Check Point

Firewalls (Gateways, VE, VSX, Edge)

Access Requests	Manual target selection Device object selection
Add Access	Risk Analysis Designer Provisioning Provisioning in automatic step Verifier Authorization and documentation Auto close
Remove Access	Verifier
Server Decommission	Impact Analysis, Verifier
Rule Recertification	Update metadata

Firewalls must be managed by CMA/SmartCenter. Additional interface and routing information is available when the gateway is monitored directly by SecureTrack.
For Access Requests in topology mode, when selecting a firewall that is not in the path for a Check Point device, Designer and Verifier fail and include a notification that the target is not in the path.
Automation tools do not use Application Control information.
Designer gives priority to service objects that have a default timeout set in the firewall.

Edge devices are supported when managed by SmartCenter/Provider-1. Edge devices are not supported when managed by LSM.
Designer gives priority to service objects that have a default timeout set in the firewall.

Access Requests	Manual target selection Device object selection User Identity (LDAP groups in source)
Modify Group	Designer, Provisioning + Committing Provisioning + Committing in automatic step Create/modify group
Add Access	Risk Analysis Designer, Provisioning + Committing Provisioning + Committing in automatic step Verifier, Authorization and documentation, Auto close
Remove Access	Verifier
Server Decommission	Impact Analysis Designer Provisioning + Committing Verifier, Authorization and documentation
Clone Server Policy	Designer Provisioning (or) Provisioning and Committing Verifier
Rule Decommission	Designer Provisioning + Committing Provisioning + Committing in automatic step Verifier, Authorization and documentation Auto close
Rule Modification	Provisioning + Committing Provisioning + Committing in automatic step,
Rule Recertification	Update metadata

Access Requests in non topology mode support IPv6 objects, including Designer recommendations and Provisioning.
Access Requests: For CMA and SmartCenter devices running R80.10 and above, rule location customization includes the following options for adding new rules:
- After an existing rule
- Before an existing rule
- As the last rule
Server Decommission 'Provisioning' and 'Authorization and documentation' is supported for CMA, SmartCenter running R80.
Modify Group field displays groups with mixed IPv4 and IPv6 objects when running on R80 and above.

Operations on the included IPv6 objects (adding/deleting an existing object or creating a new object) are not supported.
Rule Decommission is supported for CMA, SmartCenter running R80.
Rule Modification is supported for CMAs and SmartCenters running R80.
Provisioning + Committing is supported for CMA, SmartCenter running R80.
Inline layers for R80 gateways are supported in SecureTrack.
Designer gives priority to service objects that have a default timeout set in the firewall.

Modify Group	Designer Provisioning Provisioning + Committing in automatic step Create/modify group
Server Decommission	Impact Analysis Designer Provisioning Verifier R80 and R80.10 also supports: Designer Provisioning Authorization and documentation
Clone Server Policy	Designer Provisioning (or) Provisioning and Committing Verifier
Rule Recertification	Update metadata

Modify Group field supports groups that contain IPv4 and/or IPv6 objects when running on R80 and above.

Server Decommission supports shared groups/global objects.
Designer gives priority to service objects that have a default timeout set in the firewall.