Page 1 12 April 2022 QUANTUM SPARK 1500, 1600 AND 1800 APPLIANCE SERIES R80.20.40 Locally Managed Administration Guide...
Page 2 Refer to the Copyright page for a list of our trademarks. Refer to the Third Party copyright notices for a list of relevant copyrights and third-party licenses. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 2...
Page 3 Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments. Revision History Date Description 12 April 2022 First release of this document Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 3...
Page 4: Table Of Contents
L2TP VPN Client configuration Configuring Site to Site VPN with a Preshared Secret Introduction Prerequisites Configuration Monitoring Configuring Site to Site VPN with a Certificate Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 4...
Page 5 DS-Lite (Dual Stack Lite, IPoE) IPIP Creating a New Bond (WAN) Configuring a USB Cellular Connection Configuring an LTE Internet Connection (WiFi-LTE models only) The 'Connection Monitoring' tab Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 5...
Page 6 Backing up the System Configuring Local and Remote System Administrators Configuring Administrator Access Managing Device Details Managing Date and Time Configuring DDNS and Access Service Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 6...
Page 7 Configuration Working with User Awareness Configuring the QoS Blade Working with QoS Policy SSL Inspection Policy SSL Inspection Deploying SSL Inspection SSL Inspection Bypass Policy Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 7...
Page 8 Configuring the Site to Site VPN Blade Configuring VPN Sites Configuring Advanced Site to Site Community Settings Viewing VPN Tunnels Configuring Advanced Site to Site Settings Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 8...
Page 9 Wireless Active Devices Paired Mobile Devices Viewing Infected Devices Viewing VPN Tunnels Viewing Active Connections Access Points Viewing Monitoring Data Viewing Reports Using System Tools SNMP Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 9...
Page 10 Restoring Factory Defaults RESTful API Enabling and disabling the REST API Request Structure Response Structure Versioning REST API Commands (1) Login (2) Logout (3) Generate-Report (4) Run-Clish-Command Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 10...
Page 11: Quantum Spark 1500, 1600 And 1800 Appliance Series Overview
SD card and Dual SIM card for the 1570 / 1590 appliances. For more information, see the 1500 appliance series product page. This guide describes all aspects that apply to the Quantum Spark 1530 / 1550, 1570R, and 1570 / 1590 Appliances.
Page 12 Review these materials before doing the procedures in this guide: R80.20.40 SMB Release Notes Known Limitations Resolved Issues Getting Started Guide Small Business Security video channel See the SMB R80.20.40 home page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 12...
Page 13: Getting Started
"Managing Threat Prevention" on page 198 7. Make sure the appliance works as required. "Logs and Monitoring" on page 276 8. Configure other required settings, such as: Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 13...
Page 14 Getting Started "Configuring VPN" on page 25 "Managing VPN" on page 217 VPN (see Clusters (see "Managing Clusters" on page 30 QoS (see "Configuring QoS" on page 33 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 14...
Page 15: Setting Up The Quantum Spark Appliance
Setting up the Quantum Spark Appliance To set up the Quantum Spark 1530 / 1550, 1570 / 1590, 1570R, 1600, and 1800 Appliance: 1. Remove the Quantum Spark Appliance from the shipping carton and place it on a tabletop. 2. Identity the network interface marked as LAN1.
Page 16: First Time Deployment Options
"Zero Touch Cloud Service" on page 17 "Deploying from a USB Drive or SD Card" on page 18 Note - SD card deployment is supported only in 1570 / 1590 appliances. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 16...
Page 17: Zero Touch Cloud Service
After the gateway downloads and successfully applies the settings, it does not connect to the Zero Touch server again. For more information on how to use Zero Touch, see sk116375 and the R80.20 ZeroTouch Web Portal Administration Guide Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 17...
Page 18: Deploying From A Usb Drive Or Sd Card
Deploying from a USB Drive or SD Card You can deploy the Quantum Spark Appliance configuration files from a USB drive or SD card (1570 / 1590, 1600 / 1800 appliances only) and quickly configure many appliances without using the First Time Configuration Wizard.
Page 19: Deploying The Configuration File - Initial Configuration
You can insert the USB drive in the front or rear USB port. Make sure the USB drive is formatted in FAT32. You can deploy the configuration file to the Quantum Spark Appliance when the appliance is off or when it is powered on.
Page 20: Deploying The Configuration File - Existing Configuration
USB drive. The USB drive can be inserted in the front or the rear USB port. You can deploy the configuration file to the Quantum Spark Appliance either when the appliance is off or when it is powered on.
Page 21: Troubleshooting Configuration Files
1. The USB drive with the configuration file is inserted into a USB port on the Quantum Spark Appliance. 2. The USB LED on the front panel blinks red. There is a problem with the configuration file script.
Page 22: Sample Configuration Log With Error
The appliance only runs the next configuration script from a USB drive. set property USB_auto_configuration any The appliance always runs configuration scripts from a USB drive. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 22...
Page 23: Configuration And Upgrade Scenarios
This chapter contains workflows for common configuration and upgrade scenarios. Configuring Cloud Services Introduction Cloud Services lets you connect your Quantum Spark.Appliance to a Cloud Services Provider that uses a Web-based application to manage, configure, and monitor the appliance. Prerequisites Before you connect to Cloud Services, make sure you have: Received an email from your Cloud Services Provider that contains an activation link.
Page 24: Configuring A Guest Network
Note - You are shown the Hotspot portal one time in the given timeout period. The default timeout period is 4 hours. User activity on this network is logged with user names if the Log traffic option was selected. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 24...
Page 25: Configuring Vpn
To allow only specified users to connect with a remote access client, set group permissions for the applicable user type. Select the arrow next to the option and select the relevant group option. See "Configuring Remote Access Users" on page 220 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 25...
Page 26: L2Tp Vpn Client Configuration
"Configuring Advanced Remote Access Options" on page 229 Monitoring To make sure Remote Access is working: Use the configured client to connect to an internal resource from a remote host. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 26...
Page 27: Configuring Site To Site Vpn With A Preshared Secret
VPN encryption settings must be the same on both sides (the local gateway and the peer gateway). This is especially important when you use the Custom encryption option. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 27...
Page 28: Configuration
Certificates" on page 116 5. Make sure that the CA is installed on both of the gateways. Use the option in "Managing Trusted CAs" on page 244 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 28...
Page 29: Monitoring
1. Pass traffic between the local and peer gateway. 2. Go to > VPN Tunnels to monitor the tunnel status. See "Viewing VPN Tunnels" on page 240 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 29...
Page 30: Managing Clusters
Configure Cluster. 3. Follow the wizard steps and configure the appliance as a primary member. For more information, see "Configuring High Availability" on page 121 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 30...
Page 31: Upgrading A Cluster
3. Upgrade the active member. The active member automatically reboots. Note - The upgrade process is the same for each cluster member. Only manual upgrade is supported. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 31...
Page 32 2. Follow the Wizard instructions to upgrade the cluster member. The upgrade process automatically reboots the member. To see the status of each cluster member: Go to Device > High Availability. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 32...
Page 33: Configuring Qos
QoS Blade" on page 188 Define manual rules for further granularity if necessary in Access Policy > > Policy. See "Working with QoS Policy" on page 190 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 33...
Page 34: Appliance Configuration
The Quantum Spark Appliance uses a web application to configure the appliance. After you use the First Time Configuration Wizard (see the Quantum Spark Appliance Getting Started Guide ), when you connect to the appliance with a browser (with the appliance's IP or, if the appliance is used as a DNS proxy or DHCP server, to "my.firewall"), it redirects the web page to a secure HTTPS...
Page 35: The Home Tab
System page shows an overview of the Quantum Spark Appliance. The Quantum Spark Appliance requires only minimal user input of basic configuration elements, such as IP addresses, routing information, and blade configuration. The initial configuration of the Quantum Spark Appliance can be done through a First Time Configuration Wizard. When initial configuration is completed, every entry that uses http://my.firewall shows the WebUI...
Page 36: Controlling And Monitoring Software Blades
1. Click the cogwheel icon next to the On/Off lever. The blade settings window opens. 2. View the details or select options to change current settings. 3. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 36...
Page 37 Click the icon to close the demo. To view an alert: 1. Hover over the alert triangle. 2. Click the applicable link. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 37...
Page 38: Setting The Management Mode
(for example, when in a lab setting). Click Next. 3. In the Security Management Server Connection page, select a connection method: Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 38...
Page 39 Internet To test connectivity, click Test Connection Status. A status message shows the results of the test. You can click Settings to configure Internet connections. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 39...
Page 40: Configuring Cloud Services
At the bottom of the login page - The name defined by the Cloud Services Provider for your Security Gateway and the MAC address of the Quantum Spark Appliance. At the top of the WebUI application (near the search box) - The name of your Quantum Spark Appliance.
Page 41 Cloud Services is turned on. Cloud Services Server widget is shown on the status bar and shows Connected. If you click this widget, the Cloud Services page opens. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 41...
Page 42 To get an updated security policy, activated blades, and service settings: Click Fetch now. The appliance gets the latest policy, activated blades, and service settings from Cloud Services. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 42...
Page 43: Managing Licenses
After initial activation, the Activate License button shows as Reactivate. If you make changes to your license, click Reactivate to get the updated license information. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 43...
Page 44 When the country and wireless region match, you see the full settings. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 44...
Page 45: Viewing The Site Map
Send push notifications and select the types of notifications. 3. Click Apply. This page is available from the Home Logs & Monitoring page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 45...
Page 46: Managing Active Devices
The display shows the devices connected to the gateway through a Hotspot. You can revoke the Hotspot access for one or more devices. This disconnects the device from the gateway and requires the device to log in again through the Hotspot. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 46...
Page 47 5. Click Apply. Note - You can also do this from the Users & Objects > Network Objects page. Click New, and then for Type, select Device. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 47...
Page 48: Viewing Monitoring Data
The total traffic for that time interval Total traffic statistics - Next to the area graph you can see total traffic statistics for the last day or hour. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 48...
Page 49: Troubleshooting
Links to pages that can be useful for monitoring and troubleshooting purposes. Note - This page is available from the Home Logs & Monitoring tabs. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 49...
Page 50: Viewing Reports
Note - Only the last generated report for each report type is saved in the appliance. When you generate a new report, you override the last saved report for the specified type. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 50...
Page 51 Report Pages Each report page shows a detailed graph, table, and descriptions. Note - This page is available from the Home Logs & Monitoring tabs. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 51...
Page 52: Using System Tools
1. Click Generate CPInfo File. A message next to the button shows the progress. 2. Click Download CPInfo File to view or save the CPInfo file. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 52...
Page 53 To download the Windows driver for Mini-USB console socket: Click the Download link. Note - This page is available from the Home, Device, and Logs & Monitoring tabs. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 53...
Page 54: Managing The Device
(if not configured at all), (for another Internet connection), or Edit. The New or Edit Internet Connection window opens. 2. Configure the fields in the tabs as described below. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 54...
Page 55: The 'Configuration' Tab
For a DSL over DMZ Connection, select SFP-DSL. For a non-DSL connection, select RJ45/SFP-Fiber. 3. Click Apply. Note – If the appliance has an internal modem, an external modem is not supported. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 55...
Page 56 - You cannot use these characters in a password or shared secret: { } [ ] ` ~ | ‘ " \ Maximum number of characters: 255 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 56...
Page 57 IPv4 and IPv6. The New IPv6 Internet Connection window opens. 2. Enter the Connection name. 3. Select the Interface. 4. Select the Connection type: Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 57...
Page 58: Prefix Delegation (Ipv6 Only)
A network or bridge with prefix delegation enabled must have the IPv6 Auto Assignment set to SLAAC, DHCPv6, or Disabled. For each delegated network, the behavior depends on the IPv6 Auto Assignment settings: Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 58...
Page 59: Neighbor Discover Protocol (Nd Proxy) - Ipv6 Only
8. Make sure Prefix Delegation is disabled: 9. Expand the Prefix Delegation section and make sure that Enable prefix delegation for this Internet Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 59...
Page 60: Ds-Lite (Dual Stack Lite, Ipoe)
IPIP uses the same IPv4-over-IPv6 tunnel as DS-Lite, but you can configure a static IPv4 address, which is globally routable. The gateway first establishes an IPv6 connection to the ISP. The IPv6 address consists of: Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 60...
Page 61 Configure the default of the IPIP interface to 1460 (IPv4 default = 1500). The size of the IPv6 header is 40. 9. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 61...
Page 62: Creating A New Bond (Wan)
Add an internet connection... New Internet Connection window opens in the Configuration tab. 2. Configure the rest of the fields as for a new connection. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 62...
Page 63: Configuring A Usb Cellular Connection
LTE modem show the Cellular tab. For Security Gateways with cellular Internet connections, you can switch the active image between carrier- approved firmware configurations. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 63...
Page 64 Use connection as VLAN - Select this checkbox to add a virtual Internet interface. VLAN ID - Enter a VLAN ID between 1 and 4094. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 64...
Page 65: The 'Connection Monitoring' Tab
Probe DNS servers - When you select this option, the appliance probes the DNS servers as defined in the Internet connection and expects responses. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 65...
Page 66: The 'Advanced' Tab
Authentication method. Connect on demand - Select the Connect on demand checkbox if necessary. This is relevant only when you are in high availability mode. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 66...
Page 67 ISP for the Internet upload and download bandwidth. Make sure that the QoS blade is turned on. You can do this from Home > Security Dashboard > > ON. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 67...
Page 68: Monitoring
Note - This section applies to both IPv4 and IPv6 connections. On the Internet Connectivity page, click Connection monitoring... The Monitoring Servers table shows the configured connections: Connection - Name. For example, Internet1. Server Name Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 68...
Page 69 Cellular Modem Monitoring window: Cellular radio Cellular modem Operator SIM cards - Which SIM is active, primary or disabled. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 69...
Page 70: Configuring Wireless Network
You can set scheduled times for the WiFi to be on and off and differentiate between radio bands (2.4GHz and 5GHz). Use Case: Set the WiFi to work only during normal business hours and be off on weekends when the business is closed. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 70...
