3 Replies Latest reply on Mar 20, 2017 12:33 PM by penoffd

    Checkpoint Firewall Monitoring

    kdevmu

      Hello Everyone,

       

      Could you please let me know if Checkpoint Firewall can be monitored using McAfee SIEM? If yes, please let me know what versions of Gaia are supported and also relevant documents if any.

       

      Thank you.

        • 1. Re: Checkpoint Firewall Monitoring
          penoffd

          There is a receiver for CheckPoint, however, if you go above version R77.x the OPSEC connector breaks and you cannot connect.  We've got a ticket open on this since early January when our firewall people upgraded our CheckPoint environment to version R80.  It broke our data source connector and as a result we're unable to collect logs or get alerts from the CheckPoint.  It's a serious compliance and record keeping issue for us (county government) and we're really surprised that McAfee fell behind on the data source updates on this, as the R80 version has been out since the middle of last year.

           

          Many promises of hot patches and updates from McAfee, to-date we've seen nothing.

          • 2. Re: Checkpoint Firewall Monitoring
            paul.k

            We've seen issue with as low as 77.20 and .30.

             

            Depending on the encryption Auth settings we get different and inconsistent results.

             

            Have you considered removing encryption, and/or Auth.

             

            We got serious improvement in stability by reducing removing them.

             

            Also try restarting the opsec collector service.

             

            just doing a killall or kill -9 on it will cause it to restart and start pulling in data.

             

            It's not a good solution but might get you over the hump.

             

            Regards

            1 of 1 people found this helpful
            • 3. Re: Checkpoint Firewall Monitoring
              penoffd

              MR9 has the fix for the issue with the OPSEC connector that we encountered.  McAfee worked with us since January in coming up with a hotfix that was applied to our system successfully back in February and was later incorporated in to the MR9 release.

               

              All is well now and working as expected, thanks to McAfee and their diligence in getting this sorted out.