On This Page
Check Point
Management Devices (CMA, Smart Center)
- Dashboard Widgets
-
General (General overview of the system)
-
Cleanup (Summary of the number of rules that are disabled, fully shadowed, or have not been hit in the past year)
-
USP Compliance (The number of rules with violations, according to their severity level)
-
Audit (The number of rules withe expired access or will have access expire within the next month)
-
Recent Changes (Rules and devices with changes in the past 30 days)
- Browsers
-
Rule Viewer (see Rule Viewer)
-
Object Lookup (See Object Lookup)
-
USP Viewer (see USP Viewer)
-
USP Alert Manager Viewer (see USP Alerts Manager)
-
USP Exceptions Viewer (see USP Exceptions)
-
Changes (see Change Browser)
-
Cleanup (see Cleanup Browser)
-
Device Viewer (see Device Viewer)
- Change Management
-
Rule and Object Usage Report (Displays statistics for most-used, least-used, and unused rules and objects)
-
Change Management (Policy and Side-by-Side policy change comparison in the Compare tab, Comparison report, and New Revision report)
-
Full Accountability (Details of the revision, including who made the revision and when)
-
Display IPv6 objects
-
Graphical Policy (Policies are displayed in SecureTrack as they are shown in the vendor's management software)
-
Change Window (see View and Update a Change Window)
-
Real-time Monitoring (Regularly automatically fetches policy information from the device)
-
Create SecureChange ticket from Rule Viewer for:
-
Rule Decommission (Removes selected rules from supported devices)
-
Rule Modification (Receives rules from the SecureTrack Rule Viewer and lets you create a ticket in SecureChange for a handler to update firewall rules for supported devices)
-
-
Automatic Policy Generation (APG) (Analyzes firewall logs to determine actual business practices, and creates an optimized rulebase that limits traffic allowance to traffic actually used in the organization)
- Topology
-
Static Topology
-
Dynamic Topology
-
Calculate impact of NAT rules
-
Calculate impact of VPN policies
-
IPv6 routes
-
Path analysis with IPv6 addresses in source and destination
Notes for CMA and SmartCenter R8x
-
The Baseline Settings Compliance report is deprecated for Check Point R8x devices
-
R8x unattached network objects are not recognized as host in opsec
-
Inline layers are supported for R8x gateways. (Special characters are not supported in inline-layer names.)
-
Automation with data center objects is not supported.
-
After an upgrade, the revision may appear as modified in Compare Revisions:
- Section headers may be shown as deleted and added
- The revision shows legacy user access as a modified field on the revision although no change was done
- Generate Report changes are not accurate
-
Supports the Last Hit field for both security rules and NAT rules
Management Devices (MDS)
- Dashboard Widgets
-
General (General overview of the system)
-
Cleanup (Summary of the number of rules that are disabled, fully shadowed, or have not been hit in the past year)
-
USP Compliance (The number of rules with violations, according to their severity level)
-
Audit (The number of rules withe expired access or will have access expire within the next month)
-
Recent Changes (Rules and devices with changes in the past 30 days)
- Browsers
-
Rule Viewer (see Rule Viewer)
-
Object Lookup (See Object Lookup)
-
USP Viewer (see USP Viewer)
-
USP Alert Manager Viewer (see USP Alerts Manager)
-
USP Exceptions Viewer (see USP Exceptions)
-
Cleanup (see Cleanup Browser)
-
Device Viewer (see Device Viewer)
- Change Management
-
Rule and Object Usage Report (Displays statistics for most-used, least-used, and unused rules and objects)
-
Change Management (Policy and Side-by-Side policy change comparison in the Compare tab, Comparison report, and New Revision report)
-
Full Accountability (Details of the revision, including who made the revision and when)
-
Display IPv6 objects
-
Graphical Policy (Policies are displayed in SecureTrack as they are shown in the vendor's management software)
-
Change Window (see View and Update a Change Window)
-
Real-time Monitoring (Regularly automatically fetches policy information from the device)
-
Create SecureChange ticket from Rule Viewer for:
-
Rule Decommission (Removes selected rules from supported devices)
-
Rule Modification (Receives rules from the SecureTrack Rule Viewer and lets you create a ticket in SecureChange for a handler to update firewall rules for supported devices)
-
Rule Recertification(Used to document and verify the need for a rule)
-
-
Automatic Policy Generation (APG) (Analyzes firewall logs to determine actual business practices, and creates an optimized rulebase that limits traffic allowance to traffic actually used in the organization)
- Topology
-
Static Topology
-
Dynamic Topology
-
Calculate impact of VPN policies
Notes for MDS:
-
Supports the Last Hit field for both security rules and NAT rules.