Check Point 770 Getting Started Manual
  1. Manuals
  2. Brands
  3. Check Point Manuals
  4. Network Hardware
  5. 770
  6. Getting started manual

Check Point 770 Getting Started Manual

Locally managed
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Check Point 770/790
Appliance
Locally Managed
Getting Started Guide
Models: L-72, L-72W, L-72P Classification: [Protected] P/N 707411

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 770 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Check Point 770

Summary of Contents for Check Point 770

  • Page 1 Check Point 770/790 Appliance Locally Managed Getting Started Guide Models: L-72, L-72W, L-72P Classification: [Protected] P/N 707411...
  • Page 2 Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
  • Page 3 To learn more, visit the Check Point Support Center http://supportcenter.checkpoint.com. Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments mailto:cp_techpub_feedback@checkpoint.com?subject=Feedba ck on Check Point 770/790 Appliance Locally Managed Getting Started Guide.

  • Page 4: Health And Safety Information

    To reduce potential safety issues with the DC power source, only use one of these: • The AC adapter supplied with the appliance • A replacement AC adapter supplied by Check Point • An AC adapter purchased as an accessory from Check Point...
  • Page 5 To prevent damage to any system, it is important to handle all parts with care. These measures are generally sufficient to protect your equipment from static electricity discharge: • Restore the communications appliance system board and peripherals back into the antistatic bag when they are not in use or not installed in the chassis.
  • Page 6 For California: Perchlorate Material - special handling may apply. See http://www.dtsc.ca.gov/hazardouswaste/perchlorate The foregoing notice is provided in accordance with California Code of Regulations Title 22, Division 4.5, Chapter 33. Best Management Practices for Perchlorate Materials. This product, part, or both may include a lithium manganese dioxide battery which contains a perchlorate substance.
  • Page 7 YX may be any alphanumeric character. When Y is "P" indication is PoE function. Product Options: 770 Wired, 770 WiFi, 770 PoE 790 Wired, 790 WiFi, 790 PoE Date First Applied: April 2016 Conform to the following Product Specifications: RF/Wi-Fi (* marked model)
  • Page 8 Certification Type CE EMC, European Standard EN 55032 & EN 55024. EN61000-3-2:2014, Class A EN61000-3-3:2013 EN61000-4-2:2009 EN61000-4-3:2006+A1:2008+A 2:2010 EN61000-4-4:2012 EN61000-4-5:2014 EN61000-4-6:2014 EN61000-4-11:2004 AS/NZS CISPR 22:2009+A1 2010 Class B FCC part 15B , 47 CFR subpart B , Class B ICES-003:2012 Issue 6 Class B ANSI C63.4:2014 VCCI, V-3/2015.4 Class B, V4/2012.04...
  • Page 9 Certification Type Draft ETSI EN 301 489-1 V2.2.0 (2017-03) Draft ETSI EN 310 489-17 V3.2.0 (2017-03) CE LVD: EN 60950-1 Safety UL/c-UL: UL 60950-1 Safety CB IEC 60950-1 Safety AS/NZS 60950-1 Safety ETSI EN 300 328 V2.2.1:2016 RF/Wi-Fi * ETSI EN 301 893 V2.1.1 (2017-05) RF exposure EN62311:2008, RF/Wi-Fi *...
  • Page 10 Certification Type Canada RSS-247 Issue 1 RF/Wi-Fi * (2015-05) Canada RSS-Gen Issue 4 (2014-11) ANSI C63.10:2013 47 CFR FCC Part15, Subpart C RF/Wi-Fi * (section 15.247) ANSI C63.10:2013 FCC Part 2 (Section2.1091) RF/Wi-Fi * KDB 447498 D01 47 CFR FCC Part 15, Subpart E RF/Wi-Fi * (Section 15.407) ANSI C63.10:2013...
  • Page 11 Federal Communications Commission (FCC) Statement: This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) This device must accept any interference received, including interference that may cause undesired operation.
  • Page 12 FCC Caution: • Any changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate this equipment. • This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. Radiation Exposure Statement This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment.
  • Page 13 Le présent appareil est conforme aux CNR d'Industrie Canada applicables aux appareils radio exempts de licence. L'exploitation est autorisée aux deux conditions suivantes: 1. L'appareil ne doit pas produire de brouillage, et 2. L'utilisateur de l'appareil doit accepter tout brouillage radioélectrique subi, même si le brouillage est susceptible d'en compromettre le fonctionnement.
  • Page 14 2. The maximum antenna gain permitted for devices in the bands 5250-5350 MHz and 5470-5725 MHz shall comply with the e.i.r.p. limit; and 3. The maximum antenna gain permitted for devices in the band 5725-5825 MHz shall comply with the e.i.r.p. limits specified for point-to-point and non point-to-point operation as appropriate.
  • Page 15 clairement indiqués. (Pour 5G B2 avec les périphériques DFS uniquement) 5. De plus, les utilisateurs devraient aussi être avisés que les utilisateurs de radars de haute puissance sont désignés utilisateurs principaux (c.-à-d., qu’ils ont la priorité) pour les bandes 5250-5350 MHz et 5650-5850 MHz et que ces radars pourraient causer du brouillage et/ou des dommages aux dispositifs LAN-EL.
  • Page 16 Product Disposal This symbol on the product or on its packaging indicates that this product must not be disposed of with your other household waste. Instead, it is your responsibility to dispose of your waste equipment by handing it over to a designated collection point for the recycling of waste electrical and electronic equipment.

