Page 1 18 April 2021 QUANTUM SPARK 1500, 1600 AND 1800 APPLIANCE SERIES R80.20.25 Locally Managed Administration Guide...
Page 2 Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
Page 3 Please help us by sending your comments Revision History Date Description "SNMP" on page 277 18 April 2021 Updated 05 April 2021 First release of this document Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 3...
Page 4: Table Of Contents
Configuring VPN Configuring Remote Access VPN Introduction Prerequisites Remote Access Configuration L2TP VPN Client configuration Configuring Site to Site VPN with a Preshared Secret Introduction Prerequisites Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 4...
Page 5 Viewing the Site Map Notifications Managing Active Devices Viewing Monitoring Data Network Troubleshooting Viewing Reports Using System Tools Managing the Device Configuring Internet Connectivity Configuring the Internet Connectivity Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 5...
Page 6 Using the Software Upgrade Wizard Welcome Upload Software Upgrade Settings Upgrading Backing up the System Configuring Local and Remote System Administrators Configuring Administrator Access Managing Device Details Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 6...
Page 7 Advanced - Creating and Editing NAT Rules Working with User Awareness Configuring the QoS Blade Working with QoS Policy SSL Inspection Policy SSL Inspection Deploying SSL Inspection Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 7...
Page 8 DNS Servers for Remote Access users DNS Domain Name SSL VPN bookmarks Configuring the Site to Site VPN Blade Configuring VPN Sites Configuring Advanced Site to Site Community Settings Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 8...
Page 9 External Syslog Server Configuration Secured Syslog Notifications Managing Active Devices Wireless Active Devices Paired Mobile Devices Viewing Infected Devices Viewing VPN Tunnels Viewing Active Connections Access Points Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 9...
Page 10 SNMP Traps for Hardware Sensors Advanced Configuration Upgrade Using a USB Drive Upgrade Using an SD Card Boot Loader Upgrade Using Boot Loader Restoring Factory Defaults Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 10...
Page 11: Quantum Spark 1500, 1600 And 1800 Appliance Series Overview
Note - Some topics only apply to specific appliances or models. Appliance Appliance Model Homepage 1530 / 1550 V-80 Wired, V-80W WiFi sk157412 1570 / 1590 V-81 Wired, V-81W WiFi, V-81WL WiFi-LTE, V-81WD WiFi- sk157412 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 11...
Page 12 Review these materials before doing the procedures in this guide: R80.20.25 SMB Release Notes Known Limitations Resolved Issues Getting Started Guide Small Business Security video channel home page See the SMB R80.20.25 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 12...
Page 13: Setting Up The Quantum Spark Appliance
1. Remove the Quantum Spark Appliance from the shipping carton and place it on a tabletop. 2. Identity the network interface marked as LAN1. This interface is preconfigured with the IP address 192.168.1.1. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 13...
Page 14: Connecting The Cables
3. Connect the standard network cable to the LAN1 port on the appliance and to the network adapter on your PC. Note - Wait 10 seconds between power cycles (off and on). Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 14...
Page 15: First Time Deployment Options
"Zero Touch Cloud Service" on page 16 "Deploying from a USB Drive or SD Card" on page 17 Note - SD card deployment is supported only in 1570 / 1590 appliances. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 15...
Page 16: Zero Touch Cloud Service
After the gateway downloads and successfully applies the settings, it does not connect to the Zero Touch server again. sk116375 R80.20 ZeroTouch Web Portal For more information on how to use Zero Touch, see and the Administration Guide Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 16...
Page 17: Deploying From A Usb Drive Or Sd Card
First the autoconf.clish configuration file is loaded. If there is a configuration file with the same MAC address as the gateway, that file is loaded second. Use the symbol to add comments to the configuration file. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 17...
Page 18: Deploying The Configuration File - Initial Configuration
Note - The USB LED is red when there is a problem running the configuration script. Turn off the Quantum Spark Appliance and confirm that the configuration files are formatted correctly. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 18...
Page 19: Deploying The Configuration File - Existing Configuration
After the Quantum Spark Appliance is successfully configured from a USB drive, a log is created. The log file is called: autonconf.<MAC Address>.<timestamp>.<log> The log file is created in the USB root directory and in /tmp on the appliance. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 19...
Page 20: Troubleshooting Configuration Files
However, not all of the settings from the failed configuration file show in the First Time Configuration Wizard. Best Practice - Check Point recommends that you do not use the First Time Configuration Wizard to configure an appliance when the configuration file fails. Restore the default settings to a partially configured appliance before you use the First Time Configuration Wizard to ensure that the appliance is configured correctly.
Page 21: Sample Configuration Log With Error
The appliance only runs the next configuration script from a USB drive. set property USB_auto_configuration any The appliance always runs configuration scripts from a USB drive. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 21...
Page 22: Configuration And Upgrade Scenarios
1. In the WebUI, go to the Home Cloud Services > page. "Configuring Cloud Services" on page 40 2. Follow the Connect to Cloud Services procedure in Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 22...
Page 23: Configuring A Guest Network
Note - You are shown the Hotspot portal one time in the given timeout period. The default timeout period is 4 hours. User activity on this network is logged with user names if the Log traffic option was selected. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 23...
Page 24: Configuring Vpn
If the gateway uses a dynamic IP address, we recommend you use the DDNS feature. See "Configuring DDNS and Access Service" on page 106 For the Check Point VPN client or Mobile client method, make sure that the applicable client is How to connect installed on the hosts.
Page 25: L2Tp Vpn Client Configuration
"Configuring Advanced Remote Access Options" on page 219 Monitoring To make sure Remote Access is working: Use the configured client to connect to an internal resource from a remote host. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 25...
Page 26: Configuring Site To Site Vpn With A Preshared Secret
VPN encryption settings must be the same on both sides (the local gateway and the peer gateway). This is especially important when you use the Custom encryption option. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 26...
Page 27: Configuration
Certificates" on page 108 5. Make sure that the CA is installed on both of the gateways. Use the "Managing Trusted option in CAs" on page 235 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 27...
Page 28: Monitoring
1. Pass traffic between the local and peer gateway. 2. Go to VPN Tunnels "Viewing VPN Tunnels" on page 231 > to monitor the tunnel status. See Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 28...
