WIXLIB

AT&T FlexWare Applications: Customer Management InstructionsCheck Point vSEC Firewall Virtual SecurityCustomer Management Instructions:Check Point vSEC Virtual SecurityThis guide is designed to help you understand the steps to launch your Check PointCheck Point vSEC Firewall Virtual Security application.AT&T Recommends Network administrators have a working knowledge of Check Point next-generation securityappliance policy administration. Network administrators must thoroughly review the Check Point documentation and befamiliar with the configuration options and details.While AT&T is always available to assist, you are ultimately responsible for the configuration,administration, and policies on your Check Point vSEC Firewall Virtual Security application.Service Launch RequirementsBegin by reviewing the Check Point vSEC Firewall Virtual Security documentation available on theCheck Point website. This documentation provides detailed information on all aspects of Check PointvSEC Security Platform administration. You can find the documentation here:vSEC virtual-edition/Security Policy utions/security-management/policy- management/NOTE: Information on the Check Point website is maintained by Check Point, which is solelyresponsible for the accuracy of the available documentation.Version can be selected via links dependent on availability on the web page. Some guides may beonly listed under major release if there are no changes. R80 should be selected when a reference to aspecific release is required.The following guides are especially recommended: ESG Security Management WhitepaperR80.10 Security Management DatasheetOctober 25, 2018 2018 AT&T Intellectual Property. All rights reserved.AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property.Page 1

AT&T FlexWare Applications: Customer Management InstructionsCheck Point vSEC Firewall Virtual SecurityVerify Configuration Settings and Policies In the Check Point VM GUINOTE: An AT&T Technician will be online with you to verify these settings as part of the Test and TurnUp (TTU) process.The Check Point-VM GUI is accessed using a connected web browser. In your browser’s address bar,type:https:/[yourmgmt ip]/loginReplace [yourmgmt ip] in the URL with the actual management IP you provided to the AT&T LeadEngineer during the initial data gathering consultation for your service.Changing Your Admin PasswordYour assigned AT&T Technician will supply a temporary admin password for initial access to the CheckPoint-VM GUI. This password should be changed immediately after accessing the GUI for the firsttime.1.After logging in with your supplied credentials, navigate to User Management Change myPassword.2.Type the old password, type a new password, and click OK.3.You will be logged out of Check Point-VM GUI and a login prompt will appear for you to logback in.Verifying Licensed FeaturesVerify that the Check Point-VM is licensed and, if you have purchased the Enhanced feature set, NextGen features are active.1.In the Check Point-VM GUI, navigate to Maintenance Licenses.2.Confirm that all ordered features have active licenses.3.Confirm that all desired features are active.Note: Notify your AT&T technician if you find features that are licensed incorrectly.Configure a Test PolicyNo default/test policy exists on the Check Point firewall. It is recommended you configure and test apolicy. Once a policy is configured and tested, the Check Point-VM is operational. More restrictivealternate policies may be created to further secure your system if desired.October 25, 2018 2018 AT&T Intellectual Property. All rights reserved.AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property.Page 2

AT&T FlexWare Applications: Customer Management InstructionsCheck Point vSEC Firewall Virtual SecurityAdditional Configuration Guidelines Regularly backup your vFirewall configuration. AT&T does not have access to yourconfiguration and cannot perform standard backups of your vFirewall. If you need to add, remove, or change WAN IP addresses or VLANs on your Check PointVM application, file an AT&T change order MACD first. Changes must be made to the AT&TFlexWare Device to support these changes. MACD orders are required for any change in yourlayer-2 topology settings. Rebooting your vFirewall is fine, but avoid hard shutdowns. If a hard shutdown of yourvFirewall occurs, file a support ticket to have the vFirewall brought up manually by AT&T. Take care not to lose your admin password. AT&T does not have the ability to reset theadmin password. Do not alter the RIP (routing information protocol) configuration. This is required forrouting between the Check Point-VM and your AT&T managed router. NAT (network address translation) is enabled and uses an egress interface toward theinternet. NAT is required for Internet connectivity. Be careful not to make configuration changes that may lock you out of your vFirewall. Do not issue any license command that may invalidate the Check Point throughput/featurelicense. AT&T can upgrade your vFirewall to the latest supported firmware version upon requestvia the support process. Do not upgrade/downgrade the firmware to a version not currentlysupported for the AT&T FlexWare Device.General Customer Responsibilities: Check Point-VM Configuration and Policy Management: You will have access to thevFirewall through a WAN and LAN IP address when the vFirewall is turned-up. You canconfigure your vFirewall the same way you would configure a physical Check Point firewall.You may manage your vFirewall using Check Point Provider-1 or through the vFirewall’s GUIor CLI. vFirewall Monitoring and Reporting: As a network administrator, you are responsible forany Check Point-VM-specific health monitoring. The user interface provides a dashboardwith statistics, and SNMP (simple network management protocol)/system logs (SYSLOG)monitoring can be setup to monitor your network management infrastructure.Reports can be accessed through the Web UI. Log events can be forwarded to a customerprovided SIM (service implementation manager) or to your organization’s instance of CheckPoint Provider-1 EMS. vFirewall Backup and Firmware Upgrades: As a network administrator, you are responsiblefor maintaining a backup of your vFirewall configuration. You are also responsible forscheduling firmware upgrades, but you must contact AT&T prior to any firmware upgrade toconfirm the upgrade version is supported by the AT&T FlexWare Device offer.October 25, 2018 2018 AT&T Intellectual Property. All rights reserved.AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property.Page 3

