Provider-1/SiteManager-1 - Check Point

More documents

Recommendations

Info

The Check Point SolutionIT services in large scale enterprises must often log network activity for securitytracking purposes. Comprehensive logging can consume considerable system resourcesand slow down a corporate network, if not deployed with an appropriate solution. Forenterprises with local and remote branches, centralized failover security management isanother critical success factor in achieving efficient and comprehensive system security.For Big Bank, different types of permissions and access management are required toprotect internal networks and separate them from external networks accessible to users.FIGURE 1-4Big Bank’s networkThe Check Point SolutionCheck Point’s Provider-1/SiteManager-1 is the best-of-breed security managementsolution designed to meet the scalability requirements of service provider and largeenterprise Network Operating Center environments. A unique three-tier, multi-policymanagement architecture and a host of Network Operating Center oriented featuresautomate time-consuming repetitive tasks common in Network Operating Center14
Basic Elementsenvironments. Provider-1/SiteManager-1 meets the needs of both the enterprise and ofservice providers serving the enterprise market. This solution dramatically reduce theadministrative cost of managing large security deployments.The basic three-tier security architecture of the VPN-1 Pro system, consisting ofenforcement points, a management console, and a GUI, delivers a robust mechanism forcreating firewall security policies and automatically distributing them to multipleenforcement points. Provider-1/SiteManager-1 supports central management for manydistinct security policies simultaneously.Companies envision horizontal growth throughout an industry, to implementeconomies of scale through incorporation of partner-companies and vendors.Enterprises want to manage vertical growth through product differentiation. Securitymanagement achieves a new level of customization and flexibility withProvider-1/SiteManager-With Provider-1/SiteManager-1 security policies can be customized. Enterprises can,for example, tailor a security policy to enable vendor applications which tie intocorporate financial networks to communicate safely and securely, yet without havingaccess to confidential corporate data. Or a security policy can enable franchisecompanies to communicate with regional and international headquarters, yet safeguardthe franchise internal network integrity.An administrator can create policies for groups of customer firewalls, and/or createhigh-level global policies that manage all customer polices at once. The ability to setpolicy at every level, including both the customer and global level, delivers exceptionalscalability by eliminating the need to recreate policies and policy changes, potentially tothousands of devices.Basic ElementsThe Provider-1/SiteManager-1 system is designed to manage many widely distributedenforcement points, for networks that may belong to different customers, differentcompanies, or different corporate branches.The primary element of a security system is the enforcement point, the VPN-1 Progateway. Administrators decide how this firewall is to be managed and apply a securitypolicy, with rules that determine how communication is handled by the firewall.A Customer Management Add-On (CMA) is a virtual customer management. TheCMA manages Customer’s enforcement points, that is their firewalls. Through theCMA, an administrator creates policies for Customer gateways.Chapter 1 Introduction 15
Page 1 and 2: Check PointProvider-1/SiteManager-1
Page 3 and 4: Table Of ContentsChapter 1Chapter 2
Page 5 and 6: Chapter 5Chapter 6Chapter 7Global P
Page 7: Setting up a new MDS and initiating
Page 10 and 11: The Need for Provider-1/SiteManager
Page 12 and 13: The Need for Provider-1/SiteManager
Page 16 and 17: The Check Point SolutionThe Multi-D
Page 18 and 19: The Check Point SolutionExample: En
Page 20 and 21: The Check Point SolutionLeased line
Page 22 and 23: The Check Point SolutionLet’s loo
Page 24 and 25: The Check Point SolutionProvider-1/
Page 26 and 27: The Management ModelThe High Availa
Page 28 and 29: The Management ModelTABLE 1- 1Admin
Page 30 and 31: The Management ModelFIGURE 1-15MDG
Page 32 and 33: The Management ModelFIGURE 1-16 Ros
Page 34 and 35: The Provider-1/SiteManager-1 Trust
Page 40 and 41: Asking yourself the right questions
Page 42 and 43: Consider the following scenario...C
Page 44 and 45: MDS Managers and Containers in the
Page 46 and 47: Setting up the Provider-1/SiteManag
Page 52 and 53: Hardware Requirements and Recommend
Page 54 and 55: Licensing and Deployment• Custome
Page 56 and 57: Licensing and DeploymentTABLE 2-2MD
Page 58 and 59: Licensing and DeploymentMulti-Custo
Page 60 and 61: Licensing and DeploymentTABLE 2-8VP
