60 and 61: Licensing and DeploymentTABLE 2-8VP
Page 62 and 63:
Licensing and DeploymentTABLE 2-11V
Page 64 and 65:
Miscellaneous IssuesEach MDS Contai
Page 66 and 67:
Miscellaneous IssuesStatic NAT allo
Page 68 and 69:
The Provisioning Processdeployment
Page 70 and 71:
Installation and ConfigurationNotes
Page 72 and 73:
Installation and Configuration1 Fro
Page 74 and 75:
Installation and ConfigurationInput
Page 76 and 77:
Installation and Configurationa In
Page 78 and 79:
Defining a Security Policy for the
Page 80 and 81:
Defining a Security Policy for the
Page 82 and 83:
Configurations with More than One M
Page 84 and 85:
Configurations with More than One M
Page 86 and 87:
When a CMA Manages the VPN-1 Pro Ga
Page 88 and 89:
MDS Support for SmartView Reporter
Page 90 and 91:
CMA OPSEC APIsCMA OPSEC APIsThe fol
Page 92 and 93:
MDS OPSEC APIsMDS OPSEC APIsTo crea
Page 94 and 95:
MDS OPSEC APIs94
Page 96 and 97:
Overview• an actual customer, or
Page 98 and 99:
OverviewFIGURE 4-2MDG before Custom
Page 100 and 101:
Overviewon any MDS in the system. O
Page 102 and 103:
OverviewFIGURE 4-5Creating more cus
Page 104 and 105:
OverviewFIGURE 4-7SmartUpdate View
Page 106 and 107:
Configurationa CMA. Keep the CMAs I
Page 108 and 109:
ConfigurationAssign computers on wh
Page 110 and 111:
ConfigurationFIGURE 4-8Administrato
Page 112 and 113:
ConfigurationConfiguring a CMATo co
Page 114 and 115:
OverviewThe FireWall-1 administrato
Page 116 and 117:
OverviewFIGURE 5-3Policy creation w
Page 118 and 119:
OverviewGlobal policies can be assi
Page 120 and 121:
OverviewFIGURE 5-7Dynamic Global Ob
Page 122 and 123:
OverviewFor details about using Sma
Page 124 and 125:
OverviewAssigning a different globa
Page 126 and 127:
ConfigurationFor customers that alr
Page 128 and 129:
Configuration2 You are asked whethe
Page 130 and 131:
Configuration130
Page 132 and 133:
OverviewFIGURE 6-1Customer network
Page 134 and 135:
Managing Customer PoliciesFIGURE 6-
Page 136 and 137:
Working with CMAs and CLMs in the M
Page 138 and 139:
Logging Customer ActivityFIGURE 7-1
Page 140 and 141:
Exporting LogsTABLE 7-1TABLE 7-1 hi
Page 142 and 143:
Logging ConfigurationLog FilesFor e
Page 144 and 145:
Logging ConfigurationWorking with C
Page 146 and 147:
Logging ConfigurationConfiguring Lo
Page 148 and 149:
Logging ConfigurationTABLE 7- 3Log
Page 150 and 151:
OverviewFIGURE 8-1A FireWall-1 enfo
Page 152 and 153:
OverviewAfter a successful IKE nego
Page 154 and 155:
VPN-1 Connectivity in Provider-1FIG
Page 156 and 157:
Global VPN CommunitiesConversion Co
Page 158 and 159:
Global VPN CommunitiesCMA databases
Page 160 and 161:
Configuring Global VPN CommunitiesF
Page 162 and 163:
Configuring Global VPN Communities7
Page 164 and 165:
OverviewBy default, management acti
Page 166 and 167:
Checking the Status of Components i
Page 168 and 169:
Checking the Status of Components i
Page 170 and 171:
Monitoring issues for different com
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Using Check Point Applications to M
Page 180 and 181:
Using Check Point Applications to M
Page 182 and 183:
ConfigurationThe MDS Manager is the
Page 184 and 185:
ConfigurationFIGURE 10-2 CMA High A
Page 186 and 187:
ConfigurationFIGURE 10-3 Mirror MDS
Page 188 and 189:
ConfigurationMDS: Active or Standby
Page 190 and 191:
ConfigurationFor example, if a new
Page 192 and 193:
ConfigurationFIGURE 10-7 CMA databa
Page 194 and 195:
Configuration• Lagging — The da
Page 196 and 197:
Configuration3 Right-click the MDS,
Page 198 and 199:
ConfigurationSynchronize ClusterXL
Page 200 and 201:
Packages in MDS InstallationPackage
Page 202 and 203:
MDS File SystemFollowing is the lis
Page 204 and 205:
ProcessesSourcing these files (or i
Page 206 and 207:
MDS Configuration DatabasesMDS Conf
Page 208 and 209:
Connectivity Between Different Proc
Page 210 and 211:
Issues Relating to Different Platfo
Page 212 and 213:
Issues Relating to Different Platfo
Page 214 and 215:
SyntaxArgumentsource database direc
Page 216 and 217:
SyntaxArgumentstorestore=/new_path/
Page 218 and 219:
SyntaxArgumentfrequencystoreoffDesc
Page 220 and 221:
SyntaxArgumentstorestore=/new_path/
Page 222 and 223:
SyntaxOutputArgumentstorestore=/new
Page 224 and 225:
UsageSyntaxExampleExit CodeSince th
Page 226 and 227:
To edit the CMA database, use the f
Page 228 and 229:
SyntaxArgumentDescription-m mds For
Page 230 and 231:
SyntaxArgumentCustomerNameDescripti
Page 232 and 233:
Usage mdscmd deletecustomer -m mds
Page 234 and 235:
SyntaxArgumentCustomerNameDescripti
Page 236 and 237:
ArgumentDescription-i IP Specify th
Page 238 and 239:
SyntaxExampleArgumentDescription-s
Page 240 and 241:
mdsstartDescriptionUsageSyntaxThis
Page 242 and 243:
Further Info.You can run the cma_mi
Page 244 and 245:
244
Page 246 and 247:
DDData Centers 12Database Query Too
Page 248:
TSmartUpdatelicense types 105updati
show all

Provider-1/SiteManager-1 - Check Point

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?