Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword or section
Like this

Table Of Contents

The Need for Provider-1
Management Service Providers (MSP)
Data Centers
Large Enterprises
The Check Point Solution
Basic Elements
Point of Presence (POP) Network Environment
Managers and Containers
Log Managers
The Management Model
Introduction to the Management Model
Management Tools
The Provider-1 Trust Model
Introduction to the Trust Model
Secure Internal Communication (SIC)
Trust Between a CMA and its Customer Network
Trust Between a CLM and its Customer Network
MDS Communication with CMAs
Trust Between MDS to MDS
Authenticating the Administrator
Authenticating via External Authentication Servers
Setting up External Authentication
To set up External Authentication:
Re-authenticating when using SmartConsole Clients
CPMI Protocol
Planning the Provider-1 Environment
Asking yourself the right questions
Safety comes first
Consider the Following Scenario
Protecting Provider-1 Networks
MDS Managers and Containers
MDS Managers
MDS Containers
Choosing your deployment for MDS Managers and Containers
MDS Clock Synchronization
Setting up the Provider-1 Environment
A Typical Scenario
A Standalone Provider-1 Network
A Distributed Provider-1 Network
Provider-1 Network with Point of Presence (POP) Center
Hardware Requirements and Recommendations
Hardware Requirements and Recommendations
Provider-1 Order of Installation
Licensing and Deployment
The Trial Period
Further Licensing Detail
Miscellaneous Issues
IP Allocation & Routing
Network Address Translation (NAT)
Enabling OPSEC
Provisioning Provider-1
Provisioning Process Overview
Setting Up Your Network Topology
Creating a Primary MDS Manager
Using the MDG for the First Time
Launching the MDG
Adding Licenses using the MDG
Multiple MDS Deployments
Synchronizing Clocks
Adding a New MDS or MLM
Modifying an Existing MDS
Deleting an MDS
Protecting the Provider-1 Environment
Standalone Gateway/Security Management
Provider-1 CMA and MDG Management
Defining a Security Policy for the Gateway
Enabling Connections Between Different Components of the System
Customer Management
Creating Customers: A Sample Deployment
Introduction to Creating Customers: A Sample Deployment
Activating Plug-ins
Plug-in Status
High Availability Mode
Plug-in Mismatches
Configuring a New Customer
Creating Administrator and Customer Groups
Changing Administrators
Modifying a Customer's Configuration
Changing GUI Clients
Deleting a Customer
Configuring a CMA
Starting or Stopping a CMA
Checking CMA Status
Deleting a CMA
Global Policy Management
Security Policies in Provider-1
Introduction to Security Policies in Provider-1
The Need for Global Policies
The Global Policy as a Template
Global Policies and the Global Rule Base
Global SmartDashboard
Introduction to Global SmartDashboard
Global Services
Dynamic Objects and Dynamic Global Objects
Applying Global Rules to Gateways by Function
Synchronizing the Global Policy Database
Creating a Global Policy through Global SmartDashboard
Creating a Global Policy through Global SmartDashboard
Global IPS
Introduction to Global IPS
IPS in Global SmartDashboard
IPS Profiles
Subscribing Customers to IPS Service
Managing IPS from a CMA
Assigning Global Policy
Assigning Global Policy for the First Time
To assign Global Policy for the first time:
Assigning Global Policies to VPN Communities
To assign global policies to VPN Communities:
Re-assigning Global Policies
Viewing the Status of Global Policy Assignments
Global Policy History File
Assigning or Installing a Global Policy
Reassigning/Installing a Global Policy on Customers
Reinstalling a Customer Policy on Customer Gateways
To Reinstall a Customer Policy on Customer gateways:
Remove a Global Policy from Multiple Customers
Remove a Global Policy from a Single Customer
To remove a Global Policy from only single Customer:
Viewing the Customer's Global Policy History File
Global Policies Tab
Global Names Format
Working in the Customer's Network
Customer Management Add-on (CMA)
Installing and Configuring Security Gateways
SmartConsole Client Applications
