This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vladimir
Champion
Champion
‎2018-07-15 07:26 AM

How can I install multiple policies at the same time?

Tomer, can you clarify if this common IPS/TP layer could be installed on all targets in all policies simultaneously, or is the installation still limited to a single group of gateways/clusters managed by the parent Access Control policy?

0 Kudos
11 Replies
Tomer_Sole
Mentor
Mentor
‎2018-07-15 08:39 AM

You still have to select the policy + the gateways at the policy installation dialog. If the policy is not the same across your gateway group, then this means picking a different policy package at every time. The term is a Policy Package which includes Access Control + Threat Prevention.

BUT we're simplifying that soon as well Smiley Happy  https://community.checkpoint.com/events/1080-techtalk-r8020-demo 

Vladimir
Champion
Champion
‎2018-07-16 08:09 AM
In response to Tomer_Sole

Any clue as to ETA?

0 Kudos
Tomer_Sole
Mentor
Mentor
‎2018-07-16 10:29 AM
In response to Vladimir

Of the TechTalk? Sure - this Wednesday J

I want to present the feature and then if you think that this can help simplifying this scenario then we can talk about ETAs / how to enable it from the public EA.

Tomer_Sole
Mentor
Mentor
‎2018-07-22 10:44 PM

So the feature that I wanted to mention was the ability to Schedule Policy Installations with R80.20 (not M1). It is in the current public EA as well as the upcoming next Management Feature Release.

You can create a preset with multiple policies or multiple gateways in it. Then, you can either play it with one click or add a time object to schedule it to a time window.

This way you could install multiple different policies at once.

You can use this feature if you are a Multi-Domain user by logging into the MDS domain and going to Install Policy Presets.

Vladimir
Champion
Champion
‎2018-07-23 06:08 AM
In response to Tomer_Sole

Tomer,

I've seen it during the demo being used with Access Control policies. Can you confirm that this is applicable to TP policies decoupled from access control as well?

0 Kudos
Tomer_Sole
Mentor
Mentor
‎2018-07-23 10:57 AM
In response to Vladimir

Hi, for this version it will always install both policies.

So it looks that a solution to your use case remains with writing custom API scripts that batch-calls "install-policy access false threat-prevention true" on each of the targets.

0 Kudos
Vladimir
Champion
Champion
‎2018-07-23 11:07 AM
In response to Tomer_Sole

Thanks for the info Tomer.

Unfortunately, client is not interested in using scripts.

Looks like we are stuck with MDS for the duration.

0 Kudos
Eric_Oakeson
Employee Alumnus
Employee Alumnus
‎2018-10-12 10:54 AM
In response to Tomer_Sole

Does only the management need to be 80.20 to schedule installs? Will it still be able to push scheduled installs down to 80.10 or even 77.30 gateways (as long as the policy is appropriate for that version)?

0 Kudos
JozkoMrkvicka
Authority
Authority
‎2018-10-12 01:15 PM
In response to Eric_Oakeson

Yes, you can push scheduled installs even for R77.30 (tested).

The only issue I found is that it is not working in case you need to push firewalls based on their policy package:

https://community.checkpoint.com/thread/9712-install-policy-presets-not-working-on-r8020 

Kind regards,
Jozko Mrkvicka
0 Kudos
Tomer_Sole
Mentor
Mentor
‎2018-10-13 02:38 PM
In response to Eric_Oakeson

Gateway version doesn't matter.

Management version should be R80.20 and above and has to be a Multi-Domain environment in order to schedule policy installations from the GUI.

With the Management API of R80 and above, you could create a schedule policy installer with a Cron job.

0 Kudos
Vladimir
Champion
Champion
‎2018-10-16 01:19 AM
In response to Tomer_Sole

Tomer,

Any way the features that could benefit single domain users, (such as the one discussed above) could be made available in the SMS and not be exclusive to MDS?

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top