Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Advisor

Supervision of Check Point Firewall

Dear Mates

We have a large check point infrastructure and we wish to give some tasks to our supervision which also happens to be the first level of support in the company. I would like to know  based on your experience or the company you work for, how are things segregated. For example I don't want them to do any configuration, so what tasks should I give to a supervision which is also the first level of support. 

Thanks in advance

 

0 Kudos
4 Replies
Highlighted
Employee++
Employee++

 

Some suggestions:

1.) Monitoring of SmartView Dashboards via Web browser / Wall boards.

2.) Leverage APIs to abstract / automate other tasks via Web services.

3.) Health & availability monitoring via NMS etc

Highlighted
Advisor

Thanks Chris
0 Kudos
Highlighted
Champion
Champion

I suppose you could give them a SmartConsole login with a read-only permissions profile, but I would be concerned about user privacy by letting them look at logs/reports.  You can create a custom permissions profile that would only give them access to the Gateways & Servers and Security Policies tabs read-only.  This would let them see the status and utilization of gateways as well as look at security policies to determine if a certain type of traffic is allowed.  There isn't really a need to grant access to the Manage & Settings tab either in my opinion.

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
Highlighted
Advisor

Thanks Tim
0 Kudos