Check Point QUANTUM SPARK 1500 Administration Manual
  1. Manuals
  2. Brands
  3. Check Point Manuals
  4. Gateway
  5. QUANTUM SPARK 1500
  6. Administration manual

Check Point QUANTUM SPARK 1500 Administration Manual

Hide thumbs Also See for QUANTUM SPARK 1500:
Table of Contents

Advertisement

Quick Links

Download this manual
31 August 2023
QUANTUM SPARK 1500,
1600, AND 1800
APPLIANCES
R81.10.X
Locally Managed
Administration Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the QUANTUM SPARK 1500 and is the answer not in the manual?

Questions and answers

Related Manuals for Check Point QUANTUM SPARK 1500

Summary of Contents for Check Point QUANTUM SPARK 1500

  • Page 1 31 August 2023 QUANTUM SPARK 1500, 1600, AND 1800 APPLIANCES R81.10.X Locally Managed Administration Guide...
  • Page 2 Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
  • Page 3 Download the latest version of this document in PDF format. Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      3...
  • Page 4 "Configuring High Availability" on page 138 "Configuring VPN Sites" on page 248 "Configuring the Remote Access Blade" on page 222 15 February 2023 Updated 24 January 2023 First release of this document Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      4...

  • Page 5: Table Of Contents

    Viewing System Information Controlling and Monitoring Software Blades Setting the Management Mode Configuring Cloud Services Managing Licenses Viewing the Site Map Notifications Managing Active Devices Blocking a Device Temporarily Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      5...
  • Page 6 Cloning a VAP Additional Configurations Wireless Scheduler Wi-Fi Quality Analyzer Configuring the Local Network Reserved IP Address for Specific MAC Switch WAN as LAN Monitor Mode Mirror Port Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      6...
  • Page 7 Configuring a RADIUS Server for non-local Quantum Spark Appliance users Configuring Administrator Access Managing Device Details Managing Date and Time Configuring DDNS and Access Service DDNS Reach My Device Remote Access to the WebUI Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      7...
  • Page 8 Viewing the Cluster Status Failing Over Manually Changing Network Configuration of Cluster Members Resetting Cluster Configuration Upgrading a Cluster Manually Cluster Managed by Quantum Spark Portal Advanced Settings Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      8...
  • Page 9 Smart Accel for Services Smart Accel for Assets Configuring Smart Accel in R81.10.00 Working with User Awareness Workflow Identity Sources Enabling User Awareness Active Directory Queries: Browser-Based Authentication Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      9...
  • Page 10 Threat Prevention - Horizon SOC Viewing Infected Devices Viewing the IPS Protections List Advanced Threat Prevention Engine Settings Anti-Virus Anti-Bot Threat Emulation User Messages Configuring the Anti-Spam Blade Control Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      10...
  • Page 11 Configuring Advanced Remote Access Options Office Mode DNS Servers for Remote Access users DNS Domain Name SSL VPN bookmarks Configuring the Site to Site VPN Blade Harmony Connect Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      11...
  • Page 12 Managing Authentication Servers RADIUS Server TACACS+ Server Active Directory Managing Applications & URLs Managing System Services Managing Service Groups Managing Network Objects Managing Network Object Groups Logs and Monitoring Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      12...
  • Page 13 SNMP Traps for Hardware Sensors Advanced Configuration Upgrade Using a USB Drive Upgrade Using an SD Card Boot Loader Upgrade Using Boot Loader Restoring Factory Defaults Custom Default Image Fonic Bypass Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      13...
  • Page 14 Configuring Bypass mode in Gaia Clish RESTful API Enabling and disabling the REST API Request Structure Response Structure Versioning REST API Commands (1) Login (2) Logout (3) Generate-Report (4) Run-Clish-Command Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      14...

  • Page 15: Overview Of Quantum Spark 1500, 1600, And 1800 Appliance Series

    1600, and 1800 Appliance Series 1500 Appliances Quantum Spark 1500 appliance series includes the 1530, 1550, 1570, 1590, and 1570R appliances. These appliances support the Check Point Software Blade architecture and provide independent modular security building blocks. You can quickly enable and configure the Software Blades to meet your specific security needs.
  • Page 16 Quantum Spark R81.10.X Release Notes for 1500, 1600, 1800 Appliances Quantum Spark R81.10.X Known Limitations and Resolved Issues Small Business Cyber Security video channel Note - Some topics only apply to specific appliances or models. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      16...

  • Page 17: Getting Started With 1500, 1600, And 1800 Appliance Series

    6. Configure and install the required Security Policies. See: "Managing the Access Policy" on page 152 "Managing Threat Prevention" on page 195 7. Make sure the appliance works as required. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      17...
  • Page 18 8. Configure other required settings, such as: VPN (see "Configuring VPN" on page 217 "Managing VPN" on page 216 "Configuring High Availability" on page 138 Clusters (see QoS (see "Configuring QoS" on page 184 Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      18...

  • Page 19: Setting Up The Quantum Spark Appliance

    Note - Wait 10 seconds between power cycles (off and on). Using Default WiFi Starting in version R81.10.07, you can use the default SSID for a WiFi connection. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      19...
  • Page 20 Note - If you were connected to WiFi: After the One Touch script finishes running, the WiFi network you were connected to is deleted. As a result, you are disconnected from the appliance. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      20...

  • Page 21: First Time Deployment Options

    "Zero Touch Cloud Service" on page 22 "Deploying from a USB Drive or SD Card" on page 23 Note - SD card deployment is supported only in 1570 / 1590 appliances. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      21...

  • Page 22: Zero Touch Cloud Service

    After the gateway downloads and successfully applies the settings, it does not connect to the Zero Touch server again. For more information on how to use Zero Touch, see sk116375 and the R80.20 ZeroTouch Web Portal Administration Guide Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      22...

  • Page 23: Deploying From A Usb Drive Or Sd Card

    First the autoconf.clish configuration file is loaded. If there is a configuration file with the same MAC address as the gateway, that file is loaded second. Use the symbol to add comments to the configuration file. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      23...

  • Page 24: Deploying The Configuration File - Initial Configuration

    Note - The USB LED is red when there is a problem running the configuration script. Turn off the Quantum Spark Appliance and confirm that the configuration files are formatted correctly. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      24...

  • Page 25: Deploying The Configuration File - Existing Configuration

    After the Quantum Spark Appliance is successfully configured from a USB drive, a log is created. The log file is called: autonconf.<MAC Address>.<timestamp>.<log> The log file is created in the USB root directory and in /tmp on the appliance. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      25...

  • Page 26: Troubleshooting Configuration Files

    However, not all of the settings from the failed configuration file show in the First Time Configuration Wizard. Best Practice - Check Point recommends that you do not use the First Time Configuration Wizard to configure an appliance when the configuration file fails. Restore the default settings to a partially configured appliance before you use the First Time Configuration Wizard to ensure that the appliance is configured correctly.

  • Page 27: Sample Configuration Log With Error

    USB_auto_configuration once The appliance only runs the next configuration script from a USB drive. set property USB_auto_configuration always The appliance always runs configuration scripts from a USB drive. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      27...

  • Page 28: Configuration And Upgrade Scenarios

    To connect manually to Cloud Services: 1. In the WebUI, go to the Home > Cloud Services page. 2. Follow the Connect to Cloud Services procedure in "Configuring Cloud Services" on page 37 Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      28...

  • Page 29: Configuring A Guest Network

    Note - You see the Hotspot portal one time in the given timeout period. The default timeout period is 4 hours. User activity on this network is logged with user names if the Log traffic option was selected. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      29...

  • Page 30: Introduction To The Webui

    Note - If the locale of a user matches a localized WebUI, the Login window automatically loads in the specified language. Only English is supported as the input language. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      30...

  • Page 31: The Home Tab

    4. If you selected Ping addresses, enter the IP address(es). 5. Select the settings for: Recovery time (seconds) Max latency allowed (milliseconds) Probing frequency for active connections (seconds) 6. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      31...
  • Page 32 - The data sent includes session durations, how long the system is running, logs, etc. Note - Check Point does not upload data that contains private or sensitive information. Help us improve product stability by getting critical updates from Check Point - Pushes critical updates outside of the regular update notification and upload schedule.

  • Page 33: Controlling And Monitoring Software Blades

    1. Click the cogwheel icon next to the On/Off lever. The blade settings window opens. 2. View the details or select options to change current settings. 3. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      33...
  • Page 34 Click the icon to close the demo. To view an alert: 1. Hover over the alert triangle. 2. Click the applicable link. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      34...

  • Page 35: Setting The Management Mode

    (for example, when in a lab setting). Click Next. 3. In the Security Management Server Connection page, select a connection method: Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      35...
  • Page 36 Security Management Server. Internet To test connectivity, click Test Connection Status. A status message shows the results of the test. You can click Settings to configure Internet connections. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      36...