Page 29: Managing Clusters
Configure Cluster 3. Follow the wizard steps and configure the appliance as a primary member. For more information, "Configuring High Availability" on page 112 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 29...
Page 30: Upgrading A Cluster
Note - The upgrade process is the same for each cluster member. Only manual upgrade is supported. After the reboot: The former active member is now the standby member. The former standby member is now the active member. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 30...
Page 31 2. Follow the Wizard instructions to upgrade the cluster member. The upgrade process automatically reboots the member. To see the status of each cluster member: Device High Availability Go to > Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 31...
Page 32: Configuring Qos
A default QoS policy that requires defining only a number of parameters. See QoS Blade" on page 177 Define manual rules for further granularity if necessary in Access Policy > > Policy "Working with QoS Policy" on page 179 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 32...
Page 33: Enabling Voip Traffic
Service - SIP Action - Accept "Working with the Firewall Access Policy" on page 156 For more information, see 3. Optional - Configure a log for this rule. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 33...
Page 34: Appliance Configuration
Note - If the locale of a user matches a localized WebUI, the Login window automatically loads in the specified language. Only English is supported as the input language. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 34...
Page 35: The Home Tab
, enter the IP address(es). 5. Select the settings for: Recovery time (seconds) Max latency allowed (milliseconds) Probing frequency for active connections (seconds) 6. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 35...
Page 36: Controlling And Monitoring Software Blades
1. Click the cogwheel icon next to the lever. The blade settings window opens. 2. View the details or select options to change current settings. 3. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 36...
Page 37 Click the icon to close the demo. To view an alert: 1. Hover over the alert triangle. 2. Click the applicable link. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 37...
Page 38: Setting The Management Mode
(for example, when in a lab setting). Click Next 3. In the Security Management Server Connection page, select a connection method: Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 38...
Page 39 Test Connection Status To test connectivity, click . A status message shows the results of the test. You Settings can click to configure Internet connections. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 39...
Page 40: Configuring Cloud Services
Gray icon - Shown for a blade that is remotely managed by Cloud Services. The blade is turned off in the plan. No icon - Shown for a security blade that is locally managed in the Check Point 1530 / 1550 Appliance. The blade is not managed by Cloud Services.
Page 41 Cloud Services is turned on. Cloud Services Server widget is shown on the status bar and shows Connected . If you click this widget, the Cloud Services page opens. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 41...
Page 42 To get an updated security policy, activated blades, and service settings: Click Fetch now The appliance gets the latest policy, activated blades, and service settings from Cloud Services. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 42...
Page 43: Managing Licenses
Check Point User Center with its credentials to pull the license information and activate the appliance. In most cases, you must first register the appliance in your Check Point User Center account or create one if you don't already have one. A User Center account is necessary to receive support and updates.
Page 44 When the country and wireless region match, you see the full settings. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 44...
Page 45: Viewing The Site Map
Send push notifications , select and select the types of notifications. 3. Click Apply This page is available from the Home Logs & Monitoring page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 45...
Page 46: Managing Active Devices
The display shows the devices connected to the gateway through a Hotspot. You can revoke the Hotspot access for one or more devices. This disconnects the device from the gateway and requires the device to log in again through the Hotspot. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 46...
Page 47 The access for that device is revoked. You must log in again through the Hotspot to reconnect the device to the gateway. Note - This page is available from the Home Logs & Monitoring tabs. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 47...
Page 48: Viewing Monitoring Data
The orange area on the graph represents sent traffic. The blue area represents received traffic. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 48...
Page 49: Troubleshooting
Links to pages that can be useful for monitoring and troubleshooting purposes. Note - This page is available from the Home Logs & Monitoring tabs. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 49...
Page 50: Viewing Reports
Note - Only the last generated report for each report type is saved in the appliance. When you generate a new report, you override the last saved report for the specified type. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 50...
Page 51 Report Pages Each report page shows a detailed graph, table, and descriptions. Note - This page is available from the Home Logs & Monitoring tabs. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 51...
Page 52: Using System Tools
Generate CPInfo File . A message next to the button shows the progress. 2. Click Download CPInfo File to view or save the CPInfo file. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 52...
Page 53 To download the Windows driver for Mini-USB console socket: Download Click the link. Note - This page is available from the Home Device , and Logs & Monitoring tabs. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 53...
Page 54: Managing The Device
(if not configured at all), (for another Internet connection), or The New or Edit Internet Connection window opens. 2. Configure the fields in the tabs as described below. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 54...
Page 55: The 'Configuration' Tab
The DMZ port has 2 inputs: LAN (RJ45) and SFP. In non-VDSL 1570 / 1590 appliances, you can use an external DSL modem connected to the DMZ SFP port. Note - Only Check Point Branded SFP DSL is supported. Third party SFP DSL is not supported.
Page 56 - You cannot use these characters in a password or shared secret: { } [ ] ` ~ | ‘ " \ Maximum number of characters: 255 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 56...
Page 57: Creating A New Bond (Wan)
(if not configured at all), (for another internet connection), or The New or Edit Internet Connection window opens. 2. In the Configuration Interface name tab, select 3. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 57...
Page 58 The module runs an active image which contains a single uncompressed copy of a firmware file and a single configuration file. here To see a list of available carriers and their image packages, go EM7455 – Global region EM7430 – APAC region Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 58...
Page 59 , you must enable Annex J/M and disable the Annex L . In all other Annex systems, no changes are needed to the default configuration. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 59...
Page 60: The 'Connection Monitoring' Tab
Authentication method Connect on demand - Select the Connect on demand checkbox if necessary. This is relevant only when you are in high availability mode. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 60...
Page 61 Authentication method Connect on demand - Select the Connect on demand checkbox if necessary. This is relevant only when you are in high availability mode. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 61...
Page 62 ISP for the Internet upload and download bandwidth. Home Security Dashboard Make sure that the QoS blade is turned on. You can do this from > > > Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 62...
Page 63: Monitoring
Monitoring On the Internet Connectivity page, the configured connections show in a table: Interface name Type - WAN or LAN Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 63...
Page 64 Cellular Modem Monitoring window: Cellular radio Cellular modem Operator SIM cards - Which SIM is active, primary or disabled. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 64...
Page 65: Configuring Wireless Network
You can set scheduled times for the WiFi to be on and off and differentiate between radio bands (2.4GHz and 5GHz). Use Case: Set the WiFi to work only during normal business hours and be off on weekends when the business is closed. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 65...
Page 66 1530 / 1550 appliances only : The wireless client search options depend on the frequency that the appliance is set to. The Check Point Appliance can be configured to only one frequency at a time and is set to 2.4 GHz by default. If you change the radio settings to 802.11 ac or 802.11 ac/n, the...
Page 67 To allow a specific device to connect, add a new MAC address to the table. Click , enter the device's MAC address and click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 67...
Page 68 Use the WINS servers configured for the internet connection Use the following WINS servers First Second - Enter the IP addresses of the WINS servers. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 68...
Page 69 Lets you add custom options that are not listed above. For each custom option, you must configure the name, tag, type, and data fields. When you finish editing the network, click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 69...
Page 70: Configuring The Local Network
You cannot disable one of the switch ports. You can disable the switch or configure the requested port as unassigned. To create any of the above options: Click and select the option you want. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 70...
Page 71: Reserved Ip Address For Specific Mac
Note - Between the LAN ports of a switch, traffic is not monitored or inspected. To create/edit a switch configure the fields in the tabs: The 'Configuration' tab Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 71...
Page 72: Wan As Lan
When used for WAN networks, the interface name of the WAN port is WAN . When used for LAN networks, the interface name of the WAN port is LANW . Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 72...
Page 73: Monitor Mode
The Internal network you defined (with Monitor Mode in the name) shows in the list of interfaces. Note - You can configure multiple local networks to be in monitor mode at the same time. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 73...
Page 74: Physical Interfaces
- Select the required option: Unassigned - The physical interface is not part of any network and cannot be used. switches bridges One of the existing configured Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 74...
Page 75: Bridge
Allow access from this network to local networks Log traffic from this network to local networks Bridge To create/edit a bridge, configure the fields in the tabs: Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 75...
Page 76: Vlans
Note - For more information on the maximum number of VLANs that you can configure for each appliance, sk113247 refer to Configure the fields in the tabs: The 'Configuration' tab Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 76...
Page 77: Alias Ip
2. Select the Local network port. 3. Add IP address 4. Add subnet mask 5. Click Apply You can configure a total of 64 aliases for a LAN connection. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 77...
Page 78: Vpn Tunnel (Vti)
The 'DHCP/SLAAC Settings' tab The values for the DHCP options configured on this tab will be distributed by the DHCP server to the DHCP clients. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 78...
Page 79 You can optionally configure these additional parameters so they will be distributed to DHCP clients: Time servers Call manager TFTP server TFTP boot file X Window display manager Avaya IP phone Nortel IP phone Thomson IP phone Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 79...
Page 80: Bond
This interval is the frequency (in milliseconds) that the system polls the Media Independent Interface (MII), the standard interface for fast Ethernet) to get status. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 80...
Page 81 Hash policy from the dropdown menu ( Layer2 Layer3+4 8. Click Apply "Configuring Internet Connectivity" on page 54 To create a WAN BOND, see Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 81...
Page 82: Configuring A Hotspot
<interface> window opens. 3. Select Use Hotspot 4. Click Apply Any user that browses from configured interfaces is redirected to the Check Point Hotspot portal. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 82...
Page 83 Awareness), click Upload , browse to the logo file and click Apply . If necessary, click Use Default revert to the default logo. 6. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 83...
Page 84 The same user cannot log in to the Hotspot portal from more than one computer at a time. Active Devices Home Logs & Monitoring On the page (available through the tabs), you can revoke Hotspot access for connected users. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 84...
Page 85: Configuring The Routing Table
- Select an internet connection. VPN Tunnel (VTI) - Select the VPN Tunnel. 3. Click 4. Click any source and select an option in the new window that opens: Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 85...
Page 86 Use this gateway's IP address as the default gateway Click Use the following IP address Select and enter an IP address. 5. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 86...
Page 87 To delete an existing route: Select the route and click Delete To enable or disable an existing route: Select the route and click Enable Disable Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 87...
Page 88: Configuring Mac Filtering
Disable MAC filtering To enable, clear this option. 5. Click Apply Note - MAC filtering is not supported on external, DMZ, and port bonding interfaces. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 88...
Page 89: Configuring The Dns Server
Note these syntax guidelines: The domain name must start and end with an alphanumeric character. The domain name can contain periods, hyphens, and alphanumeric characters. 4. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 89...
Page 90: Configuring The Proxy Server
Configuring the Proxy Server Device Proxy In the > page, you can configure a proxy server to use to connect to the Check Point update and license servers. To configure a proxy server: 1. Select Use a proxy server 2. Enter a Host name or IP address 3.
Page 91: Backup, Restore, Upgrade, And Other System Operations
To automatically upgrade your appliance firmware when Cloud Services is not configured: 1. Click Configure automatic upgrades The Automatic Firmware Upgrades window opens. 2. Click Perform firmware upgrades automatically Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 91...
Page 92 To revert to an earlier firmware image: 1. Click Revert to Previous Image 2. Click in the confirmation message. The appliance reboots to complete the operation. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 92...
Page 93: Using The Software Upgrade Wizard
Check Point Download Center Click the link to download an upgrade package as directed. If you already downloaded the file, you can skip this step. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 93...
Page 94: Upload Software
Make sure to change the IP address of the duplicated appliance (on the Device > Internet page) and generate a new license. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 94...
Page 95 - Select day of month and time of day. - If a month doesn't include the selected day, the backup is executed on the last day of the month. 6. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 95...
Page 96: Configuring Local And Remote System Administrators
The name and Administrator Role is added to the table. When logged in to the WebUI, the administrator name and role is shown at the top of the page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 96...
Page 97 Networking Admin Mobile Admin 7. To define groups, click Use specific RADIUS groups only and enter the RADIUS groups separated by a comma. 8. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 97...
Page 98 1. Create the dictionary file checkpoint.dct on the RADIUS server, in the default dictionary directory (that contains radius.dct ). Add these lines in the checkpoint.dct file: Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 98...
Page 99 #Check Point dictionary file for FreeRADIUS AAA server VENDOR CheckPoint 2620 ATTRIBUTE CP-Gaia-User-Role string CheckPoint ATTRIBUTE CP-Gaia-SuperUser-Access integer CheckPoint 2. Add this line in the /etc/freeradius/dictionary file Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 99...
