- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
Hi
We are currently deploying 1500 appliances on the branch offices with a central management that is located on the head office. The 1500 appliances set with a dynamic external interfaces. Does someone have any idea on how to setup central management for the said appliances without a SmartProvisiong license?
Thank you in advance.
There is a checkbox for Dynamic IP in the relevant gateway object that should be used in this case.
This does not require SmartProvisioning.
Hi PhoneBoy,
Does this mean that the connection of the branch office gateways (1500 appliances) to the management server that is located on the head office can used a public IP address? What if the said dynamic IP changes frequently, do the management server learn the new IP address without initiating a re SIC on the management server?
Thank you.
The changing IP won't change the authentication with SIC, which happens using certificates.
The management server needs to have an externally reachable IP (can be via NAT).
The gateway "phones home" to the management when it is DAIP and would be sending logs to the management anyway.
Hi PhoneBoy,
Is there any way to still established SIC on the branch gateways even without requesting a bridge connection on the branch ISP? Since the said gateways are setup behind the ISP modem.
Thanks
Yes, this will work through NAT as the gateway initiates an outbound connection for this purpose.
Hi PhoneBoy,
Do you have any idea on how to established the SIC without requesting a bridge connection on the local ISP of the branch offices?
Thanks
As I said previously, the gateway can initiate an outbound connection for this purpose.
This will work with NAT.
You configure the gateway object as described here: https://sc1.checkpoint.com/documents/SMB_R80.20.20/AdminGuides/Centrally_Managed/EN/Topics/Small-sca... 
Then, in the First Time Wizard for the appliance, specify the public Management IP.
Hi PhoneBoy,
Does the gateway object automatically created on the SmartConsole even without SmartProvisioning if we used the Gateway first on the guide?
Thanks
You have to manually create the gateway object on the management as described in the guide.
SmartProvisioning is not involved at all. 
Hi PhoneBoy,
Do you have any idea on how to established SIC on a 5100 appliance that is located to a branch office with a dynamically assigned public IP? The management server is located on the cetral office.
Thanks
This is documented in Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.20 Centrally Managed Administration Guide p.14ff - i would suggest to read about establishing SIC first, then choose one of the methods explained there 8)
I have pointed out this document on 24.2., PhoneBoy again on 1.3. - i would suggest to start reading as your questions are broadly covered there ...
Works more or less the same way as for SMB appliances: The gateway needs to be flagged as DAIP in the object.
In the case of a non-SMB gateway, SmartConsole will ask for the current public IP when establishing SIC.
See more here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Note that for a non-SMB gateway behind NAT, several ports may need to be forwarded on the NAT device.
See: https://community.checkpoint.com/t5/Security-Gateways/R80-x-Ports-Used-for-Communication-by-Various-... 
This will be noted.
Thank you!
SmartProvisioning means you manage numerous GWs by setting multiple profiles. Without it, you still can manage DIAP GWs on per GW basis
This is covered step by step in the Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.20 Centrally Managed Administration Guide p.14ff: Small-scale Deployment Installation.
 
					
				
				
			
		
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count | 
|---|---|
| 4 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | 
Tue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionThu 30 Oct 2025 @ 03:00 PM (CET)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - EMEAThu 30 Oct 2025 @ 11:00 AM (EDT)
Tips and Tricks 2025 #15: Become a Threat Exposure Management Power User!About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY