manualshive.com logo in svg

Check Point S-10, Руководство по началу работы, Страница: 25 / 41

Поделиться
Скачать
Check Point S-10 Скачать руководство пользователя страница 25

Configuring the SmartEvent Clients 

 

Configuring SmartEvent

     Page 25 

 

Defining the Internal Network for SmartEvent 

To help SmartEvent Intro determine whether events originated internally or externally, the Internal Network 
must be defined. Certain network objects are copied from the management server to the SmartEvent Intro 
server during the initial synchronization and updated afterwards periodically. Define the Internal Network 
from these objects. 

Note

 - If running IPS Event Analysis in a Security Management Server environment, the internal network will 

be defined automatically from firewall topology information. You can customize the internal network 
definition.  

 

To define the Internal Network: 

1.  Start the SmartEvent Intro Client. 

2.  From the 

Policy 

view, select 

General Settings > Initial Settings > Internal Network

3.  Add objects (hosts, networks, groups, IP ranges) that define your environment's internal network.  

 

Defining Correlation Units and Log Servers for 
SmartEvent 

1.  From the 

Policy 

view of the SmartEvent Intro client, select 

General Settings > Initial Settings > 

Correlation Units

2.  Select 

Add

3.  Click the button of the 

Correlation Unit

 field. 

4.  In the 

Select Objects 

window, select a Correlation Unit.  

5.  Click 

OK

6.  Click 

Add 

and select the Log Servers available as data sources to the Correlation Unit. 

7.  Select 

Save

8.  From the 

Actions 

menu, select 

Install Events policy

At this point, SmartEvent Intro will begin to read logs and detect events. 

To learn how to manage and fine-tune the system using the SmartEvent Intro Client, see the 

SmartEvent 

Administration Guide 

for your software version on the Check Point Support Center 

(

http://supportcenter.checkpoint.com

).  

 

Creating a Consolidation Session for SmartReporter 

The Consolidation session reads logs from the log server and adds them to the SmartReporter database.  

 

If there is a single log server in the environment, the Consolidation session is automatically created. 

 

If there is more than one log server, you must create the Consolidation session for each log server. 

To create a Consolidation session: 

1.  In the 

Selection Bar 

view, select 

Management > Consolidation

2.  Select the 

Sessions 

tab. 

3.  Click 

Create New

 to create a new session. 

The 

New Consolidation Session 

window appears. 

4.  Select the log server from which logs will be collected and will be used to generate reports. 

5.  Click 

Next

The 

New Consolidation Session 

window appears. 

6.  Choose whether to use the default source logs and database tables, or select custom source logs and 

database tables for consolidation. 

If you selected 

Select default log files and database

, click 

Finish 

to complete the process. The source of 

the reports will be preselected logs. The report data will be stored in the default database table named 
CONNECTIONS. The preselected logs are the sequence of log files that are generated by Check Point 
products. The preselected logs session will begin at the beginning of the last file in the sequence, or at the 
point the sequence was stopped. 

Содержание S-10

Страница 1: ...8 December 2011 Getting Started Guide Smart 1 5 Smart 1 25 Models S 10 S 21 704548 ...

Страница 2: ...Check Point assumes no responsibility for errors or omissions This publication and features described herein are subject to change without notice RESTRICTED RIGHTS LEGEND Use duplication or disclosure by the government is subject to restrictions as set forth in subparagraph c 1 ii of the Rights in Technical Data and Computer Software clause at DFARS 252 227 7013 and FAR 52 227 19 TRADEMARKS Refer ...

Страница 3: ...ront Panel on page 30 Two high capacity disk drives with improved RAID system Hard Disk Drives on page 33 For the previous Smart 1 25 Getting Started Guide see Smart 1 5 and 25 Getting Started Guide http supportcontent checkpoint com documentation_download ID 10 949 23 February 2011 Dedicated SmartEvent Server option available from R75 only Security Management Installation Type on page 20 Improved...

Страница 4: ...llowed to short The battery cell may heat up under these conditions and present a burn hazard Warning DANGER OF EXPLOSION IF BATTERY IS INCORRECTLY REPLACED REPLACE ONLY WITH SAME OR EQUIVALENT TYPE RECOMMENDED BY THE MANUFACTURER DISCARD USED BATTERIES ACCORDING TO THE MANUFACTURER S INSTRUCTIONS Disconnect the system board power supply from its power source before you connect or disconnect cable...

Страница 5: ...bility to access information in that form Canadian Department Compliance Statement This Class A digital apparatus complies with Canadian ICES 003 Cet appareil numérique de la classe A est conforme à la norme NMB 003 du Canada Japan Class A Compliance Statement European Union EU Electromagnetic Compatibility Directive This product is herewith confirmed to comply with the requirements set out in the...

Страница 6: ...sing the First Time Configuration Wizard 18 Starting the First Time Configuration Wizard 19 Welcome 19 Appliance Date and Time Setup 19 Network Connections 20 Routing Table 20 DNS and Domain Settings 20 Security Management Installation Type 20 Security Management 21 SmartEvent and SmartReporter Suite Installation Type 21 Web SSH and GUI Clients Configuration 21 Secure Internal Communication 22 Dow...

Страница 7: ...tory Defaults using the Console 34 Restoring Using the LCD Panel 35 Lights Out Management 37 Introduction 38 Initial Login 38 Basic Configuration Options 38 Remotely Controlling the Appliance 38 Remotely Controlling the Power of the Appliance 39 Managing LOM Card Users 39 Configuring LOM Keyboard and Mouse 40 Configuring LOM Network 40 Setting the Date and Time 40 Defining a LOM Login Message 40 R...

Страница 8: ...bout Check Point products consult the Check Point Support Center http supportcenter checkpoint com Welcome to the Check Point family We look forward to meeting all of your current and future network application and management security needs Smart 1 Overview Smart 1 appliances deliver Check Point s market leading security management software blades on a dedicated hardware platform specifically desi...

Страница 9: ...Screen shots in this guide may apply only to the highest model to which this guide applies Shipping Carton Contents Item Description Appliance One Smart 1 appliance Rack Mounting Accessories Hardware mounting kit Cables 1 power cable Smart 1 5 2 power cables Smart 1 25 1 standard LAN cable 1 RJ 45 console cable Documentation User license agreement Getting Started Guide Terminology The following Sm...

Страница 10: ...ilable Based on the configuration SmartEvent contains these components SmartEvent Client or IPS Event Analysis Client A GUI that displays events or IPS events in many graphical list and map forms and provides user control of the policy SmartEvent Server or IPS Event Analysis Server Holds the event or IPS event database event queries object values and policy definition SmartEvent Correlation Unit A...

Страница 11: ...perature is below 35 C 95 F Do not block any air vents Normally 15 cm 6 in of air space in the rear and 5 cm 2 in in the front provides proper airflow Install the appliances in the cabinet starting at the bottom and going up Install the heaviest appliance at the bottom of the rack cabinet Do not extend more than one device out of the rack cabinet at the same time Connect the server to a properly g...

Страница 12: ... Kg Smart 1 25 1U 1 75 inch 44 5 mm 13 5 The distance from the center of any hole to the center of the third hole above it is equivalent to 1U The mounting holes in a standard 19 inch 482 6 mm server rack rail are arranged as follows When installing appliances start measuring from the center of the two holes with closer spacing Otherwise the screw holes on the appliance may not match those on the ...

Страница 13: ...iance rail to the appliance 2 Slide 2 Allows the Smart 1 appliance to slide in and out of the rack for access Out of the box it comes combined with the appliance rail Both slides are identical 3 Mounting bracket 4 Mounts the slide to the rack vertical rails All mounting brackets are identical Screw long RoHS NUT Flange M4 Coating Ni 8 Attaches slide to mounting brackets Threaded washer RoHS 14 0 L...

Страница 14: ...ropped screws A powered screwdriver is useful Pliers Recommended but not essential Preparing the Appliance Prepare the Smart 1 appliance for mounting in the rack You don t need to do this in the server room Attaching the Appliance Rails to the Appliance 1 Separate the appliance rail from the slide Push a release catch and slide the rail away from the slide until they separate 2 Identify the front ...

Страница 15: ...pliance ear bracket to one side of the appliance using three screws 2 Repeat for the other side of the appliance Attaching the Mounting Brackets to the Slide Attach the mounting brackets to the slide You don t need to do this in the server room 1 Open the slide so it is fully extended Press the latch to extend it 2 Identify the front end and the back end of the slide There is a piece of black plas...

