Make sure the current libsw file version is the same or higher than the UTM-1 Edge firmware version. You can see the current libsw version in the /libsw/version.txt file. See sk31448 for more information about libsw files update.
Procedure
Create the UTM-1 Edge Network Object.
In SmartDashboard:
Open the Objects Tree by selecting View → Objects Tree. Note: Skip this step if the Objects Tree is already displayed in SmartDashboard.
In the Objects Tree window, select the Network Objects tab (the leftmost tab).
In the Network Objects tab, right click on the Network Objects.
Select New Check Point → UTM-1 Edge/Embedded Gateway.
In the UTM-1 Edge/Embedded Gateway dialog box, select the General Properties branch from the left pane.
Configure the General Properties page as follows:
Name: enter the Name_of_Edge_Gateway_object IP Address: 204.32.38.38.105 Dynamic Address: clear (not mandatory) VPN Enabled: checked (Connects as Site-To-Site Gateway) Type: Select your choice, same as the Edge hardware you have. For example, UTM-1 Edge X Series Externally Managed Gateway: clear
Click on the 'Edit' button next to the 'Registration Key' field.
In the 'Edit Registration Key' dialog, click on 'Generate Registration Key'.
Copy and save the generated key.
Click 'Set'.
In the UTM-1 Edge/Embedded Gateway dialog box, click on 'OK'.
A dialog box will show this message:
"Check Point SmartDashboard This node is defined as VPN installed, an internal CA certificate will be created now".
Click 'OK'.
A dialog box will show this message:
"Check Point SmartDashboard Certificate operation succeeded".
Click 'OK' in the UTM-1 Edge/Embedded Gateway dialog box.
Click 'Save'.
Configure Static NAT for the Security Management server to enable the UTM-1 Edge to connect to the Security Management server via the Internet.
In SmartDashboard:
Select 'Policy' → 'Global Properties'.
In the Global Properties dialog box, select the 'NAT - Network Address Translation' branch from the left pane.
In the NAT - Network Address Translation page, select these options in the Automatic NAT rules section:
Allow bi-directional NAT
Translate destination on client side
Automatic ARP configuration
Click 'OK' in the 'Global Properties' dialog box.
Select 'Manage' → 'Network Objects'.
In the 'Network Objects' dialog box, select the network object representing the Security Management server from the network objects list.
Click 'Edit'.
In the 'Check Point Host' dialog box, select the NAT branch from the left pane.
Configure the NAT page as follows:
Add Automatic Address Translation rules: selected Translation method: Static Translate to IP Address: 204.32.38.110 Install on Gateway: Security Gateway Apply for VPN-1 Pro/Express control connections: selected
Create a rule to allow the UTM-1 Edge to connect to the Security Management server.
If a Security Gateway is located between the Security Management server and the UTM-1 Edge, or if it is running on the same machine as the Security Management server, a rule should be created in order to allow the UTM-1 Edge to connect to the Security Management server.
In SmartDashboard:
Create this rule at the top of the Rule Base:
NO.
SOURCE
DESTINATION
VPN
SERVICE
ACTION
TRACK
INSTALL ON
TIME
1
Edge Gateway object
Security Management Server object
Any
SWTP_SMS SWTP_Gateway
Accept
Log
Security Gateway
Any
Install the Security Policy on the security gateway.
Create rules for the UTM-1 Edge and install the security policy for the UTM-1 Edge object.
Connect to the SmartCenter server from the UTM-1 Edge
On the UTM-1 Edge Web Portal:
Select the 'Services' menu from the left pane.
On the 'Accounts' tab, click on the 'Connect'.
In the Service Center dialog box, check the 'Connect to a Service Center' box.
In the 'Specified IP' field, enter the Static NATed IP address of the SmartCenter server (i.e., 204.32.38.110).
Click 'Next'.
In the Service Center Login dialog:
Gateway ID: enter the Name_of_Edge_Gateway_object
Registration Key: enter the registration key that was generated in SmartDashboard
Click 'Next'.
In the Confirmation dialog box, click 'Next'.
In the Done dialog box, click 'Finish'.
How to verify that the policy was properly fetched from the Security Management server
In the UTM-1 Edge GUI:
Select the 'Setup' menu option from the left pane.
Select the 'Tools' tab.
Click on the 'Diagnostics'.
Scroll the Diagnostics window to the bottom
In the 'Item' column, look for the 'Policy' line.
In the 'Policy' line, verify that the name of the installed security policy (e.g., Standard) appears properly in the 'Name' column.
This solution is about products that are no longer supported and it will not be updated
Give us Feedback
Thanks for your feedback!
Are you sure you want to rate this stars?