The Check Point SmartWorkflow Software Blade provides a seamless and automated process for policy change management that helps administrators reduce errors and enhance compliance. Enforce a formal process for editing, reviewing, approving and auditing policy changes from a single console, for one-stop, total policy lifecycle management.

Benefits

Increase security with total visibility and control of policy changes
  • Automatic, formal process for tracking, approving and auditing policy changes
  • Flexible authorization conforms to established company approval processes
  • All policy changes are made from Check Point's unified SmartDashboard console
Enhanced compliance and increased operational efficiency
  • Stay compliant by maintaining visibility and control of constantly changing policy
  • Advanced auditing and reporting tracks the evolution of policy changes
  • Streamlined change management reduces errors and saves administrator time
Flexible and extensible Software Blade for simple, cost-effective deployment
  • Easy one-click activation on any Check Point security management server
  • Deploy SmartWorkflow within your existing security environment or infrastructure
  • Flexible Software Blade Architecture allows deployment without capital costs

Features

Via the SmartDashboard graphical user interface, the SmartWorkflow Software Blade provides an intuitive and easy-to-use security management console to centrally manage the editing, reviewing, approving and auditing of policy changes.

Administrators have a constant need to make firewall changes. These changes are often done manually and hurriedly and can result in mis-configurations and duplication of rules. The SmartWorkflow Software Blade helps administrators track these changes in entities called sessions—logical units that contain a set of changes made within SmartDashboard. Administrators can track changes made to rule bases, network objects, security policies, users, administrators, groups, OPSEC applications, VPN communities and servers.

Changes made to rules and objects are easily viewed in SmartDashboard, enabling administrators to review the impact of the changes on the entire rule-base.

View Chages to Rule Base

Figure 1: Easily view changes made to the rule base

Administrators can scroll through the changes in chronological order or they can generate a summary change report that provides a comprehensive picture of the changes that were made during the current session. Clicking on a link in the “name” column of the summary change report will generate a detailed list of how the specific object has changed, who changed it as well as the previous time it was modified and by whom.

Policy Change Summary Report

Figure 2: Policy change summary report

SmartWorkflow adds an extra layer of security by requiring a manager’s approval before installing a changed security policy (the “four-eyes” principle).  Authorized managers can either approve the session or request that modifications be made to the session.

In addition, SmartWorkflow can adapt to existing change management approval processes. It can be configured so that only managers can approve a change or the administrator can approve his own changes or, in the case of an emergency, it can be configured so that a policy can be installed without official approval and the appropriate password.

Prior to approving a session, a manager can review the security configuration change summary report and see the objects that were added, changed or deleted and compare these changes to the security policy that is currently installed.  In addition, via the SmartDashboard “read-only” mode, managers can review the changes between any two sessions or they can view the changes of a single session.

SmartWorkflow enables administrators to track changes that have been made to objects, security policies and session events over an extended period of time. These changes are recorded in SmartView Tracker as audit logs.

The SmartWorkflow Software Blade is integrated into the Software Blade Architecture. It can be easily and rapidly activated on existing Check Point security management servers, saving time and reducing costs by leveraging existing security infrastructure.

Specifications

SmartWorkflow Specifications

Feature
Detail 
Session-based Policy ChangesSecurity policy changes are done in the context of a session
Notes can be added to sessions for clarification
Changes made within a session can be discarded
Sessions submitted for approval are “locked” for editing
Flexible AuthorizationRole-based approval (“four eyes” principle)
Self-approval
Emergency bypass (requires password)
Policy InstallationOnly approved policies can be installed
Installation email notification
HighlightingChanges highlighted in Check Point SmartDashboard
List of changes in SmartDashboard
ReportsReport of session changes in HTML format
Reports can be saved/emailed/printed
Session Information TrackingSession information pane with session info, notes and list of changes
Review changes in sequential order
Session TrackingView all sessions created
View session changes
View session status (pending, approved, rejected, etc.)
Session ComparisonCompare changes between different sessions
Compare changes between installed session and an approved session
Comprehensive AuditingEvery step in session is logged (session creation, submission, approval/rejection, installation)
Every change created within a session generates an audit log
All session audit logs have a session ID for session filtering
All session audit logs contain change description: old/new value, session information, admin information
Session audit logs are sent to Check Point SmartView Tracker
All changes to objects generate an audit log
All changes to rules generate an audit log
Check Point Management IntegrationSeamless integration with Check Point Network Policy Management
Check Point Multi-Domain Security Management (Provider-1) support
Track changes for CMAs
Track changes on global policy
Internet Protocol Version  IPv6 and IPv4