  • Page 37: Configuring Cloud Services

    Cloud Services. Gray icon - Shown for a blade that is remotely managed by Cloud Services. The blade is turned off in the plan. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      37...
  • Page 38 Configuring Cloud Services No icon - Shown for a security blade that is locally managed in the Check Point 1530 / 1550 Appliance. The blade is not managed by Cloud Services. If no blades are remotely managed, all of the blades icons are gray.
  • Page 39 To get an updated security policy, activated blades, and service settings: Click Fetch now. The appliance gets the latest policy, activated blades, and service settings from Cloud Services. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      39...

  • Page 40: Managing Licenses

    Check Point User Center with its credentials to pull the license information and activate the appliance. In most cases, you must first register the appliance in your Check Point User Center account or create one if you don't already have one. A User Center account is necessary to receive support and updates.
  • Page 41 If you select a country and install a valid license, but the wireless region of the device does not match the selected country, a warning message shows and you must edit the country information. When the country and wireless region match, you see the full settings. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      41...

  • Page 42: Viewing The Site Map

    Subject Message To filter: Enter text in the search filter. To view details of a security event: Click the event row in the table and click View Details. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      42...
  • Page 43 3. Click Apply Starting in R81.10.08, there are two new notification types: This page is available from the Home Logs & Monitoring page. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      43...

  • Page 44: Managing Active Devices

    - Gather upload and download packet rates for active devices. This operation may affect performance. To stop, click Stop Traffic Monitoring. Revoke Certificate - Revokes the certificate assigned to the device. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      44...

  • Page 45: Revoking The Hotspot Access

    6. Click Apply Note - You can also do this from the Users & Objects > Network Objects page. Click New, and then for Type, select Device. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      45...

  • Page 46: Viewing Monitoring Data

    Received Sent links to see only the amount of traffic received or sent. The orange area on the graph represents sent traffic. The blue area represents received traffic. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      46...

  • Page 47: Troubleshooting

    - Shows Security Gateway information. Links to pages that can be useful for monitoring and troubleshooting purposes. Note - This page is available from the Home Logs & Monitoring tabs. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      47...

  • Page 48: Viewing Reports

    Note - Only the last generated report for each report type is saved in the appliance. When you generate a new report, you override the last saved report for the specified type. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      48...
  • Page 49 Click a link to go directly to the selected section. Report Pages Each report page shows a detailed graph, table, and descriptions. Note - This page is available from the Home Logs & Monitoring tabs. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      49...

  • Page 50: Using System Tools

    R81.10.05 version. Test Cloud Opens a popup window that shows the result of the Cloud Services Connectivity Test Services Ports (the output of the Gaia Clish command "test cloud-connectivity"). Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      50...
  • Page 51 Port field, enter the applicable port number (see IANA Service Name and Port Number Registry c. In the Count field, enter the applicable number of packets to capture. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      51...
  • Page 52 Use Wireshark or similar tool to analyze the downloaded capture file. Display DSL Opens popup window that shows the DSL statistics. Statistics Available only on DSL models. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      52...
  • Page 53 When the mini-USB is used as a console connector, Windows OS does not automatically detect and download the driver needed for serial communication. You must manually install the driver. For more information, see sk111713. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      53...

  • Page 54: Managing The Device

    (if not configured at all), (for another Internet connection), or Edit. The New or Edit Internet Connection window opens. 2. Configure the fields in the tabs as described below. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      54...

  • Page 55: The Configuration Tab

    The DMZ port has 2 inputs: LAN (RJ45) and SFP. In non-VDSL 1570 / 1590 appliances, you can use an external DSL modem connected to the DMZ SFP port. - Only Check Point Branded SFP DSL is supported. Third party SFP DSL is not supported.
  • Page 56 Note - You cannot use these characters in a password or shared secret: { } [ ] ` ~ | ‘ " \ (maximum number of characters: 255) Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      56...
  • Page 57 Note - You can have only one IPv6 connection at a time, but multiple IPv4 connections or a combination of IPv4 and IPv6. The New IPv6 Internet Connection window opens. 2. Enter the Connection name. 3. Select the Interface. 4. Select the Connection type: Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      57...

  • Page 58: Prefix Delegation (Ipv6 Only)

    New to create a new IPv6 connection. New IPv6 Internet Connection window opens. 2. In the Advanced tab, select Enable prefix delegation for this internet connection. 3. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      58...

  • Page 59: Neighbor Discover Protocol (Nd Proxy) - Ipv6 Only

    3. In the Advanced tab, expand the Neighbor Discovery proxy section. 4. Select the Enable Neighbor Discovery proxy checkbox. 5. Select your local network from the drop down menu. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      59...

  • Page 60: Ds-Lite (Dual Stack Lite, Ipoe)

    5. In the Advanced tab: Set the default of the DS-Lite interface to 1460 (IPv4 default = 1500) Set the size of the IPv6 header to 40. 6. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      60...

  • Page 61: Ipip

    This is the IPv6 Internet connection index on which the DS-Lite/IPIP tunnel is defined. Note - The IPIP tunnel and its linked IPv6 connection must be on the same appliance port. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      61...
  • Page 62 IPIP is configured on the IPv4 connection. b. Configure the default of the IPIP interface to 1460 (IPv4 default = 1500). The size of the IPv6 header is 40. 9. Click Apply. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      62...

  • Page 63: Creating A New Bond (Wan)

    Internet Connection page, click Add an internet connection... New Internet Connection window opens in the Configuration tab. 2. Configure the rest of the fields as for a new connection. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      63...

  • Page 64: Configuring A Usb Cellular Connection

    SIM cards are configured with different connection types 7. Configure the Connection Monitoring Advanced tabs as for other interface connections. 8. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      64...

  • Page 65: Linking The Apn To A Sim Card Based On A Specific Mmcnmc Number

    [<SIM ID Number (MCC/MNC)>] apn=<STRING> carrier_package=<STRING> Example: [302220] apn=isp.telus.com carrier_package=TELUS 8. Save the changes in the file and exit Vi editor. 9. Go from the Expert mode to Gaia Clish: Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      65...

  • Page 66: Switching The Active Image

    Some carriers require the module to run a specific carrier configuration file, and may also request this for the certification process. In addition, the carrier configuration file ensures the use of carrier-specific parameters when you register with that carrier. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      66...
  • Page 67 For VDSL/ADSL interfaces and IPoE - dynamic IP and IPoE - static IP connection types over PTM: Use connection as VLAN - Select this checkbox to add a virtual Internet interface. VLAN ID - Enter a VLAN ID between 1 and 4094. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      67...

  • Page 68: The Connection Monitoring Tab

    Probe DNS servers - When you select this option, the appliance probes the DNS servers as defined in the Internet connection and expects responses. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      68...

  • Page 69: The Advanced Tab

    - In Service, enter a service name (optional) and select the Authentication method. Connect on demand - Select the Connect on demand checkbox if necessary. This is relevant only when you are in high availability mode. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      69...
  • Page 70 ISP for the Internet upload and download bandwidth. Make sure that the QoS blade is turned on. You can do this from Home > Security Dashboard > > ON. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      70...

  • Page 71: Monitoring

    Monitoring Note - This section applies to both IPv4 and IPv6 connections. On the Internet Connectivity page, click Connection monitoring... The Monitoring Servers table shows the configured connections: Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      71...
  • Page 72 Connection Monitoring tab, select Monitor connection state by sending probe packets to one of more servers on the Internet. 2. For Connection probing method, select probe. 3. Click Apply. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      72...
  • Page 73 Monitor cellular modem link to see this information in the Cellular Modem Monitoring window: Cellular radio Cellular modem Operator SIM cards - Which SIM is active, primary or disabled. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      73...

  • Page 74: Configuring The Wireless Network

    Configuration tab. 4. Enter the Network name (SSID). Example: Guest1 or VAP 1. If you are editing an existing network, the name is already present in the field. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      74...

  • Page 75: Dynamic Frequency Selection (Dfs)

    802.1x (a/n/ac/ax) is supported. The advantage of WiFi6 (802.11ax) is that it improves the throughput-per- area in high-density scenarios such as corporate offices, shopping malls, and dense residential areas. For configuration, see below. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      75...

  • Page 76: Cloning A Vap

    Optional: Click Show to show the characters. 5. Select if you want to Allow access from this network to local networks (wireless network is trusted). 6. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      76...
  • Page 77 When selecting a separate network configure this information: IP address - IPv4 and IPv6 addresses Subnet mask - for IPv4 addresses Prefix length - for IPv6 addresses DHCPv4 Server Select one of the options: Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      77...
  • Page 78 Use the following IP addresses - Enter the first, second and third DNS servers DNS Server Settings (For DHCPv4) These settings are effective only if a DHCPv4 server is enabled. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      78...

  • Page 79: Wireless Scheduler

    You can set scheduled times for the WiFi to be on and off and differentiate between radio bands (2.4GHz and 5GHz). Use Case: Configure the WiFi to work only during normal business hours and be off on weekends when the business is closed. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      79...