AT&T FlexWare Applications: Customer Management Instructions Check Point vSEC Firewall Virtual SecurityEnsure connectivity to Check Point for license and feature updates. These updates areautomatically downloaded in real-time from the Check Point over the Internet. AT&T willverify that updates are working during turn-up as part of initial licensing and provisioning,but you should periodically check whether updates are workingAT&T Responsibilities: Initial Installation, Configuration, and Licensing of the vFirewall. AT&T will provision theCheck Point-VM with the configuration you specified during your consultation sessions withyour assigned AT&T Lead Engineer.AT&T will do the networking and router configuration on the FlexWare Device to put theCheck Point-VM in line of appropriate traffic on the FlexWare Device.AT&T will handle the Check Point-VM licensing and provide a serial number to you in casedirect support is needed from Check Point. Monitoring of the AT&T FlexWare Device. The state of the vFirewall VM (virtual machine) isonly monitored for up/down status. AT&T will confirm that VM is in an up status at all timesand restart, if necessary. The AT&T operations team can restart the vFirewall in consultationwith you, if necessary.October 25, 2018 2018 AT&T Intellectual Property. All rights reserved.AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property.Page 4

AT&T FlexWare Applications: Customer Management InstructionsCheck Point vSEC Firewall Virtual SecurityHow to Get SupportSupport tickets are created with Check Point either through the Check Point Support web portal, overLive Chat with Check Point Support, or over the phone.Before seeking support from Check Point, you must create a Check Point User Center account. If youencounter any issues with this process, please contact AT&T’s Global Customer Support Center at 1844-736-3843.To Create a User Center Account:1.Click Sign up now at .jsp2.Create a User Profile with your information.3.From the top menu bar, click the Assets/Info tab and click the Accounts option.4.Click the Create Account button.5.Select the purpose of the account, and click Next (if you select "Manage Products", you willbe prompted to provide additional information before continuing).6.Complete all required fields.7.Click the Submit button.Once your new Account has been created, you can locate your Account ID under the “Accounts”choice again. Please remember your User Name & Account ID for future requests.Creating a Check Point Support Request Online1.To create a Web service request, login to UserCenter, access the Support/Services tab andselect Support Center.October 25, 2018 2018 AT&T Intellectual Property. All rights reserved.AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property.Page 5

AT&T FlexWare Applications: Customer Management Instructions2.Click Open a Service Request.3.Select Technical issue and click Next.4.Select an account from the dropdown list and click Next.Check Point vSEC Firewall Virtual SecurityNote: The accounts in the drop-down box of the figure below are not AT&T Flexwareaccounts. You will see different AT&T FlexWare related accounts. If you do not find anyaccount with products or services included in the drop down, please enter the VNF serialnumber in the device number section (This will be required the first time you create a ticketonline). The system will check if the account or device number entered has a valid supportcontract.Note: If you do not see any accounts in the drop-down box, refer to the instructions at thetop of this document to follow the steps to create a User Center Account.October 25, 2018 2018 AT&T Intellectual Property. All rights reserved.AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property.Page 6

AT&T FlexWare Applications: Customer Management Instructions5.Check Point vSEC Firewall Virtual SecurityComplete the Service Request details:FieldNotesHardware PlatformSelect KVMOperating SystemSelect GAiAProduct LineSelect CloudGuardProduct NameSelect CG IaaS[vSec]: Private CloudProduct VersionSelect R77.30Issue TypeSelect the option that most closely matches the issue you’reexperiencing.SeverityCheck Point has defined severity definitions. See chart below.Brief SummaryType a brief summary of the issue you’re experiencing.Detailed DescriptionType a detailed description of the problem. In order for CheckPoint Technical Support to provide you with the optimumlevel of service, we suggest you provide at least the followinginformation: A problem description Relevant background information (Has the configurationworked in the past? Is this a new configuration? Have anychanges been made recently to the Check Point VNF or tothe network?) A description and the results of your troubleshooting stepsOctober 25, 2018 2018 AT&T Intellectual Property. All rights reserved.AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property.Page 7