The Check Point SmartProvisioning Software Blade provides centralized administration and security provisioning of Check Point devices. Using profiles, administrators can automate device configuration and easily roll out changes to settings to multiple, geographically distributed devices, via a single security management console.
BenefitsMaximizes operational efficiency, enables consistent policy management
- Automated device management reduces errors and improves security
- Reduced administrative overhead and rapid deployment of devices
- Scalable to manage thousands of devices across multiple, disparate networks
- Configure and manage all Check Point security devices via a single console
- Centralized control over appliance deployment, maintenance and recovery
- Easy management via an intuitive Graphical User Interface (GUI)
- Activate SmartProvisioning on any Check Point Security Management system
The SmartProvisioning Software Blade provides an intuitive and easy-to-use security management console to centrally manage device configurations such as operating system and network settings. Networking configurations include DNS, hosts, domain, routing and interface settings.
The SmartProvisioning Blade interface enables easy navigation between the system overview, profile configuration and device configuration panes. The System Overview pane provides a quick snapshot of device status, critical notifications and action status. The Profile pane is the interface for managing provisioning profiles, and the Device pane allows for the easy management of gateways and other device objects.
System Overview Panel
With the Check Point SmartProvisioning Software Blade, administrators can more easily manage security provisioning of large scale deployments by defining profiles for common security policies and device settings. Each profile defines the gateway properties per profile object—which represents multiple, unlimited gateways with similar properties and policies—rather than per physical gateway. This allows for batch operations and reduced administrative overhead.
The SmartProvisioning Blade uses different types of profiles to manage and provision security gateways, including:
- Security profiles: A security profile defines a Check Point security policy and other security-based settings for a set of gateways, whether corporate or branch office gateways. Each security profile can hold the configuration of any number of actual gateways, enabling large scale policy management of branch sites and gateways that have similar properties. Examples of such sites can include worldwide retail chain stores, bank ATM machines or car manufacturer dealerships.
- SmartProvisioning profiles: In order to facilitate the security provisioning and management of a large number of similarly configured devices, common settings can be configured on an object called the provisioning profile. Each provisioned device is associated with a provisioning profile, and inherits all of the profile’s settings. A provisioning profile can define specific settings for networking, device management and the operating system. Common device settings include DNS, time zones, domain names and routing data. SmartProvisioning profiles can be applied to UTM-1, Power-1, SecurePlatform or UTM-1 Edge appliances. There are specific provisioning profiles for the different appliance products; so for example, UTM-1 Edge appliances will have provisioning profiles unique and different from Power-1 appliances.
All managed devices fetch their assigned profiles from the centralized management server. If the fetched profile differs from the previous profile, the device is updated with the changes. This way, one profile is able to update potentially hundreds and thousands of devices, each acquiring the new common properties while maintaining its own local settings.
Sometimes, administrators need to perform operations that are not part of a device’s configuration. The SmartProvisioning Software Blade supports these one-time operations or actions on a device or group of gateways, which can include running scripts, installing software packages, creating backup images, rebooting, pushing policy, pushing objects, etc. The progress and status of the action can be easily viewed on the action pane.
The SmartProvisioning Software Blade is integrated into the Software Blade Architecture. It can be easily and rapidly activated on existing Check Point Security Management systems, Smart-1 appliances or open server platforms, saving time and reducing costs by leveraging existing security infrastructure.
|Intuitive Simple User Interface (UI)||Yes (including SmartProvisioning wizard)|
|Overview and Status View||View configuration summary, critical notifications and status|
|Configuration Wizard||Simplifies profile creation|
|Shared Configuration||Provisioning and security profiles|
|Granular Device Management||Routing, DNS, Domain, Interfaces, Date&Time (Edge), DHCP (Edge), Backups, VPN configuration, dynamic objects|
|Custom Command Line Interface (CLI)||Supports scripting device configuration|
|Running Scripts and Predefined Operations||Execute scripts remotely from the GUI|
|Fetch Configuration||Yes (SecurePlatform only)|
|Temporary Disable Central Management||Maintenance mode for local device administration|
|Internet Protocol Versions||IPv6 and IPv4|