By Ralph Bonnell
Service Provider Takeaway: Check Point NGX R65 contains a host of new SmartPortal features. This section of the chapter excerpt from Check Point NGX R65 Security Administration will detail and explain some of these features.
Downlaod the .pdf of the chapter here.
The Check Point SmartConsole GUI clients have long been a significant competitive advantage for Check Point in the firewall space. Using secure internal communication
(SIC), these clients provide a common user interface and communicate with the SCS over an encrypted, authenticated, private channel over any Internet Protocol (IP) network, including the Internet.
Before NGX, anyone who wanted access to the SCS needed to install the GUI clients, a possible problem for organizations with strict configuration management policies or for administrators who couldn't always use their own laptops. SmartPortal was introduced in NGX and allowed the firewall administrator to extend read-only browser-based access to the SCS to people outside the security team and to those on PCs without the GUI clients. It's essentially a secure Web interface into your SCS.
NGX R65 added the ability to modify the internal user database so that SmartPortal users can create users and add them to existing user groups. The SmartPortal license is included in the SmartCenter Pro license and the UTM-1 appliances; otherwise, you have to purchase it separately.
Eventia Correlation Unit and Eventia Analyzer Server
SmartView Monitor is able to provide status updates from the Correlation Unit and
Eventia Analyzer Server. Correlation Unit status checks include:
- Checking whether the Eventia Correlation Unit is active
- Checking whether the Eventia Correlation Unit is connected to the Eventia
- Checking whether the Eventia Correlation Unit is connected to the log server
- Reporting on Eventia Correlation Unit and log server connection details and availability
- Monitoring offline job status reports
- Monitoring and reporting on low disk space
You can use Eventia Analyzer Server status to:
- Report the last handle event time that was recorded
- Report whether the Eventia Analyzer Server is active
- Report an inventory of correlation units the Eventia Analyzer Server is connected with
- Display the volume of events received in a selected period
The Eventia Correlation Unit's relation to other components will report trouble with the Eventia Correlation Unit's status. The Eventia Analyzer Server maintains system status to present information about connections to all Eventia Correlation Unit(s) that are currently associated.
SmartView Tracker offers the ability to contact the SmartDefense Advisory information related to an explicit SmartDefense log. This can help an administrator to appraise configuration options to understand why the specific SmartView Tracker log occurred. SmartDefense's Advisory feature does not exhibit log entries that do not have an attack name and/or attack information.
IPv6 source or destination information will now display in the report. An administrator can define an Eventia Reporter filter using an IPv6 address, source, and destination.
Domain name system (DNS) implementation requires fewer resources. Furthermore, it is possible to control the requests for Time Out.
Remote License Management
The Eventia Reporter Server can search for the Eventia Reporter license on the Eventia Reporter machine if the license is not found on the Management Server.
Eventia Reporter on Multiple Versions of SmartCenter Management
Eventia Reporter in a distributed installation is able to integrate with multiple versions of SmartCenter Management from NGX R54 and later.
You can install Eventia Reporter as a stand-alone deployment or a distributed deployment. Eventia Reporter recognizes all the network objects in the SmartCenter
Management database via an internal process referred to as dbsync when it is installed as a distributed deployment. Eventia Reporter can recognize objects from multiple versions (from NGX R54 and later) using dbsync.
Eventia Reporter and Analyzer Integration
Eventia Reporter, Eventia Analyzer Server, and Eventia Correlation Units are situated in the same package, and you can install them on the same server. You can use the high-level evstop and evstart commands to stop and start the Eventia Reporter and Analyzer. &
Three new content inspection express reports are included with the new version of Eventia Reporter. They are the Anti Virus, Web (URL) Filtering, and Anti Spam reports.
NGX R65 Operational Changes
New SmartPortal Features
New FireWall-1/VPN-1 Features
Edge Support for CLM
Integrity Advanced Server
Check Point NGX R65 FAQs
Reprinted from Chapter one of Check Point NGX R65 Security Administration by Ralph Bonnell. Printed with permission from Syngress, a division of Elsevier. Copyright 2007. For more information about this title, please visit www.syngress.com.