  • Page 80: Wi-Fi Quality Analyzer

    Signal level for the Wi-Fi clients connected to this appliance. Procedure 1. Connect to the command line on the Quantum Spark appliance. 2. Log in to the Expert mode. 3. Run the Wi-Fi Quality Analyzer: wifi_quality Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      80...
  • Page 81 Please consult the following table regarding the individual clients connected to the appliance ExampleClient1 mac=XX:XX:XX:XX:XX:XX: rssi = 55, very good quality ExampleClient2 mac=XX:XX:XX:XX:XX:XX: rssi = 21, good quality Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      81...

  • Page 82: Configuring The Local Network

    You cannot disable one of the switch ports. You can disable the switch or configure the requested port as unassigned. To create any of the above options: Click and select the option you want. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      82...

  • Page 83: Reserved Ip Address For Specific Mac

    Note - Between the LAN ports of a switch, traffic is not monitored or inspected. To create/edit a switch configure the fields in the tabs: The 'Configuration' tab Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      83...

  • Page 84: Wan As Lan

    The WAN port (like the DMZ port), can only be used for a BOND network as part of an internet (external) network. The WAN as LAN feature is disabled by default. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      84...

  • Page 85: Monitor Mode

    The network definition features and table show. 6. Click New. 7. Enter the network address. 8. Enter the subnet. An internal network can be a 255.255.255.255 subnet, for one host. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      85...
  • Page 86 <IP Address> subnet-mask <Mask> set monitor-mode-configuration use-defined-networks true 4. To see user-defined Internal networks: show monitor-mode-network 5. To disable Anti-Spoofing: set antispoofing advanced-settings global-activation false Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      86...

  • Page 87: Mirror Port

    Physical Interfaces To edit a physical interface: Configure the fields in the tabs. Note that for the DMZ there is an additional tab Access Policy: The 'Configuration' tab Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      87...
  • Page 88 These options create automatic rules that are shown in the Access Policy > Firewall Policy page. Allow access from this network to local networks Log traffic from this network to local networks Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      88...

  • Page 89: Bridge

    In guest VAPs (wireless network for guests), this is selected by default. To configure Advanced IPv6 settings: 1. Configure the Router Advisement fields. 2. Under Prefix Delegation, select the checkbox for Enable prefix delegation and enter the relevant information. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      89...
  • Page 90 This can by a dummy IP address that must not be used in your internal networks. 3. Go to the Device > Advanced Settings page. See "Advanced Settings" on page 149 4. Search for UserCheck Portal - Redirect Address 5. Select this attribute. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      90...

  • Page 91: Vlans

    All devices are on the same network, even though they show different IPs. For example, LAN4 and LAN4:1 have different IP addresses, but are on the same network. LAN4:1 is the alias. You can also have an alias IP for VLAN and a switch. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      91...

  • Page 92: Vpn Tunnel (Vti)

    The VPN tunnel and its properties are defined by the VPN community that contains the two gateways. You must define the VPN community and its member Security Gateways before you can create a VTI. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      92...

  • Page 93: Virtual Access Point (Vap)

    Device > Device > Internet pages. Use the following IP addresses - Enter the IP addresses for the First DNS server, Second DNS server, and Third DNS server. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      93...

  • Page 94: Gre

    Notes: Because the GRE tunnel connects two remote sites over the internet, Quantum Spark appliances must support such interfaces. Do not create the GRE tunnel over LAN. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      94...

  • Page 95: Bond

    2 LANs that are unassigned and disabled. Note - You cannot select LAN interfaces that have a VLAN assigned to them. 3. Select the Operation mode: Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      95...
  • Page 96 Hash policy from the dropdown menu (Layer2 or Layer3+4). 8. Click Apply To create a WAN BOND, see "Configuring Internet Connectivity" on page 54 Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      96...

  • Page 97: Configuring A Hotspot

    A hotspot is an area that offers a wireless local area network with Internet access, through a router connected to a link to an Internet service provider. Hotspot is automatically activated in the system. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      97...
  • Page 98 Hotspot. 4. Click Apply Any user that browses from configured interfaces is redirected to the Check Point Hotspot portal. After you define a network interface for the hotspot, you can configure: Guest access - A session is created for an IP address when a user accepts terms or authenticates in the Hotspot portal.

  • Page 99: User Authentication

    4. Click Apply Any user/user group that browses from configured interfaces is redirected to the Check Point Hotspot portal and must enter authentication credentials. To configure the session timeout: 1. In...

  • Page 100: Configuring Mac Filtering

    3. Click Advanced. 4. Select Disable MAC filtering. To enable, clear this option. 5. Click Apply Note - MAC filtering is not supported on external, DMZ, and port bonding interfaces. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      100...

  • Page 101: 802.1X Authentication Protocol

    3. For Assigned to: select the LAN ID. 4. In the Advanced tab, select Activate 802.1x authentication. 5. Enter a time for Re-authentication frequency (in seconds). 6. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      101...
  • Page 102 MAC Filtering settings - Log suspension attribute in seconds. To show all logs, set the value to "0". Note - Traffic dropped in the WiFi driver is not logged. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      102...

  • Page 103: Configuring The Dns Server

    Note - Syntax guidelines: The domain name must start and end with an alphanumeric character. The domain name can contain periods, hyphens, and alphanumeric characters. 4. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      103...

  • Page 104: Configuring The Proxy Server

    Configuring the Proxy Server Configuring the Proxy Server In the Device > Proxy page, you can configure a proxy server to use to connect to the Check Point update and license servers. 1. Select Use a proxy server. 2. Enter a Host name or IP address.

  • Page 105: Backup, Restore, Upgrade, And Other System Operations

    Restore factory default settings. Revert to the factory default image and settings. Automatically or manually upgrade the appliance firmware to the latest Check Point version. Revert to earlier firmware image. Backup appliance settings to a file stored on your desktop computer.
  • Page 106 The upgrade process automatically reboots the appliance. To revert to an earlier firmware image: 1. Click Revert to Previous Image. 2. Click in the confirmation message. The appliance reboots to complete the operation. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      106...

  • Page 107: Using The Software Upgrade Wizard

    Welcome Click the Check Point Download Center link to download an upgrade package as directed. If you already downloaded the file, you can skip this step. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      107...

  • Page 108: Upload Software

    If you select this option, you must enter and confirm a password. Optional - Add a comment about the backup file. 4. Click Create Backup. System settings are backed up. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      108...
  • Page 109 - Select day of month and time of day. Note - If a month does not include the selected day, the backup is executed on the last day of the month. 6. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      109...

  • Page 110: Configuring Local And Remote System Administrators

    The correct Administrator Role must be configured to perform the operations listed below. If not, a Permission Error message shows. Local Administrators Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      110...
  • Page 111 Note - In the R81.10.X releases, this feature is available starting from the R81.10.08 version. You can securely reset your password when you log in to your Security Gateway. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      111...

  • Page 112: Remote Administrators

    Read only Networking Admin Mobile Admin 7. To define groups, click Use specific RADIUS groups only and enter the RADIUS groups separated by a comma. 8. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      112...

  • Page 113: Pairing A Mobile Device

    2. Select an administrator from the pull down menu. 3. Click Generate. This generates a QR code to connect the Check Point WatchTower mobile application with the appliance for the first time. WatchTower App User Guide For more information about the mobile application, see the...
  • Page 114 = per-port-type help-id = 2000 3. Add this line in the dictiona.dcm file: "@checkpoint.dct" 4. Add this Check Point Vendor-Specific Attribute to users in your RADIUS server user configuration file: CP-Gaia-User-Role = <role> Where <role> allowed values are: Administrator Role...
  • Page 115 Configuring Local and Remote System Administrators 3. Add this Check Point Vendor-Specific Attribute to users in your RADIUS server user configuration file: CP-Gaia-User-Role = <role> Where <role> is the name of the administrator role that is defined in the WebUI.
  • Page 116 To configure the Expert mode (Bash) as the default shell, run this command (not recommended): bashUser on To configure the Gaia Clish as the default shell, run this command (recommended): bashUser off Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      116...

  • Page 117: Configuring Administrator Access

    Get IP from My Computer. 5. Click Apply The IP address is added to the table. 6. Change the WEB Port (HTTPS) and/or SSH port if necessary. 7. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      117...
  • Page 118 When you block the IP address or the interface group through which you are currently connected, you are not disconnected immediately. The access policy is applied immediately, but your current session remains active until you log out. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      118...

  • Page 119: Managing Device Details

    The list of uploaded certificates shows. 2. Select the desired certificate. Note - You cannot select the default VPN certificate. 3. Click Apply 4. Reload the page. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      119...

  • Page 120: Managing Date And Time

    Local Time Zone list, select the correct time zone option. 2. Select the Automatically adjust clock for daylight saving changes checkbox to enable automatic daylight saving changes. 3. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      120...