Страница 16: ...ch to the rack 6 Repeat for the second slide Attach one mounting bracket loosely to the front of the slide and another normally to the back Attaching the Slide and Mounting Bracket Assembly to the Rack Now attach the slide and mounting bracket assembly to the rack 1 While standing in the front of the rack place a slide and bracket assembly in position in one side of the rack 2 Attach the mounting ...

Страница 17: ... the Rack 1 Extend the slide fully 2 Carefully line up the appliance with the rail and push it about half way in You will hear a click 3 To slide the appliance fully into the rack press the slide latch on the left then on the right Take care not to trap a finger 4 Slide the appliance into the rack ...

Страница 18: ...ails or is not connected to the outlet an alarm sounds continuously If you hear the alarm check that all power supplies are connected to the outlets If needed replace the faulty power supply immediately and connect the new unit to the A C outlet See Removing the Power Supply on page 32 Using the First Time Configuration Wizard Perform the initial configuration of Smart 1 using the First Time Confi...

Страница 19: ... system administrator login name password admin admin and click Login Note The features configured in the wizard are accessible after completing the wizard via the WebUI menu The WebUI menu can be accessed by navigating to https appliance_ip_address 4434 5 Change the administrator password as prompted The default password is provided to allow to you access to Smart 1 For security purposes you must...

Страница 20: ...rd in the Network Network Connections page Routing Table Configure the routing settings on the Routing Table page DNS and Domain Settings Set the Host Domain and DNS Servers in the DNS and Domain Settings page The host name must start with a letter and cannot be named Com1 Com2 Com9 Security Management Installation Type Note This page is only available in R75 or higher In the Installation Type pag...

Страница 21: ...applies only in a Management HA deployment Log Server is the repository for log entries generated on gateways Check Point gateways send their log entries to the Log Server SmartEvent and SmartReporter Suite Installation Type Configure the SmartEvent and Reporter Suite applications to run on the server SmartEvent A system that reads logs and generates events based on an Event Policy An IPS event on...

Страница 22: ...tp supportcenter checkpoint com Summary The Summary page appears Click Finish to complete the First Time Configuration Wizard The Appliance automatically restarts This may take several minutes Note It is recommended to backup the system configuration for system recovery purposes The backup menu can be accessed via the WebUI interface under the Appliance menu Installing the SmartConsole GUI Clients...

Страница 23: ...n the WebUI Command line access can be obtained by console connection or through SSH Connecting to the Smart 1 CLI You can connect to the command line interface of the Smart 1 appliance using The provided serial console cable DTE to DTE and terminal emulation software such as HyperTerminal from Windows or Minicom from Unix Linux systems Connection parameters for Smart 1 appliances are 9600bps no p...

Страница 24: ...Version drop down list d In the Management Software Blades list select the blades that are installed on the new host 3 Install the database on all log servers from which SmartEvent reads data select Policy Install Database and select the log servers as the targets 4 To allow the SmartEvent Intro server to block attacks from specific IP addresses configure the Security Management Server to accept S...

Страница 25: ...nt SmartEvent Intro will begin to read logs and detect events To learn how to manage and fine tune the system using the SmartEvent Intro Client see the SmartEvent Administration Guide for your software version on the Check Point Support Center http supportcenter checkpoint com Creating a Consolidation Session for SmartReporter The Consolidation session reads logs from the log server and adds them ...

Страница 26: ...lients Configuring SmartEvent Page 26 If you want to customize the Consolidation session refer to the SmartReporter Administration Guide for your software version on the Check Point Support Center http supportcenter checkpoint com ...

Страница 27: ... Smart 1 Hardware This chapter provides instructions for installing and removing hardware components on the Smart 1 appliance In This Chapter Smart 1 5 28 Smart 1 25 30 Customer Replaceable Parts 32 Hard Disk Drives 33 ...

Страница 28: ...ion port 6 Built in Ethernet ports Lan1 Lan4 LCD Display Screen Smart 1 appliances have an LCD screen that lets you do basic management operations You configure the management IP address net mask and default gateway using the LCD screen You can also reboot and turn off the appliance from the LCD screen To use the LCD screen operation keys Action Press Enter the main menu Navigate within the menu o...

