Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sunny_Gill
Employee
Employee

Converting a Check Point 1400 security appliance from Local to Central Management

Jump to solution

A short video showing how to easily convert a 1400 Small Business Security Appliance from local to central management, in this short video from our Check Point community.

2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
You have to download a current release (like R80.40) and install Security Management on either a VM or a supported Appliance/Open Server.
This requires a license.
SmartConsole/SmartDashboard cannot connect directly to a 1490 (or any other SMB appliance).

View solution in original post

0 Kudos
PhoneBoy
Admin
Admin
Check Point sells through resellers/distributors.
Likely the SKU you're looking for is CPSM-NGSM5, which is the smallest management license we sell (for up to 5 gateways and includes SmartEvent/Compliance for 1 year).

View solution in original post

13 Replies
Softwhere
Explorer

Just one question, how and where can a security mangement be installed?

I have downloaded and installed the "Check_point_SmartConsole_and_SmartDomain_Manager_R77.30".

Smart Dashboard wants username; password; and device if I put in the IP of the Windows Server or IP of the 1490 it cannot connect,

"defined as a GUI client"

If I remember correctly from years past we needed to enter the Server where the software was installed directly into the Firewall some how.

At any rate could use some help

Thanks,

Jeff 

0 Kudos
PhoneBoy
Admin
Admin
You have to download a current release (like R80.40) and install Security Management on either a VM or a supported Appliance/Open Server.
This requires a license.
SmartConsole/SmartDashboard cannot connect directly to a 1490 (or any other SMB appliance).

View solution in original post

0 Kudos
Softwhere
Explorer
Thanks, where do I get a license only for Management Server, can I get it directly from Checkpoint or through Distributor?
0 Kudos
PhoneBoy
Admin
Admin
Check Point sells through resellers/distributors.
Likely the SKU you're looking for is CPSM-NGSM5, which is the smallest management license we sell (for up to 5 gateways and includes SmartEvent/Compliance for 1 year).

View solution in original post

gp_singh67
Participant

During the course of shifting my SMB appliance from local to central server, what will happen to the policies already working on the appliance ? Will it get populated on the Central server automatically ?

0 Kudos
PhoneBoy
Admin
Admin

When you switch from local to central management and before you've pushed an explicit policy from the central management to the gateway, a default policy allowing outgoing traffic will be enforced.

0 Kudos
gp_singh67
Participant

You mean to say I will have to push all the policies afreah ? I have only two 1490 appliances working in HA mode. Is it worth taking pain to migrate them to a central management server ? What benefits I may loose by not doing so.

Thanks for your time.

0 Kudos
PhoneBoy
Admin
Admin

Yes, you will have to recreate the policy in the central management.
Let me turn the question around: what is your motivation for moving to central management in the first place?

0 Kudos
gp_singh67
Participant

One of the reason is better log monitoring and management of appliances. At present I have to replicate policies in both the firewalls manually. Though I don't have experience but I feel management server will make job easier.

0 Kudos
PhoneBoy
Admin
Admin

It should as you can push the same policy to both gateway members and leverage SmartEvent.
Some features (don't have a list offhand) are only available when centrally managed.

gp_singh67
Participant

Dear Sir,

I have two 1490 appliances working in HA Mode. What should be the sequence of operations for shifting them from local to central management ? Any downtime will be required for this process of shifting them from local to central management.  I have  done management server R80.40 and connected it to Smart Console.

0 Kudos
G_W_Albrecht
Legend
Legend

Using SMBs as HA Cluster, you only define the policy on the active member ! The HA node will sync from the active member the changed policy. Central Management lifts some limitations of the 14x0 locally managed appliances - more cores, a more granular, layered rulebase, and provides added features using SmartDashboard.

CCSE CCTE SMB Specialist
0 Kudos
gp_singh67
Participant

Based on your advice I purchased CPSM-NGSM5 with three years licence. The migration work from Local to Central was planned to be done by our IT team. We installed CMS on VMWare platform and moved one 1490 SMB which was working on production mode in HA Cluster from local to central, but Logs are not being pushed from FW to CMS. I also created SR but checkpoint TAC saying they provide services only for production systems and not for Lab setup. Any advice ? While purchasing CMS I didn't foresee any such difficulties and thought It would be easy to migrate. -:(

0 Kudos