Check Point Provider-1 Firewall
What is Discovered and Monitored
Protocol |
Information Discovered |
Metrics collected |
Used for |
---|---|---|---|
SNMP |
Host name, Firewall model and version, Network interfaces |
Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Firewall connection count |
Availability and Performance Monitoring |
LEA |
All traffic and system logs |
Security and Compliance |
Event Types
There are no event types defined specifically for this device.
Rules
There are no predefined rules for this device.
Reports
There are no predefined reports for this device.
Configuration Overview
The configuration of Check Point Provider-1 depends on the type of log that you want sent to FortiSIEM. There are two options:
- Domain level audit logs, which contain information such as domain creation, editing, etc.
- Firewall logs, which include both audit log for firewall policy creation, editing, etc., and traffic logs
These logs are generated and stored among four different components:
- Multi-Domain Server (MDS), where domains are configured and certificates have to be generated.
- Multi-Domain Log Module (MLM), where domain logs are stored.
- Customer Management Add-on (CMA), the customer management module.
- Customer Log Module (CLM), which consolidates logs for an individual customer/domain.
Discover Paired Components on the Same Collector or Supervisor
Discovery of the MLM requires the certificate of the MDS, and discovery of the CLM requires the certificate of the CMA. Make sure that you discover the MDS & MLM pair, and the CMA & CLM pair, on the same Supervisor or Collector. If you attempt to discover them on separate Collectors, discovery will fail.
Component Configuration for Domain-Level Audit Logs
- Configure MDS.
- Use the Client SIC obtained while configuring MDS to configure MLM.
- Pull logs from MLM.
Component Configuration for Firewall Logs
- Configure CMA.
- Use the Client SIC obtained while configuring CMA to configure CLM.
- Pull logs from CLM.
If you want to pull firewall logs from a domain, you have to configure CLM for that domain.
See these topics for instructions on how to configure each component for Check Point Provider-1 firewalls.