Zero touch provisioning (ZTP) is a technology that automates the setup and configuration of new devices, eliminating the need for manual intervention. It allows for the consistent, simultaneous, and automated configuration of network devices, by delivering configuration files directly to the device upon first start-up.
Bewertung der Miercom Zero-Trust-Plattform 2024 Demo anfordern
The ZTP process varies a little depending on the unique demands of each setup. However, before a device is sent out to the user, it will require a quick modification to be ZTP-enabled: the IT team needs to verify its IP address, register its serial number, and quickly test hardware compatibility.
Alongside device-specific requirements, there’s a few other network requirements, such as a network device with ZTP, a DHCP server, and a file server such as TFTP.
With all these in place, however, let’s zoom in on a single device’s setup process:
And with that, the first-time setup is done. If you choose a DHCP setup mechanism, you’ll then be able to manage the device from a central portal. In the backend, this process is actively supported via configuration profiles – which is how IT admins define what files the device needs to install.
These templates include details such as security configurations, network settings, and user preferences.
Given its foundational importance to the security and performance of your organization’s networks, it’s vital to understand ZTP’s potential ramifications and risks.
These fit into the wider network security best practices we recommend.
Given that the new device will be downloading whatever configuration files its ZTP template points to, it’s absolutely essential for further verification mechanisms to secure not just the provisioning process, but profile creation as well. Validating the trustworthiness of a newly deployed device and the configurations being pushed to it demands a ZTP process with adequate logging procedures.
The logs detail what firewall is receiving which update, which can then be fed into pre-existing security tooling like:
Sicherheitsinformations- und Ereignismanagement (SIEM) system: helping you gain a clear picture of initial configurations and updates as they happen
In network security, it’s often human-made errors that make the biggest impact. The philosophy behind secure automation is that every device can be configured to the same standard of care.
This also helps minimize the risk of insider threats and account compromise within the dev team itself. ZTP provides an easy way of automating large swathes of admins’ times, especially in the event of large scale provisioning, while still ensuring scope for manual intervention when needed.
At best, errors within the configuration files significantly slow down a device’s setup time.
To avoid these, make sure that the admin team debug all configuration files before deploying them. These configuration errors have more severe security ramifications when applied to firewalls.
However, as it can have a knock-on effect on the firewall’s ability to detect and prevent suspicious traffic.
The templates for policy configuration can, on occasion, be a source of errors themselves. When considering whether to implement ZTP, it’s common for organizations to already have an idea of their ideal firewall architecture – which should include these parameters:
So, with these in mind, make sure to configure the firewalls to connect to the correct team’s management portal.
Once they’re all up and running, the security team responsible will then be able to efficiently manage the firewall’s rulesets, days or weeks ahead of a manual configuration’s schedule.
Zero touch lets firewall and gateway implementation take minutes, rather than days. Most of the time saved is from avoiding lengthy travel days and accommodation, as IT professionals no longer have to be transported on-site to set up security tooling. Instead, new devices can be bought online, configured, and added to the central management platform by simply plugging in the cable.
Check Point’s commitment to efficient security goes beyond simple ZTP: our single-pane-of-glass platform consolidates firewall, security policies, user, and application management into a user-friendly format.
Offering the full extent of real-time event monitoring across cloud and on-premise, read more on how Quantum provides a unified management platform. Alternatively, see for yourself and set up a demo with one of our skilled team members.