Check Point SmartProvisioning

The SmartProvisioning Software Blade provides an intuitive and easy-to-use security management console to centrally manage device configurations such as operating system and network settings. Networking configurations include DNS, hosts, domain, routing and interface settings.

The SmartProvisioning Blade interface enables easy navigation between the system overview, profile configuration and device configuration panes. The System Overview pane provides a quick snapshot of device status, critical notifications and action status. The Profile pane is the interface for managing provisioning profiles, and the Device pane allows for the easy management of gateways and other device objects.

System Overview Panel

With the Check Point SmartProvisioning Software Blade, administrators can more easily manage security provisioning of large scale deployments by defining profiles for common security policies and device settings. Each profile defines the gateway properties per profile object—which represents multiple, unlimited gateways with similar properties and policies—rather than per physical gateway. This allows for batch operations and reduced administrative overhead.

The SmartProvisioning Blade uses different types of profiles to manage and provision security gateways, including:

• Security profiles: A security profile defines a Check Point security policy and other security-based settings for a set of gateways, whether corporate or branch office gateways. Each security profile can hold the configuration of any number of actual gateways, enabling large scale policy management of branch sites and gateways that have similar properties. Examples of such sites can include worldwide retail chain stores, bank ATM machines or car manufacturer dealerships.
• SmartProvisioning profiles: In order to facilitate the security provisioning and  management of a large number of similarly configured devices, common settings can be configured on an object called the provisioning profile. Each provisioned device is associated with a provisioning profile, and inherits all of the profile's settings. A provisioning profile can define specific settings for networking, device management and the operating system. Common device settings include DNS, time zones, domain names and routing data. SmartProvisioning profiles can be applied to UTM-1, Power-1, SecurePlatform or UTM-1 Edge appliances. There are specific provisioning profiles for the different appliance products; so for example, UTM-1 Edge appliances will have provisioning profiles unique and different from Power-1 appliances.

All managed devices fetch their assigned profiles from the centralized management server. If the fetched profile differs from the previous profile, the device is updated with the changes. This way, one profile is able to update potentially hundreds and thousands of devices, each acquiring the new common properties while maintaining its own local settings.

A security provisioning wizard enables administrators to configure large scale deployments of devices by allowing them to quickly choose the devices to be configured, fetch current configuration settings and associate devices with a provisioning profile. Each device can be associated to a profile separately or multiple devices can be associated to the same profile at once.

Sometimes, administrators need to perform operations that are not part of a device’s configuration. The SmartProvisioning Software Blade supports these one-time operations or actions on a device or group of gateways, which can include running scripts, installing software packages, creating backup images, rebooting, pushing policy, pushing objects, etc. The progress and status of the action can be easily viewed on the action pane.

The SmartProvisioning Software Blade is integrated into the Software Blade Architecture. It can be easily and rapidly activated on existing Check Point Security Management systems, Smart-1 appliances or open server platforms, saving time and reducing costs by leveraging existing security infrastructure.

Feature	Details
Intuitive Simple User Interface (UI)	Yes (including SmartProvisioning wizard)
Overview and Status View	View configuration summary, critical notifications and status
Configuration Wizard	Simplifies profile creation
Shared Configuration	Provisioning and security profiles
Granular Device Management	Routing, DNS, Domain, Interfaces, Date&Time (Edge), DHCP (Edge), Backups, VPN configuration, dynamic objects
Custom Command Line Interface (CLI)	Supports scripting device configuration
Running Scripts and Predefined Operations	Execute scripts remotely from the GUI
Fetch Configuration	Yes (SecurePlatform only)
Temporary Disable Central Management	Maintenance mode for local device administration
Internet Protocol Versions	IPv6 and IPv4