Страница 29: ...lt GW Set the management interface default gateway System Reboot Reboot the appliance To enter an IP address Action Press Move to the next digit Move back to the previous digit Approve the change when cursor is located on the last digit Cancel the IP change when cursor is located on the first digit Change current digit or ...

Страница 30: ...n2 3 Console RJ 45 port to connect to a computer using a terminal emulation application 4 LCD display screen 5 Lights Out Management LOM port 6 USB ports 7 Hard disk drives LCD Display Screen Smart 1 appliances have an LCD screen that lets you do basic management operations You configure the management IP address net mask and default gateway using the LCD screen You can also reboot and turn off th...

Страница 31: ...the previous menu To use the menus Action Press Enter the main menu Enter Navigate within the menu or Select a menu option Enter Go back to a previous menu Esc To select menu options Menu Sub menu Purpose Network Set MGMT IP Set the management interface IP address Set Net mask Set the management interface network mask Set Default GW Set the management interface default gateway System Reboot Reboot...

Страница 32: ...is section presents the procedures for removing and installing a power supply unit The Smart 1 appliance contains two redundant power supplies It is not necessary to power off the appliance before adding or removing a power supply Removing the Power Supply To remove a power supply unit 1 If the power supply alarm sounds press the red alarm button to the right of the power supply This will stop the...

Страница 33: ... sound alarmoff Disable alarm sound Removing a Hard Disk Drive The Smart 1 25 contains 2 high capacity hard disk drive You can remove a hard disk drive without risking the integrity of the RAID array or compromising the data Warning Removing the two hard disk drives at the same time will cause the loss of all data To remove a hard disk drive 1 Unlock the drive 2 Move the release latch toward the l...

Страница 34: ...ge for Security Management Server To revert to an earlier image in the Smart 1 WebUI 1 Click Appliance Image Management 2 Select the relevant image version you wish to restore 3 Click Revert Restoring Factory Defaults using the Console The below procedure defines how to restore factory defaults using a terminal emulation program such as HyperTerminal 1 Using the supplied serial console cable to th...

Страница 35: ...o highlight Reset to factory defaults Select the relevant default image version 8 Press Enter Restoring Using the LCD Panel To restore the Smart 1 appliance to its default factory configuration using the LCD Panel keys 1 Reboot or power on the appliance 2 When the countdown begins press any of the arrow keys The Boot menu appears 3 Using the arrow buttons scroll to the relevant image version and t...

Страница 36: ... wait for the appliance to restore the factory image While the appliance is restored to the default image a Reverting image don t turn off message displays continuously When the appliance has been restored to its default factory configuration the appliance reboots and the Initializing message appears ...

Страница 37: ...e and basic configuration options In This Chapter Introduction 38 Initial Login 38 Basic Configuration Options 38 Remotely Controlling the Appliance 38 Remotely Controlling the Power of the Appliance 39 Managing LOM Card Users 39 Configuring LOM Keyboard and Mouse 40 Configuring LOM Network 40 Setting the Date and Time 40 Defining a LOM Login Message 40 ...

Страница 38: ...of inactivity you are automatically be logged out Basic Configuration Options The options in the main menu on Lights Out Management home page let you configure these settings Remotely control the appliance Remotely control the power of the appliance Manage Lights Out Management users Configure Lights Out Management keyboard and mouse settings Configure Lights Out Management network settings Set da...

Страница 39: ...click Apply Changes Managing LOM Card Users You can create modify and delete users You can also assign privileges to users To create a user 1 Click the LOM User Management menu option The User Management page appears 2 Select a row and click Create The User Add dialog box appears 3 Enter the following User name a user name maximum fourteen characters Password a password for the login name The pass...

Страница 40: ...iguring LOM Network The network settings option enables you to change the default IP address and other basic network settings of Lights Out Management To configure the network settings 1 Click the LOM Settings menu option and select Network 2 Select Static and enter the following values IP address the IP address of the LOM Subnet mask the subnet mask of the LOM s local network Gateway IP address t...

Страница 41: ...cal information about Check Point products consult the Check Point Support Center http supportcenter checkpoint com Where to From Here You have now learned the basics that you need to get started The next step is to obtain more advanced knowledge of your Check Point software See the relevant documentation for your software version on the Check Point Support Center Check Point documentation is avai...

Отзывы:

Нет отзывов