On This Page
Check Point
Firewalls (Gateways, VE, VSX, Edge)
Access Requests |
Manual target selection |
Add Access |
Risk Analysis |
Remove Access |
Verifier |
Server Decommission |
Impact Analysis, Verifier |
Rule Recertification |
Update metadata |
Notes for Firewalls (Gateways, VE, VSX,):
- Firewalls must be managed by CMA/SmartCenter. Additional interface and routing information is available when the gateway is monitored directly by SecureTrack.
-
For Access Requests in topology mode, when selecting a firewall that is not in the path for a Check Point device, Designer and Verifier fail and include a notification that the target is not in the path.
- Automation tools do not use Application Control information.
- Designer gives priority to service objects that have a default timeout set in the firewall.
Notes for Firewalls (Edge):
- Edge devices are supported when managed by SmartCenter/Provider-1. Edge devices are not supported when managed by LSM.
- Designer gives priority to service objects that have a default timeout set in the firewall.
Management Devices (CMA, SmartCenter)
Access Requests |
Manual target selection |
Modify Group |
Designer, Provisioning + Committing |
Add Access |
Risk Analysis |
Remove Access |
Verifier |
Server Decommission |
Impact Analysis |
Clone Server Policy |
Designer |
Rule Decommission |
Designer |
Rule Modification | Provisioning + Committing Provisioning + Committing in automatic step, |
Rule Recertification |
Update metadata |
Notes for Management Devices (CMA, SmartCenter):
-
Access Requests in non topology mode support IPv6 objects, including Designer recommendations and Provisioning.
-
Access Requests: For CMA and SmartCenter devices running R80.10 and above, rule location customization includes the following options for adding new rules:
-
After an existing rule
-
Before an existing rule
-
As the last rule
-
-
Server Decommission 'Provisioning' and 'Authorization and documentation' is supported for CMA, SmartCenter running R80.
-
Modify Group field displays groups with mixed IPv4 and IPv6 objects when running on R80 and above.
Operations on the included IPv6 objects (adding/deleting an existing object or creating a new object) are not supported.
-
Rule Decommission is supported for CMA, SmartCenter running R80.
-
Rule Modification is supported for CMAs and SmartCenters running R80.
-
Provisioning + Committing is supported for CMA, SmartCenter running R80.
-
Inline layers for R80 gateways are supported in SecureTrack.
- Designer gives priority to service objects that have a default timeout set in the firewall.
Management Devices (MDS)
Modify Group |
Designer |
Server Decommission |
Impact Analysis R80 and R80.10 also supports: |
Clone Server Policy |
Designer |
Rule Recertification |
Update metadata |
Notes for Check Point Management Devices (MDS):
-
Modify Group field supports groups that contain IPv4 and/or IPv6 objects when running on R80 and above.
-
Server Decommission supports shared groups/global objects.
- Designer gives priority to service objects that have a default timeout set in the firewall.