SmartView Monitor

Chia sẻ: Nguyen Tien Lich | Ngày: | Loại File: PDF | Số trang:120

0
41
lượt xem
5
download

SmartView Monitor

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Tham khảo tài liệu 'smartview monitor', công nghệ thông tin, kỹ thuật lập trình phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả

Chủ đề:
Lưu

Nội dung Text: SmartView Monitor

  1. TM SmartView Monitor Administration Guide Version NGX R65 701678 March 12, 2007
  2. © 2003-2007 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check Point Express, Check Point Express CI, the Check Point logo, ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoSa, DefenseNet, Dynamic Shielding Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Clientless Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security Extension, OPSEC, OSFirewall, Policy Lifecycle Management, Provider-1, Safe@Home, Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard, Sentivist, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advisor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM, UserAuthority, User-to-Address Mapping, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN- 1 Power, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX, Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus, ZoneAlarm Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 6,496,935, 6,873,988, and 6,850,943 and may be protected by other U.S. Patents, foreign patents, or pending applications. For third party notices, see: THIRD PARTY TRADEMARKS AND COPYRIGHTS.
  3. Contents Preface Who Should Use This Guide.............................................................................. 10 Summary of Contents ....................................................................................... 11 Related Documentation .................................................................................... 13 More Information ............................................................................................. 16 Feedback ........................................................................................................ 17 Chapter 1 SmartView Monitor Overview Introduction .................................................................................................... 20 SmartView Monitor Considerations..................................................................... 22 Chapter 2 Before You Begin Introduction .................................................................................................... 24 Terminology .................................................................................................... 25 Understanding the User Interface ...................................................................... 27 Gateways Status View.................................................................................. 28 Traffic View ................................................................................................ 29 System Counters View ................................................................................. 30 Tunnels View .............................................................................................. 31 Remote Users View ..................................................................................... 32 Cooperative Enforcement View ..................................................................... 33 Chapter 3 Monitoring Suspicious Activity Rules The Need for Suspicious Activity Rules .............................................................. 36 Suspicious Activity Rules Solution..................................................................... 37 Configure Suspicious Activity Rules ................................................................... 38 Create a Suspicious Activity Rule ................................................................. 38 Manage Suspicious Activity Rules................................................................. 40 Chapter 4 Monitoring Alerts Overview ......................................................................................................... 44 Interfering Actions ...................................................................................... 45 Configure Alerts............................................................................................... 46 Alert Configuration Information .................................................................... 46 Chapter 5 Monitoring Gateways Status Gateways Status Solution ................................................................................. 50 How does it work? ....................................................................................... 51 Gateway Statuses........................................................................................ 52 Displaying Gateway Information.................................................................... 54 Views about a Specific Gateway.................................................................... 63 Table of Contents 5
  4. Interfering Actions ...................................................................................... 64 Thresholds ................................................................................................. 64 Alert Dialog ................................................................................................ 64 Configuring Gateway Views ............................................................................... 66 Defining the Frequency at which Status Information is Fetched....................... 66 Start/Stop Cluster Member........................................................................... 67 Select and Run a Gateways View .................................................................. 67 Refresh a Gateways Status View ................................................................... 67 Run a Specific View at Startup..................................................................... 67 View In-Depth Information about a Specific Gateway...................................... 67 Create a Custom Gateways Status View ......................................................... 68 Edit a Gateway View.................................................................................... 68 Defining a Threshold ................................................................................... 69 Define Global Threshold Settings.................................................................. 69 Delete a Custom Gateway View..................................................................... 70 Copy a Gateway View................................................................................... 70 Rename a Custom Gateway Status View ........................................................ 71 Export a Custom Gateway Status View........................................................... 71 Chapter 6 Monitoring Traffic or System Counters Traffic or System Counters Solution................................................................... 74 Traffic ....................................................................................................... 