Let's imgine following situation:

Tufin SecureTrack is licensed for 2 Firewall Clusters which are centrally managed by one Check Point Security Management Server (resulting in a single SecureTrack ID).
Reports for e.g. Rule and Object Usage deliver results for one Firewall Cluster only. Reports on the second Cluster don't contain any data.

This behavior isn't as expected since it cannot be the connectivity between the Log Server and SecureTrack. Besides this, logs for this cluster are there and shown in the tools by Check Point. So Log data are there but SecureTrack doesn't deliver any report.


This behaviour can be reasoned by a missing license! In our case only one FW-license was attached to the Firewall Cluster, but not the second one. So the Firewall Cluster not delivering reports wasn't licensed full and therefore no reports were generated. After (re-)attaching the license reports deliver results for both Firewall Clusters - as expected.



When connecting a Check Point Security Management Server to SecureTrack, there are two possibilities to gather the topology:

Check Point Security Management Server only

In this case, Secure Internal Communication is set up to have a secure connection between the SecureTrack Server and the Check Point Management.
The Topology for SecureTrack is read from the Interface information defined in the Check Point Firewall and Cluster, respectively. Anti-Spoofing information is also read to get as much information as possible about the Topology.

Check Point OS Monitoring

In this case, the Topology is read from the monitored devices directly using SNMP. Other information isn't gathered - information from the object defined in the Security Mangagement Server is ignored.


Lesson learned:

If Check Point OS monitoring is activated and the SecureTrack Server has no possibility to read information using SNMP (161/udp), no information about the Topology is imported and therefore this device isn't shown in the SecureTrack Topology. Allowing SNMPv3 between the SecureTrack Server and the firewall device helps to avoit this potential problem.