Security Management and Multi-Domain Security Management (Provider-1) delivers more security and control by segmenting your security management into multiple virtual domains. Businesses of all sizes can easily create virtual domains based on geography, business unit or security function to strengthen security and simplify management.


Simplified management and provisioning of security in complex environments
  • Increase flexibility with granular role-based administration
  • Centralize security management while preserving the independence of domains
  • Segment security management based on location, business unit, security function
Stronger security with consistent global policies
  • Single configuration for VPN, firewall, IPS and other protections
  • Create, view and control all management domains from a single console
  • Global Policy Software Blade enforces common security baseline across domains
Integrated into Check Point Software Blade Architecture
  • Transition to multi-domain management for as little as $1500 per Software Blade
  • Activate multi-domain management on any management server
  • Supported systems include: Smart-1 Appliances, IAS Appliances or open servers


Convert an existing security management environment into a multi-domain security management environment by simply adding Check Point Multi-Domain Management Software Blades.


Multi-Domain Security Management

Segregate complex management environments into multiple domains. Each management domain is an independent security management environment with a separate database, log server and its own set of security policies.

Multi-domain Dashboard
Create, view and control all management domains from a single, centralized console. Launch Check Point SmartConsole applications such as SmartDashboard and SmartView Tracker seamlessly for each management domain. Assign global policies to different management domains and create and manage administrators and Graphical User Interface (GUI) clients.


Multi-Domain Management GUI Console

Multi-Domain GUI – comprehensive view of all networks and policies

Separate certificate authorities for each management domain and the multi-domain system ensure secure and private communications between gateways and their management domains, and between management domains and the multi-domain system.

Trusted Communication Between Multi-domain Systems and Related Applications
The Check Point SIC protocol secures all communication between the multi-domain system and respective multi-domain components and servers. The SIC protocol also secures communication and administrative authentication between multi-domain components and SmartConsole applications.

Define templates for global security rules and assign them to multiple domains. Global security policy can be assigned to all managed domains or just to a select group of domains.

Global Objects
Define shared objects at a central location and deploy them globally across multiple domains.

Global VPN Policy
Define and manage VPN communities across multiple domains from a central location.

Global IPS Policy
Define and manage IPS policies across multiple domains from a central location.

Cross-domain Objects Search
Search for network objects across multiple management domains.

Create and centrally manage multiple administrators for multi-domain management environments. Administrators can be assigned to specific domains and multiple administrators can be allowed to work on different management domains simultaneously.

Hierarchical Administrator Role Support
Give administrators permission to manage specific domains or different aspects of the multi-domain system.

Access for Multiple Simultaneous Administrators
Allow multiple administrators to work on different management domains simultaneously.

Multiple Authentication Methods for Administrators
Choose internal certificate authority or external third-party systems, such as RADIUS, TACACS, and RSA, for administrator authentication.

Monitor all multi-domain system components (domains, global policy, administrators, etc.) and gateways from a central location.


Collect and store security gateway logs for each domain in a separate, independent log server.

Multi-domain Log Module Support
Store critical management activity logs separately from traffic logs with an optional dedicated multi-domain server.

Domain for Log Server Support
Optional dedicated domain for log collection and storage, allowing separation of critical domain management activities from logging activities.

Synchronize multi-domain management databases (MDS database, global policy and ICA database) between multiple multi-domain servers. Backup your virtual management domain using standard security management.

Domain High-availability
Synchronize domain databases between many multi-domain servers.

Export/Import of Multi-domain System and Domains
Export and import entire multi-domain systems, or a specific domain, for maximum backup and recovery options.

The Multi-Domain and Global Policy Software Blades are integrated into the Software Blade Architecture. It can be easily and rapidly activated on existing Check Point security management servers saving time and reducing costs by leveraging existing security infrastructure.


CPU Intel Pentium Processor E2140 or 2 GHz equivalent processorUltraSPARC III 900MHzIntel Pentium Processor E2140 or 2 GHz equivalent processor
Memory 4GB4GB4GB
Disk Space 2GB2GB10GB (install includes OS)
CD-ROM DriveYesYesYes (bootable)

CPU Intel Pentium Processor E2140 or 2 GHz equivalent processor
Memory 512MB
Disk Space 500MB
Video Adapter Minimum resolution: 1024 x 768