Check Point S-10 Getting Started Manual Download Page 24 | Manualshive

Page: 24 / 41

background image

Page 24

Chapter 3

Configuring SmartEvent

This section explains how to get up and running with SmartEvent.

In This Chapter

Preparing SmartEvent on Security Management Server

Configuring the SmartEvent Clients

Preparing SmartEvent on Security
Management Server

To configure SmartEvent, first establish connectivity between the components.

1. Launch SmartDashboard.

2. In SmartDashboard, create a new host for each computer that contains a component of SmartEvent:

a) Select

Manage > Network Object > New > Check Point > Host

b) In the

General Properties

window, click

Communication

and enter the activation key.

Note

- If the Security Management Server and SmartEvent are installed on different sides of the firewall,

add a rule that allows SIC traffic between them.

c) The version is not entered automatically if the SmartEvent version is newer than the version of the

Security Management Server. If so, select the most recent version available from the

Version

drop-

down list.

d) In the

Management Software Blades

list, select the blades that are installed on the new host.

3. Install the database on all log servers from which SmartEvent reads data: select

Policy > Install

Database

and select the log servers as the targets.

4. To allow the SmartEvent Intro server to block attacks from specific IP addresses, configure the Security

Management Server to accept SAM commands from the SmartEvent Intro server:

a) On the Security Management Server, edit the

$CPDIR/conf/sic_policy.conf

file:

Search for the section

[Inbound rules]

, and add the following line under

# sam proxy

:

DN_Mgmt ; Reporting_Tool; ANY; sam ; sslca

b) From the command line in the Security Management Server computer, run the following commands:

cpstop

cpstart

Configuring the SmartEvent Clients

You must perform these configurations to make the components of the SmartEvent functional.

After you have accomplished the tasks for SmartEvent Intro, events will begin to appear in the SmartEvent
Intro client.

After you have accomplished the tasks for SmartReporter, logs will be created and sent to the
SmartReporter database. Reports can then be created.

«
...
22
23
24
25
26
...
»

Summary of Contents for S-10

Page 1: ...8 December 2011 Getting Started Guide Smart 1 5 Smart 1 25 Models S 10 S 21 704548 ...

Page 2: ...Check Point assumes no responsibility for errors or omissions This publication and features described herein are subject to change without notice RESTRICTED RIGHTS LEGEND Use duplication or disclosure by the government is subject to restrictions as set forth in subparagraph c 1 ii of the Rights in Technical Data and Computer Software clause at DFARS 252 227 7013 and FAR 52 227 19 TRADEMARKS Refer ...

Page 3: ...ront Panel on page 30 Two high capacity disk drives with improved RAID system Hard Disk Drives on page 33 For the previous Smart 1 25 Getting Started Guide see Smart 1 5 and 25 Getting Started Guide http supportcontent checkpoint com documentation_download ID 10 949 23 February 2011 Dedicated SmartEvent Server option available from R75 only Security Management Installation Type on page 20 Improved...

Page 4: ...llowed to short The battery cell may heat up under these conditions and present a burn hazard Warning DANGER OF EXPLOSION IF BATTERY IS INCORRECTLY REPLACED REPLACE ONLY WITH SAME OR EQUIVALENT TYPE RECOMMENDED BY THE MANUFACTURER DISCARD USED BATTERIES ACCORDING TO THE MANUFACTURER S INSTRUCTIONS Disconnect the system board power supply from its power source before you connect or disconnect cable...

Page 5: ...bility to access information in that form Canadian Department Compliance Statement This Class A digital apparatus complies with Canadian ICES 003 Cet appareil numérique de la classe A est conforme à la norme NMB 003 du Canada Japan Class A Compliance Statement European Union EU Electromagnetic Compatibility Directive This product is herewith confirmed to comply with the requirements set out in the...

Page 6: ...sing the First Time Configuration Wizard 18 Starting the First Time Configuration Wizard 19 Welcome 19 Appliance Date and Time Setup 19 Network Connections 20 Routing Table 20 DNS and Domain Settings 20 Security Management Installation Type 20 Security Management 21 SmartEvent and SmartReporter Suite Installation Type 21 Web SSH and GUI Clients Configuration 21 Secure Internal Communication 22 Dow...