74 System Counters......................................................................................... 76 Traffic or System Counters Configuration............................................................ 77 Select and Run a Traffic or System Counters View ......................................... 77 Run a Specific View at Startup..................................................................... 78 Create a New Traffic or System Counters Results View.................................... 78 Create a Real-Time Custom Traffic or Counter View ........................................ 79 Create a History Traffic or Counter View ........................................................ 80 Edit a System Counter or Traffic View ........................................................... 81 Edit a Custom Traffic or System Counter View ............................................... 82 Copy a Traffic or System Counter View .......................................................... 82 Rename a Custom Traffic or Counter View ..................................................... 83 Delete a Custom Traffic or Counter View ....................................................... 83 Export a Custom Traffic or Counter View ....................................................... 83 Recording a Traffic or Counter View .............................................................. 84 Chapter 7 Monitoring Tunnels Tunnels Solution ............................................................................................. 88 Tunnel View Configuration ................................................................................ 90 Run a Tunnel View...................................................................................... 90 Refresh a Tunnel View................................................................................. 92 Run a Specific View at Startup..................................................................... 93 Create a Custom Tunnel View....................................................................... 93 Edit a Custom Tunnel View .......................................................................... 94 Edit a Tunnel View..................................................................................... 94 Delete a Custom Tunnel View....................................................................... 94 Copy a Tunnel View..................................................................................... 95 6
  5. Rename a Custom Tunnel View .................................................................... 95 Chapter 8 Monitoring Remote Users Remote Users Solution ..................................................................................... 98 Remote Users View Configuration ...................................................................... 99 Run a Remote Users View............................................................................ 99 Refresh a Remote Users View..................................................................... 101 Run a Specific View at Startup................................................................... 101 Create a Custom Remote Users View........................................................... 101 Edit a Custom Remote Users View .............................................................. 102 Edit a Remote Users View......................................................................... 102 Delete a Custom Remote Users View........................................................... 103 Copy a Remote Users View......................................................................... 103 Rename a Custom Remote Users View ........................................................ 103 Chapter 9 Cooperative Enforcement Cooperative Enforcement Solution ................................................................... 106 Enforcement Mode.................................................................................... 107 Monitor Only Deployment Mode.................................................................. 107 Non-Compliant Hosts by Gateway View........................................................ 107 Configuring a Cooperative Enforcement View .................................................... 109 Index........................................................................................................... 117 Table of Contents 7
  6. 8
  7. Preface P Preface In This Chapter Who Should Use This Guide page 10 Summary of Contents page 11 Related Documentation page 13 More Information page 16 Feedback page 17 9
  8. Who Should Use This Guide Who Should Use This Guide This guide is intended for administrators responsible for maintaining network security within an enterprise, including policy management and user support. This guide assumes a basic understanding of • System administration. • The underlying operating system. • Internet protocols (IP, TCP, UDP etc.). 10
  9. Summary of Contents Summary of Contents This guide describes the SmartView Monitor high-performance network and security analysis system that helps you easily administer your network by establishing work habits based on learned system resource patterns. This document describes how based on Check Point’s Security Management Architecture (SMART), SmartView Monitor provides a single, central interface for monitoring network activity and performance of Check Point applications. SmartView Monitor allows administrators to easily configure and monitor different aspects of network activities. Graphical customized and pre-defined views can easily be viewed from an integrated, intuitive GUI: Chapter Description Chapter 1, “SmartView Moni- Provides an introduction to the SmartView Moni- tor Overview” tor Solution and briefly describes how it works. Chapter 2, “Before You Be- describes useful terms that help you better un- gin” derstand SmartView Monitor concepts and ex- plains the SmartView Monitor GUI so that you are comfortable with the SmartConsole before you begin to work. Chapter 5, “Monitoring Gate- describes how information about the status of all ways Status” gateways in the system is collected from these gateways. This chapter shows how this informa- tion is gathered by the SmartCenter Server and how it can be viewed. Chapter 6, “Monitoring Traf- describes the essence of monitoring network fic or System Counters” traffic and how to configure Traffic views to suit your needs. This chapter also describes the na- ture of counting specific characteristics of your network and how to configure Counter views so that you obtain the beneficial information. Preface 11
  10. Summary of Contents Chapter Description Chapter 7, “Monitoring Tun- describes how monitoring Tunnels is beneficial nels” to your organization and explains how to config- ure Tunnel views. Chapter 8, “Monitoring Re- describes an administrative feature that allows mote Users” you to keep track of SecuRemote users currently logged on to specific SmartCenter servers and how you can easily navigate through the ob- tained results Chapter 3, “Monitoring Sus- Introduces you to Suspicious Activity Rules, picious Activity Rules” which is a utility integrated into SmartView Mon- itor that is used to modify access privileges upon detection of any suspicious network activi- ty (for example, several attempts to gain unau- thorized access). In this chapter you will learn that the detection of suspicious activity is based on the creation of Suspicious Activity rules. 12
