Presentation is loading. Please wait.

Presentation is loading. Please wait.

Checkpoint Security lectures

Published byDevi Cahyadi Modified over 5 years ago

Similar presentations

Presentation on theme: "Checkpoint Security lectures"— Presentation transcript:

1 Checkpoint Security lectures
Moving to Provider-1 When and How 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

2 Checkpoint Security lectures
Agenda What is Provider-1 (just a reminder) Why it is better then SMC? Reasons to migrate How to migrate Preparations Process flow Check List 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

3 Checkpoint Security lectures
What is Provider-1 NGX? 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

4 Checkpoint Security lectures
Check Point says: Benefits of Provider-1 NGX Centralized Management Security Product Scalability Multi-Level High Availability (MDS-HA and CMA-HA) Global security and Global VPN communities 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

5 Checkpoint Security lectures
What people say Check Point PS consultant: Global (corporate) policy, objects, services More diversity for administrators privileges Separate DBs for CMAs Consolidate SmartCenters, save Power, money, HW, space Multi user access to the MDS level Each CMA has its own processes, which goes better with multi cores/CPUs 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

6 Checkpoint Security lectures
What people say, cont. (1) Yet another Check Point PS consultant: There are some deployments where P-1 has to be used due to size but mostly due to the organization needs Global objects and global rules, but still having separate CMA based on either country, division, function, role, etc... Also multi-user: If you have 100 FW per SMC, you can only have 1 RW admin. If you need 5 concurrent edits, you need 5 CMA. Ease of backup / restore. Logical separation of policies, logs, etc... 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

7 Checkpoint Security lectures
What people say, cont. (2) CPUG gurus: Consolidates hardware - you only have one management server to look after, not many Patching easier - just apply one patch to the management server, not to many servers User management - particularly with large environments, trying to manage users on a whole lot of different management stations would be a complete nightmare. Easy importing of other management stations. There's also an economic angle to it. A CMA-U is cheaper than a full SmartCenter license, so there's a point when an organization has >5 SmartCenters where Provider-1 becomes a cheaper option. 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

8 Checkpoint Security lectures
What people say, cont. (3) CPUG again: I found the following useful when moving to Provider-1 in a large environment: Centralized policy, administrator, object, and version management is a huge win Consolidation of hardware (Moving from 20 SmartCenter Servers to 3 P1 MDS) Licensing and Logging are easier to manage Services between different business entities are easier to share (VPNs between different regions) but are still logically separate. 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

9 Checkpoint Security lectures
What people say, cont. (3) Check Point Forums on More then 200 views, but no reply… 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

10 Organizational reasons – MSP/ISP
Independent groups of FWs for customers Delegating major administrative functions to customer Parallel administration of policies and objects Need to maintain the Security system in whole Saving some HW and space 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

11 Organizational reasons – Large Enterprise
Different groups of FWs, multiple geographical locations, multiple purposes Delegating major administrative functions to local admin teams Diversification of administration procedures and access rights Global definition for vital policy elements and objects Unified company Security policies Saving some HW and space 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

12 Checkpoint Security lectures
Technical reasons Consolidation of several management servers on a few machines Easy maintenance Better backups Nice performance Multiuser access, flexible admin rights And not named before: VSX.. 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

13 Checkpoint Security lectures
VSX on Providers-1 VSX migration from Smart Center to Provider-1 is hardy doable Consider using Provider-1 if you want to implement VSX 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

14 Migrations on Provider-1 environment
So, how do we do it after all? 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

15 Checkpoint Security lectures
Tips and tools Doable between version and Operational Systems Manually or by using tools Can and should be simulated in the lab before touching production systems What to use? cma_migrate migrate_assist migrate_global_policies And some manual work, anyway 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

16 Checkpoint Security lectures
Before you start Prepare your licenses the hardest part Plan IP address for MDS and CMAs Plan initial administrators for OS and MDG The options are to keep SMC IP or use another Install Provider-1 MDS 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