Page 71 5.0 GHz (802.11ac/n) radios. When these signals are detected, the operating frequency of the 5.0 GHz (802.11ac/n) radio switches to one that does not interfere with the radar systems. DFS is enabled by default. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 71...
Page 72 To allow a specific device to connect, add a new MAC address to the table. Click New, enter the device's MAC address and click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 72...
Page 73 Select one of these options: Auto - Use the DNS configuration of the device Use the following IP addresses - Enter the first, second and third DNS servers Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 73...
Page 74: Wi-Fi Quality Analyzer
When you finish editing the network, click Apply. Wi-Fi Quality Analyzer Background The Wi-Fi Quality Analyzer detects the Wi-Fi networks near the appliance and shows the report with this information: Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 74...
Page 75 Please consult the following table regarding the individual clients connected to the appliance ExampleClient1 mac=XX:XX:XX:XX:XX:XX: rssi = 55, very good quality ExampleClient2 mac=XX:XX:XX:XX:XX:XX: rssi = 21, good quality Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 75...
Page 76: Configuring The Local Network
To create any of the above options: Click and select the option you want. To edit/delete/enable/disable any of the above options: Select the relevant row and click Edit/Delete/Enable/Disable. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 76...
Page 77: Reserved Ip Address For Specific Mac
Note - Between the LAN ports of a switch, traffic is not monitored or inspected. To create/edit a switch configure the fields in the tabs: The 'Configuration' tab Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 77...
Page 78: Wan As Lan
The WAN port (like the DMZ port), can only be used for a BOND network as part of an internet (external) network. The WAN as LAN feature is disabled by default. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 78...
Page 79: Monitor Mode
The network definition features and table show. 6. Click New. 7. Enter the network address. 8. Enter the subnet. An internal network can be a 255.255.255.255 subnet, for one host. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 79...
Page 80: Physical Interfaces
Configure the fields in the tabs. Note that for the DMZ there is an additional tab Access Policy: The 'Configuration' tab Assigned to - Select the required option: Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 80...
Page 81: Bridge
- Enter an optional description. The description is shown in the local network table next to the name. MTU size - Configure the Maximum Transmission Unit size for an interface. Note that in the Quantum Spark Appliance, the value is global for all physical LAN and DMZ ports. Disable auto negotiation - Select this option to configure manually the link speed of the interface.
Page 82 [SWITCH] --- VLAN Trunk --- (LAN) [Appliance in Bridge Mode] (WAN) --- VLAN Trunk --- [ROUTER] Example physical topology after the change (configuring an interface with a dummy IP address): Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 82...
Page 83 5. Select this attribute. 6. Click Edit. 7. Enter the same IP address you assigned to the dedicated interface (in our example, LAN4). 8. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 83...
Page 84: Vlans
A customer is migrating his device to a new subnet, but wants the host to still be able to "approach" a resource such as a printer on his old subnet during the transition period. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 84...
Page 85: Vpn Tunnel (Vti)
The VPN tunnel and its properties are defined by the VPN community that contains the two gateways. You must define the VPN community and its member Security Gateways before you can create a VTI. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 85...
Page 86: Virtual Access Point (Vap)
> Internet pages. Use the following IP addresses - Enter the IP addresses for the First DNS server, Second DNS server, and Third DNS server. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 86...
Page 87: Bond
To create a BOND (LAN): 1. In the Local Network page, click and select BOND (Link Aggregation). New BOND window opens. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 87...
Page 88 Hash policy from the dropdown menu (Layer2 or Layer3+4). 8. Click Apply. "Configuring Internet Connectivity" on page 54 To create a WAN BOND, see Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 88...
Page 89: Configuring A Hotspot
Edit <interface> window opens. 3. Select Hotspot. 4. Click Apply. Any user that browses from configured interfaces is redirected to the Check Point Hotspot portal. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 89...
Page 90 5. To customize a logo for all portals shown by the appliance (Hotspot and captive portal used by User Awareness), click Upload, browse to the logo file and click Apply. If necessary, click Use Default revert to the default logo. 6. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 90...
Page 91 The same user cannot log in to the Hotspot portal from more than one computer at a time. On the Active Devices page (available through the Home Logs & Monitoring tabs), you can revoke Hotspot access for connected users. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 91...
Page 92: Configuring The Routing Table
2. Click next hop and select an option in the new window that opens: Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 92...
Page 93 Click Use this gateway's IP address as the default gateway. Select Use the following IP address and enter an IP address. 5. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 93...
Page 94 To delete an existing route: Select the route and click Delete. To enable or disable an existing route: Select the route and click Enable or Disable. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 94...
Page 95: Configuring Mac Filtering
Disable MAC filtering. To enable, clear this option. 5. Click Apply. Note - MAC filtering is not supported on external, DMZ, and port bonding interfaces. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 95...
Page 96: 802.1X Authentication Protocol
LAN ID. 4. In the Advanced tab, select Activate 802.1x authentication. 5. Enter a time for Re-authentication frequency (in seconds). 6. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 96...
Page 97 MAC Filtering settings - Log suspension attribute in seconds. To show all logs, set the value to "0". Note - Traffic dropped in the WiFi driver is not logged. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 97...
Page 98: Configuring The Dns Server
Note these syntax guidelines: The domain name must start and end with an alphanumeric character. The domain name can contain periods, hyphens, and alphanumeric characters. 4. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 98...
Page 99: Configuring The Proxy Server
To configure a proxy server: 1. Select Use a proxy server. 2. Enter a Host name or IP address. 3. Enter a Port. 4. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 99...
Page 100: Backup, Restore, Upgrade, And Other System Operations
To automatically upgrade your appliance firmware when Cloud Services is not configured: 1. Click Configure automatic upgrades. The Automatic Firmware Upgrades window opens. 2. Click Perform firmware upgrades automatically. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 100...
Page 101 To revert to an earlier firmware image: 1. Click Revert to Previous Image. 2. Click in the confirmation message. The appliance reboots to complete the operation. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 101...
Page 102: Using The Software Upgrade Wizard
Click the Check Point Download Center link to download an upgrade package as directed. If you already downloaded the file, you can skip this step. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 102...
Page 103: Upload Software
If you select this option, you must enter and confirm a password. Optional - Add a comment about the backup file. 4. Click Create Backup. System settings are backed up. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 103...
Page 104 - Select day of month and time of day. Note - If a month doesn't include the selected day, the backup is executed on the last day of the month. 6. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 104...
Page 105: Configuring Local And Remote System Administrators
The name and Administrator Role is added to the table. When logged in to the WebUI, the administrator name and role is shown at the top of the page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 105...
Page 106 Networking Admin Mobile Admin 7. To define groups, click Use specific RADIUS groups only and enter the RADIUS groups separated by a comma. 8. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 106...
Page 107 Configuring a RADIUS Server for non-local Quantum Spark Appliance users: Non-local users can be defined on a RADIUS server and not in the Quantum Spark Appliance. When a non- local user logs in to the appliance, the RADIUS server authenticates the user and assigns the applicable permissions.
Page 108 3. Add thisCheck Point Vendor-Specific Attribute to users in your RADIUS server user configuration file: CP-Gaia-User-Role = <role> Where <role> is the name of the administrator role that is defined in the WebUI. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 108...