  • Page 121: Configuring Ddns And Access Service

    WebUI or CLI when necessary. This is done by tunneling the administrative UI or CLI connections through a Check Point Cloud Service. Such configuration is very useful in instances where the appliance is behind a NAT device or firewall, and cannot be reached directly. In addition, the feature makes it easier to access an appliance with a dynamically assigned IP address.

  • Page 122: Remote Access To The Webui

    How to access the gateway with the Reach My Device service: When registration is complete, an outgoing tunnel to the Check Point Cloud Service is established with the appliance's IP address. Remote Access to the WebUI Web Link - Use this URL in a browser to remotely access the appliance.

  • Page 123: Using System Tools

    R81.10.05 version. Test Cloud Opens a popup window that shows the result of the Cloud Services Connectivity Test Services Ports (the output of the Gaia Clish command "test cloud-connectivity"). Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      123...
  • Page 124 Port field, enter the applicable port number (see IANA Service Name and Port Number Registry c. In the Count field, enter the applicable number of packets to capture. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      124...
  • Page 125 Use Wireshark or similar tool to analyze the downloaded capture file. Display DSL Opens popup window that shows the DSL statistics. Statistics Available only on DSL models. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      125...
  • Page 126 When the mini-USB is used as a console connector, Windows OS does not automatically detect and download the driver needed for serial communication. You must manually install the driver. For more information, see sk111713. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      126...

  • Page 127: Advanced Routing

    Inbound Route Filters for dynamic routing. Quantum Spark R81.10.X Dynamic Routing For WebUI and Gaia Clish configuration instructions, see the CLI Guide for 1500, 1600, 1800 Appliances Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      127...

  • Page 128: Route Redistribution

    For WebUI and Gaia Clish configuration instructions, see the Quantum Spark R81.10.X Dynamic Routing CLI Guide for 1500, 1600, 1800 Appliances Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      128...

  • Page 129: Configuring The Routing Table

    (usually, to the default route). You cannot edit, delete, enable, and disable routes created by the operating system for directly attached networks or by dynamic routing protocols. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      129...

  • Page 130: Routing Table Columns

    LAN ports or the active Internet connection (and not through an inactive Internet interface). In R81.10.00, static routes are not supported with a VPN Tunnel (VTI) as the Next Hop. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      130...

  • Page 131: Adding A Specific Ipv4 Static Route

    In the bottom right corner, you can click > Service, or Service group to create a custom service or a group of services. c. Click OK. 7. In the Next Hop column: Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      131...
  • Page 132 Click the arrow on the right. The parameter fields appear. b. Enter the required values. c. Click Apply. To monitor a route (see the status): Above the IPv4 Routing table, click Monitor. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      132...

  • Page 133: Adding A Default Ipv4 Static Route

    Enter the IPv4 address of the required next hop. d. Click OK. Optional: In the Comment field, enter an applicable text. 9. In the Metric field, enter a value: Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      133...

  • Page 134: Editing An Existing Static Route

    1. From the left navigation panel, click Device. 1. In the Advanced Routing section, click the Routing Table page. 2. In the routing table, click the route. 2. Above the routing table, click Delete. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      134...

  • Page 135: Enabling Or Disabling An Existing Static Route

    New Signing Request. 2. Enter a Certificate name. 3. In the Subject DN enter a distinguished name (e.g. CN=myGateway). 4. Optional: Click to add alternate names for the certificate. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      135...
  • Page 136 To upload a P12 file: 1. Click Upload P12 Certificate. 2. Browse to the file. 3. Edit the Certificate name if necessary. 4. Enter the certificate password. 5. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      136...

  • Page 137: Managing Internal Certificates

    IP address for this appliance. This is used by remote sites to access the internal CA and check for certificate revocation. 5. Click Apply To export an internal CA certificate: Click Export Internal CA Certificate to download the internal CA certificate. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      137...

  • Page 138: Configuring High Availability

    Active Cluster Member. To log in to specific Cluster Member, you must connect to the physical IP address of that Cluster Member. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      138...

  • Page 139: Limitations

    Wizard and remove the switch on both appliances. No additional configuration is required on the members. Best Practice - Designate the same LAN port for the Sync interface. The default Sync interface is LAN2/SYNC. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      139...

  • Page 140: Configuration Workflow

    Note - You can also connect single physical Sync ports (non-Bond) through a switch. 4. Configure the primary member. "Configuring a Primary Cluster Member" on the next page 5. Configure the secondary member. "Configuring a Secondary Cluster Member" on page 142 Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      140...

  • Page 141: Configuring A Primary Cluster Member

    IP address. d. In the field Primary physical IP address, the wizard shows the IP address configured on the Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      141...

  • Page 142: Configuring A Secondary Cluster Member

    7. The secondary Cluster Member fetches the settings from the primary Cluster Member and applies them. Note - The scope-local route is configured automatically when you create a Single Routable IP Cluster. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      142...

  • Page 143: Viewing Cluster Interfaces

    3. In the Advanced section, click the High Availability page. 4. The table List of Configured Interfaces shows information about the cluster interfaces: Column Description Name Name of the interface. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      143...
  • Page 144 Cluster Member fails over to the other Cluster Member. IP Address Cluster Virtual IP address configured on the interface. Member IP Address Physical IP address configured on the interface. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      144...

  • Page 145: Viewing The Cluster Status

    Disable Manual Failover. If you want the primary Cluster Member to handle the traffic, you must fall back from the secondary Cluster Member to the primary Cluster Member. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      145...

  • Page 146: Changing Network Configuration Of Cluster Members

    High Availability page. 4. Click Reset Cluster Configuration. Important - This deletes all cluster configuration settings. You must run the New Cluster Wizard again to configure the cluster. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      146...

  • Page 147: Upgrading A Cluster Manually

    Wait for the current cluster state to show "This gateway (<...>) is standby", and then continue to the next step. e. In the System section, click the System Operations page. f. Click Manual Upgrade. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      147...

  • Page 148: Cluster Managed By Quantum Spark Portal

    Important - When you manage the cluster in Quantum Spark Portal, the cluster does not synchronize connections. In the event of a cluster failover, you must re-establish the connections. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      148...

  • Page 149: Advanced Settings

    Restoring Default Values 1. Above the table with attributes, click Restore Defaults. Confirm window opens. 2. Click Yes. 3. All appliance attributes are reset to the default settings. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      149...

  • Page 150: Clarifications

    R81.10.05 and higher Smart Accel Services - Security logs enabled R81.10.05 and higher Two-Factor Authentication - Enable selection of target R81.10.05 and higher where to send the passcode (SMS/email) Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      150...
  • Page 151 VPN Site to Site global settings - IKEV2 Key Type R81.10.05 and higher For more information on how to set up this connection, see the: Harmony Connect Administration Guide Harmony Connect for SMB Gateways Integration Guide Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      151...

  • Page 152: Managing The Access Policy

    Access Policy > Firewall Servers page lets you easily define the default access policy for specific servers within your organization and automatically generated system rules are also defined. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      152...

  • Page 153: Firewall Policy

    2. Select Block all outgoing services except the following. 3. Select which services to allow. 4. To allow all services, select Allow all outgoing services. 5. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      153...

  • Page 154: Application & Url Filtering

    Application & URL Filtering are service based features and require Internet connectivity to download the latest signature package for new applications and to contact the Check Point cloud for URL categorization. This page lets you define the default policy for Application & URL Filtering control. It is recommended by default to block browsing to security risk categories and applications.

  • Page 155: Updates

    Not up to date - A new update package is ready to be downloaded but the scheduled hour for updates has not occurred yet. Updates are usually scheduled for off-peak hours (weekends or nights). Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      155...

  • Page 156: User Awareness

    At any time, you can also click Active Directory servers to define an AD server that the gateway can work with. Creating an AD server is also available in the Edit settings wizard. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      156...

  • Page 157: Tracking

    These settings do not apply to automatically generated rules for VPN, DMZ, and wireless networks. More Information The Check Point Application Database contains more than 4,500 applications and about 96 million categorized URLs. Each application has a description, a category, additional categories, and a risk level. You can include applications and categories in your Application Control and URL Filtering rules.

  • Page 158: Working With The Firewall Access Policy

    Note - DMZ is not supported in 1530 / 1550 appliances. Traffic to defined server objects as configured in each server's edit window in the Access Policy > Firewall Servers page. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      158...
  • Page 159 Comments you enter when you create a rule. generated Rules that the system automatically generates. You can click the object name rule link in the comment to open its configuration tab. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      159...

  • Page 160: Configuring Access Rules

    8. In incoming rules, to match only for encrypted VPN traffic, select Match only for encrypted traffic. 9. Click Apply The rule is added to the outgoing or incoming section of the Access Policy. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      160...
  • Page 161 To change the rule order: 1. Select the rule to move. 2. Drag and drop it to the necessary position. Note - You can only change the order of manually defined rules. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      161...

