Review of the new Provisioning and Management environment

So I was super excited to have the privilege of reviewing the new provisioning and management environments. These are my cryptic notes that I am flushing out. Too bad I couldn’t take screenshots.

SmartProvisioning:

Not sure when this is coming out but it looks mostly done and operational. Very very cool changes FINALLY! Here are the ones I tested:

  1. From the MGT console you can launch a ssh shell! Finally. It uses pub/private keys for authentication
  2. From the GATEWAY->Topology properties, you can set routes, DNS, NTP
  3. Setting SIC will automatically retrieve topology, DNS, NTP, routes, etc
  4. I’m saving the best for last. You can run scripts AND finally get the output back. You create your own shell scripts obviously.
  5. The execution status looks like SmartUpdate where a line oriented menu shows (executing, complete. ) I told them this was inadequate because then something blows up you don’t know what happened. They need option of providing detailed debugging on these commands.
  6. It gets even better. You can execute all these commands on groups of firewalls! Wow, true provisioning. I suggested that it allows you to build groups of firewalls and apply changes to that group.

I am very excited about the changes so you can finally go out buy this blade license.

Management Notes

===============================================================

The management environment will be a dramatic change. No more SmartDashboard and SmartDomain manager. Only 1 environment. Perfect!. It was only a dummy interface and some powerpoints so can’t really say how well it works. Like a demo mode with only 25% of the functions implemented.

  1. The interface has this Windows 8 look to it. Seems OK
  2. The window is blank with 4 icons on the left; gateways, monitor, policy, blades
  3. Domains, rules, objects, etc done in all one GUI as I said above
  4. You can put user defined tags on all objects and search on them. Seems like a good idea. Easier to search through 300 huge database for special items.
  5. Global/Local split still occurs. I wish they would have Hierarchical domains.
  6. Gateways has all the gateways. Didn’t see much here
  7. Backend is SQL database (finally)
  8. Can have concurrent administrators and one admin can lock out others if one is editing an object/rule. The writer then ‘publishes’ and the other admin can modify the object.
  9. Monitor: Was also blank but I guess you can now do global monitoring of all gateways (finally) and users can modify the view. Also global Smartlog (excellent!)
  10. Policy: This is what I saw the most of. The policy looks the same but with one additional column for application control.
  11. Policy will immediately verify after you enter the data
  12. You click on a rule and below panel has smartlog and all the hits on that rule. Cool.
  13. Provisioning will be incorporated into the GUI (see above)
  14. You can move gateways between domains easily (I was told). Hopefully more drag and drop here
  15. They have layers of policies. Not sure I get this. So you have these tabbed windows. Tab 1 is a policy, Tab 2 is a policy, etc. Admins can be assigned per tab. The tab rule are then executed 1,2,3,4. Seems OK, not sure how to use this. Which they would have hierarchical domains.
  16. Blades: Did not see what this does

At CPX they said the management would be divided between Access Control and Threat Management. I didn’t see any of that in the demo.

So overall very cool. Looking forward to seeing more. Will be fun doing the migration into this new environment 🙂

MDS or die!

dreez

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: