cancel
Showing results for 
Search instead for 
Did you mean: 
kdevmu
Level 7
Report Inappropriate Content
Message 1 of 7

Checkpoint Firewall Monitoring

Hello Everyone,

Could you please let me know if Checkpoint Firewall can be monitored using McAfee SIEM? If yes, please let me know what versions of Gaia are supported and also relevant documents if any.

Thank you.

6 Replies
Reliable Contributor penoffd
Reliable Contributor
Report Inappropriate Content
Message 2 of 7

Re: Checkpoint Firewall Monitoring

There is a receiver for CheckPoint, however, if you go above version R77.x the OPSEC connector breaks and you cannot connect.  We've got a ticket open on this since early January when our firewall people upgraded our CheckPoint environment to version R80.  It broke our data source connector and as a result we're unable to collect logs or get alerts from the CheckPoint.  It's a serious compliance and record keeping issue for us (county government) and we're really surprised that McAfee fell behind on the data source updates on this, as the R80 version has been out since the middle of last year.

Many promises of hot patches and updates from McAfee, to-date we've seen nothing.

paul.k
Level 10
Report Inappropriate Content
Message 3 of 7

Re: Checkpoint Firewall Monitoring

We've seen issue with as low as 77.20 and .30.

Depending on the encryption Auth settings we get different and inconsistent results.

Have you considered removing encryption, and/or Auth.

We got serious improvement in stability by reducing removing them.

Also try restarting the opsec collector service.

just doing a killall or kill -9 on it will cause it to restart and start pulling in data.

It's not a good solution but might get you over the hump.

Regards

Reliable Contributor penoffd
Reliable Contributor
Report Inappropriate Content
Message 4 of 7

Re: Checkpoint Firewall Monitoring

MR9 has the fix for the issue with the OPSEC connector that we encountered.  McAfee worked with us since January in coming up with a hotfix that was applied to our system successfully back in February and was later incorporated in to the MR9 release.

All is well now and working as expected, thanks to McAfee and their diligence in getting this sorted out.

Reliable Contributor penoffd
Reliable Contributor
Report Inappropriate Content
Message 5 of 7

Re: Checkpoint Firewall Monitoring

I couldn't tell you what the Gaia version is, but we're running R80.10 and I'm able to collect event logs in the SIEM for all of our firewalls.

Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 6 of 7

Re: Checkpoint Firewall Monitoring

Just download and update the rules for your ERC 

then its going to parse them correctly

the problem is that its going to try to get logs from a month back and this is going to slow down the entire System 😞

Highlighted
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 7 of 7

Re: Checkpoint Firewall Monitoring

regarding the collecting of a month back

contact support and they will resart the benchmark

 

Best regards

David

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community