  • Page 162: Updatable Objects

    These lists are dynamically updated. Updatable objects derive their contents from these published lists of the providers, which Check Point uploads to the Check Point cloud. The updatable objects are updated automatically on the Security Gateway each time the provider changes a list. There is no need to install policy for the updates to take effect.
  • Page 163 User Awareness). Click Upload, browse to the logo file and click Apply. If necessary, you can revert to the default logo by clicking Default. 5. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      163...

  • Page 164: Defining Firewall Servers

    3. When you select Other Server: Select the Protocol (TCP, UDP, or both). Enter the TCP/UDP Ports (enter port numbers and/or port ranges separated by commas, for example, 1,3,5-8,15). Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      164...
  • Page 165 2. If you do not want the server to be accessible to pings, clear the Allow access to server in the ICMP (ping) checkbox. 3. Select the logging policy of traffic to the server: Log blocked connections Log accepted connections Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      165...
  • Page 166 Access Policy > Firewall Policy Rule Base. Note - This page is available from the Firewall sections on the Access Policy tab. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      166...

  • Page 167: Defining Nat Control

    Important - In most cases, if you turn off the hide NAT feature, you cause Internet connectivity issues. If your appliance is the gateway of your office to the Internet DO NOT set to off without consulting with networking experts. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      167...
  • Page 168 A more advanced way to configure address translation is by defining manual NAT rules. If servers with NAT are configured, the manual NAT rules do not apply to them. However, they apply even when Hide NAT is activated. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      168...
  • Page 169 The network object or network group object that is the new destination to which the Destination original destination is translated. Translated The new service to which the original service is translated. Service Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      169...
  • Page 170 1. Select a rule and click Edit. 2. Edit the fields as necessary. 3. Click Apply To delete a rule: 1. Select a rule and click Delete. 2. Click in the confirmation message. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      170...
  • Page 171 To change the rule order: Note - You can only change the order of manually defined rules. 1. Select the rule to move. 2. Drag and drop it to the necessary position. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      171...

  • Page 172: Advanced - Creating And Editing Nat Rules

    The network object or network group object that is the new destination to which the Destination original destination is translated. Translated The new service to which the original service is translated. Service Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      172...
  • Page 173 To disable a manually defined rule that you have added to the rule base, select the rule and click Disable. To enable a manually defined rule that you have previously disabled, select the rule and click Enable. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      173...
  • Page 174 To change the rule order: 1. Select the rule to move. 2. Drag and drop it to the necessary position. Note - You can only change the order of manually defined rules. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      174...

  • Page 175: Inspecting Voip Traffic

    The network objects appear in a table, with a Group name. Click to add an item. Select an item and click Remove to delete it. Configure the applicable settings. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      175...
  • Page 176 5060. All phones should be configured to use the configured ports. Click to add a new SIP service. Click Remove to delete a service. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      176...

  • Page 177: Configuration

    Conferencing applications. Assets - Devices such as a computer, audio player, or alarm (from R81.10.05). This improves connectivity and optimizes the load on the Quantum Spark Security Gateway. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      177...

  • Page 178: Configuring Smart Accel In R81.10.05 And Higher

    Wait for the toggle to change to On. 3. To the right of the On/Off toggle, click the assets link that appears in one of these sentences: Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      178...

  • Page 179: Configuring Smart Accel In R81.10.00

    To disable Smart Accel 1. Go to the Access Policy view > Firewall section > Smart Accel page. 2. Click the toggle. 3. At the bottom of the page, click Apply. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      179...

  • Page 180: Working With User Awareness

    Internet until they identify themselves first through the Browser-Based Authentication. Identity Collector - Collects information about identities and their associated IP addresses and sends it to the Security Gateway for identity enforcement. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      180...

  • Page 181: Enabling User Awareness

    AD Branch field. 5. Click Apply You can also add a new AD Domain in the Users & Objects > Authentication Servers page. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      181...

  • Page 182: Browser-Based Authentication

    Guest access is logged. The name of the guest shows in the User column of the Logs and Monitoring tab. The other details show in the full log entry. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      182...

  • Page 183: Identity Collector

    Identity Collector configuration, see Identity Awareness Clients Administration Guide Note - This page is available from Access Policy > User Awareness Blade Control Users & Objects > User Awareness. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      183...

  • Page 184: Configuring Qos

    A default QoS policy that requires defining only a number of parameters. See QoS Blade" on page 185 Define manual rules for further granularity if necessary in Access Policy > > Policy. See "Configuring the QoS Policy" on page 187 Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      184...

  • Page 185: Configuring The Qos Blade

    If you change other policy settings, the change is temporary. Any changes made locally will be overridden in the next synchronization between the gateway and Cloud Services. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      185...

  • Page 186: Qos Default Policy

    For information on creating a new service, see the Users & Objects view > Network Resources section > Services page. 5. Click Apply. 6. Click Apply. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      186...

  • Page 187: Configuring The Qos Policy

    The tracking and logging action that is done when traffic matches the rule. Comment An optional field that shows a comment if you entered one. For system generated rules of the default policy a Note is shown. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      187...
  • Page 188 This is shown as a comment below the rule. 8. Click Apply Note - You can drag and drop rules to change the order of rules in the QoS Rule Base Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      188...
  • Page 189 To change the QoS rule order: 1. Select the rule to move. 2. Drag and drop it to the necessary position. Note - You can only change the order of manually defined rules. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      189...

  • Page 190: Ssl Inspection Policy

    Certificate installation varies according to the OS. To learn how to install the certificate in your machine, see your OS vendor instructions. SSL inspection uses the existing internal CA by default. To use your own certificate, you must replace the internal CA. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      190...

  • Page 191: Ssl Inspection Bypass Policy

    - Select to enable logs to see the SSL inspection policy decision ("Inspect" or "Bypass"). Note - The SSL Inspection generates these logs in addition to the Software Blades logs. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      191...

  • Page 192: Https Categorization

    TCP/IP connection. IMAPS refers to IMAP over SSL. SSL traffic inspection must be activated to scan HTTP and IMAP encrypted traffic. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      192...

  • Page 193: Ssl Inspection Exceptions

    Note - Everything that is not included in a rule is inspected. 3. For each exception, enter: Source Destination Category/Custom Application Track Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      193...

  • Page 194: Ssl Inspection Advanced

    Note - You can only delete a CA that was added by a user. To disable/enable a trusted CA: 1. Click the icon next to the CA. 2. Click Disable/Enable. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      194...

  • Page 195: Managing Threat Prevention

    "ON" and "OFF" states. If you change other policy settings, the change is temporary. Any changes made locally are overridden in the next synchronization between the gateway and Cloud Services. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      195...

  • Page 196: Configuring A Custom Policy For Threat Prevention

    - The protection is deactivated. 4. For Severity, select the level: Low or above Medium or above High or above Critical 5. For Performance impact, select the allowed impact level: Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      196...

  • Page 197: Scheduling Threat Prevention Updates

    Activate Automatic Updates window opens. 2. Select the Software Blades to receive automatic updates: Anti-Virus Anti-Bot Application Control 3. Select the Recurrence Time of day. 4. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      197...

  • Page 198: Configuring Threat Prevention Policy Exceptions

    An alert is a flag on a log. You can use it to filter logs. 3. Optional - Add a comment in the Write a comment field. 4. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      198...

  • Page 199: Allowlists

    Delete. Threat Prevention - Horizon SOC The Check Point Horizon SOC (sk164332) is supported from R81.10.00 in the Locally Managed mode. Horizon SOC enables cybersecurity teams to effectively and efficiently prevent, detect and respond to all threats. Horizon SOC doubles the effectiveness of SOC teams by automating time-consuming tasks, allowing security teams to focus on remediation and attack prevention.
  • Page 200 3. Optional: Enable the real IP address information in the attack reports (see sk164332 - section "De- obfuscate the real IP of the victim"): set threat-prevention policy advanced-settings allow-ipaddr-in-stats true Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      200...

  • Page 201: Viewing Infected Devices

    - Shows the total number of incidents on the device or server in the last month. If there is a large amount of records, the time frame may be shorter. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      201...
  • Page 202 4. Optional - Add a comment in the Write a comment field. 5. Click Apply The rule is added to Malware Exceptions on the Threat Prevention > Exceptions page. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      202...
  • Page 203 Logs & Monitoring > Security Logs page opens and shows the logs applicable to the IP/MAC address. Note - This page is available from the Home Logs & Monitoring tabs. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      203...

  • Page 204: Viewing The Ips Protections List

    Threat Prevention > Threat Prevention Blade Control page.You can see the details of each protection and also configure a manual override for individual protections' action, and tracking options. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      204...

