Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Check Point Horizon Manager
for IP Appliances

Overview

Horizon Manager helps security administrators efficiently and proactively manage large-scale deployments of IP security appliances. Horizon Manager automates time-consuming administration while preventing common configuration errors, ensuring the optimal deployment, monitoring, maintenance, and recovery of IP security appliances. Administrators can manage operating system configuration settings and versions, and Check Point application packages, from a single console. Additional functionality includes template-based IP appliance configuration and deployment, backup and restore of application and operating system configurations, hardware and software inventory capabilities, and the execution of commands or customized scripts.

A remote GUI client provides intuitive at-a-glance information about connected devices, groups of devices, action logs, and action status. Critical IP appliance values can be continuously monitored, with alert or action failures sent via email notifications or SMS.

Benefits

  • Improves security by enabling best-practice and consistent deployments and security management
  • Rapid ROI, reducing annual network security costs
  • Improves efficiency of scarce IT staff resources
  • Simplifies tedious & error prone tasks
  • Prevents single point of failure of home-grown tools

Features

Configuration and Systems Management
For enterprises or service providers, Horizon Manager delivers secure central network management integral to a trusted network environment. It saves time and resources with centralized IP appliance configuration and inventory management, and establishes role-based access privileges, automates tasks, and simplifies routine software maintenance for devices.

Horizon Manager introduces simple, systematic procedures for deploying security systems and maintaining optimized security network software configurations. IP appliances can be managed based on dynamic characteristics for both simple and complex groupings. Predefined actions provide a consistent management template, thus reducing errors and assisting in the development of customer specific management procedures for optimal secure networks. Configuration and Systems Management features include:

  • Template-based IP appliance and OS configuration and deployment
  • Backup and restore of application configurations and OS
  • Inventory, license and asset management
  • Automated password change for single or across groups of devices
  • Automated single or repetitive actions through a task scheduler
  • Troubleshooting tools for IP appliance and network interfaces
  • SSHv1 and SSHv2 support for secure communication with IP appliances

Monitoring and Alerts
Horizon Manager offers the ability to monitor critical IP appliance health and network traffic values with flexible polling. Monitoring and alerts cover the following metrics: CPU, memory and disk usage, sensor temperatures, fan speeds, logical and physical (packet, byte, multicast and broadcast) throughput. All monitoring data can be saved and exported to reporting tools to determine network traffic trends and for capacity planning. Horizon Manager also has the ability to set warning thresholds for CPU, memory and disk use and temperature. Alerts can be sent via email or SMS.

Monitoring

Automated Constraints Information
Rules are used to determine the compatibility of different applications, OS versions and device types. These rules are applied when beginning to install, upgrade or change versions of software on any device. Upgrade to new versions of software are disallowed if software incompatibilities exist. The automatic and flexible delivery of constraints include updates for ‘do no harm’ rules, upgrade path definitions for OS/application/configuration templates, and meta data for application configuration actions. These constraints avoid incompatible versions of application packages and OS’s which can cause the system to function improperly or be placed into an unknown or unstable state.

Role-based Administration
Horizon Manager supports administration roles and responsibilities to effectively track and control actions and access through login for managing secure networks. Multiple user accounts are enabled, and tracking of completed actions is performed via audit logs.

Specifications

Feature Details
Configuration management extraction and deployment

Rapidly and securely configure multiple IP appliances and OS settings according to a template and rolled out with a single command

Remote client GUI architecture

Integrates secure remote GUI for a Horizon Manager client to connect securely to the NHM Server

Task scheduler
  • Automates one-time and recurring actions including backups, upgrades, and password changes
Check Point SmartCenter and Provider-1 integration

Check Point Security Management Integration shares data between Horizon Manager and SmartCenter via OPSEC offering the ability to launch Horizon Manager from Check Point Smart Dashboard and for Smart Dashboard to launch Horizon Manager

Supports Check Point Provider-1

Monitoring and Alerts

Monitor critical IP appliance values on a regular basis with flexible polling

  • CPU
  • Memory usage
  • Disk space usage
  • Sensor temperatures
  • Fan speeds
  • Logical and physical packet throughout
  • Logical and physical byte throughput
  • Logical and physical multicast throughput
  • Logical broadcast throughput

Save and export data to reporting tools

Alerts

Set warning thresholds for CPU, memory use, disk use and temperature

High water marks can be set along with a time that level must be exceeded before a warning is issued

Warnings and action failure notices can be sent via email or SMS

Platform management

Inventory management for IP appliances

View/export inventory data from a central console

Configure IP appliance and OS configuration settings such as: network services, host files, cron jobs, static routes, static ARPs, etc.

Install and upgrade of IP appliance operating system

Backup/restore partner application configurations and operating system

Change passwords on multiple devices at one time

Transfer files from central console to devices

Upload files, execute commands or run customized scripts

View results for completed actions

Patch installation

Constraint tables prevent incompatible installation among hardware, operating system, and applications

Reliability and Scalability
Role-based administration adapts to existing security network administration policies and procedures
Ease of Use

Intuitive GUI

Pre-defined best practice actions

"Do No Harm" rules

OS roll-back

Authenticated SSH launch

NHM Service Agreement
  • Global Support and Services
    • First Call—Final Resolution
  • Service packs
  • "Do No Harm" rule updates

Horizon Manager Support Specifications

Feature Details
Supported Platforms
  • IP40
  • IP45
  • IP130
  • IP150
  • IP260
  • IP265
  • IP290
  • IP350
  • IP355
  • IP380
  • IP385
  • IP390
  • IP530
  • IP560
  • IP690
  • IP710
  • IP740
  • IP1220
  • IP1260
  • IP1280
  • IP2250
  • IP2255
  • IP2450
Supported Software
  • Check Point FireWall-1/VPN-1 NG FP3 HF2
  • NG with AI (R55P) for IPSO v3.8
  • NG with AI (R55W)
  • NG with AI (R55)
  • NGX (R60)
  • NGX (R61)
  • NGX (R62)
  • NGX (R65)
  • VSX R2.0
  • VSX R2.1N
  • VSX R2.2N
  • VSX R2.3N
  • VSX 4.1
  • VSX 4.2
  • VSX R65
Supported IPSO Operating Systems
  • IPSO 3.7, 3.7.1, 3.7.89, 3.7.90
  • IPSO 3.8, 3.8.1
  • IPSO 3.9, 3.9.90, 3.9.91, 3.9.92
  • IPSO 4.0, 4.0.1
  • IPSO 4.1
  • IPSO 4.2
  • IPSO 6.0.7
  • IPSO 6.1
  • NSOSP-IP40 1.0.0, 1.0.01, 1.0.02, 1.1, 1.1.01, 1.1.02, 2.0.0, 2.0.01, 3.0.0
  • NSOSP-IP45 3.5.0, 4.0.0
  • IPSO-LX 7.2
  • IPSO 5.0
NHM Server Support
Windows
  • Windows 2003 Enterprise Server
  • Windows 2003 Standard Edition
Solaris SPARC Only
  • Solaris 9
  • Solaris 10
VMWare enabled management platform
NHM Client Support for Windows XP SP3

Next Steps

Resources