  11. Related Documentation Related Documentation The R61 release includes the following documentation: TABLE P-1 VPN-1 Power documentation suite documentation Title Description Internet Security Product Contains an overview of NGX R65 and step by step Suite Getting Started product installation and upgrade procedures. This Guide document also provides information about What’s New, Licenses, Minimum hardware and software requirements, etc. Upgrade Guide Explains all available upgrade paths for Check Point products from VPN-1/FireWall-1 NG forward. This guide is specifically geared towards upgrading to NGX R65. SmartCenter Explains SmartCenter Management solutions. This Administration Guide guide provides solutions for control over configuring, managing, and monitoring security deployments at the perimeter, inside the network, at all user endpoints. Firewall and Describes how to control and secure network SmartDefense access; establish network connectivity; use Administration Guide SmartDefense to protect against network and application level attacks; use Web Intelligence to protect web servers and applications; the integrated web security capabilities; use Content Vectoring Protocol (CVP) applications for anti-virus protection, and URL Filtering (UFP) applications for limiting access to web sites; secure VoIP traffic. Virtual Private Networks This guide describes the basic components of a Administration Guide VPN and provides the background for the technology that comprises the VPN infrastructure. Preface 13
  12. Related Documentation TABLE P-1 VPN-1 Power documentation suite documentation (continued) Title Description Eventia Reporter Explains how to monitor and audit traffic, and Administration Guide generate detailed or summarized reports in the format of your choice (list, vertical bar, pie chart etc.) for all events logged by Check Point VPN-1 Power, SecureClient and SmartDefense. SecurePlatform™/ Explains how to install and configure SecurePlatform Pro SecurePlatform. This guide will also teach you how Administration Guide to manage your SecurePlatform machine and explains Dynamic Routing (Unicast and Multicast) protocols. Provider-1/SiteManager-1 Explains the Provider-1/SiteManager-1 security Administration Guide management solution. This guide provides details about a three-tier, multi-policy management architecture and a host of Network Operating Center oriented features that automate time-consuming repetitive tasks common in Network Operating Center environments. TABLE P-2 Integrity Server documentation Title Description Integrity Advanced Explains how to install, configure, and maintain the Server Installation Integrity Advanced Server. Guide Integrity Advanced Provides screen-by-screen descriptions of user Server Administrator interface elements, with cross-references to relevant Console Reference chapters of the Administrator Guide. This document contains an overview of Administrator Console navigation, including use of the help system. Integrity Advanced Explains how to managing administrators and Server Administrator endpoint security with Integrity Advanced Server. Guide Integrity Advanced Provides information about how to integrating your Server Gateway Virtual Private Network gateway device with Integrity Integration Guide Advanced Server. This guide also contains information regarding deploying the unified SecureClient/Integrity client package. 14
  13. Related Documentation TABLE P-2 Integrity Server documentation (continued) Title Description Integrity Advanced Provides information about client and server Server System requirements. Requirements Integrity Agent for Linux Explains how to install and configure Integrity Agent Installation and for Linux. Configuration Guide Integrity XML Policy Provides the contents of Integrity client XML policy Reference Guide files. Integrity Client Explains how to use of command line parameters to Management Guide control Integrity client installer behavior and post-installation behavior. Preface 15
  14. More Information More Information • For additional technical information about Check Point products, consult Check Point’s SecureKnowledge at https://secureknowledge.checkpoint.com/. • See the latest version of this document in the User Center at http://www.checkpoint.com/support/technical/documents. 16
  15. Feedback Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments to: cp_techpub_feedback@checkpoint.com Preface 17
  16. Feedback 18
  17. Chapter 1 SmartView Monitor Overview In This Chapter Introduction page 20 SmartView Monitor Considerations page 22 19
  18. Introduction Introduction Corporate networks in today’s dynamic business environment are often comprised of many networks and VPN-1 Power/UTM Gateways that support a diverse set of applications and user needs. The challenge of managing an increasing array of system traffic can put enormous pressure on IT staffing capacity and network resources. With SmartView Monitor, Check Point offers you a cost effective solution to obtain a complete picture of network and security performance; and to respond quickly and efficiently to changes in gateways, tunnels, remote users and traffic flow patterns or security activities. SmartView Monitor is a high-performance network and security analysis system that helps you easily administer your network by establishing work habits based on learned system resource patterns. Based on Check Point’s Security Management Architecture (SMART), SmartView Monitor provides a single, central interface for monitoring network activity and performance of Check Point applications. SmartView Monitor allows administrators to easily configure and monitor different aspects of network activities. Graphical views can easily be viewed from an integrated, intuitive GUI. Pre-defined views include the most frequently used traffic, counter, tunnel, gateway, and remote user information. For example, Check Point System Counters collect information on the status and activities of Check Point products (for example, VPN-1, etc.). Using custom or pre-defined views, administrators can drill down on the status of a specific gateway and/or a segment of traffic to identify top bandwidth hosts that may be affecting network performance. If suspicious activity is detected, administrators can immediately apply a security rule to the appropriate VPN-1 gateway to block that activity. These security rules can be created dynamically via the graphical interface and be set to expire within a certain time period. Real-time and historical reports (that is, flexible, graphical reporting) of monitored events can be generated to provide a comprehensive view of gateways, tunnels, remote users, network, security and VPN-1 performance over time. The following list describes the key features of SmartView Monitor and how it is employed. 20
Đồng bộ tài khoản