17 Materials from Smart Center
$FWDIR/conf -> conf $FWDIR/database -> database $FWDIR/logs -> logs (optional) $CPDIR/conf -> conf.cpdir $CPDIR/database -> database.cpdir Zip them and prepare to transfer to P1 machine 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

18 Creating a new customer
Create a new customer, name it as you wish Get through the wizard, assign: GUI clients Administrators Plug-ins (R65 and up) Then… 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

19 Checkpoint Security lectures
Creating a CMA DO NOT start it! Choose to migrate Put the collected files into some folder on P1 and unzip Type in the folder onto the dialog window 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

20 Checkpoint Security lectures
Potential issues Migration fails DB corruption MDS related issues Out of space MDS is too slow Not the right files  Some good reasons to simulate before going onto production You always can delete CMA and customer and start over 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

21 Checkpoint Security lectures
Potential issues, cont. Implicit FW rules do not catch new MGMT IP To resolve this, create a dummy MGMT object, add it to masters list before migration and push policy Third party devices block new MGMT IP Change policies on them before migration CMA cannot start Most probably licensing issue If not, debug failing process 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

22 Checklist after migration
SIC with managed objects Log server definition on Enforcement points Policy installation works Logs Licenses – to check twice (especially central ones) 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

23 Checkpoint Security lectures
Questions? Thank you guys 21-May-19 Checkpoint Security lectures By Valeri Loukine, 2008

Download ppt "Checkpoint Security lectures"

Similar presentations

Donnie Hamlett Technology Specialist Microsoft Corporation Microsoft Services for NetWare 5.0 Overview Overview Directory Synchronization Services Directory.

Donnie Hamlett Technology Specialist Microsoft Corporation Microsoft Services for NetWare 5.0 Overview Overview Directory Synchronization Services Directory.
A quick and easy way to prepare and manage UCC filings!

A quick and easy way to prepare and manage UCC filings!
David Johnson | Page #1 © 2009 Blackbaud What Every Blackbaud DBA Ought to Know Welcome to the Support Roundtable for DBAs Presenter: David Johnson, Technical.

David Johnson | Page #1 © 2009 Blackbaud What Every Blackbaud DBA Ought to Know Welcome to the Support Roundtable for DBAs Presenter: David Johnson, Technical.
Data - Information - Knowledge

Data - Information - Knowledge
1 Chapter 1 Introduction to Windows Server 2003. 2 Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.

1 Chapter 1 Introduction to Windows Server Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.
1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
A Tour of System Center Configuration Manager Adam Duffy Edina Public Schools.

A Tour of System Center Configuration Manager Adam Duffy Edina Public Schools.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
SYSTEM CENTER: ENDPOINT PROTECTION FUNDAMENTALS Howard A. Carter III Senior Consultant Microsoft Consulting Services September 21, 2013 TechGate 2013 –

SYSTEM CENTER: ENDPOINT PROTECTION FUNDAMENTALS Howard A. Carter III Senior Consultant Microsoft Consulting Services September 21, 2013 TechGate 2013 –
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
Module 1: Installing Active Directory Domain Services

Module 1: Installing Active Directory Domain Services
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
Module 8: Managing Client Configuration and Connectivity.

Module 8: Managing Client Configuration and Connectivity.
Successful Deployment and Solid Management … Close Relatives Tim Sinclair, General Manager, Windows Enterprise Management.

Successful Deployment and Solid Management … Close Relatives Tim Sinclair, General Manager, Windows Enterprise Management.
Windows 2003 Overview Lecture 1. Windows Networking Evolution Windows for Workgroups – peer-to-peer networking built into the OS Windows NT – separate.

Windows 2003 Overview Lecture 1. Windows Networking Evolution Windows for Workgroups – peer-to-peer networking built into the OS Windows NT – separate.

Similar presentations

Ads by Google