P. 1
CP R71 Provider-1 Admin Guide

CP R71 Provider-1 Admin Guide

|Views: 1,057|Likes:
Published by Jef Peeters

More info:

Published by: Jef Peeters on Sep 14, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





New Customers are created through the Add Customer Wizard, which takes the administrator through all
the steps needed to create a customer, assign an administrator and a GUI Client, and create the CMA.

Start the Add Customer Wizard

In the MDG Customer Contents Mode (the view to which the MDG first opens).

To create a customer, click the New Customer tool in the toolbar, or from the Manage, choose New
, or right-click the Provider-1 root and choose New Customer... from the drop-down menu. The
Add Customer Wizard will then guide you through the definition of the new customer and the customer's
CMA(s). You can create a primary and secondary CMA for the customer at the same time.

Name the Customer and Enable QoS

Give the Customer a name and enable QoS if desired.


Customer Management Page 67

Customer Details

Assign Customer Properties, for example, a contact person, contact e-email, and contact phone-number.

You can add or delete these information fields via the Manage > Provider-1 Properties, in the Customer

Assign Global Policy

1. Set whether the Customer should be assigned all Global Objects or only those used in the Global Policy
to which it is assigned.
Also, if you want the Customer to receive the Global IPS policy, defined in Global SmartDashboard, do
the following:

a) Enable the Subscribe Customer to IPS service property. Once a Customer is subscribed to the
IPS service, whenever Global Policy is assigned, changes to Global IPS are assigned and ready to
be installed to the Customer as well.

b) Set the Assign Mode:

Set to Merge if you want to allow the Customer Administrator to make permanent changes to the
IPS policy assigned.
Set to Override, if you do not want to allow the Customer Administrator to make permanent
changes to the IPS policy assigned.

c) Create a database version if you want to allow Customer Administrators the ability to roll back to
previously installed policy versions.

2. For details regarding Global IPS, see Global IPS (on page 79).

Assign Administrators to the Customer

1. The wizard next prompts you to select administrators. To assign an administrator to a customer, select
the administrator from the Not Assigned column and click Add. You can create administrator groups to
facilitate administrator assignment. All members of the group you choose are automatically selected,
allowing you to Add or Remove them as a group. To create a new administrator, click New Admin....
Then define the new administrator as follows:

a) If you have a Provider-1 Superuser permission, you can choose the Administrator's Provider-1
Permission as well.

b) In the Authentication tab, select the administrator's authentication scheme: password (less secure)
or certificate (recommended). If you choose authentication via certificate, in the Certificates tab,
create a certificate. It is generated into a file and should be given to the administrator.

c) Define permissions: Read/Write or a Read Only permission to the customer's network objects and
policies. These permissions should also be specified when configuring the customer's gateways. An
Edit Administrator Permissions window, corresponding to the cpconfig tab, can be displayed
through the Administrators window in two ways: automatically, when you click Add to assign an
Administrator to a customer, or manually, by selecting an Administrator from the Assigned list and
clicking Permissions...

Assign Computers on which Administrators use the MDG

Specify the GUI Client (computer) from which administrators are authorized to use the MDG and/or
SmartConsole application.

Activate Management Plug-ins

Select the Management Plug-ins necessary for this Customer. Management Plug-ins extend the MDG's
ability to view and manage certain objects without the updating the management version.


Customer Management Page 68

Create the CMA

1. Decide to create one, two, or more Customer Management Add-ons (CMAs). Create two or more
CMAs if you want to enable High Availability. All mirror (secondary) CMAs must be created on a different
MDS Container from the one housing the primary CMA, so you must have at least two Containers in the
system to created CMA High Availability. If you create multiple CMAs, steps 7 to 9 apply for each CMA.
2. Define the CMA. Select the Container MDS on which this CMA will be maintained. You can provide a
virtual IP address for the CMA, or the Provider-1 system can also produce a virtual IP from a range that
you specify per MDS. You can fetch an IP address (for the MDS) by using the Get Automatic IP
button. If you have already set up a host table specifying a name and virtual IP for the CMA,
you can Resolve by Name, fetching the IP address matching the name of the CMA.

Add CMA License Details

1. Next, fill in the license information. When you request a license from the Check Point licensing center,
you receive a file that includes the license string. You can import the file with the license by clicking the
Fetch from file... button.
Or, you can click Add to access the Add License window. Then, you can quickly and easily enter the
license string data from the email into the Add License window, as follows:

a) In the file, highlight the entire license string (that starts with cplic putlic... and ends with the
last SKU/Feature) to the clipboard. Choose Copy from the Edit menu of your email application.

b) In the Add License window, click Paste License to paste the license details you have saved on the
clipboard into the Add License window. The license details will be inserted into the appropriate
fields, described below.

To Validate your license, click Calculate to figure out your Validation Code, and compare with the
validation code received from the User Center.

2. For further license management use the following, click Fetch From File to import one or more licenses
from a license file. In the Open window, browse to the license file, select it and click Open. The license
that belongs to this host is added. The Licenses list displays the details of the CMA's license entered
through the Add License window.
3. To define a mirror CMA, repeat the instructions for adding the first CMA, steps 6 and 7. The mirror
(secondary) CMA must be created on a different MDS from the one housing the primary CMA. See High
Availability (on page 104).
4. The new customer appears in the customer tree.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->