Page 100 3. Add this Check Point Vendor-Specific Attribute to users in your RADIUS server user configuration file: CP-Gaia-User-Role = <role> <role> Where is the name of the administrator role that is defined in the WebUI. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 100...
Page 101 1. Connect to the Quantum Spark Appliance platform over SSH or serial console. 2. Log in to the Gaia Clish shell with your user name and password. 3. Run: expert 4. Enter the Expert mode password. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 101...
Page 102: Configuring Administrator Access
SSH port and/or if necessary. 7. Click Apply An administrator can use the configured IP addresses to access the appliance through the allowed interface sources. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 102...
Page 103 When you block the IP address or the interface group through which you are currently connected, you are not disconnected immediately. The access policy is applied immediately, but your current session remains active until you log out. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 103...
Page 104: Managing Device Details
The list of uploaded certificates shows. 2. Select the desired certificate. Note - You cannot select the default VPN certificate. 3. Click Apply 4. Reload the page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 104...
Page 105: Managing Date And Time
2. Select the Automatically adjust clock for daylight saving changes checkbox to enable automatic daylight saving changes. 3. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 105...
Page 106: Configuring Ddns And Access Service
WebUI or CLI when necessary. This is done by tunneling the administrative UI or CLI connections through a Check Point Cloud Service. Such configuration is very useful in instances where the appliance is behind a NAT device or firewall, and cannot be reached directly. In addition, the feature makes it easier to access an appliance with a dynamically assigned IP address.
Page 107: Remote Access To The Webui
How to access the gateway with the Reach My Device service: When registration is complete, an outgoing tunnel to the Check Point Cloud Service is established with the appliance's IP address. Remote Access to the WebUI Web Link - Use this URL in a browser to remotely access the appliance.
Page 108: Managing Installed Certificates
If the new signing request is signed by the Internal CA and the Organization Name is not defined in the DN, the Internal CA automatically generates the Organization Name. To export the signing request: Export Click Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 108...
Page 109 1. Click Upload P12 Certificate 2. Browse to the file. 3. Edit the Certificate name if necessary. 4. Enter the certificate password 5. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 109...
Page 110: Managing Internal Certificates
CA and check for certificate revocation. 5. Click Apply To export an internal CA certificate: Export Internal CA Certificate Click to download the internal CA certificate. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 110...
Page 111 3. Click Download The signed certificate is downloaded through your browser and is available to be imported to the remote site's certificates list. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 111...
Page 112: Configuring High Availability
Note - This deletes all configuration settings. You must run the wizard again to configure the cluster. One member of the cluster is the primary active. The other member is the secondary inactive. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 112...
Page 113 Sync IP Address Sync IP Subnet Note - Make sure that changes you make here are also made on the other cluster member. c. Click Next Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 113...
Page 114 A cluster supported by SMP is very similar to a locally managed cluster. One member is Active, and the Force Member Down other is Standby. To change the status of the Active member, click Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 114...
Page 115 A list of configured interfaces shows. To see information about the cluster members and the High Availability status, click diagnostics Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 115...
Page 116 The Upgrade Software Wizard opens. 3. Follow the wizard instructions. IPv6 addresses are currently not supported. High Availability cluster only supports IPv6 in dual mode. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 116...
Page 117: Advanced Settings
Administrator Lockout Attribute Description Admin Lockout - Mobile Allowed mobile application session before automatic application session timeout logout is executed (in days) Default is 30. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 117...
Page 118 This way, it reduces the chances of connectivity problems that might have occurred under low-resource conditions. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 118...
Page 119 Detection window time that will an indicate an ARP spoofing indicate attack attack. Suspicious MAC Time period (in seconds) during which suspicious MAC addresses are block period kept in the blocked list. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 119...
Page 120 Online Web Service is unavailable. unavailable Categorize Indicates if to perform URL categorization of cached pages and cached and translated pages created by search engines. translated pages Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 120...
Page 121 This value must be an integer that is an exponential power of two and approximately four times the maximum concurrent connections parameter. Maximum Indicates the overall maximum number of concurrent connections. concurrent connections Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 121...
Page 122 IP addresses the appliance originate from internal IP addresses. This may be required if as source the DHCP server is located behind a remote VPN site. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 122...
Page 123 DSL globals - Supports VDSL Profile 17a. DSL globals - Enables seamless rate adaptation. Seamless rate adaptation (SRA) DSL globals - Enhanced Impulse Noise Protection. G.INP Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 123...
Page 124 Table: Hotspot Attributes Hotspot Attribute Description Enable portal Disabled Select to disable the hotspot feature entirely. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 124...
Page 125 Indicates the maximal ping packet size that are allowed when the 'Max Ping Size' protection is active. Non-standard HTTP Enable HTTP inspection on non-standard ports for the IPS blade. ports Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 125...
Page 126 - You can enter manually defined text that is shown in the HTML page. Enter the text in the Description box. For example, "Access denied due to IPS policy violation." Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 126...
Page 127 Indicates if blocked MAC addresses should be logged. addresses Indicates if an administrator can access the appliance from a remove suspension Security Management Server without the need to enter an administrator name. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 127...
Page 128 If there is a conflict between the definitions (the same NAT IP address appears in both), then the manual configuration is used. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 128...
Page 129 Indicates if local IP addresses are hidden behind the cluster IP address cluster hide when applicable, as opposed to being hidden behind each cluster fold member's physical IP address. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 129...
Page 130 WAN to LAN LAN is disabled. Type: Boolean Default: false Enable WAN on LAN Specifies whether LAN-on-WAN feature is on Type: Boolean Default: false. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 130...
Page 131 3rd party. Table: QoS Blade Attributes QoS Blade Description Attribute Logging Indicates if the appliance logs QoS events when the QoS blade is enabled. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 131...
Page 132 Reports cloud server URL used to generate report PDF. cloud server URL Table: Rest API Attribute Rest API Attribute Description Rest API mode Indicates where REST API is enable or not Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 132...
Page 133 Indicates if the SSL inspection mechanism will perform its validations intermediate CA on all intermediate CA certificates in the certificate chain. certificates Track validation Choose if the SSL Inspection validations are tracked. errors Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 133...
Page 134 DMZ network. Note - DMZ is not supported in 1530 / 1550 appliances. Allow LAN- Allow Deep Packet Inspection in traffic between internal networks. LAN DPI Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 134...