Page 109 Where <role> is the name of the administrator role that is defined in the WebUI. Administrator Role Value Super Admin adminRole Read only monitorrole Networking Admin networkingrole Mobile Admin mobilerole Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 109...
Page 110 Configuring Local and Remote System Administrators To log in as a Super User: A user with super user permissions can use the Quantum Spark Appliance shell to do system-level operations, including working with the file system. 1. Connect to the Quantum Spark Appliance platform over SSH or serial console.
Page 111: Configuring Administrator Access
Administrator Access page lets you configure the IP addresses and interface sources that administrators can use to access the Quantum Spark Appliance. You can also configure the Web and SSH ports. First set the interface sources from which allowed IP addresses can access the appliance.
Page 112 When you block the IP address or the interface group through which you are currently connected, you are not disconnected immediately. The access policy is applied immediately, but your current session remains active until you log out. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 112...
Page 113: Managing Device Details
The list of uploaded certificates shows. 2. Select the desired certificate. Note - You cannot select the default VPN certificate. 3. Click Apply. 4. Reload the page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 113...
Page 114: Managing Date And Time
2. Select the Automatically adjust clock for daylight saving changes checkbox to enable automatic daylight saving changes. 3. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 114...
Page 115: Configuring Ddns And Access Service
NAT device or firewall, and cannot be reached directly. In addition, the feature makes it easier to access an appliance with a dynamically assigned IP address. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 115...
Page 116: Remote Access To The Webui
You can upload a certificate signed by an intermediate CA or root CA. All intermediate and root CAs found in the P12 file are automatically uploaded to the trusted CAs list. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 116...
Page 117 If the new signing request is signed by the Internal CA and the Organization Name is not defined in the DN, the Internal CA automatically generates the Organization Name. To export the signing request: Click Export. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 117...
Page 118 1. Click Upload P12 Certificate. 2. Browse to the file. 3. Edit the Certificate name if necessary. 4. Enter the certificate password. 5. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 118...
Page 119: Managing Internal Certificates
CA and check for certificate revocation. 5. Click Apply. To export an internal CA certificate: Click Export Internal CA Certificate to download the internal CA certificate. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 119...
Page 120 3. Click Download. The signed certificate is downloaded through your browser and is available to be imported to the remote site's certificates list. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 120...
Page 121: Configuring High Availability
Down. A confirmation message shows. 2. Click Yes. The primary gateway is now the inactive member of the cluster. The secondary gateway is now active. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 121...
Page 122 If there is a failure, it automatically fails over to the secondary cluster member. When the interface is not enabled for high availability, you can select it for monitoring. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 122...
Page 123 Down. To configure the cluster (on the gateway side): Note – The procedure is similar to the one to create a local cluster that does not involve the Quantum Spark Portal. 1. Log in to the WebUI of the gateway you want to use as the primary member of the cluster.
Page 124 13. Click Finish. The appliance fetches the settings from the primary member and applies them. Note – When the cluster is managed by Quantum Spark Portal, connections are not synchronized. In the event of cluster failover, you must re-establish the connections.
Page 125: Advanced Settings
Table: Administrator RADIUS authentication Attributes Administrator RADIUS Description authentication Attribute Local authentication Perform local administrator authentication only if RADIUS (RADIUS server) server is not configured or is inaccessible. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 125...
Page 126 This way, it reduces the chances of connectivity problems that might have occurred under low-resource conditions. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 126...
Page 127 Detection window time that will an indicate an ARP spoofing indicate attack attack. Suspicious MAC Time period (in seconds) during which suspicious MAC addresses are block period kept in the blocked list. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 127...
Page 128 Online Web Service is unavailable. unavailable Categorize Indicates if to perform URL categorization of cached pages and translated cached and pages created by search engines. translated pages Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 128...
Page 129 This value must be an integer that is an exponential power of two and approximately four times the maximum concurrent connections parameter. Maximum Indicates the overall maximum number of concurrent connections. concurrent connections Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 129...
Page 130 IP addresses appliance originate from internal IP addresses. This may be required if the as source DHCP server is located behind a remote VPN site. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 130...
Page 131 DSL globals - Supports VDSL Profile 17a. DSL globals - Enables seamless rate adaptation. Seamless rate adaptation (SRA) DSL globals - Enhanced Impulse Noise Protection. G.INP Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 131...
Page 132 Table: Hotspot Attributes Hotspot Attribute Description Enable portal Select Disabled to disable the hotspot feature entirely. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 132...
Page 133 Indicates the maximal ping packet size that are allowed when the 'Max Ping Size' protection is active. Non-standard HTTP Enable HTTP inspection on non-standard ports for the IPS blade. ports Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 133...
Page 134 - You can enter manually defined text that is shown in the HTML page. Enter the text in the Description box. For example, "Access denied due to IPS policy violation." Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 134...
Page 135 IoT Stats Attributes Description IoT Stats Activation Enable/disable IoT collecting statistics. Default: Disabled Table: MAC Filtering Attributes MAC Filtering Description Attribute MAC filtering MAC filtering state state Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 135...
Page 136 Table: Multiple ISP Route Refresh Attributes Multiple ISP Route Refresh Description Attribute Multiple ISP Route Refresh Indicates whether acceleration will refresh route in multiple ISPs mode configuration. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 136...
Page 137 NAT cache Indicates the expiration time in minutes for NAT cache entries. expiration NAT cache Indicates the maximum number of NAT cache entries. number of entries Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 137...
Page 138 Operating system - operating tmpDirSize system Operating system - System Controls the size (in MB) of the temporary directory temporary directory size that is used by the system. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 138...
Page 139 Customer consent sending data Location Service requires sending your Using automatic timezone feature requires IP address to a 3rd party sending your location to 3rd party. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 139...
Page 140 Reports cloud server URL used to generate report PDF. cloud server URL Table: Rest API Attribute Rest API Attribute Description Rest API mode Indicates where REST API is enable or not Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 140...
Page 141 Choose if the SSL Inspection validations are tracked. errors Validate CRL Indicates if the SSL inspection mechanism will drop connections that present a revoked certificate. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 141...
Page 142 DMZ network. Note - DMZ is not supported in 1530 / 1550 appliances. Allow LAN- Allow Deep Packet Inspection in traffic between internal networks. LAN DPI Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 142...
Page 143 (TCP three-way handshake) exceeds this time period (in seconds). UDP virtual A UDP virtual session is timed out after this time period (in seconds). session timeout Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 143...
Page 144 This does not indicate an attempted attack and for this reason, the default is to NOT log such events. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 144...
Page 145 In the background, the Check Point Online Web Service continues the classification procedure. The response is then cached locally for future requests. This option reduces latency in the classification process. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 145...
Page 146 - Connections are allowed while the file emulation runs (if needed) until emulation handling is complete. Hold - Connections are blocked until the file emulation is completed Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 146...
Page 147 Note - A limit too low may have an impact on the functionality of the Application Control blade. To specify no limit, set to 0. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 147...
Page 148 Table: USB Modem Watchdog Attributes USB Modem Watchdog Description Attribute Interval Indicates how often (in minutes) the USB modem watchdog probes the internet. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 148...
Page 149 Users & Objects > User Awareness > Browser-Based Authentication > Identification tab. Without DNS traffic, the browsers of end users, may not show the Captive Portal. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 149...
Page 150 (local encryption domain). Back Enable back connections from the encryption domain behind the gateway connections to the client. enable Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 150...
Page 151 SecureClient. Match on Internal Traffic from Remote Access clients will always be matched on the Rule Base only Incoming/Internal/VPN rulebase, including traffic to the Internet Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 151...
Page 152 This is needed when using SecureClient as well as other VPN clients (see sk20251). Radius Timeout interval (in seconds) for each RADIUS server connection retransmit attempt. timeout Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 152...
Page 153 Indicates if strict group permissions are enabled - user will not have belongs to at remote access permission if belongs to at least one group without remote least one group access permission. without permission Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 153...
Page 154 Indicates if encrypted packets are rerouted through the best rerouting interface according to the peer's IP address or probing. We do not recommend to change this value to false. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 154...
Page 155 Indicates the maximum number of open SAs per VPN peer. Outgoing link tracking Indicates how to log the outgoing VPN link: Log, don't log, or alert. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 155...
Page 156 Indicates under what conditions new tunnels are created: per host pair, per subnet (industry standard), or a single tunnel per remote site/gateway. This controls the number of tunnels that are created. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 156...
Page 157 Apply. Company URL, enter the company's URL. When you click the company logo in the web interface it opens this URL. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 157...
Page 158: Managing The Access Policy
Firewall Servers page lets you easily define the default access policy for specific servers within your organization and automatically generated system rules are also defined. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 158...
Page 159: Firewall Policy
Block all outgoing services except the following. 3. Select which services to allow. 4. To allow all services, select Allow all outgoing services. 5. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 159...
Page 160: Application & Url Filtering
Rules that contain application groups with both predefined applications and URLs are enforced only for the URLs and custom applications. They are not enforced for the predefined applications. Applications are not updated through the automatic updates. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 160...
Page 161: Updates
Not up to date - A new update package is ready to be downloaded but the scheduled hour for updates has not occurred yet. Updates are usually scheduled for off-peak hours (weekends or nights). Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 161...
Page 162: User Awareness
Active Directory servers to define an AD server that the gateway can work with. Creating an AD server is also available in the Edit settings wizard. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 162...
Page 163: Tracking
Check Point AppWiki link - The AppWiki is an easy to use tool that lets you search and filter the Application & URL Filtering Database. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 163...
Page 164: Working With The Firewall Access Policy
Note - DMZ is not supported in 1530 / 1550 appliances. Traffic to defined server objects as configured in each server's edit window in the Access Policy > Firewall Servers page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 164...
Page 165 (Strict or Standard) as explained above. These rules are also influenced by other elements in the system. For example, when you add a server, a corresponding rule is added to the Incoming, internal and VPN traffic section. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 165...
Page 166 Comments you enter when you create a rule. Rules that the system automatically generates. You can click the object name link in the comment to open its configuration tab. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 166...
Page 167: Configuring Access Rules
8. In incoming rules, to match only for encrypted VPN traffic, select Match only for encrypted traffic. 9. Click Apply. The rule is added to the outgoing or incoming section of the Access Policy. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 167...
Page 168 1. Select the rule to move. 2. Drag and drop it to the necessary position. Note - You can only change the order of manually defined rules. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 168...
Page 169: Updatable Objects
Shows a message to users and blocks the application request. Inform Shows a message to users and asks them if they want to continue with the request or not. See above for more details. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 169...
Page 170 User Awareness). Click Upload, browse to the logo file and click Apply. If necessary, you can revert to the default logo by clicking Default. 5. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 170...
Page 171: Defining Firewall Servers
3. When you select Other Server: Select the Protocol (TCP, UDP, or both). Enter the TCP/UDP Ports (enter port numbers and/or port ranges separated by commas, for example, 1,3,5-8,15). Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 171...
Page 172 2. If you do not want the server to be accessible to pings, clear the Allow access to server in the ICMP (ping) checkbox. 3. Select the logging policy of traffic to the server: Log blocked connections Log accepted connections Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 172...
Page 173 Access Policy > Firewall Policy Rule Base. Note - This page is available from the Firewall sections on the Access Policy tab. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 173...
Page 174: Defining Nat Control
Important - In most cases, if you turn off the hide NAT feature, you cause Internet connectivity issues. If your appliance is the gateway of your office to the Internet DO NOT set to off without consulting with networking experts. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 174...
Page 175 A more advanced way to configure address translation is by defining manual NAT rules. If servers with NAT are configured, the manual NAT rules do not apply to them. However, they apply even when Hide NAT is activated. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 175...
Page 176 The network object or network group object that is the new destination to Destination which the original destination is translated. Translated The new service to which the original service is translated. Service Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 176...
Page 177 1. To disable a manually defined rule that you have added to the rule base, select the rule and click Disable. 2. To enable a manually defined rule that you have previously disabled, select the rule and click Enable. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 177...
Page 178 Note - You can only change the order of manually defined rules. 1. Select the rule to move. 2. Drag and drop it to the necessary position. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 178...
Page 179: Advanced - Creating And Editing Nat Rules
The network object or network group object that is the new destination to Destination which the original destination is translated. Translated The new service to which the original service is translated. Service Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 179...
Page 180 1. Select the rule to move. 2. Drag and drop it to the necessary position. Note - You can only change the order of manually defined rules. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 180...
Page 181: Inspecting Voip Traffic
Inspecting VoIP Traffic Inspecting VoIP Traffic Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 181...
Page 182: Introduction
6. Click the Off-premise phones to expand the section. Note - The relevant topology shows automatically for each selection. Select one or more of these options: Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 182...
Page 183 The SIP server is located on external networks. For more advanced topologies, refer to sk113573. The gateway's NAT configuration is set to its default settings (with internal networks hidden behind its external IP address). Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 183...
Page 184: Configuration
IP addresses of the applicable address of the SIP phones behind the gateway option server For more information, see "Working with the Firewall Access Policy" on page 164 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 184...
Page 185: Working With User Awareness
Configuration wizard link. The User Awareness Wizard opens. 2. Select one or more user identification methods (see above for descriptions of methods) and click Next. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 185...
Page 186 3. Under Specific destinations, select Internet Selected network objects. If you select Selected network objects, select the objects from the list or create new objects. 4. Click Finish. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 186...
Page 187 5. Click Apply. Note - This page is available from Access Policy > User Awareness Blade Control Users & Objects > User Awareness. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 187...
Page 188: Configuring The Qos Blade
If you change other policy settings, the change is temporary. Any changes made locally will be overridden in the next synchronization between the gateway and Cloud Services. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 188...
Page 189 For information on creating a new service, see the Users & Objects > Services page. 5. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 189...
Page 190: Working With Qos Policy
The tracking and logging action that is done when traffic matches the rule. Comment An optional field that shows a comment if you entered one. For system generated rules of the default policy a Note is shown. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 190...
Page 191 8. Click Apply. Note - You can drag and drop rules to change the order of rules in the QoS Rule Base. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 191...
Page 192 1. Select the rule to move. 2. Drag and drop it to the necessary position. Note - You can only change the order of manually defined rules. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 192...
Page 193: Ssl Inspection Policy
OS vendor instructions. SSL inspection uses the existing internal CA by default. To use your own certificate, you must replace the internal CA. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 193...
Page 194: Ssl Inspection Bypass Policy
SSL Inspection Bypass Other window opens. 2. Select the desired items. 3. Optional - Click to add URLs or custom applications. 4. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 194...
Page 195: Https Categorization
TCP/IP connection. IMAPS refers to IMAP over SSL. SSL traffic inspection must be activated to scan HTTP and IMAP encrypted traffic. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 195...
Page 196: Ssl Inspection Exceptions
SSL inspection for specific traffic. You can configure more advanced exceptions with specific scope, category, and tracking options. To add bypass exceptions: 1. Click New. 2. For each exception, enter: Source Destination Category/Custom Application Track Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 196...
Page 197: Ssl Inspection Advanced
Note - You can only delete a CA that was added by a user. To disable/enable a trusted CA: 1. Click the icon next to the CA. 2. Click Disable/Enable. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 197...
Page 198: Managing Threat Prevention
A warning message shows if a blade is in detect-only mode. The top of the page shows the number of infected devices. For more information, click More details. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 198...
Page 199 6. To load the policy default values, click Load default settings: Recommended Strict 7. To save all settings on the Threat Prevention Blade Control page, click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 199...
Page 200 2. Select the Software Blades to receive automatic updates: Anti-Virus Anti-Bot Application Control 3. Select the Recurrence Time of day. 4. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 200...
Page 201: Configuring Threat Prevention Policy Exceptions
Files allowlist. Threat Emulation only: You can set specified email addresses that the blade does not scan and add them to the Email Addresses allowlist. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 201...
Page 202: Threat Prevention - Infinity Soc
Click Apply. 3. In the Threat Prevention Policy Attribute section, select the attribute Allow me to view attack statistics in my User Center account. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 202...
Page 203 3. Optional: Enable the real IP address information in the attack reports (see sk164332 - section "De- obfuscate the real IP of the victim"): set threat-prevention policy advanced-settings allow-ipaddr-in-stats true Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 203...
Page 204: Viewing Infected Devices
- Shows the total number of incidents on the device or server in the last month. If there is a large amount of records, the time frame may be shorter. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 204...
Page 205 4. Optional - Add a comment in the Write a comment field. 5. Click Apply. The rule is added to Malware Exceptions on the Threat Prevention > Exceptions page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 205...
Page 206 Security Logs page opens and shows the logs applicable to the IP/MAC address. Note - This page is available from the Home Logs & Monitoring tabs. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 206...
Page 207: Viewing The Ips Protections List
Threat Prevention Blade Control page.You can see the details of each protection and also configure a manual override for individual protections' action, and tracking options. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 207...
Page 208: Advanced Threat Prevention Engine Settings
IMAP - Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. It allows you to access your email from any device. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 208...
Page 209 Access Policy > SSL Inspection Policy. 3. Select one of the file type policy options: Process file types known to contain malware Process all file types Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 209...
Page 210: Anti-Bot
Check Point ThreatCloud reputation database. Unusual activity - Protections related to the behavioral patterns common to botnet and malware activity. To enable Detect-only mode: Select the checkbox. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 210...
Page 211: Threat Emulation
You can change the emulator location to a local private SandBlast appliance in the Advanced Settings page. You must first enable the Threat Emulation blade and then configure it for remote emulation. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 211...
Page 212: User Messages
To customize messages: 1. Click Customize Anti-Virus user message Customize Anti-Bot user message. 2. Configure the options in each of these tabs: Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 212...
Page 213 User Awareness). Click Upload, browse to the logo file and click Apply. If necessary, you can revert to the default logo by clicking Default. 5. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 213...
Page 214: Configuring The Anti-Spam Blade Control
- This option identifies email as spam in the email message header. Select the relevant tracking option - Log or Alert (shown as a highly important log). Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 214...
Page 215 Spam and for Suspected Spam. Use this option to have a different string for the flag action. 3. Select a tracking option. 4. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 215...
Page 216: Configuring Anti-Spam Exceptions
1. Select the relevant row in the Allow or Block list. 2. Click Edit or Delete. If the options are not visible, click the arrows next to the filter box. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 216...
Page 217: Managing Vpn
Access Policy > Firewall Policy page. 2. Select or clear the Log traffic from Remote Access users (by default) checkbox. 3. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 217...
Page 218 You can also specify the screen size of the remote desktop. The default mode is full screen. To manage bookmarks: 1. Click on a bookmark. 2. Click Edit or Delete. 3. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 218...
Page 219 The Remote Access Port Settings window opens. 2. In Remote Access port, enter a new port number. 3. Make sure Reserve port 443 for port forwarding is selected. 4. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 219...
Page 220: Configuring Remote Access Users
5. In the SSL VPN Bookmarks tab, configure the SSL VPN bookmarks (see below). 6. Click Apply. The user is added to the table on the page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 220...
Page 221 Usually you keep the Selected Active Directory user groups option. 3. Click Apply. The Active Directory is added to the table on the page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 221...
Page 222: Two-Factor Authentication
You can use the Check Point SMS provider, or an external SMS provider. If a customer uses a public SMS server, the administrator must provide the username and password for the SMTP server. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 222...
Page 223 When you turn on Two-Factor Authentication, you enable it for all VPN clients. This means all VPN clients must have a configured mobile phone number to connect. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 223...
Page 224 To delete a user or group: 1. Select the user or group from the list. 2. Click Delete. 3. Click in the confirmation message. The user or group is deleted. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 224...
Page 225: Remote Access - Connected Remote Users
Remote Access - Connected Remote Users VPN Remote Access > Connected Remote Users page shows the currently connected remote users: Username IP address Connection Time Next Authentication Time Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 225...
Page 226: Configuring Remote Access Authentication Servers
You can define these types of authentication servers: RADIUS server - Define the details of a primary and secondary RADIUS server. The Quantum Spark Appliance can connect to these servers and recognize users defined in them and authenticated by them.
Page 227 Active Directory. Enter the branch in the Branch full DN in the text field. 4. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 227...
Page 228 1. Select the Active Directory from the list. 2. Click Delete. 3. Click in the confirmation message. Note - This page is available from the Users & Objects tabs. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 228...
Page 229: Configuring Advanced Remote Access Options
Policy. For more information, see Access Policy Firewall Blade Control Policy pages. Note - This setting does not apply to traffic from SSL Network Extender clients. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 229...
Page 230: Dns Servers For Remote Access Users
To configure the DNS domain name to be the same as the defined DNS domain name: 1. Click Configure automatically. 2. Click Apply. The DNS domain name shows the text "Same as DNS domain name". Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 230...
Page 231: Ssl Vpn Bookmarks
You can also specify the screen size of the remote desktop. The default mode is full screen. To manage SSL VPN bookmarks: 1. Click on a bookmark. 2. Click Edit or Delete. 3. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 231...
