Checkpoint Three Tier Architecture

Checkpoint is a leading provider of network security solutions that protect organizations from cyberattacks and threats. One of the key features of Checkpoint products is the three-tier architecture, which consists of three components:

  • Smart Console
  • Security management     
  • Security gateway
three tier architecure checkpoint

Smart Console

The SmartConsole is the component that provides a graphical user interface for the administrators to manage and monitor the network security. It connects to the management server and allows the administrators to create and edit security policies, view logs and events, generate reports and alerts, and troubleshoot issues. The SmartConsole can be installed on any Windows-based computer.

Smart console provides a graphical interface for centralized management of the check point environment.

Create and Manage

  • Security polices
  • User and administrator accounts
  • Management Servers, Gateways and devices
  • Setting for check point environment


  • Logs and event
  • Performance
  • Regulation compliance


  • License
  • Update products

SmartConsole İnterfaces

  • Desktop Clients (Windows host)
    • SmartConsole Client
    • Portable SmartConsole (R81.10 and higher)
  • Clientless, Browser-Based interface
    • Web SmartConsole (No installation package) : https://<management server ip>/smartconsole

Not: Installation package (Exe file) for SmartConsole Client and Portable SmartConsole are available from these locations.

  • Check Point Quantum R81.20 Hom Page
  • Check Point Support Center
  • Gaia Portal
  • Security Management Server

Smart Console Main Windows

SmartConsole checkpoint
  1. SmartConsole Navigation Toolbar
    1. Gateways and Servers
    1. Security Polices
    1. Log and Monitor
    1. Infinity Services
    1. Manage and Settings
    1. Command Line
    1. What is NEW
  2. SmartConsole Application Drop-Down Menu
  3. Objects Drop-Down Menu
  4. Install Policy
  5. Session Management Controls
    1. Discard
    1. Session
    1. Changes
    1. Publish
  6. Search Box
  7. Object and Validation Bar

Management Server

The management server is the central component that manages and configures all the security policies and settings for the network. It also collects and analyzes logs and events from the security gateways and provides reports and alerts. The management server can be installed on a dedicated appliance or on a general-purpose server.

There are two Security Management options: Check Point Quantum Smart-1 appliance and open servers.

The Management Server is responsible for these roles and functions

  • Database
  • Internal Certificate Authority (ICA)
  • Log Server
  • Licenses and Contracts Rpository
  • Monitoring
  • Security Automation

Security Management Server Software Blades

  • Network Policy Management
  • Endpoint Policy Management
  • Logging and Status
  • User Directory
  • Provisioning
  • Compliance
  • SmartEvent

The features are organized in smart console. You can see bellow in the figure. For more information about features and blades visit to Check Point page.

checkpoint management blades checkpoint

Security Gateway (Check Point Firewall)

The security gateway is the component that enforces the security policies and rules on the network traffic. It inspects and filters packets based on various criteria, such as source, destination, protocol, port, application, content, and user identity. The security gateway can also perform advanced functions, such as VPN, firewall, intrusion prevention, anti-virus, anti-spam, and web filtering. The security gateway can be installed on a dedicated appliance or on a general-purpose server.

Check Point brochure link is here:

Check Point Security Gateway (Firewall) are designed all types and size;

  • Hyperscale Network Security
  • Data Center
  • Large Enterprise
  • Midsize Enterprise
  • Branch Office
  • Small Business
  • Industrial Appliances

Security Gateway Blades

firewall blades checkpoint

Threat Prevention Features and Blades

Two main types of Gateway Blades: Network security and Threat Prevention. Blades are enabled or disabled as required.

Threat Prevention features for gateways include the following:

  • Sandlbast Threat Emulation, Threat Exraction and Zero Fishing
  • IPS
  • Anti-Bot
  • Anti-Virus

Deployment Scenarios

There are two deployment scenarios: Standalone and Distributed.

Standalone Deployment

This deployment mode the Security Gateway and Security Management Server are installed on the same computer or appliance.

Distributed Deployment

Distributed Deployment the Security Gateway and Security Management Server are installed on different server or appliance.


Leave a Reply

Your email address will not be published. Required fields are marked *

Next Post

Network Monitoring Tools

Sat Jun 3 , 2023
Network monitoring is the process of observing and analyzing the performance and availability of a computer network. Network monitoring can help identify and troubleshoot network problems, optimize network performance, and ensure network security. Network monitoring can be done using various tools and techniques, such as: Ping A ping is a […]
Network Monitoring

You May Like