  • Page 17: Informations Relatives À La Santé Et À La Sécurité

    Informations relatives à la santé et à la sécurité Avant de mettre en place ou d'utiliser l'appareil, veuillez lire ces avertissements. Avertissement : ne pas obturer les aérations. Il faut laisser au moins 1,27 cm d'espace libre. Avertissement : cet appareil ne contient aucune pièce remplaçable par l'utilisateur.
  • Page 18 • Un adaptateur secteur acheté en tant qu'accessoire auprès de Check Point Pour éviter d'endommager tout système, il est important de manipuler les éléments avec soin. Ces mesures sont généralement suffisantes pour protéger votre équipement contre les décharges d'électricité statique : •...
  • Page 19 • Ne pas court-circuiter la pile au lithium : elle risque de surchauffer et de causer des brûlures en cas de contact. • Ne pas faire fonctionner le processeur sans refroidissement. Le processeur peut être endommagé en quelques secondes. Pour la Californie : Matériau perchloraté...
  • Page 20 L-72, L-72W *, L-72PL-72(Y)XX YX peut être un caractère alphanumérique. Lorsque Y est "P" indication est fonction Options de produit : 770, 770 Wi-Fi, 770 PoE 790, 790 Wi-Fi, 790 PoE Date de demande initiale : Avril 2016 Sont conformes aux normes produit suivantes :...
  • Page 21 Certification Type CE EMC, Norme européenne EN 55032 & EN 55024 EN61000-3-2:2014, Classe A EN61000-3-3:2013 EN61000-4-2:2009 EN61000-4-3:2006+A1:2008+A 2:2010 EN61000-4-4:2012 EN61000-4-5:2014 EN61000-4-6:2014 EN61000-4-11:2004 AS/NZS CISPR 22:2009+A1 2010 Classe B FCC partie 15B, 47 CFR sous-partie B, Classe B ICES-003:2012 Édition 5 Classe B ANSI C63.4:2014 VCCI, V-3/2015.4 Classe B,...
  • Page 22 Certification Type Draft ETSI EN 301 489-1 V2.2.0 (2017-03) Draft ETSI EN 310 489-17 V3.2.0 (2017-03) CE LVD : EN 60950-1 Sécurité UL/c-UL : UL 60950-1 Sécurité CB IEC 60950-1 Sécurité AS/NZS 60950-1 Sécurité ETSI EN 300 328 V2.2.1: 2016 RF/Wi-Fi * ETSI EN 301 893 V2.1.1 (2017-05)
  • Page 23 Certification Type Canada RSS-247 Édition 1 RF/Wi-Fi * (2015-05) Canada RSS-Gen Édition 4 (2014-11) ANSI C63.10:2013 47 CFR FCC Partie 15, RF/Wi-Fi * Sous-partie C (section 15.247) ANSI C63.10:2013 FCC Partie 2 (Section 2.1091) RF/Wi-Fi * KDB 447498 D01 47 CFR FCC Partie 15, RF/Wi-Fi * Sous-partie E (Section 15.407) ANSI C63.10:2013...
  • Page 24 Déclaration à la Federal Communications Commission (FCC) : Ce dispositif est conforme à la section 15 des réglementations de la FCC. Son fonctionnement est soumis aux deux conditions suivantes : (1) Cet appareil ne doit pas causer d'interférence préjudiciable et (2) Cet appareil doit tolérer toute interférence reçue, y compris celles qui pourraient causer un fonctionnement indésirable.
  • Page 25 FCC Attention • Tout changement ou modification non expressément approuvé par la partie responsable de la conformité pourrait empêcher l’utilisateur autorisé de faire fonctionner cet appareil. • Cet émetteur ne doit pas être installé ou utilisé en conjonction avec d'autres antennes ou émetteurs. Déclaration à...
  • Page 26 Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. Cet appareil et son antenne ne doivent pas être situés ou fonctionner en conjonction avec une autre antenne ou un autre émetteur, exception faites des radios intégrées qui ont été testées.
  • Page 27 radars pourraient causer du brouillage et/ou des dommages aux dispositifs LAN-EL. Déclaration de conformité de classe B pour le Japon : Directive de l'Union européenne relative à la compatibilité électromagnétique Ce produit est certifié conforme aux exigences de la directive du Conseil concernant le rapprochement des législations des États membres relatives à...
  • Page 28 Mise au rebut du produit Ce symbole apposé sur le produit ou son emballage signifie que le produit ne doit pas être mis au rebut avec les autres déchets ménagers. Il est de votre responsabilité de le porter à un centre de collecte désigné pour le recyclage des équipements électriques et électroniques.

  • Page 29: Table Of Contents

    ..............48 ....................49 Cloud Services .................49 Configuring Check Point 770/790 Appliance Workflow ..................51 Setting up the Check Point 770/790 Appliance ....52 Connecting the Cables ............52 About the PoE ................53 Using the First Time Configuration Wizard Starting the First Time Configuration Wizard...
  • Page 30 Welcome .................. 55 Authentication Details ............56 Appliance Date and Time Settings ........57 Appliance Name ..............58 Internet Connection .............. 59 Local Network ................ 62 Wireless Network ..............64 Administrator Access ............65 Appliance Activation .............. 67 Software Blade Activation ...........
  • Page 31 Creating a Permanent Access Rule ........82 Blocking Access for Users or Groups ........84 Configuring Threat Prevention Cyber Threats ................85 Enabling/Disabling Threat Prevention Control ....86 IPS Security Levels ..............87 Changing the Anti-Virus, Anti-Bot and Threat Emulation Policy ..................88 Scheduling Blade Updates ...........89 Configuring the Anti-Spam Blade ........90...
  • Page 32 Guest Network Configuring a Guest Network ..........106 Monitoring and Reports Viewing Monitoring Reports ..........107 Viewing Security Reports ............108 Viewing System Logs ............109 Getting Support Support ..................111 Where to From Here ............112...

  • Page 33: Introduction

    ..............................................Cloud Services ......................Thank you for choosing Check Point's Internet Security Product Suite. Check Point products provide your business with the most up to date and secure solutions available today. Check Point also delivers worldwide technical services including educational, professional, and support services...

  • Page 34: Before You Get Started

    For more information about the Check Point 770/790 Check Point 600/700 Appliance Appliance, see the Administration Guide. For more technical information, go to: http://support.checkpoint.com Before You Get Started Review these documents before doing the procedures in this guide: • Release Notes •...

  • Page 35: Shipping Carton Contents

    2 standard network cables • 1 serial console cable • 1 mini USB console cable • Wall mount kit (screws and plastic anchors) Check Point 770/790 Appliance Quick Start • Guides Guide Check Point 770/790 Appliance Getting • Started Guide...

  • Page 36: Appliance Diagrams And Specifications

    Appliance Diagrams and Specifications The Check Point 770 Appliance has 3 cores, and the Check Point 790 Appliance has 4. Otherwise, they are very much alike. These are the Check Point 770/790 Appliance models: • Wired • Wireless (WiFi) •...

  • Page 37: Front Panel

    Front Panel Wired Model WiFi Model...
  • Page 38 Item Description USB1 and USB ports that are used for: USB2 ports • Cellular and analog modems. • Reinstalling the appliance with new firmware. • Running a first-time configuration script. • Green when the appliance is turned on. Power LED •...
  • Page 39 Item Description LAN1 - Speed Indicator: LAN16, DMZ, • Orange when the port speed is 1000 Mbps. WAN LEDs • Green when the port speed is 100 Mbps. • Not lit when the port speed is 10 Mbps. Activity Indicator: •...
  • Page 40 PoE Wired Model Item Description USB1 and USB 3.0 ports that are used for: USB2 ports • Cellular and analog modems. • Reinstalling the appliance with new firmware. • Running a first-time configuration script. • Green when the appliance is turned on. Power LED •...
  • Page 41 Item Description • Blinking green when trying to connect to the Internet LED Internet. • Green when connected to the Internet. • Blinking red when the Internet connection is configured but fails to connect. LAN1-LAN16, Speed Indicator: • Orange when the port speed is 1000 Mbps. DMZ: •...

  • Page 42: Back Panel

    Back Panel Wired Model WiFi Model...
  • Page 43 For more information on how to restore factory defaults, see Check Point 600/700 Appliance Administration Guide PWR+12VDC Connects to the power supply's cable. Note - The power cable must be securely screwed in to the appliance.
  • Page 44 Item Description LAN1 - LAN16 RJ45 Ethernet ports. ports Ground (Earth) Functional grounding.
  • Page 45 PoE Wired Model Item Description LAN1-LAN12 RJ45 Ethernet ports. ports Ground (Earth) Functional grounding. LAN13-LAN16 Serves as Power Sourcing Equipment (PSE). Total power budget is 62W maximum. By default, the PoE port automatically provides power when a compliant PD is connected. PoE supports up to four standard 802.3af devices or up to two standard 802.3at devices.
  • Page 46 Button factory defaults. The button is recessed into the appliance chassis to prevent accidental restoring of factory default settings. For more information on how to restore factory defaults, see Check Point 600/700 Appliance Administration Guide WAN port RJ45 Ethernet port.

  • Page 47: Check Point Software Blades Overview

    Check Point Software Blades Overview The available Check Point Software Blades can be divided into these major groups: • Access Policy • Threat Prevention •...

  • Page 48: Access Policy

    Access Policy The Access Policy has these features: • Firewall - Makes sure that only allowed traffic enters the company's network. Other traffic is blocked before it enters. Application Control and URL Filtering - Makes sure that • only authorized applications are used on the network and only allowed websites can be accessed.

  • Page 49: Vpn

    • multiple sites in your network. Cloud Services Cloud Services lets you connect your Check Point 770/790 Appliance to a Cloud Services Provider that uses a Web-based application to manage, configure, and monitor the appliance. See Setting up Cloud Services (on page 101).

  • Page 51: Configuring Check Point 770/790 Appliance

    Workflow This is the recommended workflow for configuring Check Point 770/790 Appliance: 1. Setting up the Check Point 770/790 Appliance (on page 52). 2. Connecting the cables (on page 52). 3. Configuring the appliance with the First Time Configuration Wizard.

  • Page 52: Setting Up The Check Point 770/790 Appliance

    Setting up the Check Point 770/790 Appliance 1. Remove the Check Point 770/790 Appliance from the shipping carton and place it on a tabletop. 2. Identity the network interface marked as LAN1. This interface is preconfigured with the IP address 192.168.1.1.

  • Page 53: About The Poe

    About the PoE The PoE wired model is in 770/790 appliances only. The PoE switch is a type of PSE (Power Sourcing Equipment), and delivers power to the PD (Powered Devices) end point. By default, the PoE port automatically provides power when a compliant PD is connected.

  • Page 54: Using The First Time Configuration Wizard

    Starting the First Time Configuration Wizard To configure the Check Point 770/790 Appliance for the first time after you complete the hardware setup, use the First Time Configuration Wizard. If you do not complete the wizard because of one of these...

  • Page 55: Welcome

    To open the WebUI, enter one of these addresses in the browser: • http://my.firewall • http://192.168.1.1:4434 If a security warning message shows, confirm it and continue. The First Time Configuration Wizard runs. Welcome The Welcome page introduces the product.

  • Page 56: Authentication Details

    Note that only English is allowed as the input language. Authentication Details In the Authentication Details page, enter the required details to log in to the Check Point 770/790 Appliance WebUI application or if the wizard terminates abnormally: • Administrator Name - We recommend that you change the default "admin"...

  • Page 57: Appliance Date And Time Settings

    Appliance Date and Time Settings In the Appliance Date and Time Settings page, configure the appliance's date, time, and time zone settings manually or use the Network Time Protocol option. When you set the time manually, the host computer's settings are used for the default date and time values.

  • Page 58: Appliance Name

    Appliance Name In the Appliance Name page, enter a name to identify the Check Point 770/790 Appliance, and enter a domain name (optional). When the gateway performs DNS resolving for a specified object’s name, the domain name is appended to the object name.

  • Page 59: Internet Connection

    Internet Connection In the Internet Connection page, configure your Internet connectivity details or select Configure Internet connection later. To configure Internet connection now: 1. Select Configure Internet connection now. 2. From the Connection Protocol drop down list, select the protocol used to connect to the Internet. 3.
  • Page 60 • DHCP - Dynamic Host Configuration Protocol (DHCP) automatically issues IP addresses within a specified range to devices on a network. This is a common option when you connect through a cable modem. PPPoE (PPP over Ethernet) - A network protocol for •...
  • Page 61 WebUI application, under Device > DNS. We recommend that you configure the DNS since Check Point 770/790 Appliance needs to perform DNS resolving for different functions. For example, to connect to Check Point User Center during license activation or when Application Control, Web Filtering, Anti-Virus, or Anti-Spam services are enabled.

  • Page 62: Local Network

    To test your ISP connection status: Click Connect. The appliance connects to your ISP. Success or failure shows at the bottom of the page. Local Network In the Local Network page, select to enable or disable switch on LAN ports and configure your network settings. By default, they are enabled.
  • Page 63 include predefined static IPs in your network. Set the exclusion range for IP addresses that should not be defined by the DHCP server. The appliance's IP address is automatically excluded from the range. For example, if the appliance IP is 1.1.1.1, the range also starts from 1.1.1.1, but will exclude its own IP address.

  • Page 64: Wireless Network

    Wireless Network This applies to Wireless Network models only. In the Wireless Network page, configure wireless connectivity details. When you configure a wireless network, you must define a network name (SSID). The SSID (service set identifier) is a unique string that identifies a WLAN network to clients that try to open a wireless connection with it.

  • Page 65: Administrator Access

    For example, if the radio is set to a 5 GHz band, the wireless client cannot connect to 2.4 GHz band networks. Administrator Access In the Administrator Access page, configure if administrators can use Check Point 770/790 Appliance from a specified IP address or any IP address.
  • Page 66 • Internet - Clear traffic from the Internet (not recommended). 2. Select the IP address from which the administrator can access Check Point 770/790 Appliance: • Any IP address • Specified IP addresses only •...