Page 232: Configuring The Site To Site Vpn Blade
Optionally, you can manually create a local encryption domain instead. See the > Site to Site Advanced page for instructions. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 232...
Page 233: Configuring Vpn Sites
- You cannot use these characters in a password or shared secret: { } [ ] ` ~ | ‘ " \ Maximum number of characters: 255 Certificate - The gateway uses its own certificate to authenticate itself. For more information, > Internal Certificate. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 233...
Page 234 Select to disable NAT for this site. The original IP addresses are used even if hide NAT is defined. Encryption method Select the IKE version: Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 234...
Page 235 Create IKEv2 VPN tunnel using these identifiers, configure these settings: Peer ID - Enter the identifier. Gateway ID - Select Use global identifier Override global identifier (enter the new identifier). Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 235...
Page 236 The peer gateway is a satellite and is configured to route all its traffic through the center. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 236...
Page 237 Tunnel testing requires two Security Gateways and uses UDP port 18234. Check Point tunnel testing protocol does not support 3rd party Security Gateways. 1. Select an existing site from the list. 2. Click Test. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 237...
Page 238 In this case, a mesh community is better as each gateway can handle its own internet traffic and is not affected by any other gateway. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 238...
Page 239: Configuring Advanced Site To Site Community Settings
Encryption settings - IKE (Phase 1) and IPsec (Phase 2) settings Advanced settings - Encryption method and certificate matching "Configuring VPN Sites" on page 233 For descriptions of the fields in the site details tabs, see Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 239...
Page 240: Viewing Vpn Tunnels
To refresh the list: Click Refresh to refresh manually this page with updated tunnel information. Note - This page is available from the Logs & Monitoring tabs. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 240...
Page 241: Configuring Advanced Site To Site Settings
Users & Objects > Network Objects page. 5. Click Apply. The Site to Site Local Encryption Domain window opens and shows the services you selected. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 241...
Page 242: Configuring The Appliance Interfaces
Automatically chosen according to outgoing interface. Manually configured – Enter an IP address that is always used as the source IP address of a VPN tunnel. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 242...
Page 243: Tunnel Health Monitoring
Check Point gateway sends the IKEv1 Vendor ID to peers from which the DPD Vendor ID was received and answers incoming DPD packets. To enable DPD responder mode: Select the checkbox. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 243...
Page 244: Managing Trusted Cas
- Upon expiration of the CRL. Fetch new CRL every X hours - Regardless of CRL expiration. 4. Click Details to see full CA details. 5. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 244...
Page 245 3. Click Download. The signed certificate is downloaded through your browser and is available to be imported to the remote site's certificates list. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 245...
Page 246: Managing Installed Certificates
If the new signing request is signed by the Internal CA and the Organization Name is not defined in the DN, the Internal CA automatically generates the Organization Name. To export the signing request: Click Export. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 246...
Page 247 1. Click Upload P12 Certificate. 2. Browse to the file. 3. Edit the Certificate name if necessary. 4. Enter the certificate password. 5. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 247...
Page 248: Managing Internal Certificates
CA and check for certificate revocation. 5. Click Apply. To export an internal CA certificate: Click Export Internal CA Certificate to download the internal CA certificate. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 248...
Page 249 3. Click Download. The signed certificate is downloaded through your browser and is available to be imported to the remote site's certificates list. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 249...
Page 250: Managing Users And Objects
After initial configuration, you can select the Active Directory Queries Browser-Based Authentication checkboxes under Policy Configuration and click Configure to configure more advanced settings. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 250...
Page 251 3. Under Specific destinations, select Internet Selected network objects. If you select Selected network objects, select the objects from the list or create new objects. 4. Click Finish. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 251...
Page 252 5. Click Apply. Note - This page is available from Access Policy > User Awareness Blade Control Users & Objects > User Awareness. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 252...
Page 253: Configuring Local Users And User Groups
5. To remove a user, click the X next to the user name. 6. Click Apply. The group is added to the table on the page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 253...
Page 254 To delete a user or group: 1. Select the user or group from the list. 2. Click Delete. 3. Click in the confirmation message. The user or group is deleted. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 254...
Page 255: Configuring Local And Remote System Administrators
The name and Administrator Role is added to the table. When logged in to the WebUI, the administrator name and role is shown at the top of the page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 255...
Page 256 Networking Admin Mobile Admin 7. To define groups, click Use specific RADIUS groups only and enter the RADIUS groups separated by a comma. 8. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 256...
Page 257 Configuring a RADIUS Server for non-local Quantum Spark Appliance users: Non-local users can be defined on a RADIUS server and not in the Quantum Spark Appliance. When a non- local user logs in to the appliance, the RADIUS server authenticates the user and assigns the applicable permissions.
Page 258 3. Add thisCheck Point Vendor-Specific Attribute to users in your RADIUS server user configuration file: CP-Gaia-User-Role = <role> Where <role> is the name of the administrator role that is defined in the WebUI. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 258...
Page 259 Where <role> is the name of the administrator role that is defined in the WebUI. Administrator Role Value Super Admin adminRole Read only monitorrole Networking Admin networkingrole Mobile Admin mobilerole Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 259...
Page 260 Configuring Local and Remote System Administrators To log in as a Super User: A user with super user permissions can use the Quantum Spark Appliance shell to do system-level operations, including working with the file system. 1. Connect to the Quantum Spark Appliance platform over SSH or serial console.
Page 261: Managing Authentication Servers
You can define these types of authentication: RADIUS server - Define the details of a primary and secondary RADIUS server. The Quantum Spark Appliance can connect to these servers and recognize users defined in them and authenticated by them.
Page 262 Access, select or clear to use specific RADIUS groups only. 3. Click Apply. Note - Configure remote access permissions for RADIUS users in the > Remote Access Users page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 262...
Page 263 For example, the Users & Objects > Users page or the Source picker in the Firewall Rule Base in the Access Policy > Firewall Policy page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 263...
Page 264 1. Select the Active Directory from the list. 2. Click Delete. 3. Click in the confirmation message. Note - This page is available from the Users & Objects tabs. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 264...
Page 265: Managing Applications & Urls
1. Filter the list to show the required view. 2. Enter the text of the category of application in the Filter box. As you type, the list is filtered. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 265...
Page 266 URL to the list. For information on creating a custom application, see above. 5. Click Apply. You can use the custom application group in a rule. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 266...
Page 267: Managing System Services
Note that not all fields may show depending on the service type. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 267...
Page 268 Start synchronizing X seconds after the connection was initiated - For TCP services, enable this option to delay telling the Quantum Spark Appliance about a connection so that the connection is only synchronized if it still exists in X seconds after the connection is initiated.
Page 269 - The Firewall settings tab lets you configure which protocol to support on the configured ports. The default port 1494 is commonly used by two different protocols - Winframe or Citrix ICA. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 269...
Page 270: Managing Service Groups
1. Select the group from the list. Note that you can only delete a user defined service group. 2. Click Delete. 3. Click in the confirmation message. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 270...
Page 271 DNS server accessible to the Internet. The IPS settings tab lets you configure how and when DNS deep inspection is performed. Select the relevant options. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 271...
