P. 1
CP R71 Provider-1 Admin Guide

CP R71 Provider-1 Admin Guide

|Views: 1,057|Likes:
Published by Jef Peeters

More info:

Published by: Jef Peeters on Sep 14, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





SmartView Monitor is an easy-to-use monitoring tool that allows you to inspect network traffic and
connectivity. In addition, it provides real-time information about the performance and security state of both
gateway and VPN operations.

Using SmartConsole to Monitor Provider-1 Components

Monitoring in Provider-1 Page 138

Monitoring the Status of a CMA

To use SmartView Monitor, select a CMA from any view, then right click and choose Launch Application >
SmartView Monitor

If your network experiences problems such as sluggishness, loss of data or security related problems, it is
important to immediately identify these phenomena. SmartView Monitor provides a real-time monitoring tool
designed to help administrators find the cause of these problems, when and why they occur, and how to fix
them. Use SmartView Monitor to examine traffic, requested services, and network load in the customer
network. For more information, see the SmartView Monitor Administration Guide.

Check Point System Counters

SmartView Monitor uses Check Point System Counters to collect information about the status, activities,
hardware and software usage of different Check Point products in real time. System Counters are used to
plot graphs and to view reports of current or archived data collected by Counter Logs.

Traffic Flow and Virtual Link Monitoring

Traffic flow can be monitored per service or network object. SmartView Monitor also enables monitoring
based on a variety of parameters, for example the QoS Policy rules installed on an interface, etc.
Compliance to a Service Level Agreement (SLA) can be monitored, and alerts can be generated. Traffic can
be monitored between two Check Point Security Gateways or two QoS gateways for real time analysis of
bandwidth and latency.

Blocking Suspicious Connections

Suspicious Activity rules are security rules that enable the administrator to instantly block suspicious
connections not restricted by the currently enforced Security Policy.

Using Thresholds

SmartView Monitor can be used to configure predefined actions that are triggered when certain changes in
status occur. For instance, a rule can be defined to send an email to a certain address if the load on a
gateway's CPU surpasses a threshold that you set.

By default the engine responsible for triggering the events is disabled for Provider-1 CMAs, but it can be
enabled per CMA by running the following commands from the root shell of the MDS machine:

1. Change to the CMA's environment with the command mdsenv

2. cpstat_monitor &

After running this command, thresholds are monitored until the CMA is stopped.

Using SmartConsole to Monitor Provider-1 Components

Monitoring in Provider-1 Page 139

To permanently enable this functionality for a specific CMA, you must modify the value of the registry key
that sets whether the cpstat_monitor process auto-starts whenever the CMA is started. You can do so
by running the following command from the CMA's environment:

cpprod_util CPPROD_SetValue PROVIDER-1 RunCpstatMonitor 1 1 1

Note - To revert to the registry's original setting, enter the following on
the MDS in the CMA's environment:

cpprod_util CPPROD_SetValue PROVIDER-1
RunCpstatMonitor 1 0 1

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->