5. NGFW for small businesses. SMP cloud management

I welcome readers to our series of articles, which is dedicated to SMB Check Point, namely the 1500 series model range. IN the first part mentioned the ability to manage your SMB-series NGFWs using the Security Management Portal (SMP) cloud service. Finally, it's time to talk about it in more detail, show the available options and administration tools. For those who have just joined us, let me remind you of the previously discussed topics: initialization and setup , organization of wireless traffic transmission (WiFi and LTE) , VPN

SMP is a centralized portal for managing your SMB devices, including a web interface and administration tools for up to 5 devices. The following Check Point model series are supported: 000, 600, 700, 910, 1100R, 1200, 1400.

First, let's describe the advantages of such a solution:

1. Centralized infrastructure maintenance. Thanks to the cloud portal, you can deploy policies, apply settings, study events - regardless of your location and the number of NGFWs in the organization.
2. Scalability and efficiency. With the purchase of the SMP solution, you take an active subscription with support for up to 5000 NGFW, this will allow you to easily add new nodes to the infrastructure, ensuring dynamic communication between them thanks to VPN.

You can learn more about licensing options from the documentation for SMP, there are two options:

• Cloud Hosted SMP. The management server is hosted in the Check Point cloud, and support for up to 50 gateways is available.
• On-Premise SMP. The management server is hosted in the customer's cloud solution, support for up to 5000 gateways is available.

Let's add one important, in our opinion, feature: when buying any model from the 1500-series, one SMP license is included in the package. Thus, by purchasing a new generation of SMB, you will have access to cloud management at no additional cost.

Practical use

After a brief introduction, let's move on to a practical acquaintance with the solution, at the moment a demo version of the portal is available upon request to the local Check Point office. Initially, you will be greeted by an authorization window where you will need to specify: domain, username, password.

As a domain, the address of the deployed SMP portal is indicated directly, if you purchase it under the “Cloud Hosted SMP” subscription, then to deploy a new one, you must send a request by clicking on the “New Domain Request” button (consideration period up to 3 days).

Next, the main portal page is displayed with statistics about managed gateways and available options from the menu.

Let's consider each tab separately, briefly describing its capabilities.

Map

The section allows you to track the location of your NGFW, view its status or go to its direct settings.

Gateways

A table that includes managed SMB gateways from your infrastructure contains information: gateway name, model, OS version, policy profile.

Plans

The section contains a list of profiles displaying the status of installed Blades on them, where it is possible to select access rights for making changes to the configuration (individual policies can only be configured locally).

If you go to the settings of a specific profile, you can access the full configuration of your NGFW.

The Security Software Blades part is devoted to configuring each of the NGFW blades, in particular:
Firewall, Applications and URLs, IPS, Anti-Virus, Anti-Spam, QoS, Remote Access, Site-to-Site VPN, User Awareness, Anti-Bot, Threat Emulation, Threat Prevention, SSL Inspection.

Note the ability to configure CLI scripts that will be automatically applied to the gateways that are specified in Plans->Profile. With their help, you can set separate identical settings (date / time, access passwords, work with SNMP monitoring protocols, etc.)

We will not dwell on specific settings in detail, this was covered earlier, there is also a course Check Point Getting Started.

Logs

One of the benefits of using SMP is to have a centralized view of the logs of your SMB gateways, which can be accessed by going to Logs → Gateway Logs.

In the filter, you can specify a specific gateway, specify the source or destination address, and so on. In general, working with logs is identical to viewing in the Smart Console, while maintaining flexibility and informativeness.

Cyber ​​Views

The section contains statistics in the form of reports on the latest security events, they allow you to quickly organize the logs and present useful infographics:

General conclusions

Thus, SMP is a modern portal that combines an intuitive interface and deep capabilities in terms of administering your NGFW solutions of the SMB family. Let us once again note its main advantages:

1. Ability to remotely manage up to 5000 NGFW.
2. Portal maintenance by Check Point specialists (in case of Cloud Hosted SMP subscription).
3. Informativeness and structured data about your infrastructure in one tool.

A large selection of materials on Check Point from TS Solution. Stay tuned (Telegram, Facebook, VK, TS Solution Blog, Yandex Zen).

Source: habr.com