Installing and Configuring Security Gateways
Managing Customer Policies
UTM-1 Edge Appliances
Creating Customer Policies
Revision Control
Working with CMAs and CLMs in the MDG
VPN in Provider-1
Access Control at the Network Boundary
Authentication Between Gateways
How VPN Works
VPN Connectivity in Provider-1
Connections to a Customer Network
Global VPN Communities
Gateway Global Names
VPN Domains in Global VPN
Joining a Gateway to a Global VPN Community
Configuring Global VPN Communities
Enabling a Customer Gateway to Join a Global VPN Community
High Availability
CMA High Availability
MDS: Active or Standby
The MDS Manager's Databases
The MDS Container's Databases
How Synchronization Works
Setting up Synchronization
Adding another MDS
Creating a Mirror of an Existing MDS
Initializing Synchronization between MDSs
Subsequent Synchronization for MDSs
Selecting a Different MDS to be the Active MDS
Automatic Synchronization for Global Policies Databases
Add a Secondary CMA
To add a secondary CMA:
Mirroring CMAs with mdscmd
Automatic CMA Synchronization
Synchronize ClusterXL Gateways
Failure Recovery in High Availability Deployments
Recovery with a Functioning Manager MDS
Recovery from Failure of the Only Manager MDS
Logging in Provider-1
Logging Customer Activity
Exporting Logs
Log Export to Text
Manual Log Export to Oracle Database
Automatic Log Export to Oracle Database
Log Forwarding
Cross Domain Logging
Logging Configuration
Setting Up Logging
Working with CLMs
Setting up Customer Gateway to Send Logs to the CLM
To set up customer gateways to send logs to the CLM:
Synchronizing the CLM Database with the CMA Database
Configuring an MDS to Enable Log Export
To configure an MDS to Enable Log Export:
Configuring Log Export Profiles
To configure Log Export profiles:
Choosing Log Export Fields
Log Export Troubleshooting
Using SmartReporter
Monitoring in Provider-1
Monitoring Components in the Provider-1 System
Monitoring Components in the Provider-1 System
Exporting the List Pane's Information to an External File
Working with the List Pane
Checking the Status of Components in the System
Viewing Status Details
Locating Components with Problems
Monitoring Issues for Different Components and Features
Global Policies
Customer Policies
Gateway Policies
GUI Clients
Using SmartConsole to Monitor Provider-1 Components
Log Tracking
Tracking Logs using SmartView Tracker
Real-Time Network Monitoring with SmartView Monitor
SmartReporter Reports
Architecture and Processes
Packages in MDS Installation
MDS File System
MDS Directories on /opt and /var File Systems
Structure of CMA Directory Trees
Check Point Registry
Automatic Start of MDS Processes, Files in /etc/rc3.d, /etc/init.d
Environment Variables
MDS Level Processes
CMA Level Processes
MDS Configuration Databases
Global Policy Database
MDS Database
CMA Database
Connectivity Between Different Processes
MDS Connection to CMAs
Status Collection
Collection of Changes in Objects
Connection Between MDSs
Large Scale Management Processes
UTM-1 Edge Processes
Reporting Server Processes
Issues Relating to Different Platforms
High Availability Scenarios
Migration Between Platforms
Commands and Utilities
Cross-CMA Search
Performing a Search
Copying Search Results
Performing a Search in CLI
Starting P1Shell
File Constraints for P1Shell Commands
P1Shell Commands
Audit Logging
Command Line Reference
CPperfmon - Solaris only
CPperfmon hw - Solaris only
mcd bin | scripts | conf
0 of .
Results for:
No results containing your search query
P. 1
CP R71 Provider-1 Admin Guide

CP R71 Provider-1 Admin Guide

|Views: 1,054|Likes:
Published by Jef Peeters

More info:

Published by: Jef Peeters on Sep 14, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





You're Reading a Free Preview
Page 4 is not shown in this preview.
You're Reading a Free Preview
Pages 8 to 60 are not shown in this preview.
You're Reading a Free Preview
Pages 64 to 105 are not shown in this preview.
You're Reading a Free Preview
Pages 110 to 181 are not shown in this preview.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->