Page 7: ...tory Defaults using the Console 34 Restoring Using the LCD Panel 35 Lights Out Management 37 Introduction 38 Initial Login 38 Basic Configuration Options 38 Remotely Controlling the Appliance 38 Remotely Controlling the Power of the Appliance 39 Managing LOM Card Users 39 Configuring LOM Keyboard and Mouse 40 Configuring LOM Network 40 Setting the Date and Time 40 Defining a LOM Login Message 40 R...

Page 8: ...bout Check Point products consult the Check Point Support Center http supportcenter checkpoint com Welcome to the Check Point family We look forward to meeting all of your current and future network application and management security needs Smart 1 Overview Smart 1 appliances deliver Check Point s market leading security management software blades on a dedicated hardware platform specifically desi...

Page 9: ...Screen shots in this guide may apply only to the highest model to which this guide applies Shipping Carton Contents Item Description Appliance One Smart 1 appliance Rack Mounting Accessories Hardware mounting kit Cables 1 power cable Smart 1 5 2 power cables Smart 1 25 1 standard LAN cable 1 RJ 45 console cable Documentation User license agreement Getting Started Guide Terminology The following Sm...

Page 10: ...ilable Based on the configuration SmartEvent contains these components SmartEvent Client or IPS Event Analysis Client A GUI that displays events or IPS events in many graphical list and map forms and provides user control of the policy SmartEvent Server or IPS Event Analysis Server Holds the event or IPS event database event queries object values and policy definition SmartEvent Correlation Unit A...

Page 11: ...perature is below 35 C 95 F Do not block any air vents Normally 15 cm 6 in of air space in the rear and 5 cm 2 in in the front provides proper airflow Install the appliances in the cabinet starting at the bottom and going up Install the heaviest appliance at the bottom of the rack cabinet Do not extend more than one device out of the rack cabinet at the same time Connect the server to a properly g...

Page 12: ... Kg Smart 1 25 1U 1 75 inch 44 5 mm 13 5 The distance from the center of any hole to the center of the third hole above it is equivalent to 1U The mounting holes in a standard 19 inch 482 6 mm server rack rail are arranged as follows When installing appliances start measuring from the center of the two holes with closer spacing Otherwise the screw holes on the appliance may not match those on the ...

Page 13: ...iance rail to the appliance 2 Slide 2 Allows the Smart 1 appliance to slide in and out of the rack for access Out of the box it comes combined with the appliance rail Both slides are identical 3 Mounting bracket 4 Mounts the slide to the rack vertical rails All mounting brackets are identical Screw long RoHS NUT Flange M4 Coating Ni 8 Attaches slide to mounting brackets Threaded washer RoHS 14 0 L...

Page 14: ...ropped screws A powered screwdriver is useful Pliers Recommended but not essential Preparing the Appliance Prepare the Smart 1 appliance for mounting in the rack You don t need to do this in the server room Attaching the Appliance Rails to the Appliance 1 Separate the appliance rail from the slide Push a release catch and slide the rail away from the slide until they separate 2 Identify the front ...

Page 15: ...pliance ear bracket to one side of the appliance using three screws 2 Repeat for the other side of the appliance Attaching the Mounting Brackets to the Slide Attach the mounting brackets to the slide You don t need to do this in the server room 1 Open the slide so it is fully extended Press the latch to extend it 2 Identify the front end and the back end of the slide There is a piece of black plas...

Page 16: ...ch to the rack 6 Repeat for the second slide Attach one mounting bracket loosely to the front of the slide and another normally to the back Attaching the Slide and Mounting Bracket Assembly to the Rack Now attach the slide and mounting bracket assembly to the rack 1 While standing in the front of the rack place a slide and bracket assembly in position in one side of the rack 2 Attach the mounting ...

Page 17: ... the Rack 1 Extend the slide fully 2 Carefully line up the appliance with the rail and push it about half way in You will hear a click 3 To slide the appliance fully into the rack press the slide latch on the left then on the right Take care not to trap a finger 4 Slide the appliance into the rack ...

Page 18: ...ails or is not connected to the outlet an alarm sounds continuously If you hear the alarm check that all power supplies are connected to the outlets If needed replace the faulty power supply immediately and connect the new unit to the A C outlet See Removing the Power Supply on page 32 Using the First Time Configuration Wizard Perform the initial configuration of Smart 1 using the First Time Confi...

