On This Page
Check Point
Management Devices (CMA, Smart Center, Smart-1 Cloud)
- Dashboard Widgets
-
General (General overview of the system)
-
Cleanup (Summary of the number of rules that are disabled, fully shadowed, or have not been hit in the past year)
-
USP Compliance (The number of rules with violations, according to their severity level)
-
Audit (The number of rules with expired access or will have access expire within the next month)
-
Recent Changes (Rules and devices with changes in the past 30 days)
- Browsers
-
Rule Viewer (see Rule Viewer)
-
Object Lookup (See Object Lookup)
-
USP Viewer (see USP Viewer)
-
USP Alert Manager Viewer (see USP Alerts Manager)
-
USP Exceptions Viewer (see USP Exceptions)
-
Changes (see Change Browser)
-
Cleanup (see Cleanup Browser)
-
Device Viewer (see Device Viewer)
- Change Management
-
Rule and Object Usage Report (Displays statistics for most-used, least-used, and unused rules and objects)
-
Change Management (Policy and Side-by-Side policy change comparison in the Compare tab, Comparison report, and New Revision report)
-
Full Accountability (Details of the revision, including who made the revision and when)
-
Display IPv6 objects
-
Graphical Policy (Policies are displayed in SecureTrack as they are shown in the vendor's management software)
-
Change Window (see View and Update a Change Window)
-
Real-time Monitoring (Regularly automatically fetches policy information from the device)
-
Create SecureChange ticket from Rule Viewer for:
-
Rule Decommission (Removes selected rules from supported devices)
-
Rule Modification (Receives rules from the Rule Viewer and lets you create a ticket in SecureChange for a handler to update firewall rules for supported devices)
-
-
Automatic Policy Generation (APG) (Analyzes firewall logs to determine actual business practices, and creates an optimized rulebase that limits traffic allowance to traffic actually used in the organization)
- Topology
-
Static Topology
-
Dynamic Topology
-
Calculate impact of NAT rules
-
Calculate impact of VPN policies
-
IPv6 routes
-
Path analysis with IPv6 addresses in source and destination
Notes for Management Devices
-
The Baseline Settings Compliance report is deprecated.
-
Unattached network objects do not recognize host in opsec.
-
Inline layers are supported for gateways. (Special characters are not supported in inline-layer names.)
-
Automation with data center objects is not supported.
-
After an upgrade, the revision may appear as modified in Compare Revisions:
-
Section headers may be shown as deleted and added.
-
The revision shows legacy user access as a modified field on the revision although no change was done.
-
Generate Report changes are not accurate.
-
-
Supports the Last Hit field for both security rules and NAT rules.
-
Supports UDP and TLS/SSL over TCP.
Additional Notes for Smart-1 Cloud
-
To receive topology data on the gateways, contact Check Point support with this sk: https://support.checkpoint.com/results/sk/sk95064.
-
IPv6 is not supported in the topology map.
-
Currently, Smart-1 Cloud does not monitor VSX/VS devices.
-
Check Point Smart-1 Cloud devices can be monitored only by the TOS Central Server and not by a remote collector.
-
Use the TLS/SSL over TCP or UDP option for the Protocol when defining the Forwarding Destination in Check Point:
Management Devices (MDS)
- Dashboard Widgets
-
General (General overview of the system)
-
Cleanup (Summary of the number of rules that are disabled, fully shadowed, or have not been hit in the past year)
-
USP Compliance (The number of rules with violations, according to their severity level)
-
Audit (The number of rules with expired access or will have access expire within the next month)
-
Recent Changes (Rules and devices with changes in the past 30 days)
- Browsers
-
Rule Viewer (see Rule Viewer)
-
Object Lookup (See Object Lookup)
-
USP Viewer (see USP Viewer)
-
USP Alert Manager Viewer (see USP Alerts Manager)
-
USP Exceptions Viewer (see USP Exceptions)
-
Cleanup (see Cleanup Browser)
-
Device Viewer (see Device Viewer)
- Change Management
-
Rule and Object Usage Report (Displays statistics for most-used, least-used, and unused rules and objects)
-
Change Management (Policy and Side-by-Side policy change comparison in the Compare tab, Comparison report, and New Revision report)
-
Full Accountability (Details of the revision, including who made the revision and when)
-
Display IPv6 objects
-
Graphical Policy (Policies are displayed in SecureTrack as they are shown in the vendor's management software)
-
Change Window (see View and Update a Change Window)
-
Real-time Monitoring (Regularly automatically fetches policy information from the device)
-
Create SecureChange ticket from Rule Viewer for:
-
Rule Decommission (Removes selected rules from supported devices)
-
Rule Modification (Receives rules from the Rule Viewer and lets you create a ticket in SecureChange for a handler to update firewall rules for supported devices)
-
Rule Recertification(Used to document and verify the need for a rule)
-
-
Automatic Policy Generation (APG) (Analyzes firewall logs to determine actual business practices, and creates an optimized rulebase that limits traffic allowance to traffic actually used in the organization)
- Topology
-
Static Topology
-
Dynamic Topology
-
Calculate impact of VPN policies
Notes for MDS
-
Supports the Last Hit field for both security rules and NAT rules.