Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

SMB Questions (management & fetching policy)

Jump to solution

Hello CheckMates;

We have some questions regarding the SMB platform. 

We were under the impression that these device could call home ang grad policy  from centrally managed check point.  We are testing this in our lab with R77.20 and 1200R R7720.81

Looking at /var/log/log/sfwd.elg  we see it calling out but then saying "Local security policy is up to date" "same policy as already on module"   

We are also considering deploying these in our SCADA environment in the field over very slow links and were hoping the policy install would be a quicker process compared to a regular gateway running full Gaia. Not sure this would be a smaller file resulting in a faster (lass bandwidth intensive) policy install.

 

And our other question is whats the differences between using Smart Provisioning (LSM) or the newer product SMP?  Are there any advantages?  One thing We would need in our environment is to keep all management local on Prem as opposed to being in the cloud.  We are told this due to NERC-CIP guidelines.

 

Thanks and appreciate any direction / experience anyone can share. 

 

 

 

 

 

 

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Admin
Admin
So you followed steps similar to https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... correct?
(Yes, this mentions an 1100, but the process should be similar)
You may want to engage with the TAC.

View solution in original post

4 Replies
Highlighted
Admin
Admin
SMP is cloud-based, so if on-Prem is required, it’s not an option.

SmartLSM creates a “profile” that represents many different gateways, not necessarily SMB gateways.
When you push policy to a SmartLSM gateway, it doesn’t actually push the policy to the gateway but creates a new policy for the gateway to fetch, which they will then do periodically.
SmartLSM has a few limitations in terms of features/blades supported, so it may not be appropriate in every situation.

Current SMB appliances don’t necessarily need SmartLSM insofar as they periodically fetch policy from management already.
The compiled policy isn’t necessarily smaller if you use SmartLSM.
0 Kudos
Thanks for your reply. I missed the part about installing policy in dashboard to a provisioning profile as opposed to the gateway itself. but now the problem is getting the provisioning profile to show up under the smartprovisioning application in order to tie it to the gateway. When going through the wizard, the gateway does not show up the window is supposed to show the list of appliances and devices that you can assign to a Provisioning Profile., but nothing there.
0 Kudos
Highlighted
Admin
Admin
So you followed steps similar to https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... correct?
(Yes, this mentions an 1100, but the process should be similar)
You may want to engage with the TAC.

View solution in original post

Highlighted
THANKS !!! very much. I didn't see this and made the mistake of adding in the gateway into dashboard then tried to get provisioning to work. Looking better now. Thanks.
0 Kudos