Page 19: ... system administrator login name password admin admin and click Login Note The features configured in the wizard are accessible after completing the wizard via the WebUI menu The WebUI menu can be accessed by navigating to https appliance_ip_address 4434 5 Change the administrator password as prompted The default password is provided to allow to you access to Smart 1 For security purposes you must...

Page 20: ...rd in the Network Network Connections page Routing Table Configure the routing settings on the Routing Table page DNS and Domain Settings Set the Host Domain and DNS Servers in the DNS and Domain Settings page The host name must start with a letter and cannot be named Com1 Com2 Com9 Security Management Installation Type Note This page is only available in R75 or higher In the Installation Type pag...

Page 21: ...applies only in a Management HA deployment Log Server is the repository for log entries generated on gateways Check Point gateways send their log entries to the Log Server SmartEvent and SmartReporter Suite Installation Type Configure the SmartEvent and Reporter Suite applications to run on the server SmartEvent A system that reads logs and generates events based on an Event Policy An IPS event on...

Page 22: ...tp supportcenter checkpoint com Summary The Summary page appears Click Finish to complete the First Time Configuration Wizard The Appliance automatically restarts This may take several minutes Note It is recommended to backup the system configuration for system recovery purposes The backup menu can be accessed via the WebUI interface under the Appliance menu Installing the SmartConsole GUI Clients...

Page 23: ...n the WebUI Command line access can be obtained by console connection or through SSH Connecting to the Smart 1 CLI You can connect to the command line interface of the Smart 1 appliance using The provided serial console cable DTE to DTE and terminal emulation software such as HyperTerminal from Windows or Minicom from Unix Linux systems Connection parameters for Smart 1 appliances are 9600bps no p...

Page 24: ...Version drop down list d In the Management Software Blades list select the blades that are installed on the new host 3 Install the database on all log servers from which SmartEvent reads data select Policy Install Database and select the log servers as the targets 4 To allow the SmartEvent Intro server to block attacks from specific IP addresses configure the Security Management Server to accept S...

Page 25: ...nt SmartEvent Intro will begin to read logs and detect events To learn how to manage and fine tune the system using the SmartEvent Intro Client see the SmartEvent Administration Guide for your software version on the Check Point Support Center http supportcenter checkpoint com Creating a Consolidation Session for SmartReporter The Consolidation session reads logs from the log server and adds them ...

Page 26: ...lients Configuring SmartEvent Page 26 If you want to customize the Consolidation session refer to the SmartReporter Administration Guide for your software version on the Check Point Support Center http supportcenter checkpoint com ...

Page 27: ... Smart 1 Hardware This chapter provides instructions for installing and removing hardware components on the Smart 1 appliance In This Chapter Smart 1 5 28 Smart 1 25 30 Customer Replaceable Parts 32 Hard Disk Drives 33 ...

Page 28: ...ion port 6 Built in Ethernet ports Lan1 Lan4 LCD Display Screen Smart 1 appliances have an LCD screen that lets you do basic management operations You configure the management IP address net mask and default gateway using the LCD screen You can also reboot and turn off the appliance from the LCD screen To use the LCD screen operation keys Action Press Enter the main menu Navigate within the menu o...

Page 29: ...lt GW Set the management interface default gateway System Reboot Reboot the appliance To enter an IP address Action Press Move to the next digit Move back to the previous digit Approve the change when cursor is located on the last digit Cancel the IP change when cursor is located on the first digit Change current digit or ...

Page 30: ...n2 3 Console RJ 45 port to connect to a computer using a terminal emulation application 4 LCD display screen 5 Lights Out Management LOM port 6 USB ports 7 Hard disk drives LCD Display Screen Smart 1 appliances have an LCD screen that lets you do basic management operations You configure the management IP address net mask and default gateway using the LCD screen You can also reboot and turn off th...

Page 31: ...the previous menu To use the menus Action Press Enter the main menu Enter Navigate within the menu or Select a menu option Enter Go back to a previous menu Esc To select menu options Menu Sub menu Purpose Network Set MGMT IP Set the management interface IP address Set Net mask Set the management interface network mask Set Default GW Set the management interface default gateway System Reboot Reboot...