  • Page 205: Advanced Threat Prevention Engine Settings

    2. On the Access Policy > SSL Inspection Policy page, select the checkbox to enable SSL traffic inspection. 3. Under Protocols to inspect, select POP3S or IMAP. 4. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      205...
  • Page 206 Access Policy > SSL Inspection Policy. 3. Select one of the file type policy options: Process file types known to contain malware Process all file types Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      206...

  • Page 207: Anti-Bot

    Check Point ThreatCloud reputation database. Unusual activity - Protections related to the behavioral patterns common to botnet and malware activity. To enable Detect-only mode: Select the checkbox. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      207...

  • Page 208: Threat Emulation

    4. Select the HTTP connection emulation handling mode: Background - Connections are allowed until emulation is complete. Hold - Connections are blocked until emulation is complete. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      208...

  • Page 209: User Messages

    Advanced Threat Prevention Engine Settings In Threat Emulation, each file is run in the Check Point Public ThreatCloud to see if the file is malicious. The verdict is returned to the gateway. You can change the emulator location to a local private SandBlast appliance in the Advanced Settings page.
  • Page 210 User Awareness). Click Upload, browse to the logo file and click Apply. If necessary, you can revert to the default logo by clicking Default. 5. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      210...

  • Page 211: Configuring The Anti-Spam Blade Control

    Flag spam email header - This option identifies email as spam in the email message header. 2. Select the relevant tracking option: Alert None Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      211...
  • Page 212 SUSPECTED SPAM or you can enter a new text to add to the subject line. Flag email header 3. Select a tracking option: Alert None 4. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      212...

  • Page 213: Configuring Anti-Spam Exceptions

    Starting from R81.10.00, you can use RSA key authorization instead of password-based authentication when you log in with SSH. Warning - This configuration does not survive a firmware upgrade. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      213...
  • Page 214 6. Configure the required permissions on this directory: chmod 700 /storage/.ssh 7. Move the file with the public key to the new directory and change the file's name to " authorized_keys ": Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      214...
  • Page 215 In this line, change the value from "none" to the absolute path of the " authorized_keys " file with the public key: AuthorizedKeysFile /storage/.ssh/authorized_keys d. Save changes in the file and exit Vi editor. 10. Reboot the Quantum Spark Appliance. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      215...

  • Page 216: Managing Vpn

    Managing VPN Managing VPN This section describes how to set up and manage Remote Access and Site to Site VPN. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      216...

  • Page 217: Configuring Vpn

    If the gateway uses a dynamic IP address, we recommend you use the DDNS feature. See "Configuring DDNS and Access Service" on page 121 For the Check Point VPN client or Mobile client method, make sure that the applicable client is installed on the hosts. Click How to connect for more information.

  • Page 218: L2Tp Vpn Client Configuration

    "Configuring Advanced Remote Access Options" on page 242 Monitoring To make sure Remote Access is working: Use the configured client to connect to an internal resource from a remote host. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      218...

  • Page 219: Configuring Site To Site Vpn With A Preshared Secret

    VPN encryption settings must be the same on both sides (the local gateway and the peer gateway). This is especially important when you use the Custom encryption option. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      219...

  • Page 220: Configuration

    2. Export this request using the Export option. 3. Use the peer gateway's internal CA to sign the request on the peer gateway. If the peer gateway is a locally managed Check Point gateway, go to > Trusted CAs and use the Sign a Request option.

  • Page 221: Monitoring Vpn

    To make sure the VPN is working: 1. Pass traffic between the local and peer gateway. 2. Go to > VPN Tunnels to monitor the tunnel status. "Viewing VPN Tunnels" on page 255 Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      221...

  • Page 222: Configuring The Remote Access Blade

    "Configuring DDNS and Access Service" on page 121 To configure the static IP address, see "Configuring Internet Connectivity" on page 54 Note - Remote Access VPN supports connections from IPv4 addresses only. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      222...

  • Page 223: Getting Started With Vpn Remote Access

    Configuring VPN Getting Started with VPN Remote Access Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      223...
  • Page 224 Configuring VPN Enable the VPN Remote Access Blade Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      224...
  • Page 225 Go to > Remote Access > Blade Control. b. Select On. c. Mandatory: Select Allow traffic from Remote Access users. d. Optional: Select Log traffic from Remote Access users. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      225...
  • Page 226 Note - By default, the gateway sends the passcode by both email and SMS. For SMS, you can use the Check Point SMS provider, or an external SMS provider. If a customer uses a public SMS server, the administrator must provide the username and password for the SMTP server and a Dynamic URL that contains the API of the external service provider.
  • Page 227 On the > Remote Access > Blade Control page, select Require users to confirm their identity using Two-Factor Authentication. ii. Click configure. Two-Factor Authentication Settings window opens. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      227...
  • Page 228 The Cloud Service compares the OTP to the one represented by the QR code in the application. If it matches, you are connected to VPN. The Cloud Service sends a QR code with an OTP when: Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      228...
  • Page 229 If you change other policy settings, the change is temporary. Any changes you made locally are overridden in the next synchronization between the gateway and Cloud Services. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      229...
  • Page 230 Active Directory server. c. In the left column, select the checkbox near the applicable usernames / user groups. d. Click Apply. Monitor Remote Access VPN Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      230...

  • Page 231: Advanced Options

    Remote Access Port Settings window opens. 2. In the Remote Access port field, enter a new port number. 3. Select Reserve port 443 for port forwarding. 4. Click Apply. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      231...

  • Page 232: Connections Between Remote Access Vpn Clients In The Same Office Mode Pool

    OMPOOL *Any Accept Log, or None d. Click Apply. 6. Configure the NAT Policy rule to disable NAT on the traffic between computers in the Office Mode network: Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      232...
  • Page 233 Click New. d. Configure this rule: Original Original Original Translated Translated Translated Source Destination Service Source Destination Service OMPOOL OMPOOL *Any *Original *Original *Original e. Click Apply. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      233...

  • Page 234: Configuring Remote Access Users

    5. In the SSL VPN Bookmarks tab, configure the SSL VPN bookmarks (see below). 6. Click Apply The user is added to the table on the page. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      234...
  • Page 235 Usually you keep the Selected Active Directory user groups option. 3. Click Apply The Active Directory is added to the table on the page. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      235...
  • Page 236 A new window opens. 2. Enter new bookmarks or select existing bookmarks. Note - If you select the Global bookmark, this bookmark always appears. 3. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      236...
  • Page 237 To delete a user or group: 1. Select the user or group from the list. 2. Click Delete. 3. Click in the confirmation message. The user or group is deleted. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      237...

  • Page 238: Remote Access - Connected Remote Users

    Remote Access - Connected Remote Users Remote Access - Connected Remote Users VPN Remote Access > Connected Remote Users page shows the currently connected remote users: Username IP address Connection Time Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      238...

  • Page 239: Configuring Remote Access Authentication Servers

    Defining a database of users with remote access privileges. Such users are both defined and authenticated by the RADIUS server. Defining administrators. See the Users & Objects > Administrators page. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      239...
  • Page 240 Active Directory. Enter the branch in the Branch full DN in the text field. 4. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      240...
  • Page 241 1. Select the Active Directory from the list. 2. Click Delete. 3. Click in the confirmation message. Note - This page is available from the Users & Objects tabs. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      241...

  • Page 242: Configuring Advanced Remote Access Options

    Policy. For more information, see Access Policy Firewall Blade Control Policy pages. Note - This setting does not apply to traffic from SSL Network Extender clients. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      242...

  • Page 243: Dns Servers For Remote Access Users

    To configure the DNS domain name to be the same as the defined DNS domain name: 1. Click Configure automatically. 2. Click Apply The DNS domain name shows the text "Same as DNS domain name". Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      243...

  • Page 244: Ssl Vpn Bookmarks

    You can also specify the screen size of the remote desktop. The default mode is full screen. To manage SSL VPN bookmarks: 1. Click on a bookmark. 2. Click Edit or Delete. 3. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      244...

  • Page 245: Configuring The Site To Site Vpn Blade

    On this page you can activate the blade to allow site to site connectivity. You can view how many sites are already defined and configure basic access policy from the remote sites into the specific network accessible by this gateway. The remote site can be accessible through another Check Point appliance (recommended) or a 3rd party VPN solution. ZScaler strongSwan (authentication based on X.509 certificates)
  • Page 246 Networks behind LAN interfaces and trusted wireless networks are part of the local encryption domain. Optionally, you can manually create a local encryption domain instead. See the > Site to Site Advanced page for instructions. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      246...

  • Page 247: Harmony Connect

    2. Follow the steps to establish the connection. This may take a few minutes. Harmony Connect Administration Guide For more information on how to set up this connection, see the Harmony Connect for SMB Gateways Integration Guide Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      247...