  • Page 67: Appliance Activation

    Appliance Activation The appliance can connect to the Check Point User Center to pull the license information and activate the appliance. You must register the appliance in your Check Point User Center account. If you don't already have an account, you must create one.
  • Page 68 License activation is not completed. • The registration information for your MAC address can't be found in the Check Point User Center. To activate your appliance later In the WebUI, go to Home > License > Activate License. To configure a proxy server: 1.
  • Page 69 7. You will be notified that you successfully activated the appliance. The next page shows the license status for each blade.

  • Page 70: Software Blade Activation

    Software Blade Activation Select the software blades to activate on this Check Point 770/790 Appliance. QoS (bandwidth control) can only be activated from the WebUI after completing the First Time Configuration Wizard.

  • Page 71: Summary

    Summary The Summary page shows the details of the elements configured with the First Time Configuration Wizard. Click Finish to complete the First Time Configuration Wizard. The WebUI opens on the Home > System page. To back up the system configuration in the WebUI: Go to Device >...

  • Page 73: Basic System Configuration

    CHAPTER 3 Basic System Configuration In This Section: Threat Prevention Updates ..................Firmware Upgrades ....................Internet Connectivity ....................Licensing ........................Backup and Restore ....................Do these configurations after you complete the First Time Configuration Wizard and log in to the appliance. Threat Prevention Updates Click the status bar at the bottom of the WebUI to see updates.

  • Page 74: Firmware Upgrades

    3. Select Recurrence: • Daily • Weekly • Monthly 4. Click Apply. Firmware Upgrades To see notifications of available upgrades: 1. Click the status bar. We recommend you configure automatic upgrades. 2. Move the cursor over the notification to show the version number.

  • Page 75: Internet Connectivity

    If you are not connected, go to Devices > Internet. Licensing You must first register the appliance in your Check Point User Center account. If you do not have a User Center account, you must create one to receive support and updates.

  • Page 76: Backup And Restore

    MAC address • Registration key 4. Select Hardware Platform. 5. In Hardware Model, select Check Point 770/790 Appliance. 6. Click Activate License. You are notified when you successfully activate the appliance. If changes are made to your license, click Reactivate to get the updated license information.

  • Page 77: Configuring Access Policy

    Creating a Permanent Access Rule ............... Blocking Access for Users or Groups ..............Configuring Firewall Policy Your Check Point 770/790 Appliance is assigned a Firewall policy. To manually change the policy: 1. Go to Access Policy > Firewall Blade Control. 2. Select an action: •...
  • Page 78 These are the security levels: • Standard (Default) - Allows outgoing traffic on configured services, and traffic between internal and trusted wireless networks. Blocks incoming unencrypted traffic. • Strict - Blocks all traffic in all directions. Off - Allows all traffic. Manually defined rules are not •...

  • Page 79: Setting Outgoing Services

    Setting Outgoing Services To set outgoing services in a Standard policy: Click all services. To allow specified services only: 1. Click Block all outgoing services except the following. 2. Select the services to allow. To allow all services 1. Click Allow all outgoing services. 2.

  • Page 80: Configuring Access Policy

    • Botnet • Spam • Anonymizer • Hacking This option is selected by default. Block inappropriate content - Lets you block access to • websites with inappropriate content like pornography, violence, gambling and alcohol. • Block file sharing applications - Lets you block file-sharing from sources that use torrents and peer-to-peer (P2P) applications.

  • Page 81: Blocking Specific Applications Or Urls

    3. Select the applications and URLs to block. 4. Click Apply. Blocking Specific Applications or URLs To customize your access policy: 1. Go to Users & Objects > Applications & URLs. 2. Click Applications Default Policy or Applications Blade Control page.

