Print
Category: SecureTrack

When having a Check Point firewall, it is possible to monitor the Check Point management. All information about a connected firewall is gathered from here. Sometimes it is wanted that this information is collected directly from the firewall using SNMP. This works since many versions of Check Point and SecureTrack very well, following the configuration guide published by Tufin - as far as the license has been purchased (TF-SECTRK-CP-GAIA-OS-MONITOR).

Hint:
If you import a Check Point firewall, all topology data are derived from here, no more from the Check Point management. So if there is a problem with SNMP (e.g. connectivity, authentication), no topology data are available for this firewall.

Problem when having Check Point R81:
Independent of the configuration (that has worked e.g. for R80), the firewall running R81 delivers "wrong password" in Menu > Settings > Administration > Status.

Therefore no data are imported into SecureTrack and also no topology information is available for this firewall.

 

Following a discussion in the Check Point CheckMates community, the authentication of SNMPv3 users with SHA1 is not supported any more. Only SHA256 and SHA512 are supported by default. To solve this issue, some additional steps are described in CheckMates. So the complete integration of a Check Point firewall into SecureTrack includes these steps: