This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Patrick_Tuttle1
Collaborator
‎2019-11-25 05:54 AM
Jump to solution

SMB Questions (management & fetching policy)

Hello CheckMates;

We have some questions regarding the SMB platform. 

We were under the impression that these device could call home ang grad policy  from centrally managed check point.  We are testing this in our lab with R77.20 and 1200R R7720.81

Looking at /var/log/log/sfwd.elg  we see it calling out but then saying "Local security policy is up to date" "same policy as already on module"   

We are also considering deploying these in our SCADA environment in the field over very slow links and were hoping the policy install would be a quicker process compared to a regular gateway running full Gaia. Not sure this would be a smaller file resulting in a faster (lass bandwidth intensive) policy install.

 

And our other question is whats the differences between using Smart Provisioning (LSM) or the newer product SMP?  Are there any advantages?  One thing We would need in our environment is to keep all management local on Prem as opposed to being in the cloud.  We are told this due to NERC-CIP guidelines.

 

Thanks and appreciate any direction / experience anyone can share. 

 

 

 

 

 

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2019-11-26 06:35 PM
In response to Patrick_Tuttle1
Jump to solution

So you followed steps similar to https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... correct?
(Yes, this mentions an 1100, but the process should be similar)
You may want to engage with the TAC.

View solution in original post

4 Replies
PhoneBoy
Admin
Admin
‎2019-11-25 08:32 PM
Jump to solution

SMP is cloud-based, so if on-Prem is required, it’s not an option.

SmartLSM creates a “profile” that represents many different gateways, not necessarily SMB gateways.
When you push policy to a SmartLSM gateway, it doesn’t actually push the policy to the gateway but creates a new policy for the gateway to fetch, which they will then do periodically.
SmartLSM has a few limitations in terms of features/blades supported, so it may not be appropriate in every situation.

Current SMB appliances don’t necessarily need SmartLSM insofar as they periodically fetch policy from management already.
The compiled policy isn’t necessarily smaller if you use SmartLSM.
0 Kudos
Patrick_Tuttle1
Collaborator
‎2019-11-26 10:22 AM
In response to PhoneBoy
Jump to solution

Thanks for your reply. I missed the part about installing policy in dashboard to a provisioning profile as opposed to the gateway itself. but now the problem is getting the provisioning profile to show up under the smartprovisioning application in order to tie it to the gateway. When going through the wizard, the gateway does not show up the window is supposed to show the list of appliances and devices that you can assign to a Provisioning Profile., but nothing there.
0 Kudos
PhoneBoy
Admin
Admin
‎2019-11-26 06:35 PM
In response to Patrick_Tuttle1
Jump to solution

So you followed steps similar to https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... correct?
(Yes, this mentions an 1100, but the process should be similar)
You may want to engage with the TAC.
Patrick_Tuttle1
Collaborator
‎2019-11-27 09:45 AM
In response to PhoneBoy
Jump to solution

THANKS !!! very much. I didn't see this and made the mistake of adding in the gateway into dashboard then tried to get provisioning to work. Looking better now. Thanks.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events