  • Page 82: Creating A Permanent Access Rule

    3. Select Custom or New to enter a specified application or URL to block. 4. Click Apply. For more information on application and URL control, see the Check Point 600/700 Appliance Administration Guide or the online help from the top right corner of your WebUI. Creating a Permanent Access Rule A Permanent Access Rule is used to make exceptions to the default category definitions for specified users or groups.
  • Page 83 5. In the Add Rule window, click Any in the Application column. 6. From the Common or Custom filter, select a URL or application to apply to the rule. Click New at the bottom of this window, and then select URL or Application to enter a customized URL or application.

  • Page 84: Blocking Access For Users Or Groups

    Blocking Access for Users or Groups To block internet access for users or groups: 1. Complete steps 1 to 4 in Creating a Permanent Access Rule (on page 82). 2. Make sure Any is selected in the Application column and Block is selected in the Action column.

  • Page 85: Configuring Threat Prevention

    Examples include worms, blended threats (combinations of malicious code and vulnerabilities for infection and dissemination) and Trojans. To challenge today's malware landscape, Check Point's comprehensive Threat Prevention solution offers a multi-layered, pre- and post-infection defense approach and a consolidated platform that enables enterprise security to deal with modern malware.

  • Page 86: Enabling/Disabling Threat Prevention Control

    The Intrusion Prevention System (IPS) blocks potentially malicious attempts to exploit known vulnerabilities in files and network protocols. The Anti-Virus engine blocks viruses that pass through web and mail traffic (HTTP and SMTP) as well as through the File Transfer Protocol (FTP). The Anti-Bot engine detects bot-infected machines and blocks bot Command and Control communications.

  • Page 87: Ips Security Levels

    the next synchronization between the gateway and Cloud Services. IPS Security Levels Select the level of IPS protection you want: • Typical - Most suitable for small or medium sized businesses and provides the best mixture of security and performance. •...

  • Page 88: Changing The Anti-Virus, Anti-Bot And Threat Emulation Policy

    Changing the Anti-Virus, Anti-Bot and Threat Emulation Policy Anti-Virus, Anti-Bot, and Threat Emulation share the same policy. Your Check Point 770/790 Appliance is configured to manage a standard policy. To manually change the policy: Go to Threat Prevention > Engine Settings.

  • Page 89: Scheduling Blade Updates

    Scheduling Blade Updates The Blade Control page also shows the update status: • Up to date • Updated service unreachable - Usually caused by a loss in Internet connectivity. Check your Internet connection in the Device > Internet page and contact your ISP if the problem continues.

  • Page 90: Configuring The Anti-Spam Blade

    1. Go to Threat Prevention > Anti-Spam Blade Control. 2. Select On or Off. 3. Click Apply. Configuring the Anti-Spam Policy Your Check Point 770/790 Appliance is configured to manage a typical Anti-Spam Policy. To change this policy, see Configuring Anti-Spam Exceptions (on page 92).
  • Page 91 The spam filter can identify spam emails by their source address (default), or by email content. To configure your appliance to inspect email content: 1. Go to Threat Prevention > Anti-Spam Blade Control. 2. Click Email content. 3. Select one or more of these actions: Block spam emails.

  • Page 92: Configuring Anti-Spam Exceptions

    Anti-Spam Blade control page to apply Anti-Spam policies. For more information on Anti-Spam Blade control options, see Check Point 600/700 Appliance Administration Guide or the online help from the top right-hand corner of your WebUI. Configuring Anti-Spam to...

  • Page 93: Setting Up Users And Administrators

    CHAPTER 6 Setting up Users and Administrators In This Section: Configuring Local System Administrators ............Editing Information of Locally Defined Administrators ........Deleting a Locally Defined Administrator ............. Configuring Local Users ................... Granting Remote Access Permissions ..............Editing a Specific User or Group ................

  • Page 94: Configuring Local System Administrators

    Configuring Local System Administrators We recommend you configure your system so an administrator can log in from a specific network only. To configure local system Administrators: 1. Go to Device > Administrators. 2. Click New. The Add Administrator window opens. 3.

  • Page 95: Editing Information Of Locally Defined Administrators

    Editing Information of Locally Defined Administrators To edit information of locally defined administrators: 1. Go to Device > Administrators. 2. Select the administrator and click Edit. 3. Edit the information. 4. Click Apply. Note - Only administrators with full access privileges can edit administrators.

