Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nev_Finch
Explorer

Feedback on Endpoint Management and Smart Event Server Architecture

I am interested in getting some feedback on our current set-up. We are only new to Check Point and have deployed both a Firewall Solution and an End Point Solution. At the moment these are two separate setups. The Firewall Solution is on R80.10 and the End Point is on R77.30.03, each with their own Management and Log Server (I have included more detail below).

 

Overall we love the product, particularly the reporting and management in R80.10. The management and reporting on End Point though is proving to be a little frustrating. Our main issues are:

  • No consolidated view of logs and potential problems.
  • The logging in R77.30.03 for End Point is difficult to navigate and troubleshoot issues as we begin to lock down the clients.
  • To configure the Firewall on Endpoint we would need to replicate all our network objects from the Firewall Management Server to the End Point Management Server.

 

My questions are:

 

What is everyone else doing that has both Firewalls and End Point? Are you running separate environments or have you unified on R80.10 or stayed with R77.30.03?

 

What would you recommend for us? We use the Sandblast Agent (to help protect users outside the Network). I have been thinking of moving End Point to R80.10 but have had a couple of trusted sources recommend we wait for R80.20.

 

The details of our current Set-up are below:

 

End Point Set-up

 

Main Server

 

Hardware:       Open Server

Version:           R77.30.03

OS:                  GIA

 

Configured options

 

Network Policy Management

Endpoint Policy Management

Logging & Status

Management & User Portal

Provisioning

Smart Event Server

Smart Event Correlation Unit

 

Remote Site

 

Hardware:       Open Server

Version:           R77.30.03

OS:                  GIA

 

Configured options

 

Network Policy Management

Endpoint Policy Management

Logging & Status

 

Firewall Set-up

 

Management Server

 

Hardware:       SMART-1

Version:           R80.10

OS:                  GIA

 

Configured options

 

Network Policy Management

Logging & Status

Provisioning

Compliance

Smart Event Server

Smart Event Correlation Unit

 

This server manages 5 Firewalls that make up our organisation. The majority of these devices are on R80.10. There are a couple of 1450 devices still running R77.20

3 Replies
XBensemhoun
Employee
Employee

Hi Nev,

First of all : yes, at this time, r80 management versions cannot deal with sandblast agent :

So yes : if you're using such functionality (and you should do Smiley Happy), you must have those two separate environment.

But, I think you can send logs from your Security Management Server (SMS) dedicated to Endpoint Security to your R80.10 SMS in order to take advantage of the R80.* GUI and smartevent blade.

For Endpoint Security, don't hesitate to check sk117536‌ Endpoint Security Homepage dedicated to this solution.

You can also check ‌ in order to understand what Endpoint client version are compatible with what SMS version.

Because you're new, maybe you're not aware about using RSS feeds of your preferred documentation ?

Check the RSS feed of this sk :

Any new updates will be received on your RSS app

Information Security enthusiast, CISSP, CCSP
PhoneBoy
Admin
Admin

We do plan to unify Endpoint and Network Management in R80.20.

That said, you should be able to connect the Endpoint and Network Management so they share logs and objects.

Dan_Roddy
Collaborator

I plan to unify Endpoint and Gateway SMS with R80.20 very soon as well, building new open server in vmware as we speak with much larger disk and will get the new xfs file system.  I am trying to stay up to date on any emerging issues in the next week.  Thanks to all that post on this subject matter.

Best,

Dan

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events