  • Page 248: Configuring Vpn Sites

    Note - You cannot use these characters in a password or shared secret: { } [ ] ` ~ | ‘ " \ (maximum number of characters: 255) Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      248...
  • Page 249 - Select this option to decide (manually) which encryption method is used (optional). In the Advanced tab: Note - When you finish the new VPN site configuration, click Apply. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      249...
  • Page 250 Configuring VPN Sites Settings Select to configure if the remote site is a Check Point Security Gateway. To enable permanent VPN tunnels, Select the checkbox. Select to disable NAT for this site. The original IP addresses are used even if hide NAT is defined.
  • Page 251 The peer gateway is a satellite and is configured to route all its traffic through the center. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      251...
  • Page 252 To run a tunnel test with a remote site: Check Point uses a proprietary protocol to test if VPN tunnels are active. It supports any site-to-site VPN configuration. Tunnel testing requires two Security Gateways and uses UDP port 18234. Check Point tunnel testing protocol does not support 3rd party Security Gateways.
  • Page 253 How can the administrator avoid this downtime? In this case, a mesh community is better as each gateway can handle its own internet traffic and is not affected by any other gateway. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      253...

  • Page 254: Configuring Advanced Site To Site Community Settings

    Encryption settings - IKE (Phase 1) and IPsec (Phase 2) settings Advanced settings - Encryption method and certificate matching For descriptions of the fields in the site details tabs, see "Configuring VPN Sites" on page 248 Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      254...

  • Page 255: Viewing Vpn Tunnels

    To refresh the list: Click Refresh to refresh manually this page with updated tunnel information. Note - This page is available from the Logs & Monitoring tabs. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      255...

  • Page 256: Configuring Advanced Site To Site Settings

    For information on how to create a new network object, see the Users & Objects > Network Objects page. 5. Click Apply. The Site to Site Local Encryption Domain window opens and shows the services you selected. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      256...

  • Page 257: Configuring The Appliance Interfaces

    Security Gateway: Automatically chosen according to outgoing interface. Manually configured – Enter an IP address that is always used as the source IP address of a VPN tunnel. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      257...

  • Page 258: Tunnel Health Monitoring

    – Works only between Check Point gateways. DPD (Dead Peer Detection) DPD responder mode, the Check Point gateway sends the IKEv1 Vendor ID to peers from which the DPD Vendor ID was received and answers incoming DPD packets. To enable DPD responder mode: Select the checkbox.

  • Page 259: Managing Trusted Cas

    Click Preview CA details to see further information from the .CRT file. 4. Click Apply The CA is added to the Trusted CA list. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      259...
  • Page 260 CA and the Download button is available. 3. Click Download. The signed certificate is downloaded through your browser and is available to be imported to the remote site's certificates list. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      260...

  • Page 261: Managing Installed Certificates

    If the new signing request is signed by the Internal CA and the Organization Name is not defined in the DN, the Internal CA automatically generates the Organization Name. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      261...
  • Page 262 To upload a P12 file: 1. Click Upload P12 Certificate. 2. Browse to the file. 3. Edit the Certificate name if necessary. 4. Enter the certificate password. 5. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      262...

  • Page 263: Managing Internal Certificates

    IP address for this appliance. This is used by remote sites to access the internal CA and check for certificate revocation. 5. Click Apply To export an internal CA certificate: Click Export Internal CA Certificate to download the internal CA certificate. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      263...
  • Page 264 If it is correctly formatted, it is signed by the Internal CA and the Download button is available. 3. Click Download. The signed certificate is downloaded through your browser and is available to be imported to the remote site's certificates list. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      264...

  • Page 265: Managing Users And Objects

    Internet. When users try to access a protected resource, they must log in to a web page to continue. This identifies locally defined users or users that were not successfully identified by other methods. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      265...

  • Page 266: Enabling User Awareness

    Active Directory Queries and click Configure. Active Directory Queries window opens. 2. Select Define a new Active Directory server. 3. Enter: Domain IPv4 address IPv6 address User name Password Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      266...

  • Page 267: Browser-Based Authentication

    Quantum Spark Appliance or enter a different portal address. Session timeout - Sets for how long an authenticated user can access the network or Internet before they have to authenticate again. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      267...

  • Page 268: Identity Collector

    Identity Collector configuration, see Identity Awareness Clients Administration Guide Note - This page is available from Access Policy > User Awareness Blade Control Users & Objects > User Awareness. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      268...

  • Page 269: Configuring Local Users And User Groups

    You can see a summary of the group members above the user list. 5. To remove a user, click the X next to the user name. 6. Click Apply The group is added to the table on the page. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      269...
  • Page 270 To delete a user or group: 1. Select the user or group from the list. 2. Click Delete. 3. Click in the confirmation message. The user or group is deleted. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      270...

  • Page 271: Configuring Local And Remote System Administrators

    The correct Administrator Role must be configured to perform the operations listed below. If not, a Permission Error message shows. Local Administrators Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      271...
  • Page 272 Note - In the R81.10.X releases, this feature is available starting from the R81.10.08 version. You can securely reset your password when you log in to your Security Gateway. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      272...

  • Page 273: Remote Administrators

    Read only Networking Admin Mobile Admin 7. To define groups, click Use specific RADIUS groups only and enter the RADIUS groups separated by a comma. 8. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      273...

  • Page 274: Pairing A Mobile Device

    2. Select an administrator from the pull down menu. 3. Click Generate. This generates a QR code to connect the Check Point WatchTower mobile application with the appliance for the first time. WatchTower App User Guide For more information about the mobile application, see the...
  • Page 275 = per-port-type help-id = 2000 3. Add this line in the dictiona.dcm file: "@checkpoint.dct" 4. Add this Check Point Vendor-Specific Attribute to users in your RADIUS server user configuration file: CP-Gaia-User-Role = <role> Where <role> allowed values are: Administrator Role...
  • Page 276 Configuring Local and Remote System Administrators 3. Add this Check Point Vendor-Specific Attribute to users in your RADIUS server user configuration file: CP-Gaia-User-Role = <role> Where <role> is the name of the administrator role that is defined in the WebUI.
  • Page 277 To configure the Expert mode (Bash) as the default shell, run this command (not recommended): bashUser on To configure the Gaia Clish as the default shell, run this command (recommended): bashUser off Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      277...

  • Page 278: Managing Authentication Servers

    VPN remote access user authentication. When this is the case, additional configuration is necessary in the view > Remote Access section > Remote Access Users page. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      278...

  • Page 279: Radius Server

    1. Click the Users & Objects view > Users Management section > Authentication Servers page. 2. Next to the RADIUS server you want to delete, click the Remove link. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      279...
  • Page 280 Enter the applicable RADIUS groups. 5. Click Apply 6. Configure the remote access permissions for RADIUS users in the view > Remote Access section > Remote Access Users page. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      280...

  • Page 281: Tacacs+ Server

    1. Click the Users & Objects view > Users Management section > Authentication Servers page. 2. Next to the TACACS+ server you want to delete, click the Remove link. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      281...

  • Page 282: Active Directory

    Active Directory. a. Click New. b. Enter the branch in the Branch full DN in the text field. c. Click Apply 5. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      282...
  • Page 283 > Source picker. You cannot select a user from the Active Directory, only an Active Directory user group. You can select a local user. 4. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      283...
  • Page 284 Usually you keep the Selected Active Directory user groups option and configure remote access permissions on the view > Remote Access section > > Remote Access Users page. 4. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      284...

  • Page 285: Managing Applications & Urls

    URLs. What is a category? Each URL is inspected by the Check Point Cloud using the URL Filtering and can be matched to one or more built in categories (for example, phishing sites, high bandwidth, gambling, or shopping, etc.).
  • Page 286 URL to the list. For information on creating a custom application, see above. 5. Click Apply You can use the custom application group in a rule. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      286...

  • Page 287: Managing System Services

    Advanced tab, enter information in the fields that apply to the type of service you selected. Note that not all fields may show depending on the service type. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      287...
  • Page 288 To delete a service: 1. Select the service from the list. Note that you can only delete a user defined service. 2. Click Delete. 3. Click in the confirmation message. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      288...
  • Page 289 2. As you enter text, the list is filtered and shows matching results. Built-in System Services Some built-in services represent Check Point's ability to perform deep inspection of the specific protocol. These system services cannot be deleted. When you edit them, the ports which you configure decide when the deep inspection occurs and you can add or change default ports.

  • Page 290: Managing Service Groups

    To delete a service group: 1. Select the group from the list. Note that you can only delete a user defined service group. 2. Click Delete. 3. Click in the confirmation message. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      290...
  • Page 291 2. As you enter text, the list is filtered and shows matching results. Built-in System Service Groups Some built-in service groups represent Check Point's ability to perform deep inspection of a specific protocol. Such system service groups cannot be deleted. They contain a list of built in services which you can restore if you edit the content of such groups by clicking Reset.

