This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sanjay_S
Advisor
‎2024-09-24 06:34 AM
Jump to solution

SMB Firewall Managing locally or Cloud Managed

Hi Team,

May i know if the SMB device can be managed locally or via Cloud? 

Currently it is already been managed via MDS, need to move away from MDS. So please suggest what is the best way to do this?

Regards,

Sanjay S

1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee
‎2024-09-24 06:38 AM
Jump to solution

Yes there are multiple available options, some of which are included in the appliance license.

- Local (self contained)

- SMP (Spark Management Platform)

- Central (SMS / MDM)

Smart-1 Cloud is an additional option most similar from a MGMT perspective but that will need a separate license 

CCSM R77/R80/ELITE

View solution in original post

9 Replies
Chris_Atkinson
Employee Employee
Employee
‎2024-09-24 06:38 AM
Jump to solution

Yes there are multiple available options, some of which are included in the appliance license.

- Local (self contained)

- SMP (Spark Management Platform)

- Central (SMS / MDM)

Smart-1 Cloud is an additional option most similar from a MGMT perspective but that will need a separate license 

CCSM R77/R80/ELITE
Sanjay_S
Advisor
‎2024-10-09 02:20 AM
In response to Chris_Atkinson
Jump to solution

Hi @Chris_Atkinson ,

Thank you for explaining. Is there any document that you can share to migrate from MDS to Local or SMP or Smart-1 Cloud please?

I think that will help me proceeding with the migration.

Regards,

Sanjay S

G_W_Albrecht
Legend Legend
Legend
‎2024-10-09 04:22 AM
In response to Sanjay_S
Jump to solution

Not really needed - you can switch in WebGUI from Centrally Managed / MDS to locally managed - that s all it is. If you need management by SMP in Infinity portal you have to follow the instructions there.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Sanjay_S
Advisor
3 weeks ago
In response to G_W_Albrecht
Jump to solution

Thank you for your response @G_W_Albrecht 

That looks to be simple.

Once i switch it to Locally managed, Do i need to create all the policies manually again in the firewall?

Will this require any downtime at all? What will happen to the current policy that has been pushed from MDS?

These inputs will be really helpful for my migration and planning,

Regards,

Sanjay S

0 Kudos
G_W_Albrecht
Legend Legend
Legend
3 weeks ago
In response to Sanjay_S
Jump to solution

Current policy is not applicable. There is a difference between centrally and locally managed in the rule base, so you will have to document rules, network objects & services, servers and others to create a new rule base.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Sanjay_S
Advisor
3 weeks ago
In response to G_W_Albrecht
Jump to solution

Thank you @G_W_Albrecht 

So when we do it locally managed then we have to create the policies, objects, NAT rules etc. Then there will be downtime during the migration for sure. Is there any way i can be prepared with the local policies before i move to locally managed? Just to avoid any  miss config or any sort of misses during the window? 

This is single firewall not even cluster. So any suggestion on what is the best way to achieve this?

Regards,

Sanjay S

0 Kudos
G_W_Albrecht
Legend Legend
Legend
3 weeks ago
In response to Sanjay_S
Jump to solution

Do not forget that most rules are set automatically when in local management and the Standard Policy mode is used. E.g. defining an internal (Web)server needs only the server creation, rules are added as an effect of this. Just document all objects and services used in the current rule base and plan a good time for the change. If anything does not work you should be able to quickly get back to central management (switch to it, establish SIC and install policy).

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Sanjay_S
Advisor
3 weeks ago
In response to G_W_Albrecht
Jump to solution

Thank you @G_W_Albrecht .

I will plan as you suggested. And also will look into any locally  managed SMBB device use case documents if i get so that i will be confident on this 🙂

0 Kudos
G_W_Albrecht
Legend Legend
Legend
3 weeks ago
In response to Sanjay_S
Jump to solution

Best experience would be to play with a Lab SMB 😉

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events