Chapter Excerpt

New SmartPortal features in Check Point NGX R65

By Ralph Bonnell

Service Provider Takeaway: Check Point NGX R65 contains a host of new SmartPortal features. This section of the chapter excerpt from Check Point NGX R65 Security Administration

    Requires Free Membership to View

will detail and explain some of these features.

Downlaod the .pdf of the chapter here.

The Check Point SmartConsole GUI clients have long been a significant competitive advantage for Check Point in the firewall space. Using secure internal communication

(SIC), these clients provide a common user interface and communicate with the SCS over an encrypted, authenticated, private channel over any Internet Protocol (IP) network, including the Internet.

Before NGX, anyone who wanted access to the SCS needed to install the GUI clients, a possible problem for organizations with strict configuration management policies or for administrators who couldn't always use their own laptops. SmartPortal was introduced in NGX and allowed the firewall administrator to extend read-only browser-based access to the SCS to people outside the security team and to those on PCs without the GUI clients. It's essentially a secure Web interface into your SCS.

NGX R65 added the ability to modify the internal user database so that SmartPortal users can create users and add them to existing user groups. The SmartPortal license is included in the SmartCenter Pro license and the UTM-1 appliances; otherwise, you have to purchase it separately.

Eventia Correlation Unit and Eventia Analyzer Server

SmartView Monitor is able to provide status updates from the Correlation Unit and

Eventia Analyzer Server. Correlation Unit status checks include:

  • Checking whether the Eventia Correlation Unit is active
  • Checking whether the Eventia Correlation Unit is connected to the Eventia

Analyzer Server

  • Checking whether the Eventia Correlation Unit is connected to the log server
  • Reporting on Eventia Correlation Unit and log server connection details and availability
  • Monitoring offline job status reports
  • Monitoring and reporting on low disk space

You can use Eventia Analyzer Server status to:

  • Report the last handle event time that was recorded
  • Report whether the Eventia Analyzer Server is active
  • Report an inventory of correlation units the Eventia Analyzer Server is connected with
  • Display the volume of events received in a selected period

The Eventia Correlation Unit's relation to other components will report trouble with the Eventia Correlation Unit's status. The Eventia Analyzer Server maintains system status to present information about connections to all Eventia Correlation Unit(s) that are currently associated.

SmartView Tracker

SmartView Tracker offers the ability to contact the SmartDefense Advisory information related to an explicit SmartDefense log. This can help an administrator to appraise configuration options to understand why the specific SmartView Tracker log occurred. SmartDefense's Advisory feature does not exhibit log entries that do not have an attack name and/or attack information.

IPv6 Reporting

IPv6 source or destination information will now display in the report. An administrator can define an Eventia Reporter filter using an IPv6 address, source, and destination.

DNS Implementation

Domain name system (DNS) implementation requires fewer resources. Furthermore, it is possible to control the requests for Time Out.

Remote License Management

The Eventia Reporter Server can search for the Eventia Reporter license on the Eventia Reporter machine if the license is not found on the Management Server.

Eventia Reporter on Multiple Versions of SmartCenter Management

Eventia Reporter in a distributed installation is able to integrate with multiple versions of SmartCenter Management from NGX R54 and later.

You can install Eventia Reporter as a stand-alone deployment or a distributed deployment. Eventia Reporter recognizes all the network objects in the SmartCenter

Management database via an internal process referred to as dbsync when it is installed as a distributed deployment. Eventia Reporter can recognize objects from multiple versions (from NGX R54 and later) using dbsync.

Eventia Reporter and Analyzer Integration

Eventia Reporter, Eventia Analyzer Server, and Eventia Correlation Units are situated in the same package, and you can install them on the same server. You can use the high-level evstop and evstart commands to stop and start the Eventia Reporter and Analyzer. &

Three new content inspection express reports are included with the new version of Eventia Reporter. They are the Anti Virus, Web (URL) Filtering, and Anti Spam reports.


NGX R65 Operational Changes
  Introduction
  New SmartPortal Features
 New FireWall-1/VPN-1 Features
 Edge Support for CLM
 Integrity Advanced Server
 Summary
 Check Point NGX R65 FAQs

Reprinted from Chapter one of Check Point NGX R65 Security Administration by Ralph Bonnell. Printed with permission from Syngress, a division of Elsevier. Copyright 2007. For more information about this title, please visit www.syngress.com.


This was first published in May 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: