Print
Category: SecureTrack

This article is about a legacy license feature. This feature cannot be licensed anymore. If you purchased and installed it on your SecureTrack Server earlier, it still can be used for Check Point up to Version R80.x without problems.
-------

When having a Check Point firewall, it is possible to monitor the Check Point management. All information about a connected firewall is gathered from here. Sometimes it is wanted that this information is collected directly from the firewall using SNMP. This works since many versions of Check Point and SecureTrack quite well, following the configuration guide published by Tufin - as far as the license has been purchased (TF-SECTRK-CP-GAIA-OS-MONITOR).

Hint:
If you import a Check Point firewall, all topology data are derived from here, no more from the Check Point management. So if there is a problem with SNMP (e.g. connectivity, authentication), no topology data are available for this firewall.

Problem when having Check Point R81:
Independent of the configuration (that has worked for R80.x and earlier), the firewall running R81.x delivers "wrong password" in Menu > Settings > Administration > Status.

Therefore no data are imported into SecureTrack and also no topology information is available for this firewall.

 

Following a discussion in the Check Point CheckMates community and also Tufin Technical Support, the authentication of SNMPv3 users with SHA1 is not supported anymore.
Only SHA256 and SHA512 are supported by Check Point R81.x. To solve this issue, some additional steps are required.

So the complete integration of a Check Point Firewall R81.x into SecureTrack includes these steps:
(examples used here: SNMPv3 user: securetrack, Interface: 127.0.0.1, Password: password123)