Check Point QUANTUM SPARK 1600 - User Manual

Recommendations for installing the most recent software release for improved functionality, stability, and security.

Information on third-party independent certifications for Check Point products.

Links to access the latest version of the document in a web browser or PDF format.

Instructions on how to provide comments to improve documentation quality.

Details on the Quantum Spark 1500 appliance series, its features, and supported software blades.

Description of the Quantum Spark 1600/1800 Security Appliances, their capabilities, and management options.

Step-by-step guide for initial setup and configuration of the appliance.

Instructions on how to connect power and network cables to the appliance.

Information on using the default SSID for WiFi connection in R81.10.07 and later.

Overview of the First Time Configuration Wizard and relevant Getting Started Guides.

Details on using Zero Touch Cloud Service for initial gateway deployment.

Guide to deploying configuration files from USB/SD card for quick appliance setup.

Example configuration file for USB deployment on Quantum Spark 1530 / 1550 appliances.

Information on the structure and naming conventions of Gaia Clish commands for deployment.

Details on the log file created after successful configuration from a USB drive.

Scenarios where configuration files fail and the appliance is not fully configured.

Step-by-step workflow for resolving configuration file errors on a USB drive.

Connecting the Quantum Spark Appliance to Cloud Services for management.

Requirements for configuring a guest network, including wireless setup.

Steps to configure a guest network with Hotspot and access policies.

How to monitor guest network activity and view user activity logs.

Overview of appliance status, notifications, network, and statistics.

Steps to configure monitoring for internet connections and detect connectivity loss.

Procedure to activate or deactivate software blades via the Security Dashboard.

Accessing and modifying settings for individual software blades.

Options for managing the appliance locally or centrally via Security Management Server.

Viewing management connection status, trust settings, and initializing connections.

Steps to connect the appliance to Cloud Services via an activation link or details.

Activating appliance license when internet connectivity is properly configured.

Configuring proxy server details for license activation when required.

Steps to register the appliance in the Check Point User Center.

Viewing security events and filtering them by time, severity, subject, or message.

Procedure to temporarily block a device from network activity.

Functionality of toolbar buttons for managing active devices and network objects.

Steps to revoke Hotspot access for connected devices.

Viewing network statistics for the last hour or day, including bandwidth usage and traffic.

Explanation of how report times are influenced by rounding and system reboots.

How system reboots affect report time intervals and generation.

Opens popup windows to view CPU, memory, and disk usage history.

Opens a popup window displaying route information like source, destination, gateway, and metric.

Opens a popup window to view corresponding Gaia Clish commands for BGP, OSPF, etc.

Opens a popup window showing the result of the Cloud Services Connectivity Test.

Setting up and managing appliance connections to the internet.

Steps to configure an internet connection using the DMZ port.

Procedure to add a new IPv4 internet connection.

Procedure to configure a new IPv6 internet connection.

Enabling prefix delegation for IPv6 connections to assign internal network prefixes.

Enabling ND Proxy to assign globally-routable IPv6 addresses to internal interfaces.

Enabling DS-Lite for internet access to IPv4 networks using an IPv6 tunnel.

Enabling IPIP feature for tunneling IPv4 traffic over IPv6-only networks.

Adding a bond as an additional internet connection for redundancy and performance.

Configuring user-defined mapping of MCC/MNC to APN in a special configuration file.

Disabling NAT settings for specified internet connections.

Configuring hostname via WAN DHCP.

Monitoring internet connections and configuring probing settings.

Enabling or disabling the wireless radio and VAPs.

Steps to configure new wireless networks (SSID) or edit existing ones.

Changing the Wireless Network password and other additional configurations.

Configuring port-based VLANs for local LAN interfaces and wireless networks.

Steps to configure multiple bridges between interfaces for traffic inspection.

Creating tag-based VLANs on LAN interfaces or DMZ.

Associating multiple IP addresses to a single network interface.

Creating Virtual Tunnel Interfaces for route-based VPN tunnels.

Creating link aggregation bundles for improved performance and redundancy.

Adding new wireless networks (VAPs) on wireless devices.

Configuring static IP assignments for known hosts based on MAC address.

Steps to configure monitor mode using Automatic Learning or user-defined networks.

CLI commands to configure monitor mode, automatic learning, and user-defined networks.

Procedure to configure a mirror port for traffic duplication and monitoring.

Configuring router advisement and prefix delegation for IPv6 settings.

Configuring an alias IP for WAN by creating a static IP type connection.

Creating an alias IP for LAN by adding a new object.

Procedure to create a GRE tunnel for routing traffic between two sites.

Creating a LAN bond for improved performance and link redundancy.

Defining network interfaces for Hotspot access.

Configuring guest access sessions with terms and timeouts.

Customizing the Hotspot portal title, message, terms of use, and logo.

Defining IP addresses or networks to exclude from the Hotspot.

Configuring authentication requirements for users and user groups.

Setting the duration for user login sessions before they end.

Preventing multiple simultaneous logins for users to the Hotspot portal.

Procedure to disable the Hotspot feature.

Enabling MAC filtering to manage an allowlist of MAC addresses for LAN access.

Adding, editing, or deleting MAC addresses from the LAN MAC Filter allowlist.

Disabling MAC filtering for a specific LAN interface.

Steps for setting up and configuring 802.1x authentication with a RADIUS server.

Enabling 802.1x authentication on LAN switches and interfaces.

Enabling 802.1x authentication on tag-based VLAN interfaces.

Configuring logging settings for MAC filtering and 802.1x authentication.

Configuring DNS server settings and defining the domain name.

Procedure to reboot the Quantum Spark Appliance.

Restoring the appliance to its factory default settings via WebUI.

Restoring the appliance to its factory default software image.

Checking for and installing the latest firmware version.

Accessing the Check Point Download Center to download upgrade packages.

Creating a backup file of system settings, including network and DNS configuration.

Description of administrator roles: Super, Read Only, Networking, Mobile, Remote Access, Access Policy.

Creating, editing, deleting, and resetting passwords for local administrators.

Enabling RADIUS authentication for administrators and configuring roles or groups.

Defining allowed interface sources (LAN, Trusted wireless, VPN, Internet) for administrator access.

Allowing administrator access from any IP address, with options to change WEB/SSH ports.

Allowing administrator access only from specified IP addresses.

Assigning a Web portal certificate from the list of installed certificates.

Manually setting the appliance's date and time.

Synchronizing appliance clocks with an NTP server.

Enabling the appliance to function as an NTP server for connected devices.

Setting the appliance's time zone and enabling automatic daylight saving adjustments.

Configuring DDNS account details to update IP addresses with providers.

Enabling remote access to the appliance via WebUI or CLI through Check Point Cloud Service.

Opens popup windows to view CPU, memory, and disk usage history.

Opens a popup window displaying route information like source, destination, gateway, and metric.

Opens a popup window to view corresponding Gaia Clish commands for BGP, OSPF, etc.

Opens a popup window showing the result of the Cloud Services Connectivity Test.

Configuring Border Gateway Patrol (BGP) dynamic routing settings.

Configuring Open Shortest Path First (OSPF) dynamic routing settings.

Controlling which external routes a routing protocol accepts.

Overview of the routing table and how routes are added to the appliance.

Constraints and limitations related to routing table configuration.

Procedure to add a specific static route for traffic to a specific IPv4 address.

Procedure to add a default static route for traffic to a specific IPv4 address.

Creating, managing, and uploading appliance certificates and P12 files.

Reinitializing certificates for internal VPNs when IP addresses change.

Replacing the internal CA certificate with a new one.

Exporting the internal CA certificate for use with remote sites.

How clusters provide redundancy and maintain connections during failures.

Requirements before configuring a cluster, including network settings and appliance compatibility.

Important notes regarding sync interface configuration and connections.

Steps to configure an appliance as the primary Cluster Member.

Steps to configure an appliance as the secondary Cluster Member.

Connecting to WebUI and viewing cluster interface details.

Viewing cluster status and diagnostics.

Manually failing over from the primary to the secondary cluster member.

Procedure to reset all cluster configuration settings.

Information about manual cluster upgrades, including individual member upgrades.

Searching and filtering attributes in the advanced settings list.

Editing attribute values or restoring them to default settings.

Resetting all appliance attributes to their default factory settings.

Setting default access policy control level and defining firewall rules.

Configuring allowed outgoing services within a standard firewall policy.

Manually configuring access policy rules for applications and URLs.

Scheduling automatic updates for software blades.

Managing the Firewall Rule Base: creating, editing, deleting, enabling/disabling rules.

Manually creating rules as exceptions to the default policy.

System-determined rules based on policy mode and other system elements.

Steps to create a new access rule with positioning and rule base fields.

Importing updatable objects for use in firewall policy rules.

Customizing messages for user notifications on website and application access.

Selecting the server type and editing protocol ports.

Entering server name, IP address, comments, and selecting applicable options.

Selecting zones from which the server is accessible.

Disabling NAT for outgoing traffic by setting 'Hide internal networks' to OFF.

Creating custom NAT rules with original and translated source, destination, and service.

Editing existing NAT rules.

Deleting NAT rules from the NAT rules table.

Enabling or disabling manually defined NAT rules.

Overview of VoIP technology and its inspection support on Quantum Spark appliances.

Steps to configure VoIP inspection, including SIP provider and on-premise devices.

Enabling and disabling Smart Accel for Services and Assets.

Steps to enable User Awareness, configure sources for user identities.

User Awareness identity sources: AD Query, Browser-Based Authentication, Identity Collector.

Configuring Active Directory queries to identify users and user groups.

Steps to add a new Active Directory domain server.

Blocking unauthenticated users and redirecting them to Captive Portal.

Editing settings and customizing the portal appearance for Browser-Based Authentication.

Configuring the Identity Collector to identify clients and their associated IP addresses.

Overview of QoS policy for setting bandwidth parameters and prioritizing traffic.

Ensuring the QoS blade is enabled before configuration.

Steps to configure QoS settings via Internet connections and QoS policy rules.

Activating QoS and configuring the default QoS policy.

Adding guaranteed bandwidth services to the QoS default policy.

Description of fields used in QoS policy rules: No., Source, Destination, Service, Guarantee/Limit, Weight, Track, Comment.

Creating QoS rules, including setting weights, limits, and low latency traffic.

Enabling and configuring SSL inspection for traffic inspection.

Steps to deploy SSL inspection, including downloading and installing the CA certificate.

Manually copying and installing the CA certificate on a PC.

Configuring bypass policy for protocols, assets, wireless networks, and categories.

Enabling HTTPS categorization for filtering URLs and applications without SSL inspection.

Disabling both SSL inspection and HTTPS categorization.

Defining manual rules to bypass SSL inspection for specific traffic.

Managing trusted certificate authorities, including default and user-added CAs.

Manually adding a CA certificate to the trusted CA list.

Deleting trusted CA certificates from the list.

Disabling or enabling trusted CA certificates.

Activating IPS, Anti-Virus, Anti-Bot, Threat Emulation, and Anti-Spam blades.

Turning the Threat Prevention blades ON or OFF.

Enabling Threat Emulation for FTP protocol, available from R81.10.05.

Selecting tracking options (None, Log, Alert) for threat prevention rules.

Selecting actions (Ask, Prevent, Detect, Inactive) for confidence levels.

Selecting severity levels (Low, Medium, High, Critical) for threat prevention.

Selecting the allowed impact level for performance.

Configuring exception rules for traffic that IPS and malware engines do not inspect.

Steps to add new exception rules with scope, source, destination, protection, and action.

Adding files or URLs to the allowlist to prevent scanning.

Adding email addresses to the allowlist for Threat Emulation.

Editing or deleting existing exception rules.

Enabling Horizon SOC via WebUI for improved cybersecurity threat detection.

Enabling Horizon SOC via Gaia Clish commands for data sharing and statistics.

Details displayed for infected devices: Icon, Object name, IP/MAC address, Incident type, Severity, Protection name.

Filtering the infected devices list by servers, severity, or infection status.

Adding exception rules for specific protections to bypass malware engine inspection.

Searching for specific IPS protections in the list for monitoring or configuration.

Configuring settings for newly downloaded IPS protections: Active, Detect, Inactive.

Enabling POP3S or IMAP scans and configuring Anti-Virus settings.

Configuring Threat Emulation settings for incoming files and protocols.

Customizing user messages for Ask and Block actions in Anti-Virus and Anti-Bot.

Enabling or disabling the Anti-Spam engine to block or flag spam content.

Configuring Anti-Spam in Detect-only mode to log but not block emails.

Setting actions for spam emails based on sender, content, or header.

Editing or deleting sender/domain/IP address exceptions from allow/block lists.

Adding new senders, domains, or IP addresses to the Allow or Block list.

Configuring RSA key authorization for SSH login instead of password-based authentication.

Introduction to remote access VPN options: clients, SSL VPN, L2TP.

Requirements for VPN configuration, including blade control and DDNS feature.

Methods to configure remote access users: Local, RADIUS, and AD users.

Advanced options for Remote Access, including Office Mode network.

Ensuring Remote Access VPN is working by connecting to internal resources.

Using preshared secret for authentication in Site to Site VPN configuration.

Requirements for Site to Site VPN, including blade activation and peer device configuration.

Entering host name or IP address and preshared secret information.

Checking VPN tunnel status by sending traffic between local and peer gateways.

Using certificates for authentication in Site to Site VPN configuration.

Requirements for certificate-based VPN, including reinitializing certificates.

Procedures for exchanging CAs, signing requests, and authenticating with 3rd party CAs.

Configuring DDNS for dynamic IP addresses to connect via hostname.

Configuring an internet connection with a static IP address for appliance accessibility.

Steps to configure Two-Factor Authentication using SMS, email, or Google Authenticator.

Adding new local users with remote access permissions and SSL VPN bookmarks.

Populating users and groups from Active Directory or RADIUS servers.

Editing existing local users to configure remote access permissions.

Setting permissions for local users and groups via checkboxes.

Allowing connections between VPN clients in the same Office Mode Pool.

Adding new local users with remote access permissions and SSL VPN bookmarks.

Adding new local user groups with remote access permissions.

Adding remote access permissions to existing Active Directory groups.

Granting remote access permissions to all users defined in Active Directory.

Adding primary and secondary RADIUS servers for authentication.

Adding TACACS+ servers for administration authentication and authorization.

Adding an Active Directory domain for user authentication and policy configuration.

Defining custom applications using strings or regular expressions on URLs.

Inspecting URLs using Check Point Cloud to match them to built-in categories.

List of applications and categories filterable by Common, Custom, Categories, or All.

Filtering the list to show required views by entering text in the filter box.

Adding new services, editing services, and deleting services.

Creating new service groups by selecting available services.

Editing existing service groups.

Deleting user-defined service groups.

Creating a network object of type Single IP (host object).

Creating a network object of type Network.

Creating a network object of type Domain Name.

Editing an existing network object.

Deleting a network object from the list.

Filtering the network object list by name.

Creating new network object groups and adding network objects to them.

Editing existing network object groups.

Deleting network object groups.

Viewing the last 100 log records and searching security logs.

Entering queries to search for specific security logs.

Selecting a log entry to view its details.

Refreshing the security log data to display the latest records.

Stopping local logging for better performance.

Clearing logs from local storage and external SD cards.

Downloading the complete system log file.

Refreshing the system logs list to display the latest entries.

Clearing the system log list and confirming the action.

Searching system logs table using keywords in the text search field.

Using an external Check Point Log Server for storing additional logs.

Extending log retention time and exporting logs for data mining.

Pre-configuration steps for setting up an external Check Point Log Server.

Configuring an external Check Point Log Server via WebUI.

Configuring a gateway to send logs to multiple syslog servers.

Adding additional syslog servers for sending secured and encrypted logs.

Editing the configuration of an existing syslog server.

Deleting a syslog server configuration.

Temporarily blocking a device from network activity.

Functionality of toolbar buttons for managing active devices and network objects.

Revoking Hotspot access for connected devices.

Viewing and revoking paired mobile devices connected to the gateway.

Viewing information about infected devices and servers.

Filtering the list of VPN tunnels by criteria.

Refreshing the VPN tunnels list to display updated information.

Filtering the list of active connections by criteria.

Refreshing the active connections list.

Viewing network, security, and troubleshooting information.

Viewing network analysis, security analysis, and infected devices reports.

Checking appliance performance, sizing, and health status.

Opens popup windows to view CPU, memory, and disk usage history.

Opens a popup window displaying route information like source, destination, gateway, and metric.

Opens a popup window to view corresponding Gaia Clish commands for BGP, OSPF, etc.

Opens a popup window showing the result of the Cloud Services Connectivity Test.

Enabling or disabling the SNMP agent on the appliance.

Configuring SNMP general settings, including traps and users.

Adding, editing, or deleting SNMP v3 users.

Enabling or disabling traps and setting threshold values.

Monitoring VPN tunnel status and receiving alerts when tunnels go down.

Receiving information on hardware sensor values and their thresholds.

Enabling specific SNMP traps and configuring their details.

Upgrading appliance firmware using a USB drive without a console connection.

Steps to install a new firmware image from a USB drive.

Procedure for upgrading to a new firmware image using a USB drive.

Upgrading appliance firmware or configuration file using an SD card.

File names that can be used with Gaia Clish commands for upgrades.

Restoring appliance to factory defaults using the WebUI.

Restoring appliance to factory defaults using the back panel button.

Updating the default image using Clish commands.

Configuring Bypass mode (Active/Force-Bypass) through the WebUI.

Switching between Active and Bypass modes using Gaia Clish commands.

Enabling or disabling the REST API on the gateway using Gaia Clish commands.

Structure of HTTP POST requests, including URL, headers, and payload.

Handling API versioning in HTTP POST requests.

Logging into the SMB appliance using admin credentials via REST API.

Logging out from the current session via REST API.

Generating security report data according to selected time frame via REST API.

Executing a single Gaia Clish command via REST API.