Checkpoint Firewall
Introduction
Checkpoint Firewall is an advanced network security device that provides comprehensive threat prevention, traffic inspection, and access control. It safeguards enterprise networks by blocking unauthorized access while enabling secure communication across internal and external networks
Getting Started
Compatibility
Checkpoint Firewall O11ySource supports SNMP versions v1, v2c and v3.
Data Collection Method
Checkpoint Firewall supports SNMP, Syslog, and API-based access to export security events, logs, and performance metrics, making it easy to integrate with SIEMs and observability platforms.
Prerequisites
Dependent Configuration
To configure this O11ySource, create a 'credential' of type 'snmp' under the 'Definition' tab.
Inputs for Configuring Data Source
- Group Name: This field is for grouping devices for SNMP polling, making it easier to manage devices with common characteristics or within the same network segment.
- No. of Retries: Number of times the system should reattempt polling if the initial attempt fails. Default is set to 7 retries
- Timeout Duration: Specify how long the system should wait for a response from a device before considering the attempt unsuccessful. Default timeout is 5 seconds
- Device: Details needed to collect health data from the devices using SNMP
- Device IP: Enter the IP address of the device.
- SNMP Credential: Select the SNMP credential from the dropdown list that corresponds to this device.
- Vendor: Select the vendor of the device from the dropdown list
- Model: Select the model of the device from dropdown list.
- MIB Groups: Define what MIBs to be queried and how often
- MIB Group: Default: 'ALL_SUPPORTED_MIB_GROUPS'.
- Interval: Default: 360 seconds
Firewall Requirement
To collect data from this O11ySource, ensure the following ports are opened:
| Source IP | Destination IP | Destination Port | Protocol | Direction |
|---|---|---|---|---|
| vuSmartMaps IP | IP address of the SNMP device | 161* | UDP | Outbound |
*Before providing the firewall requirements, please update the port based on the customer environment.
Configuring the Target
Configure SNMP on Checkpoint Firewall devices and grant SNMP access permissions to vuSmartMaps designated IP address.
Configuration Steps
Enablethe O11ySource.- Select the sources tab and press the
+button to add a new instance that has to be monitored. - Provide the required configurations:
- *Resource Name
- *Period (in seconds)
- *Credential
- *Resource ID
- Click
Saveto close the data source window.
Metrics Collected
| Name | Description | Data Type |
|---|---|---|
| @timestamp | Timestamp string | String |
| timestamp | Timestamp with precision | DateTime64 |
| bu_id | Business unit ID | LowCardinality(String) |
| tenant_id | Tenant ID | LowCardinality(String) |
| host | Host IP Address | IPv4 |
| target | Target system | String |
| DeviceIP | Device IP Address | IPv4 |
| data_type | Type of data | LowCardinality(String) |
| type | Event type | LowCardinality(String) |
| vendor_name | Vendor name | LowCardinality(String) |
| device_type | Device type | LowCardinality(String) |
| period | Time period | Int32 |
| system_name | System name | String |
| name | Name of the Interface | String |
| index | Index value | String |
| vublock_name | VuBlock Name | String |
| topic_of | Topic associated | String |
| CPU Utilization | CPU Utilization | Float64 DEFAULT -1.0 |
| CPU Name | CPU Name | LowCardinality(String) |
| Memory Utilization | Memory Utilization | Float64 DEFAULT -1.0 |
| Uptime | System Uptime | UInt64 |
| Uptime in seconds | System Uptime in Seconds | Float64 |
| CPU Utilization Per Core | CPU Usage Per Core | Float64 |
| Total Memory | Total Real Memory | UInt64 |
| Used Memory | Active Real Memory | UInt64 |
| Free Memory | Free Real Memory | UInt64 |
| Temperature Identifier | Temperature Identifier | String |
| Temperatue Value | Temperature Value | Int64 |
| Connection Count | Number of connections | UInt64 |
| Peak Connection Count | Peak number of connections | UInt64 |
| New Connection Rate | Rate of new connections | UInt64 |
| HA State | High Availability State | LowCardinality(String) |
| HA State of VSX | High Availability State of Virtual System eXtension | LowCardinality(String) |
| Virtual System Name | Name of Virtual System | String |
| Virtual System IP | Main IP of the Virtual System | String |
| Disk Name | Name of the disk | String |
| Disk Size | Total Size of the disk | UInt64 |
| Disk Used | Used Size of the disk | UInt64 |
| Disk Used Percentage | Percentage of disk usage | Float64 |
| Power Supply Unit Status | Status of PSU | String |
| Blade ID | Identifer for the blade | String |
| Blade Status | Status of the blade | String |