Page 62 and 63: Licensing and DeploymentTABLE 2-11V
Page 64 and 65:
Miscellaneous IssuesEach MDS Contai
Page 66 and 67:
Miscellaneous IssuesStatic NAT allo
Page 68 and 69:
The Provisioning Processdeployment
Page 70 and 71:
Installation and ConfigurationNotes
Page 72 and 73:
Installation and Configuration1 Fro
Page 74 and 75:
Installation and ConfigurationInput
Page 76 and 77:
Installation and Configurationa In
Page 78 and 79:
Defining a Security Policy for the
Page 80 and 81:
Defining a Security Policy for the
Page 82 and 83:
Configurations with More than One M
Page 84 and 85:
Configurations with More than One M
Page 86 and 87:
When a CMA Manages the VPN-1 Pro Ga
Page 88 and 89:
MDS Support for SmartView Reporter
Page 90 and 91:
CMA OPSEC APIsCMA OPSEC APIsThe fol
Page 92 and 93:
MDS OPSEC APIsMDS OPSEC APIsTo crea
Page 94 and 95:
MDS OPSEC APIs94
Page 96 and 97:
Overview• an actual customer, or
Page 98 and 99:
OverviewFIGURE 4-2MDG before Custom
Page 100 and 101:
Overviewon any MDS in the system. O
Page 102 and 103:
OverviewFIGURE 4-5Creating more cus
Page 104 and 105:
OverviewFIGURE 4-7SmartUpdate View
Page 106 and 107:
Configurationa CMA. Keep the CMAs I
Page 108 and 109:
ConfigurationAssign computers on wh
Page 110 and 111:
ConfigurationFIGURE 4-8Administrato
Page 112 and 113:
ConfigurationConfiguring a CMATo co
Page 114 and 115:
OverviewThe FireWall-1 administrato
Page 116 and 117:
OverviewFIGURE 5-3Policy creation w
Page 118 and 119:
OverviewGlobal policies can be assi
Page 120 and 121:
OverviewFIGURE 5-7Dynamic Global Ob
Page 122 and 123:
OverviewFor details about using Sma
Page 124 and 125:
OverviewAssigning a different globa
Page 126 and 127:
ConfigurationFor customers that alr
Page 128 and 129:
Configuration2 You are asked whethe
Page 130 and 131:
Configuration130
Page 132 and 133:
OverviewFIGURE 6-1Customer network
Page 134 and 135:
Managing Customer PoliciesFIGURE 6-
Page 136 and 137:
Working with CMAs and CLMs in the M
Page 138 and 139:
Logging Customer ActivityFIGURE 7-1
Page 140 and 141:
Exporting LogsTABLE 7-1TABLE 7-1 hi
Page 142 and 143:
Logging ConfigurationLog FilesFor e
Page 144 and 145:
Logging ConfigurationWorking with C
Page 146 and 147:
Logging ConfigurationConfiguring Lo
Page 148 and 149:
Logging ConfigurationTABLE 7- 3Log
Page 150 and 151:
OverviewFIGURE 8-1A FireWall-1 enfo
Page 152 and 153:
OverviewAfter a successful IKE nego
Page 154 and 155:
VPN-1 Connectivity in Provider-1FIG
Page 156 and 157:
Global VPN CommunitiesConversion Co
Page 158 and 159:
Global VPN CommunitiesCMA databases
Page 160 and 161:
Configuring Global VPN CommunitiesF
Page 162 and 163:
Configuring Global VPN Communities7
Page 164 and 165:
OverviewBy default, management acti
Page 166 and 167:
Checking the Status of Components i
Page 168 and 169:
Checking the Status of Components i
Page 170 and 171:
Monitoring issues for different com
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Using Check Point Applications to M
Page 180 and 181:
Using Check Point Applications to M
Page 182 and 183:
ConfigurationThe MDS Manager is the
Page 184 and 185:
ConfigurationFIGURE 10-2 CMA High A
Page 186 and 187:
ConfigurationFIGURE 10-3 Mirror MDS
Page 188 and 189:
ConfigurationMDS: Active or Standby
Page 190 and 191:
ConfigurationFor example, if a new
Page 192 and 193:
ConfigurationFIGURE 10-7 CMA databa
Page 194 and 195:
Configuration• Lagging — The da
Page 196 and 197:
Configuration3 Right-click the MDS,
Page 198 and 199:
ConfigurationSynchronize ClusterXL
Page 200 and 201:
Packages in MDS InstallationPackage
Page 202 and 203:
MDS File SystemFollowing is the lis
Page 204 and 205:
ProcessesSourcing these files (or i
Page 206 and 207:
MDS Configuration DatabasesMDS Conf
Page 208 and 209:
Connectivity Between Different Proc
Page 210 and 211:
Issues Relating to Different Platfo
Page 212 and 213:
Issues Relating to Different Platfo
Page 214 and 215:
SyntaxArgumentsource database direc
Page 216 and 217:
SyntaxArgumentstorestore=/new_path/
Page 218 and 219:
SyntaxArgumentfrequencystoreoffDesc
Page 220 and 221:
SyntaxArgumentstorestore=/new_path/
Page 222 and 223:
SyntaxOutputArgumentstorestore=/new
Page 224 and 225:
UsageSyntaxExampleExit CodeSince th
Page 226 and 227:
To edit the CMA database, use the f
Page 228 and 229:
SyntaxArgumentDescription-m mds For
Page 230 and 231:
SyntaxArgumentCustomerNameDescripti
Page 232 and 233:
Usage mdscmd deletecustomer -m mds
Page 234 and 235:
SyntaxArgumentCustomerNameDescripti
Page 236 and 237:
ArgumentDescription-i IP Specify th
Page 238 and 239:
SyntaxExampleArgumentDescription-s
Page 240 and 241:
mdsstartDescriptionUsageSyntaxThis
Page 242 and 243:
Further Info.You can run the cma_mi
Page 244 and 245:
244
Page 246 and 247:
DDData Centers 12Database Query Too
Page 248:
TSmartUpdatelicense types 105updati
show all

Provider-1/SiteManager-1 - Check Point

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?