The Check Point SmartProvisioning Software Blade provides centralized administration and security provisioning of Check Point devices. Using profiles, administrators can automate device configuration and easily roll out changes to settings to multiple, geographically distributed devices, via a single security management console.

Benefits

Maximizes operational efficiency, enables consistent policy management
  • Automated device management reduces errors and improves security
  • Reduced administrative overhead and rapid deployment of devices
  • Scalable to manage thousands of devices across multiple, disparate networks
Centralizes visibility and management of company-wide security posture
  • Configure and manage all Check Point security devices via a single console
  • Centralized control over appliance deployment, maintenance and recovery
  • Easy management via an intuitive Graphical User Interface (GUI)
Integrated into Check Point Software Blade Architecture
  • Activate SmartProvisioning on any Check Point Security Management system

Features

The SmartProvisioning Software Blade provides an intuitive and easy-to-use security management console to centrally manage device configurations such as operating system and network settings. Networking configurations include DNS, hosts, domain, routing and interface settings.

The SmartProvisioning Blade interface enables easy navigation between the system overview, profile configuration and device configuration panes. The System Overview pane provides a quick snapshot of device status, critical notifications and action status. The Profile pane is the interface for managing provisioning profiles, and the Device pane allows for the easy management of gateways and other device objects.

SmartProvisioning System Overview

System Overview Panel

With the Check Point SmartProvisioning Software Blade, administrators can more easily manage security provisioning of large scale deployments by defining profiles for common security policies and device settings. Each profile defines the gateway properties per profile object—which represents multiple, unlimited gateways with similar properties and policies—rather than per physical gateway. This allows for batch operations and reduced administrative overhead.

The SmartProvisioning Blade uses different types of profiles to manage and provision security gateways, including:

  • Security profiles: A security profile defines a Check Point security policy and other security-based settings for a set of gateways, whether corporate or branch office gateways. Each security profile can hold the configuration of any number of actual gateways, enabling large scale policy management of branch sites and gateways that have similar properties. Examples of such sites can include worldwide retail chain stores, bank ATM machines or car manufacturer dealerships.
  • SmartProvisioning profiles: In order to facilitate the security provisioning and  management of a large number of similarly configured devices, common settings can be configured on an object called the provisioning profile. Each provisioned device is associated with a provisioning profile, and inherits all of the profile’s settings. A provisioning profile can define specific settings for networking, device management and the operating system. Common device settings include DNS, time zones, domain names and routing data. SmartProvisioning profiles can be applied to UTM-1, Power-1, SecurePlatform or UTM-1 Edge appliances. There are specific provisioning profiles for the different appliance products; so for example, UTM-1 Edge appliances will have provisioning profiles unique and different from Power-1 appliances.

All managed devices fetch their assigned profiles from the centralized management server. If the fetched profile differs from the previous profile, the device is updated with the changes. This way, one profile is able to update potentially hundreds and thousands of devices, each acquiring the new common properties while maintaining its own local settings.

A security provisioning wizard enables administrators to configure large scale deployments of devices by allowing them to quickly choose the devices to be configured, fetch current configuration settings and associate devices with a provisioning profile. Each device can be associated to a profile separately or multiple devices can be associated to the same profile at once.

Sometimes, administrators need to perform operations that are not part of a device’s configuration. The SmartProvisioning Software Blade supports these one-time operations or actions on a device or group of gateways, which can include running scripts, installing software packages, creating backup images, rebooting, pushing policy, pushing objects, etc. The progress and status of the action can be easily viewed on the action pane.

The SmartProvisioning Software Blade is integrated into the Software Blade Architecture. It can be easily and rapidly activated on existing Check Point Security Management systems, Smart-1 appliances or open server platforms, saving time and reducing costs by leveraging existing security infrastructure.

Specifications

Feature
Details
Intuitive Simple User Interface (UI)Yes (including SmartProvisioning wizard)
Overview and Status ViewView configuration summary, critical notifications and status
Configuration WizardSimplifies profile creation
Shared ConfigurationProvisioning and security profiles
Granular Device ManagementRouting, DNS, Domain, Interfaces, Date&Time (Edge), DHCP (Edge), Backups, VPN configuration, dynamic objects
Custom Command Line Interface (CLI)Supports scripting device configuration
Running Scripts and Predefined OperationsExecute scripts remotely from the GUI
Fetch ConfigurationYes (SecurePlatform only)
Temporary Disable Central ManagementMaintenance mode for local device administration
Internet Protocol VersionsIPv6 and IPv4