  • Page 292: Managing Network Objects

    Enter the MAC address - This is required for IP reservation. When you create the object from Active Devices page, the MAC address is detected automatically. 6. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      292...
  • Page 293 1. Click New. New Network Object window opens. 2. In Type, select Domain Name. 3. Enter the Domain (an FQDN). 4. Enter the Object name. 5. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      293...
  • Page 294 Type to filter box, enter the name of the network object or part of it. 2. As you enter text, the list is filtered and shows matching results. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      294...
  • Page 295 6. Click Apply Note - You can also do this on the Home > Active Devices page. Click Save as and select Device type Network Object. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      295...

  • Page 296: Managing Network Object Groups

    3. Make the necessary changes. 4. Click Apply To delete a network object group: 1. Select the group from the list. 2. Click Delete. 3. Click in the confirmation message. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      296...
  • Page 297 1. In the Type to filter box, enter the network object group name or part of it. 2. As you enter text, the list is filtered and shows matching results. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      297...

  • Page 298: Logs And Monitoring

    No new logs are generated until you set the resume option. 1. Select Options > Stop local logging. 2. To resume, select Options > Resume local logging. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      298...
  • Page 299 Note - Logs are deleted from the external SD card (if inserted) or from the local logs storage. Logs are not deleted from the remote logs server. The logs are deleted, and the logs grid reloads automatically. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      299...

  • Page 300: Viewing System Logs

    To clear the log list: 1. Click Clear Logs. 2. Click in the confirmation message. To search system logs table: Enter keyword for the log in the text search field. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      300...

  • Page 301: Configuring External Log Servers

    Note - You cannot configure external log servers when Cloud Services is turned on. External Check Point Log Server You can use an external Check Point Log Server that is managed by a Security Management Server for storing additional logs.

  • Page 302: Syslog Server Configuration

    To configure a new external Check Point Log Server when the gateway is connected to Quantum Spark Portal (Cloud): After you initiate traffic from resources behind the gateway, open the Check Point Log Server to verify that you see the logs. For more information, see sk145614.

  • Page 303: Secured Syslog

    Note - When more than one server is defined, the syslog servers appear in a table. Select the syslog server you want to edit and click Edit. To delete the syslog server: 1. Select the syslog server. 2. Click Delete. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      303...

  • Page 304: Notifications

    - Gather upload and download packet rates for active devices. This operation may affect performance. To stop, click Stop Traffic Monitoring. Revoke Certificate - Revokes the certificate assigned to the device. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      304...

  • Page 305: Revoking The Hotspot Access

    6. Click Apply Note - You can also do this from the Users & Objects > Network Objects page. Click New, and then for Type, select Device. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      305...

  • Page 306: Wireless Active Devices

    To revoke a pairing: 1. Select the device name. 2. Click Revoke. 3. In the confirmation window that opens, click Yes. Viewing Infected Devices "Viewing Infected Devices" on page 201 Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      306...

  • Page 307: Viewing Vpn Tunnels

    To refresh the list: Click Refresh to refresh manually this page with updated tunnel information. Note - This page is available from the Logs & Monitoring tabs. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      307...

  • Page 308: Viewing Active Connections

    Destination Port To filter the list: In the Type to filter box, enter the filter criteria. The list is filtered. To refresh the list: Click the Refresh link. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      308...

  • Page 309: Access Points

    Note - The Dr. Spark feature is available as a separate tab starting from R81.10.08. In earlier versions, the Dr. Spark buttons are available on the "Using System Tools" on page 312 page. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      309...
  • Page 310 - This test was not applicable to this appliance. Download Last Prints the last report generated. Report Note - In the R81.10.X releases, this feature is available starting from the R81.10.08 version. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      310...
  • Page 311 VPN-S2S is enabled but no tunnels are up NGTP is active ----CPU and Memory---- Available CPU: 99.61% Available memory on the Gateway: 3943320 KB Fw1 memory consumption: 11% SFWD memory consumption: 181648 KB Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      311...

  • Page 312: Using System Tools

    R81.10.05 version. Test Cloud Opens a popup window that shows the result of the Cloud Services Connectivity Test Services Ports (the output of the Gaia Clish command "test cloud-connectivity"). Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      312...
  • Page 313 Port field, enter the applicable port number (see IANA Service Name and Port Number Registry c. In the Count field, enter the applicable number of packets to capture. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      313...
  • Page 314 Use Wireshark or similar tool to analyze the downloaded capture file. Display DSL Opens popup window that shows the DSL statistics. Statistics Available only on DSL models. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      314...
  • Page 315 When the mini-USB is used as a console connector, Windows OS does not automatically detect and download the driver needed for serial communication. You must manually install the driver. For more information, see sk111713. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      315...

  • Page 316: Snmp

    To edit an existing SNMP v3 user, select the user from the list and click Edit. To delete an SNMP v3 user, select the user from the list and click Delete. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      316...

  • Page 317: Snmp Traps Receivers

    1. In the list of SNMP traps, double-click the name of the trap. SNMP Trap Configuration window opens. 2. Click Enabled. The trap details, including the monitored object, Trap OID and description, show. 3. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      317...
  • Page 318 3. If the trap contains a value, you can edit the threshold value when necessary. 4. Click Apply Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      318...

  • Page 319: Advanced Configuration

    Installing a new firmware image from a USB drive Check Point releases new firmware images every so often. You can install the new default image on the appliance using the image file and a USB drive. Note that you can also upgrade through the WebUI. If the new image supports it, you do not lose your previous settings.

  • Page 320: Upgrade Using An Sd Card

    First the autoconf.clish configuration file is loaded. If there is a configuration file with the same MAC address as the gateway, that file is loaded second. Use the symbol to add comments to the configuration file. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      320...

  • Page 321: Boot Loader

    Power LED turns a constant red. Options 4-5 are explained in the subsequent sections. Option 6 restarts the appliance. Option 8 uploads a preset configuration file. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      321...

  • Page 322: Upgrade Using Boot Loader

    When the upgrade is successfully completed, the Power LED is solid blue, and the appliance waits for you to press a key. Error in the upgrade process is indicated if the Power LED is red. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      322...

  • Page 323: Restoring Factory Defaults

    3. While factory defaults are restored, the Power LED blinks blue to show progress. This takes some few minutes. When this completes, the appliance reboots automatically. Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      323...
  • Page 324 While factory defaults are restored, the Power LED blinks blue to show progress. This takes up to a few minutes. When completed, the appliance boots automatically. To disable the reset to default: Use this CLI command: set additional-hw-settings reset-timeout 0 Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      324...

  • Page 325: Custom Default Image

    Force-bypass - "Bypass". The connection between the DMZ and LAN4 port is forcibly bypassed and the traffic bypasses the appliance regardless of the software status. To switch between Bypass-mechanism modes: Use Clish or WebUI (see below for details). Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      325...

  • Page 326: Configuring Bypass Mode In The Webui

    Configuring Bypass mode in Gaia Clish To display the current (Fonic) Bypass configured mode: show fonic-settings advanced-settings To switch between Active and Bypass mode: set fonic-settings advanced-settings mode Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      326...

  • Page 327: Restful Api

    Session ID token as returned by the login command. x-chkp-sid The x-chkp-sid header is mandatory in all API calls except the login API. Request payload Text in JSON format containing the different parameters. Example: https://192.168.1.1:4434/web-api/login Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      327...

  • Page 328: Response Structure

    A JSON structure with the error details Versioning HTTP Post with a specific version https://<gateway-ip>:<port>/web-api/<version>/<command> If no version is being sent, the latest supported version is used. Example: https://192.168.1.1:4434/web-api/v1/login Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      328...

  • Page 329: Rest Api Commands

    True if the session is read only. String API server version. api-server- version session-timeout Integer Session expiration timeout in minutes. On Failure, HTTP Return code: 400, 401, 500 Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      329...

  • Page 330: Logout

    On Success, HTTP Return code: 200 On Failure, HTTP Return code: 400, 401, 500 (3) Generate-Report Description Generate security report data according to the selected time frame: Hourly/Daily/Weekly/Monthly Request URL POST https://<gateway-ip>:<port>/web-api/generate-report Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      330...

  • Page 331: Run-Clish-Command

    On Failure, HTTP Return code: 400, 401, 500 Example Request "type": "daily", Example Response "reportData": "<report_json_in_base64_format>" (4) Run-Clish-Command Description Run a single Gaia Clish command. Request URL POST https://<gateway-ip>:<port>/web-api/run-clish-command Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      331...
  • Page 332 On Failure, HTTP Return code: 400, 401, 500 Example Request "script": " c2hvdyBwcm94eQ==" Example Response "output": "dXNlLXByb3h5OiAgICAgICAgICAgICAgICAgICAgdHJ1ZQpzZXJ2ZXI6IC AgICAgICAgICAgICAgICAgICAgICAxLjEuMS4xCnBvcnQ6ICAgICAgICAgICAgICAgICAgICAg ICAgIDgwODAKCg==" The script is: show proxy The output is: use-proxy: true server: proxy.checkpoint.com port: 8080 Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide      |      332...

This manual is also suitable for:

Quantum spark 1600Quantum spark 1800

Table of Contents

Save PDF