  • Page 96: Deleting A Locally Defined Administrator

    Deleting a Locally Defined Administrator To delete a locally defined administrator: 1. Go to Device > Administrators. 2. Select the administrator and click Delete. 3. Click Yes in the confirmation window. Note - You cannot delete an administrator who is logged in. Configuring Local Users User profiles define how users can operate within the network: •...
  • Page 97 8. Click Apply. The user is added to the table in the Users window.

  • Page 98: Granting Remote Access Permissions

    Granting Remote Access Permissions To add a new local users group and grant remote access permissions: 1. Go to Users & Objects > Users. 2. Click the arrow on the New button and select Users Group. 3. Enter a group name. 4.

  • Page 99: Editing A Specific User Or Group

    Editing a Specific User or Group To edit a specific user or group: 1. Go to Users & Objects > Users. 2. Select the user or group from the list. 3. Click Edit. 4. Edit the information. 5. Click Apply. Deleting a User or Group To delete a user or group: 1.

  • Page 101: Setting Up Cloud Services

    In This Section: Connecting to Cloud Services ................Cloud Services lets you connect your Check Point 770/790 Appliance to a Cloud Services that uses a Web-based application to manage, configure, and monitor the appliance. This lets your appliance be remotely serviced by your managed services provider.

  • Page 102: Connecting To Cloud Services

    Connecting to Cloud Services To automatically connect to Cloud Services: 1. In the email that the Security Gateway owner gets from the Cloud Services Provider, click the activation link. After you log in, a window opens and shows the activation details sent in the email.
  • Page 103 Click Apply to connect. Your appliance will connect to smbmgmt.provisioning.local&Sample-Gateway.domain.Prime (Gateway ID) using the key 6382020 (registration key). Thank you, Service Center security team When connectivity is established, the Cloud Services section at the top of the page shows: • The date of the synchronization •...

  • Page 105: Guest Network

    In This Section: Configuring a Guest Network ................Your Check Point security appliance lets you provide guest Internet access without giving access to your local network. When you configure a guest network with a Hotspot, you can monitor users that connect through your guest network.

  • Page 106: Configuring A Guest Network

    Configuring a Guest Network To configure a guest network: 1. Go to Device > Wireless. 2. Click Guest. 3. Select Use Hotspot. 4. Set Wireless Security to Unprotected or Protected. 5. In the Access Policy tab, set the access and log policy options.

  • Page 107: Monitoring And Reports

    PTER 9 Monitoring and Reports In This Section: Viewing Monitoring Reports ................... Viewing Security Reports ..................Viewing System Logs ....................Viewing Monitoring Reports The Monitoring page shows statistics for security events and network analysis. When you enter this page, the latest data shows.

  • Page 108: Viewing Security Reports

    Viewing Security Reports The Reports page shows security reports for the time frame you specify. Security events include: • High Risk Applications - The number of potentially risky applications accessed. Infected Hosts - The number of infected hosts or servers •...

  • Page 109: Viewing System Logs

    2. Click View Details to get more information on the highlighted log. For more information on Reports, Logs, and Monitoring, see Check Point 600/700 Appliance Administration Guide or the online help from the top right-hand corner of your WebUI.

  • Page 111: Getting Support

    In This Section: Support ........................Where to From Here ....................Support For technical assistance, contact Check Point 24 hours a day, seven days a week at: • +1 972-444-6600 (Americas) • +972 3-611-5100 (International) When you contact support, you must provide your MAC address.

  • Page 112: Where To From Here

    Where to From Here You have now learned the basics that are necessary to begin using your Check Point 770/790 Appliance. For more information about the Check Point 770/790 Appliance Check Point 600/700 Appliance Administration and links to the Guide , go to the Check Point Support Center (http://www.checkpoint.com/cp600) where you can find all...

This manual is also suitable for:

790L-72L-72wL-72p

Table of Contents