Page 135 (TCP three-way handshake) exceeds this time period (in seconds). UDP virtual A UDP virtual session is timed out after this time period (in seconds). session timeout Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 135...
Page 136 This does not indicate an attempted attack and for this reason, the default is to NOT log such events. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 136...
Page 137 In the background, the Check Point Online Web Service continues the classification procedure. The response is then cached locally for future requests. This option reduces latency in the classification process. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 137...
Page 138 - Connections are allowed while the file emulation runs (if needed) until emulation handling is complete. Hold - Connections are blocked until the file emulation is completed Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 138...
Page 139 Note - A limit too low may have an impact on the functionality of the Application Control blade. To specify no limit, set to 0. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 139...
Page 140 Table: USB Modem Watchdog Attributes USB Modem Watchdog Description Attribute Interval Indicates how often (in minutes) the USB modem watchdog probes the internet. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 140...
Page 141 Users & Objects > User Awareness > Browser- Based Authentication > Identification tab. Without DNS traffic, the browsers of end users, may not show the Captive Portal. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 141...
Page 142 (local encryption domain). Back Enable back connections from the encryption domain behind the connections gateway to the client. enable Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 142...
Page 143 SecureClient. Match on Traffic from Remote Access clients will always be matched on the Internal Rule Incoming/Internal/VPN rulebase, including traffic to the Internet Base only Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 143...
Page 144 This is needed when using SecureClient as well as other VPN sk20251 clients (see Radius Timeout interval (in seconds) for each RADIUS server connection retransmit attempt. timeout Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 144...
Page 145 Indicates if strict group permissions are enabled - user will not have belongs to at remote access permission if belongs to at least one group without least one group remote access permission. without permission Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 145...
Page 146 Indicates if encrypted packets are rerouted through the best rerouting interface according to the peer's IP address or probing. We do not recommend to change this value to false. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 146...
Page 147 Indicates the maximum number of open SAs per VPN peer. Outgoing link tracking Indicates how to log the outgoing VPN link: Log, don't log, or alert. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 147...
Page 148 Indicates under what conditions new tunnels are created: per host pair, per subnet (industry standard), or a single tunnel per remote site/gateway. This controls the number of tunnels that are created. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 148...
Page 149 Company URL , enter the company's URL. When you click the company logo in the web interface it opens this URL. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 149...
Page 150: Managing The Access Policy
Firewall Servers page lets you easily define the default access policy for specific servers within your organization and automatically generated system rules are also defined. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 150...
Page 151: Firewall Policy
Block all outgoing services except the following 3. Select which services to allow. 4. To allow all services, select Allow all outgoing services 5. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 151...
Page 152: Application & Url Filtering
Application & URL Filtering are service based features and require Internet connectivity to download the latest signature package for new applications and to contact the Check Point cloud for URL categorization. This page lets you define the default policy for Application & URL Filtering control. It is recommended by default to block browsing to security risk categories and applications.
Page 153: Updates
Not up to date - A new update package is ready to be downloaded but the scheduled hour for updates has not occurred yet. Updates are usually scheduled for off-peak hours (weekends or nights). Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 153...
Page 154: User Awareness
Active Directory servers to define an AD server that the gateway can work with. Creating an AD server is also available in the Edit settings wizard. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 154...
Page 155: Tracking
Check Point AppWiki link - The AppWiki is an easy to use tool that lets you search and filter the Application & URL Filtering Database. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 155...
Page 156: Working With The Firewall Access Policy
Note - DMZ is not supported in 1530 / 1550 appliances. Traffic to defined server objects as configured in each server's edit window in the Access Policy > Firewall Servers page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 156...
Page 157 (Strict or Standard) as explained above. These rules are also influenced by other elements in the system. For example, when you add a server, a corresponding rule is added to the Incoming, internal and VPN traffic section. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 157...
Page 158 Comments you enter when you create a rule. Rules that the system automatically generates. You can click the object name link in the comment to open its configuration tab. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 158...
Page 159: Configuring Access Rules
8. In incoming rules, to match only for encrypted VPN traffic, select Match only for encrypted traffic 9. Click Apply The rule is added to the outgoing or incoming section of the Access Policy. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 159...
Page 160 1. Select the rule to move. 2. Drag and drop it to the necessary position. Note - You can only change the order of manually defined rules. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 160...
Page 161: Updatable Objects
See above for more details. To customize messages: 1. Click Customize messages Outgoing access to the Internet in the section. 2. Configure the options in each of these tabs: Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 161...
Page 162 , browse to the logo file and click . If Use Default necessary, you can revert to the default logo by clicking 5. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 162...
Page 163: Defining Firewall Servers
3. When you select Other Server: Select the Protocol (TCP, UDP, or both). Enter the TCP/UDP Ports (enter port numbers and/or port ranges separated by commas, for example, 1,3,5-8,15). Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 163...
Page 164 2. If you do not want the server to be accessible to pings, clear the Allow access to server in the ICMP (ping) checkbox. 3. Select the logging policy of traffic to the server: Log blocked connections Log accepted connections Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 164...
Page 165 Access Policy > Firewall Policy Rule Base. Note - This page is available from the Firewall Access Policy sections on the tab. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 165...
Page 166: Defining Nat Control
Important - In most cases, if you turn off the hide NAT feature, you cause Internet connectivity issues. If your appliance is the gateway of your office to the Internet DO NOT set to off without consulting with networking experts. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 166...
Page 167 A more advanced way to configure address translation is by defining manual NAT rules. If servers with NAT are configured, the manual NAT rules do not apply to them. However, they apply even when Hide NAT is activated. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 167...
Page 168 The network object or network group object that is the new destination to which the original destination is translated. Destination The new service to which the original service is translated. Translated Service Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 168...
Page 169 2. Edit the fields as necessary. 3. Click Apply To delete a rule: 1. Select a rule and click Delete 2. Click in the confirmation message. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 169...
Page 170 Note - You can only change the order of manually defined rules. 1. Select the rule to move. 2. Drag and drop it to the necessary position. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 170...
Page 171: Advanced - Creating And Editing Nat Rules
The network object or network group object that is the new destination to Translated which the original destination is translated. Destination Translated The new service to which the original service is translated. Service Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 171...
Page 172 To disable a manually defined rule that you have added to the rule base, select the rule and click Disable To enable a manually defined rule that you have previously disabled, select the rule and click Enable Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 172...
Page 173 1. Select the rule to move. 2. Drag and drop it to the necessary position. Note - You can only change the order of manually defined rules. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 173...
Page 174: Working With User Awareness
User Awareness lets you configure the Check Point Appliance to show user based logs instead of IP address based logs and enforce access control for individual users and user groups.
Page 175 3. Under Specific destinations, select Internet Selected network objects If you select Selected network objects , select the objects from the list or create new objects. 4. Click Finish Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 175...
Page 176 5. Click Apply Note - This page is available from Access Policy > User Awareness Blade Control Users & Objects > User Awareness Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 176...
Page 177: Configuring The Qos Blade
If you change other policy settings, the change is temporary. Any changes made locally will be overridden in the next synchronization between the gateway and Cloud Services. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 177...
Page 178 For information on creating a new service, see the Users & Objects > Services page. 5. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 178...
Page 179: Working With Qos Policy
The tracking and logging action that is done when traffic matches the rule. Comment An optional field that shows a comment if you entered one. For system generated rules of the default policy a Note is shown. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 179...
Page 180 8. Click Apply Note - You can drag and drop rules to change the order of rules in the QoS Rule Base. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 180...
Page 181 1. Select the rule to move. 2. Drag and drop it to the necessary position. Note - You can only change the order of manually defined rules. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 181...
Page 182: Ssl Inspection Policy
OS vendor instructions. SSL inspection uses the existing internal CA by default. To use your own certificate, you must replace the internal CA. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 182...
Page 183 SSL Inspection Bypass Other window opens. 2. Select the desired items. 3. Optional - Click to add URLs or custom applications. 4. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 183...
Page 184 TCP/IP connection. IMAPS refers to IMAP over SSL. SSL traffic inspection must be activated to scan HTTP and IMAP encrypted traffic. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 184...
Page 185 SSL inspection for specific traffic. You can configure more advanced exceptions with specific scope, category, and tracking options. To add bypass exceptions: 1. Click 2. For each exception, enter: Source Destination Category/Custom Application Track Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 185...
Page 186 Note - You can only delete a CA that was added by a user. To disable/enable a trusted CA: 1. Click the icon next to the CA. 2. Click Disable/Enable Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 186...
Page 187 A warning message shows if a blade is in detect-only mode. More details. The top of the page shows the number of infected devices. For more information, click Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 187...
Page 188 6. To load the policy default values, click Load default settings Recommended Strict 7. To save all settings on the Threat Prevention Blade Control Apply page, click Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 188...
Page 189 2. Select the Software Blades to receive automatic updates: Anti-Virus Anti-Bot Application Control 3. Select the Recurrence Time of day 4. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 189...
Page 190 Files Whitelist. Threat Emulation only: You can set specified email addresses that the blade does not scan and add them to the Email Addresses Whitelist. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 190...
Page 191 Click Apply 3. In the Threat Prevention Policy Attribute Allow me to view attack section, select the attribute statistics in my User Center account Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 191...
Page 192 3. Optional : Enable the real IP address information in the attack reports (see sk164332 - section "De- obfuscate the real IP of the victim"): set threat-prevention policy advanced-settings allow-ipaddr-in-stats true Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 192...
Page 193 - Shows the total number of incidents on the device or server in the last month. If there is a large amount of records, the time frame may be shorter. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 193...
Page 194 4. Optional - Add a comment in the Write a comment field. 5. Click Apply The rule is added to Malware Exceptions on the Threat Prevention > Exceptions page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 194...
Page 195 > page opens and shows the logs applicable to the IP/MAC address. Note - This page is available from the Home Logs & Monitoring tabs. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 195...
Page 196 To configure the IPS policy, go to the > page.You can see the details of each protection and also configure a manual override for individual protections' action, and tracking options. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 196...
Page 197 IMAP - Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. It allows you to access your email from any device. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 197...
Page 198 > 3. Select one of the file type policy options: Process file types known to contain malware Process all file types Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 198...
Page 199 Check Point ThreatCloud reputation database. Unusual activity - Protections related to the behavioral patterns common to botnet and malware activity. To enable Detect-only mode: Select the checkbox. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 199...
Page 200 - Connections are allowed until emulation is complete. Hold - Connections are blocked until emulation is complete. In Threat Emulation, each file is run in the Check Point Public ThreatCloud to see if the file is malicious. The verdict is returned to the gateway. Advanced Settings You can change the emulator location to a local private SandBlast appliance in the page.
Page 201 To customize messages: 1. Click Customize Anti-Virus user message Customize Anti-Bot user message. 2. Configure the options in each of these tabs: Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 201...
Page 202 , browse to the logo file and click . If Use Default necessary, you can revert to the default logo by clicking 5. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 202...
Page 203 Check Point can identify spam emails by their source address (most spam emails) and also the email content itself. You can configure the system to simply flag emails with spam content instead of blocking them and then configure your internal email server to use this flag to decide how to handle them.
Page 204 Spam and for Suspected Spam Use this option to have a different string for the flag action. 3. Select a tracking option. 4. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 204...
Page 205 1. Select the relevant row in the Allow or Block list. 2. Click Edit Delete If the options are not visible, click the arrows next to the filter box. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 205...
Page 206 Access Policy Firewall Policy > page. 2. Select or clear the Log traffic from Remote Access users (by default) checkbox. 3. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 206...
Page 207 Show characters , the password characters are visible. You can also specify the screen size of the remote desktop. The default mode is full screen. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 207...
Page 208 If the default remote access port (port 443) and a server use the same port, a conflict message shows. You must change the default remote access port if the Check Point VPN client, Mobile client, or SSL VPN remote access methods are enabled as they use port 443 by default.
Page 209 5. In the SSL VPN Bookmarks tab, configure the SSL VPN bookmarks (see below). 6. Click Apply The user is added to the table on the page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 209...
Page 210 Usually you keep the Directory user groups option. 3. Click Apply The Active Directory is added to the table on the page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 210...
Page 211 You can use the Check Point SMS provider, or an external SMS provider. If a customer uses a public SMS server, the administrator must provide the username and password for the SMTP server.
Page 212 When you turn on Two-Factor Authentication, you enable it for all VPN clients. This means all VPN clients must have a configured mobile phone number to connect. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 212...
Page 213 To delete a user or group: 1. Select the user or group from the list. 2. Click Delete 3. Click in the confirmation message. The user or group is deleted. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 213...
Page 214 Remote Access - Connected Remote Users VPN Remote Access Connected Remote Users > page shows the currently connected remote users: Username IP address Connection Time Next Authentication Time Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 214...
Page 215 Defining a database of users with remote access privileges. Such users are both defined and authenticated by the RADIUS server. Users & Objects Administrators Defining administrators. See the > page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 215...
Page 216 Read-only To allow administrators with Read-only permissions to authenticate - Select Administrators 4. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 216...
Page 217 Usually you keep the Directory user groups Remote option and configure remote access permissions through > Access Users page. 3. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 217...
Page 218 1. Select the Active Directory from the list. 2. Click Delete 3. Click in the confirmation message. Note - This page is available from the Users & Objects tabs. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 218...
Page 219 Policy. For more information, see Access Policy Firewall Blade Control Policy pages. Note - This setting does not apply to traffic from SSL Network Extender clients. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 219...
Page 220 2. In Office mode first DNS for clients , enter the IP address of a server to use as the DNS server. 3. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 220...
Page 221 A new window opens. 2. Enter new bookmarks or select existing bookmarks. Note - If you select Global bookmark , this bookmark is always shown. 3. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 221...
Page 222 You can also specify the screen size of the remote desktop. The default mode is full screen. To manage SSL VPN bookmarks: 1. Click on a bookmark. 2. Click Edit Delete 3. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 222...
Page 223 The remote site can be accessible through another Check Point appliance (recommended) or a 3rd party VPN solution. Once defined, access to the remote site is determined by the incoming/internal/VPN traffic Rule Base as...
Page 224 - You cannot use these characters in a password or shared secret: { } [ ] ` ~ | ‘ " \ Maximum number of characters: 255 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 224...
Page 225 Apply Settings Select to configure if the remote site is a Check Point Security Gateway. To enable permanent VPN tunnels, Select the checkbox. Select to disable NAT for this site. The original IP addresses are used even if hide NAT is defined.
Page 226 Create IKEv2 VPN tunnel using these identifiers , configure these settings: Peer ID - Enter the identifier. Gateway ID - Select Use global identifier Override global identifier (enter the new identifier). Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 226...
Page 227 The peer gateway is a satellite and is configured to route all its traffic through the center. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 227...
Page 228 To run a tunnel test with a remote site: Check Point uses a proprietary protocol to test if VPN tunnels are active. It supports any site-to-site VPN configuration. Tunnel testing requires two Security Gateways and uses UDP port 18234. Check Point tunnel testing protocol does not support 3rd party Security Gateways.
Page 229 In this case, a mesh community is better as each gateway can handle its own internet traffic and is not affected by any other gateway. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 229...
Page 230 Encryption settings - IKE (Phase 1) and IPsec (Phase 2) settings Advanced settings - Encryption method and certificate matching "Configuring VPN Sites" on page 224 For descriptions of the fields in the site details tabs, see Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 230...
Page 231 To refresh the list: Refresh Click to refresh manually this page with updated tunnel information. Note - This page is available from the Logs & Monitoring tabs. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 231...
Page 232 Users & Objects > Network Objects page. 5. Click Apply The Site to Site Local Encryption Domain window opens and shows the services you selected. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 232...
Page 233 Automatically chosen according to outgoing interface Manually configured – Enter an IP address that is always used as the source IP address of a VPN tunnel. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 233...
Page 234 , the Check Point gateway sends the IKEv1 Vendor ID to peers from which the DPD Vendor ID was received and answers incoming DPD packets. To enable DPD responder mode: Select the checkbox. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 234...
Page 235 - Upon expiration of the CRL. Fetch new CRL every X hours - Regardless of CRL expiration. 4. Click Details to see full CA details. 5. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 235...
Page 236 3. Click Download The signed certificate is downloaded through your browser and is available to be imported to the remote site's certificates list. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 236...
Page 237 If the new signing request is signed by the Internal CA and the Organization Name is not defined in the DN, the Internal CA automatically generates the Organization Name. To export the signing request: Export Click Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 237...
Page 238 1. Click Upload P12 Certificate 2. Browse to the file. 3. Edit the Certificate name if necessary. 4. Enter the certificate password 5. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 238...
Page 239 CA and check for certificate revocation. 5. Click Apply To export an internal CA certificate: Click Export Internal CA Certificate to download the internal CA certificate. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 239...
Page 240 3. Click Download The signed certificate is downloaded through your browser and is available to be imported to the remote site's certificates list. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 240...
Page 241 User Awareness lets you configure the Check Point Appliance to show user based logs instead of IP address based logs and enforce access control for individual users and user groups.
Page 242 3. Under Specific destinations, select Internet Selected network objects If you select Selected network objects , select the objects from the list or create new objects. 4. Click Finish Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 242...
Page 243 5. Click Apply Note - This page is available from Access Policy > User Awareness Blade Control Users & Objects > User Awareness Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 243...
Page 244 5. To remove a user, click the X next to the user name. 6. Click Apply The group is added to the table on the page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 244...
Page 245 To delete a user or group: 1. Select the user or group from the list. 2. Click Delete 3. Click in the confirmation message. The user or group is deleted. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 245...
Page 246 The name and Administrator Role is added to the table. When logged in to the WebUI, the administrator name and role is shown at the top of the page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 246...
Page 247 Networking Admin Mobile Admin 7. To define groups, click Use specific RADIUS groups only and enter the RADIUS groups separated by a comma. 8. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 247...
Page 248 1. Create the dictionary file checkpoint.dct on the RADIUS server, in the default dictionary directory (that contains radius.dct ). Add these lines in the checkpoint.dct file: Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 248...
Page 249 #Check Point dictionary file for FreeRADIUS AAA server VENDOR CheckPoint 2620 ATTRIBUTE CP-Gaia-User-Role string CheckPoint ATTRIBUTE CP-Gaia-SuperUser-Access integer CheckPoint 2. Add this line in the /etc/freeradius/dictionary file Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 249...
Page 250 3. Add this Check Point Vendor-Specific Attribute to users in your RADIUS server user configuration file: CP-Gaia-User-Role = <role> <role> Where is the name of the administrator role that is defined in the WebUI. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 250...
