This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Brad_Muller
Participant
Friday

SMB Dynamic IP Smart-1 Cloud Initial Connection

  • In portal add new gateway using real name of firewall
  • Click on 3 dots on top righthand corner of new firewall
  • Select “View instructions”
  • Use pull down and change to “Spark”
  • Copy Token
  • In portal go to settings and open smartconsole in API
  • Goto Gateways and servers and open new firewall object
  • Under General tab click on “Dynamic IP” box
  • Answer yes to both prompts
  • Use pull  down to change Checkpoint appliance version to the correct model and version
  • Open topology tab
  • Under “Security Blades” select “Manually defined on the Security…..”
  • Create new interface
  • Name “maas_tunnel”
  • Set “Security Zone” to “ExternalZone” and change “Network type” to “External (leads to internet)”
  • Use the ip associated with the management service object in smartconsole (100.64.0.x mask 255.255.255.255)
  • Hit “Ok”
  • Under “Security Blades” select “Automatically calculated by the gateway…”
  • Under “IPSEC VPN Blade” select “User defined”
  • Create a “New” network for the encryption domain (This can be changed later)
  • Say “Ok” and “Publish”
  • In the Webui of the firewall select Home | Security Management
  • Select “Central” and then “Save” at the bottom right
  • Under Security Management Server select “Setup”
  • Check the “Security Management Server” box and then “next”
  • Paste the connection token into the box and hit “connect”
  • After it connects hit “next”
  • Put the secret in the boxes and hold
  • Go back to Smart-1 Console and edit the new firewall object
  • Select “Communication”
  • Put the secret in the boxes but DON’T hit “Ok”
  • Under “Identify appliance according to” make sure the firewall name is correct in the box (DO NOT SELECT “First to Connect”, you won’t be able to add multiple gateways that way)
  • Hit “Ok” and “Ok” again to close the object
  • Click on “Publish”
  • Go back to firewall Webui (you should still be in the initialize phase with the secrets in the boxes) Hit “next”
  • On this screen click “Connect”
  • Do not worry when it shows a failure for policy
  • Hit the “Save”  button on bottom righthand corner
  • Go back o Smart-1 console
  • Make sure you have the policy correct for mgmt rules and internet rules and NAT hide rules on networks.
  • Push policy
  • Go back to Webui under Home | Security Management
  • Under Security Policy select “Fetch Policy” and then “Save” on righthand bottom
  • HALLELUJAH you are done       .

 

***If you have trouble with communications at this point, SSH into the firewall and run “show maas” to make sure it is enabled and connected. You might have to reboot or call Check Point Support

0 Kudos
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events