Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Khanhdc_1509
Explorer

I don't understand how the 3-component architecture works and how the certification(SIC) process works?

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

There are three main pieces: Gateway, Management, and SmartConsole/API.

  • Gateways do the enforcement of the Access Policy and Threat Prevention
  • Management is where the policy and logs are defined/stored as well as the Internal Certificate Authority (ICA)
  • SmartConsole/API is the front end used to create/update the various elements of your access policy

Gateways and Management run on physical appliances or virtual machines that run a purpose-built operating system.
SmartConsole runs on a Windows machine, but you can also use a web browser and/or REST API to manage many functions.

SIC (Secure Internal Communication) secures communication between all components (SmartConsole/API to Management, and Management/Gateway communication).
As gateways are onboarded to management, they are issued a certificate from the ICA, which is used to authenticate and encrypt all communications.
This is done through industry-standard TLS.

View solution in original post

6 Replies
PhoneBoy
Admin
Admin

There are three main pieces: Gateway, Management, and SmartConsole/API.

  • Gateways do the enforcement of the Access Policy and Threat Prevention
  • Management is where the policy and logs are defined/stored as well as the Internal Certificate Authority (ICA)
  • SmartConsole/API is the front end used to create/update the various elements of your access policy

Gateways and Management run on physical appliances or virtual machines that run a purpose-built operating system.
SmartConsole runs on a Windows machine, but you can also use a web browser and/or REST API to manage many functions.

SIC (Secure Internal Communication) secures communication between all components (SmartConsole/API to Management, and Management/Gateway communication).
As gateways are onboarded to management, they are issued a certificate from the ICA, which is used to authenticate and encrypt all communications.
This is done through industry-standard TLS.

Khanhdc_1509
Explorer

Also when I deploy standalone how are the CPU resources shared, 50-50?
and Can the admin port assign data ports to access the admin? If so, can other ports be blocked from accessing the admin?

0 Kudos
PhoneBoy
Admin
Admin

The resources are shared, but not exactly 50/50.
You can restrict access to the administrative functions, yes.

0 Kudos
the_rock
Legend
Legend

To add on top what @PhoneBoy  said, I would ensure you allow all communication between mgmt and gateways.

Andy

0 Kudos
Don_Paterson
Advisor
Advisor

You can use these commands to see the ICA database on the Security Management Server and the SIC trust state on the Security Gateway:

cpca_client lscert

cp_conf sic state

 

https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_CLI_ReferenceGuide/Content/T...

 

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_CLI_ReferenceGuide/Topics-CLIG/MDS...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events