Nev Finch

Feedback on Endpoint Management and Smart Event Server Architecture

Discussion created by Nev Finch on Feb 10, 2018
Latest reply on Feb 12, 2018 by Dameon Welch Abernathy

I am interested in getting some feedback on our current set-up. We are only new to Check Point and have deployed both a Firewall Solution and an End Point Solution. At the moment these are two separate setups. The Firewall Solution is on R80.10 and the End Point is on R77.30.03, each with their own Management and Log Server (I have included more detail below).

 

Overall we love the product, particularly the reporting and management in R80.10. The management and reporting on End Point though is proving to be a little frustrating. Our main issues are:

 

  • No consolidated view of logs and potential problems.
  • The logging in R77.30.03 for End Point is difficult to navigate and troubleshoot issues as we begin to lock down the clients.
  • To configure the Firewall on Endpoint we would need to replicate all our network objects from the Firewall Management Server to the End Point Management Server.

 

My questions are:

 

What is everyone else doing that has both Firewalls and End Point? Are you running separate environments or have you unified on R80.10 or stayed with R77.30.03?

 

What would you recommend for us? We use the Sandblast Agent (to help protect users outside the Network). I have been thinking of moving End Point to R80.10 but have had a couple of trusted sources recommend we wait for R80.20.

 

The details of our current Set-up are below:

 

End Point Set-up

 

Main Server

 

Hardware:       Open Server

Version:           R77.30.03

OS:                  GIA

 

Configured options

 

Network Policy Management

Endpoint Policy Management

Logging & Status

Management & User Portal

Provisioning

Smart Event Server

Smart Event Correlation Unit

 

Remote Site

 

Hardware:       Open Server

Version:           R77.30.03

OS:                  GIA

 

Configured options

 

Network Policy Management

Endpoint Policy Management

Logging & Status

 

Firewall Set-up

 

Management Server

 

Hardware:       SMART-1

Version:           R80.10

OS:                  GIA

 

Configured options

 

Network Policy Management

Logging & Status

Provisioning

Compliance

Smart Event Server

Smart Event Correlation Unit

 

This server manages 5 Firewalls that make up our organisation. The majority of these devices are on R80.10. There are a couple of 1450 devices still running R77.20

Outcomes