Page 32: ...is section presents the procedures for removing and installing a power supply unit The Smart 1 appliance contains two redundant power supplies It is not necessary to power off the appliance before adding or removing a power supply Removing the Power Supply To remove a power supply unit 1 If the power supply alarm sounds press the red alarm button to the right of the power supply This will stop the...

Page 33: ... sound alarmoff Disable alarm sound Removing a Hard Disk Drive The Smart 1 25 contains 2 high capacity hard disk drive You can remove a hard disk drive without risking the integrity of the RAID array or compromising the data Warning Removing the two hard disk drives at the same time will cause the loss of all data To remove a hard disk drive 1 Unlock the drive 2 Move the release latch toward the l...

Page 34: ...ge for Security Management Server To revert to an earlier image in the Smart 1 WebUI 1 Click Appliance Image Management 2 Select the relevant image version you wish to restore 3 Click Revert Restoring Factory Defaults using the Console The below procedure defines how to restore factory defaults using a terminal emulation program such as HyperTerminal 1 Using the supplied serial console cable to th...

Page 35: ...o highlight Reset to factory defaults Select the relevant default image version 8 Press Enter Restoring Using the LCD Panel To restore the Smart 1 appliance to its default factory configuration using the LCD Panel keys 1 Reboot or power on the appliance 2 When the countdown begins press any of the arrow keys The Boot menu appears 3 Using the arrow buttons scroll to the relevant image version and t...

Page 36: ... wait for the appliance to restore the factory image While the appliance is restored to the default image a Reverting image don t turn off message displays continuously When the appliance has been restored to its default factory configuration the appliance reboots and the Initializing message appears ...

Page 37: ...e and basic configuration options In This Chapter Introduction 38 Initial Login 38 Basic Configuration Options 38 Remotely Controlling the Appliance 38 Remotely Controlling the Power of the Appliance 39 Managing LOM Card Users 39 Configuring LOM Keyboard and Mouse 40 Configuring LOM Network 40 Setting the Date and Time 40 Defining a LOM Login Message 40 ...

Page 38: ...of inactivity you are automatically be logged out Basic Configuration Options The options in the main menu on Lights Out Management home page let you configure these settings Remotely control the appliance Remotely control the power of the appliance Manage Lights Out Management users Configure Lights Out Management keyboard and mouse settings Configure Lights Out Management network settings Set da...

Page 39: ...click Apply Changes Managing LOM Card Users You can create modify and delete users You can also assign privileges to users To create a user 1 Click the LOM User Management menu option The User Management page appears 2 Select a row and click Create The User Add dialog box appears 3 Enter the following User name a user name maximum fourteen characters Password a password for the login name The pass...

Page 40: ...iguring LOM Network The network settings option enables you to change the default IP address and other basic network settings of Lights Out Management To configure the network settings 1 Click the LOM Settings menu option and select Network 2 Select Static and enter the following values IP address the IP address of the LOM Subnet mask the subnet mask of the LOM s local network Gateway IP address t...

Page 41: ...cal information about Check Point products consult the Check Point Support Center http supportcenter checkpoint com Where to From Here You have now learned the basics that you need to get started The next step is to obtain more advanced knowledge of your Check Point software See the relevant documentation for your software version on the Check Point Support Center Check Point documentation is avai...

Reviews:

No comments

Related manuals for S-10

HS12 - BladeCenter - 8028

Brand: IBM Pages: 204

Brand: YOKOGAWA Pages: 22

SuperServer 5013C-MT

Brand: Supero Pages: 98

Thin Client 166

Brand: Tangent Pages: 2

UltraNEXUS HD Blade

Brand: Leightronix Pages: 5

Brand: Cavalry Pages: 16

Brand: Advantech Pages: 38

Edgeline EL4000

Brand: HPE Pages: 57

ProLiant ML110 Gen10

Brand: HPE Pages: 101

ProLiant ML110 Gen10

Brand: HPE Pages: 159

NETWORK SATELLITE 5.2 - CHANNEL MANAGEMENT

Brand: Red Hat Pages: 74

DIRECTORY SERVER 7.1

Brand: Red Hat Pages: 652

Brand: Teledyne Pages: 228

Brand: Aimetis Pages: 16

UniServer B5700 G5

Brand: H3C Pages: 90

Brand: Paxar Pages: 48

Brand: ClearCube Pages: 2

Brand: Telexper Pages: 4

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands