what is different between smartCenter server and enforcement module

[vvcat]

Hi,

I am newbiz for the cp fw, what is different between smartcenter server and enforcement module and their function.

I one cp fw is running , how can I check that fw has already been installed enforcement module?

[mcnallym]

Check Point consists of 3 tiers or parts

SMARTConsole - The GUI Front End where you define the security policy and login.
SMARTCenter - The Management server that the SMARTConsole connects to and where the security policy is saved.
Enforcment Module - This is the place where the security policy is implemented, where the traffic flows through.

You may find that physically one peice of hardware may hold all 3 parts, but Check Point still runs as though is 3 peices of software.

[vvcat]

according to your message, enforcement modules should be install, right?

[MarioL]

Yes, you will need at least one enforcement module, even if it might be installed in a different machine.

When installing there are 2 main options, Stand Alone and Distributed, when you chose the last one it's possible to install the modules separately.

When testing it's quite frequent to just install everything on the same box.

[vvcat]

Thanks, If I only have one cp fw NGX, when I install enforcement module, I should choose standalone instead of distributed, right?

[mcnallym]

Quote:

Originally Posted by vvcat

Thanks, If I only have one cp fw NGX, when I install enforcement module, I should choose standalone instead of distributed, right?

Stanalone is for where SMARTCenter and Enforcement Software is installed on one box.

Distributed is for where SMARTCenter and Enforcement Software is installed on seperate boxes or where there will be more Enforcement Modules installed later.

If you can spell out exactly how you want the 3 parts of the Check Point system to be installed then we can probably help more fully. At the moment I am not really sure what you are asking, as you only seem to be installing 1 single enforcement mode, where is your SMARTCenter?

[vvcat]

thanks again, since I have no experience to install cp fw before, so i need to know how many component should I install, but I have experience for netscreen and pix installation.

[mcnallym]

You will need ALL of the 3 components to get a working Check Point System. What platform are you installing upon?

[vvcat]

Nokia IP260 / IPSO 4.2 / R60

[MarioL]

OK, do you have any other Check Point boxes? If not, then install as Stand alone. This will install firewall module (enforcement module) and management module (SmartCenter). Then you need to install the GUI (SmartConsole) in a windows PC and connect to the IP 260 to manage it.

If you have more Check Point stuff, there may already be a SmartCenter box that you can use, which might be a better option than running everything on the IP 260. This allow you to have a central repository for logs and config data and manage several firewalls from a single box.