Feedback on Endpoint Management and Smart Event Se...

Nev_Finch · ‎2018-02-10

I am interested in getting some feedback on our current set-up. We are only new to Check Point and have deployed both a Firewall Solution and an End Point Solution. At the moment these are two separate setups. The Firewall Solution is on R80.10 and the End Point is on R77.30.03, each with their own Management and Log Server (I have included more detail below).

Overall we love the product, particularly the reporting and management in R80.10. The management and reporting on End Point though is proving to be a little frustrating. Our main issues are:

No consolidated view of logs and potential problems.
The logging in R77.30.03 for End Point is difficult to navigate and troubleshoot issues as we begin to lock down the clients.
To configure the Firewall on Endpoint we would need to replicate all our network objects from the Firewall Management Server to the End Point Management Server.

My questions are:

What is everyone else doing that has both Firewalls and End Point? Are you running separate environments or have you unified on R80.10 or stayed with R77.30.03?

What would you recommend for us? We use the Sandblast Agent (to help protect users outside the Network). I have been thinking of moving End Point to R80.10 but have had a couple of trusted sources recommend we wait for R80.20.

The details of our current Set-up are below:

End Point Set-up

Main Server

Hardware: Open Server

Version: R77.30.03

OS: GIA

Configured options

Network Policy Management

Endpoint Policy Management

Logging & Status

Management & User Portal

Provisioning

Smart Event Server

Smart Event Correlation Unit

Remote Site

Hardware: Open Server

Version: R77.30.03

OS: GIA

Configured options

Network Policy Management

Endpoint Policy Management

Logging & Status

Firewall Set-up

Management Server

Hardware: SMART-1

Version: R80.10

OS: GIA

Configured options

Network Policy Management

Logging & Status

Provisioning

Compliance

Smart Event Server

Smart Event Correlation Unit

This server manages 5 Firewalls that make up our organisation. The majority of these devices are on R80.10. There are a couple of 1450 devices still running R77.20

XBensemhoun · ‎2018-02-12

Hi Nev,

First of all : yes, at this time, r80 management versions cannot deal with sandblast agent :

So yes : if you're using such functionality (and you should do ), you must have those two separate environment.

But, I think you can send logs from your Security Management Server (SMS) dedicated to Endpoint Security to your R80.10 SMS in order to take advantage of the R80.* GUI and smartevent blade.

For Endpoint Security, don't hesitate to check sk117536‌ Endpoint Security Homepage dedicated to this solution.

You can also check ‌ in order to understand what Endpoint client version are compatible with what SMS version.

Because you're new, maybe you're not aware about using RSS feeds of your preferred documentation ?

Check the RSS feed of this sk :

Any new updates will be received on your RSS app

Information Security enthusiast, CISSP, CCSP

PhoneBoy · ‎2018-02-12

We do plan to unify Endpoint and Network Management in R80.20.

That said, you should be able to connect the Endpoint and Network Management so they share logs and objects.

Dan_Roddy · ‎2018-12-26

I plan to unify Endpoint and Gateway SMS with R80.20 very soon as well, building new open server in vmware as we speak with much larger disk and will get the new xfs file system. I am trying to stay up to date on any emerging issues in the next week. Thanks to all that post on this subject matter.

Best,

Dan

Are you a member of CheckMates?

Feedback on Endpoint Management and Smart Event Server Architecture