Support Center > Search Results > SecureKnowledge Details
Recommended Internet Access Settings for Automatic Downloads
Solution

Refer to sk111080 - How to configure Check Point software to upload data to Check Point / download data from Check Point.

 

Table of Contents:

  1. Introduction
  2. R77 / R77.10 / R77.20 / R77.30 / R80.X versions
    1. Offline Mode Limitations
      1. Blade Contracts
      2. SmartDashboard
      3. General
    2. Offline Mode Scope
  3. Related solutions

 

(1) Introduction

In the First Time Configuration Wizard on Gaia OS, you have the option to enable or disable automatic downloads of Blade Contracts, Check Point Releases / Hotfixes via CPUSE, and data for complete functionality of Software Blades and features.

It is highly recommended that you keep this option enabled, to ensure Check Point product smooth operations.

Note: The type of downloaded data may change from version to version.

Note: In some cases, the download process sends required minimal data of your Check Point installation to the Download Center.

If you disable this setting, Security Gateways of this version and higher enter Offline mode. Blade Contracts and updates will not be downloaded automatically.

 

(2) R77 / R77.10 / R77.20 / R77.30 / R80.X versions

 

(2-A) Offline Mode Limitations

(2-A-i) Blade Contracts

Blade Contracts are annual blade licenses. Their renewal, from the UserCenter, is necessary for complete product functionality. If you disable this setting, Blade Contracts cannot be automatically updated. If your local contract is missing or expired, these limitations apply:

Blade / Feature Limitation
Threat Emulation local mode Files will not be emulated.
Data Loss Prevention blade Will operate in Bypass mode if there is no valid contract installed on Security Gateway
(the contract can be installed manually via SmartUpdate, and DLP will enforce its policy on the traffic).
Compliance blade Will not execute scans.
Endpoint Security Policy Management License report in SmartEndpoint will not be accurate.
CPinfo Self-update is not applicable.

 

(2-A-ii) SmartDashboard

Blade / Feature Limitation
IPS
  • IPS updates from UserCenter will fail.
Application & URL Filtering
  • AppWiki will not work.
  • No update of "Messages and Actions" frame in Overview view.
  • No update of the applications picker in the Policy view.
  • Search for categorization of sites via overview tab will fail.
Threat Prevention
  • ThreatWiki will not work.
  • No protections picker in Global Exceptions view.
  • No Protections view.
  • No search for malware from Overview.
  • No RSS feed.
Threat Emulation
  • No image and file type updates.

 

(2-A-iii) General

  • Trusted Certificate Authorities (CAs) list will not be updated.
  • No update of Check Point certificate bundle.
  • Relevant upgrade packages will not be shown by CPUSE Agent (in Gaia Portal / Gaia Clish).

 

(2-B) Offline Mode Scope

Even in Offline mode, if an activated Software Blade requires external services, it will still connect to Check Point to get the required data:

Blade / Feature Limitation
IPS
  • Download GEO protections updates
  • Download malicious IPs lists
  • Validate Blade contract entitlement
Application Control
  • Download applications database
  • Detect social network widgets
  • Run and return results of cloud-based application analysis
  • Validate Blade contract entitlement
URL Filtering
  • Download initial local database
  • Run and return results of cloud-based categorization
  • Validate Blade contract entitlement
HTTPS Inspection
  • Update bypass list
Anti-Spam,
Anti-Bot,
Anti-Virus
  • Download updates to the local signature database
  • Run and return results of cloud-based security analysis
  • Validate Blade contract entitlement
Compliance
  • Download latest regulations and best practices
Endpoint Policy Management
  • Download updates to the malware database
Endpoint Anti-Malware
  • Run and return results of cloud-based malware categorization
Endpoint Application Control
  • Download application database
  • Run and return results of cloud-based application analysis

This setting on a Security Management Server applies to all managed Security Gateways (R77 and above).

To change this setting after completing the First Time Configuration Wizard:

  1. Connect with SmartDashboard to Security Management Server / Domain Management Server.

  2. Go to 'Policy' menu - go to 'Global Properties' - go to 'Security Management Access' pane.

  3. Check the box 'Automatically download Contracts and other important data (Recommended)'.

  4. Click on 'OK' to apply the changes.

  5. Save the changes: go to 'File' menu - click on 'Save'.

  6. Close the SmartDashboard.

  7. Connect with SmartDashboard to Security Management Server / Domain Management Server.

  8. Install policy on all Security Gateways.

 

Note: On Security Management Server / Multi-Domain Security Management Server, install the database (go to "Policy" menu - click on "Install Database...").

 

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment