SmartProvisioning Software Blade
Overview
Network security administrators constantly need to provide routine maintenance on security devices dispersed across their company network. Performing network maintenance one device at a time is labor intensive, creates inconsistencies in policies and increases the likelihood of errors introduced into the system.
The SmartProvisioning Management Software Blade provides centralized administration and provisioning of Check Point security devices via a single management console. Using profiles, a network administrator can easily deploy security policy or configuration settings to multiple, geographically distributed devices. The SmartProvisioning Blade also provides centralized backup management and a repository of device configurations so administrators can easily apply existing configurations to new devices. By automating device configuration, the SmartProvisioning Blade reduces administrative overhead, reduces errors and ensures security consistency across the network.
Key Benefits
- Reduced administrative overhead
- Rapid deployment and replacement of devices
- Automated device management reduces errors and improves security
- Centralized control over appliance deployment, maintenance and recovery
- Scalable to manage thousands of devices across multiple, disparate networks
Features
- Centralized Device Configuration
- System Overview
- Device View
- Profile View
- Profile-Based Management
- Centralized SmartProvisioning Wizard
- Scheduled Actions
Centralized Device Configuration
The SmartProvisioning Software Blade provides an intuitive and easy interface to centrally manage device configurations such as operating system and network settings. Networking configurations include DNS, hosts, domain, routing and interface settings.
The SmartProvisioning Blade interface enables easy navigation between the system overview, profile configuration and device configuration panes. The System Overview pane provides a quick snapshot of device status, critical notifications and action status. The Profile pane is the interface for managing provisioning profiles, and the Device pane allows for the easy management of gateways and other device objects.
System Overview
Device View
Profile View
Profile-Based Management
The Check Point SmartProvisioning Management Blade is based on profiles which enable an administrator to manage large scale deployments that benefit from common security policies and device settings. Each profile defines the gateway properties per profile object - which represents multiple, unlimited gateways with similar properties and policies – rather than per physical gateway. This means that time invested in each device can be minimized and batch operations performed, thereby reducing administrative overhead.
The SmartProvisioning Blade uses different types of profiles to manage and provision security gateways.
Security Profiles: A security profile defines a Check Point security policy and other security-based settings for a set of gateways. These gateways can be corporate or branch office gateways. Each security profile can hold the configuration of any number of actual gateways, enabling large scale policy management of branch sites and gateways that have similar properties. Examples of such sites can include worldwide retail chain stores, bank ATM machines or car manufacturer dealerships.
SmartProvisioning Profiles: In order to facilitate the management of a large number of similarly configured devices, common settings can be configured on an object called the provisioning profile. Each provisioned device is associated with a provisioning profile, and thus inherits all of the profile's settings. A provisioning profile can define specific settings for networking, device management, and the operating system. Common device settings include DNS, time zones, domain names and routing data. SmartProvisioning profiles can be applied to UTM-1, Power-1, SecurePlatform or UTM-1 Edge appliances. There are specific provisioning profiles for the different appliance products; so for example, UTM-1 Edge appliances will have provisioning profiles unique and different from Power-1 appliances.
All devices managed fetch their assigned profiles from the centralized management server. If the fetched profile differs from the previous profile, the device is updated with the changes. Thus, one profile is able to update potentially hundreds and thousands of devices, each acquiring the new common properties, while maintaining its own local settings.
Centralized SmartProvisioning Wizard
A provisioning wizard enables you to configure large scale deployments of devices. The wizard enables an administrator to quickly choose the devices to be configured, fetch current configuration settings and associate devices with a provisioning profile. Each device can be associated to a profile separately, or multiple devices to the same profile at once.
Scheduled Actions
Sometimes, administrators need to perform operations that are not part of a device’s configuration. The SmartProvisioning Blade supports these one time operations or actions on a device or group of gateways which can include running scripts, installing software packages, creating backup images, rebooting, pushing policy, pushing objects, etc. The progress and status of the action can be easily viewed on the action pane.
Specifications
| Feature | Details |
|---|---|
| Intuitive simple UI | Yes (including SmartProvisioning wizard) |
| Backup | Immediate and scheduled |
| Configuration | Routing, DNS, Domain, Interfaces, Date&Time (Edge), DHCP (Edge) |
| Shared configuration | Uses profiles |
| Package management | Supported |
| Custom CLI | Supported |
| Configuration and security separation | Permission and dedicated application |
| Configuration wizard | Yes |
| Running scripts and predefined operations | Yes |
| Fetch configuration | Yes (SecurePlatform only) |
| Overview and status view | Yes |
| Device software management | Yes |
| Control administrator access | Yes |
| Scheduled actions | No |
| Temporary disable central management | Yes |
Support
Threats to the network are constantly evolving and becoming more sophisticated. To maintain continuity and productivity, defenses must advance as quickly to deliver the technology and features that protect the business. Check Point Update service protects against emerging threats with critical hot software fixes, service packs, and major software upgrades.
Benefits
- Ensures continuous security with access to critical hot fixes and service packs
- Maximizes ROI and investment with access to major upgrades and enhancements
- Increases security with the latest applications, features, and technologies
Next Steps
- Find a Partner
- Call US sales: 1-866-488-6691
- Contact Us Online
Resources
Check Point Software Blade Architecture Brochure- Software Blades Demo
- Software Blade Architecture White Paper
Software Blades
Security Management Software Blades