Page 251 1. Connect to the Quantum Spark Appliance platform over SSH or serial console. 2. Log in to the Gaia Clish shell with your user name and password. 3. Run: expert 4. Enter the Expert mode password. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 251...
Page 252 Defining a database of users with remote access privileges. Such users are both defined and authenticated by the RADIUS server. Users & Objects Administrators Defining administrators. See the > page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 252...
Page 253 , select or clear to use specific RADIUS groups only. 3. Click Apply Note - Configure remote access permissions for RADIUS users in the Remote Access Users > page. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 253...
Page 254 Selected Active Directory user groups organization. Usually you keep the option and configure Remote Access Users remote access permissions through > page. 3. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 254...
Page 255 1. Select the Active Directory from the list. 2. Click Delete 3. Click in the confirmation message. Note - This page is available from the Users & Objects tabs. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 255...
Page 256 URLs. What is a category? Each URL is inspected by the Check Point Cloud using the URL Filtering and can be matched to one or more built in categories (for example, phishing sites, high bandwidth, gambling, or shopping, etc.).
Page 257 URL to the list. For information on creating a custom application, see above. 5. Click Apply You can use the custom application group in a rule. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 257...
Page 258 Note that not all fields may show depending on the service type. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 258...
Page 259 1. Select a service from the list. 2. Click Edit 3. Make the necessary changes. Note that not all fields can be edited. 4. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 259...
Page 260 - The Firewall settings tab lets you configure which protocol to support on the configured ports. The default port 1494 is commonly used by two different protocols - Winframe or Citrix ICA. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 260...
Page 261 1. Select the group from the list. Note that you can only delete a user defined service group. 2. Click Delete 3. Click in the confirmation message. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 261...
Page 262 DNS server accessible to the Internet. The IPS settings tab lets you configure how and when DNS deep inspection is performed. Select the relevant options. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 262...
Page 263 - This is required for IP reservation. When you create the object from Active Devices page, the MAC address is detected automatically. 5. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 263...
Page 264 Apply To edit a network object: 1. Select a network object from the list. 2. Click Edit 3. Make the necessary changes. 4. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 264...
Page 265 2. As you enter text, the list is filtered and shows matching results. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 265...
Page 266 Type to filter box, enter the network object group name or part of it. 2. As you enter text, the list is filtered and shows matching results. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 266...
Page 267 No new logs are generated until you set the resume option. 1. Select Options Stop local logging > 2. To resume, select Options > Resume local logging Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 267...
Page 268 Note - Logs are deleted from the external SD card (if inserted) or from the local logs storage. Logs are not deleted from the remote logs server. The logs are deleted, and the logs grid reloads automatically. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 268...
Page 269 To refresh the system logs list: Refresh Click . The list is refreshed. To clear the log list: 1. Click Clear Logs 2. Click in the confirmation message. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 269...
Page 270 - You cannot configure external log servers when Cloud Services is turned on. External Check Point Log Server You can use an external Check Point Log Server that is managed by a Security Management Server for storing additional logs. Use cases for an external Check Point Log Server: Extend the log retention time.
Page 271 To configure a new external Check Point Log Server when the gateway is connected to SMP (Cloud): After you initiate traffic from resources behind the gateway, open the Check Point Log Server to verify that you see the logs. For more information, see...
Page 272 Note - When more than one server is defined, the syslog servers show in a table. Select the syslog server you want to edit and click Edit Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 272...
Page 273 To revoke a pairing: 1. Select the device name. 2. Click Revoke 3. In the confirmation window that opens, click Viewing Infected Devices "Viewing Infected Devices" on page 193 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 273...
Page 274 To refresh the list: Refresh Click to refresh manually this page with updated tunnel information. Note - This page is available from the Logs & Monitoring tabs. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 274...
Page 275 To filter the list: Type to filter In the box, enter the filter criteria. The list is filtered. To refresh the list: Refresh Click the link. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 275...
Page 276 In addition, this page displays the current wireless radio frequency and channel in use and the wireless networks configured. Viewing Monitoring Data "Viewing Monitoring Data" on page 48 Viewing Reports "Viewing Reports" on page 50 Using System Tools "Using System Tools" on page 52 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 276...
Page 277 To edit an existing SNMP v3 user, select the user from the list and click Delete To delete an SNMP v3 user, select the user from the list and click Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 277...
Page 278 1. In the list of SNMP traps, double-click the name of the trap. SNMP Trap Configuration window opens. 2. Click Enabled The trap details, including the monitored object Trap OID description , show. 3. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 278...
Page 279 3. If the trap contains a value , you can edit the threshold value when necessary. 4. Click Apply Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 279...
Page 280 Installing a new firmware image from a USB drive Check Point releases new firmware images every so often. You can install the new default image on the appliance using the image file and a USB drive. Note that you can also upgrade through the WebUI. If the new image supports it, you do not lose your previous settings.
Page 281 First the autoconf.clish configuration file is loaded. If there is a configuration file with the same MAC address as the gateway, that file is loaded second. Use the symbol to add comments to the configuration file. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 281...
Page 282 Power LED turns a constant red. Options 4-5 are explained in the subsequent sections. Option 6 restarts the appliance. Option 8 uploads a preset configuration file. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 282...
Page 283 When the upgrade is successfully completed, the Power LED is solid blue, and the appliance waits for you to press a key. Error in the upgrade process is indicated if the Power LED is red. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 283...
Page 284 3. While factory defaults are restored, the Power LED blinks blue to show progress. This takes some few minutes. When this completes, the appliance reboots automatically. Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 284...
Page 285 To disable the reset to default: Use this CLI command: set additional-hw-settings reset-timeout 0 To enable the reset to default: Use this CLI command: set additional-hw-settings reset-timeout 12 Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.25 Locally Managed Administration Guide | 285...

This manual is also suitable for:

Quantum spark 1600 Quantum spark 1800

Check Point QUANTUM SPARK 1500 Administration Manual

Quick Links

Troubleshooting

Need help?

Questions and answers

Related Manuals for Check Point QUANTUM SPARK 1500

Summary of Contents for Check Point QUANTUM SPARK 1500

This manual is also suitable for:

Table of Contents