Page 272: Managing Network Objects
- This is required for IP reservation. When you create the object from Active Devices page, the MAC address is detected automatically. 5. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 272...
Page 273 5. Click Apply. To edit a network object: 1. Select a network object from the list. 2. Click Edit. 3. Make the necessary changes. 4. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 273...
Page 274 6. Click Apply. Note - You can also do this on the Home > Active Devices page. Click Save as and select Device type Network Object. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 274...
Page 275: Managing Network Object Groups
Type to filter box, enter the network object group name or part of it. 2. As you enter text, the list is filtered and shows matching results. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 275...
Page 276: Logs And Monitoring
No new logs are generated until you set the resume option. 1. Select Options > Stop local logging. 2. To resume, select Options > Resume local logging. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 276...
Page 277 Note - Logs are deleted from the external SD card (if inserted) or from the local logs storage. Logs are not deleted from the remote logs server. The logs are deleted, and the logs grid reloads automatically. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 277...
Page 278: Viewing System Logs
These are the syslog types: Info - Informative logs such as policy change information, administrator login details, and DHCP requests. Audit logs show each operation of the administrator from the WebUI, Gaia Clish, Mobile, or Quantum Spark Portal. CPOSD logs show new configurations. Notice - Notification logs such as changes made by administrators, date, and time changes.
Page 279: Configuring External Log Servers
Use cases for an external Check Point Log Server: Extend the log retention time. For example, currently, when your gateway is managed by Quantum Spark Portal, you can retain logs for 3 months. If you configure an external Log Server, you can retain the logs for a year.
Page 280: Syslog Server Configuration
To see the logs, you must connect with SmartConsole to the dedicated Log Server (and not the Security Management Server). To configure a new external Check Point Log Server when the gateway is connected to Quantum Spark Portal (Cloud): After you initiate traffic from resources behind the gateway, open the Check Point Log Server to verify that you see the logs.
Page 281: Secured Syslog
Note - When more than one server is defined, the syslog servers show in a table. Select the syslog server you want to edit and click Edit. To delete the syslog server: 1. Select the syslog server. 2. Click Delete. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 281...
Page 282: Notifications
1. Select the device name. 2. Click Revoke. 3. In the confirmation window that opens, click Yes. Viewing Infected Devices "Viewing Infected Devices" on page 204 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 282...
Page 283: Viewing Vpn Tunnels
To refresh the list: Click Refresh to refresh manually this page with updated tunnel information. Note - This page is available from the Logs & Monitoring tabs. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 283...
Page 284: Viewing Active Connections
To filter the list: In the Type to filter box, enter the filter criteria. The list is filtered. To refresh the list: Click the Refresh link. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 284...
Page 285: Access Points
In addition, this page displays the current wireless radio frequency and channel in use and the wireless networks configured. Viewing Monitoring Data "Viewing Monitoring Data" on page 48 Viewing Reports "Viewing Reports" on page 50 Using System Tools "Using System Tools" on page 52 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 285...
Page 286: Snmp
To edit an existing SNMP v3 user, select the user from the list and click Edit. To delete an SNMP v3 user, select the user from the list and click Delete. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 286...
Page 287: Snmp Traps Receivers
1. In the list of SNMP traps, double-click the name of the trap. SNMP Trap Configuration window opens. 2. Click Enabled. The trap details, including the monitored object, Trap OID and description, show. 3. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 287...
Page 288 3. If the trap contains a value, you can edit the threshold value when necessary. 4. Click Apply. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 288...
Page 289: Advanced Configuration
Note – The LED is red if there is an alert or error. 6. Remove the USB drive. 7. As this operation has removed your previous settings, refer to the Quantum Spark Appliance Getting Started Guide and reconfigure your appliance with the First Time Configuration Wizard.
Page 290: Upgrade Using An Sd Card
(u-boot*.bin files or fwl*.gz files). 3. Insert the SD card into the SD card slot on the Quantum Spark Appliance. If the operation does not succeed, this may be because the SD card slot does not recognize all devices.
Page 291: Boot Loader
Power LED turns a constant red. Options 4-5 are explained in the subsequent sections. Option 6 restarts the appliance. Option 8 uploads a preset configuration file. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 291...
Page 292: Upgrade Using Boot Loader
3. You are asked if you want to load the image manually from a TFTP server, or if you want to use automatic mode with a bootp server. 4. If you select manual mode, you are asked to fill in the IP of the Quantum Spark Appliance, the IP of the TFTP server, and the image name.
Page 293: Restoring Factory Defaults
3. While factory defaults are restored, the Power LED blinks blue to show progress. This takes some few minutes. When this completes, the appliance reboots automatically. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 293...
Page 294 Restoring Factory Defaults To restore the Quantum Spark Appliance to its default factory configuration using U-boot (boot loader): 1. Connect to the appliance with a console connection (use the serial console connection on the back panel of the appliance). 2. Boot the appliance and press CTRL+C.
Page 295: Restful Api
The x-chkp-sid header is mandatory in all API calls except the login API. Request payload Text in JSON format containing the different parameters. Example: https://192.168.1.1:4434/web-api/login Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 295...
Page 296: Response Structure
A JSON structure with the error details Versioning HTTP Post with a specific version https://<gateway-ip>:<port>/web-api/<version>/<command> If no version is being sent, the latest supported version is used. Example: https://192.168.1.1:4434/web-api/v1/login Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 296...
Page 297: Rest Api Commands
True if the session is read only. String API server version. api-server- version session-timeout Integer Session expiration timeout in minutes. On Failure, HTTP Return code: 400, 401, 500 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 297...
Page 298: Logout
On Failure, HTTP Return code: 400, 401, 500 (3) Generate-Report Description Generate security report data according to the selected time frame: Hourly/Daily/Weekly/Monthly Request URL POST https://<gateway-ip>:<port>/web-api/generate-report Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 298...
Page 299: Run-Clish-Command
On Failure, HTTP Return code: 400, 401, 500 Example Request "type": "daily", Example Response "reportData": "<report_json_in_base64_format>" (4) Run-Clish-Command Description Run a single Gaia Clish command. Request URL POST https://<gateway-ip>:<port>/web-api/run-clish-command Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 299...
Page 300 Example Request "script": " c2hvdyBwcm94eQ==" Example Response "output": "dXNlLXByb3h5OiAgICAgICAgICAgICAgICAgICAgdHJ1ZQpzZXJ2ZXI6IC AgICAgICAgICAgICAgICAgICAgICAxLjEuMS4xCnBvcnQ6ICAgICAgICAgICAgICAgICAgICAg ICAgIDgwODAKCg==" The script is: show proxy The output is: use-proxy: true server: proxy.checkpoint.com port: 8080 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 300...

This manual is also suitable for:

Check point spark 1600 series Check point spark 1800 series Check point spark 1530 Check point spark 1550 Check point spark 1570 Check point spark 1590 ... Show all

Quantum CHECK POINT SPARK 1500 Series Administration Manual

Quick Links

Troubleshooting

Need help?

Questions and answers

Related Manuals for Quantum CHECK POINT SPARK 1500 Series

Summary of Contents for Quantum CHECK POINT SPARK 1500 Series