4 Replies Latest reply on Jun 2, 2014 9:29 AM by rzwarts

    Traffic Analysis on Checkpoint Firewall R76

    shawn_b

      Greetings,

       

      I would like to add my Checkpoint R76 firewall to my SolarWinds NPM and NTA for node and traffic management statistics as well as NCM for automated monthly config backups.

       

      Does NPM v10.0 and NTA v3.11 support Checkpoint out of the box?

       

      I did a search for "Checkpoint" when adding a resource but no results. Is there an add-in? or is the firewall recognized as a router or switch?

       

      I know that I would have to configure Checkpoint to allow SNMP management first as I read another thread "How to monitor Checkpoint firewall" and some other Checkpoint related resources for enabling netflow:

       

      View topic - Configure NetFlow - Checkpoint Firewall - NetFlow Auditor - Behavior Anomaly Detection - NetFlow Analyzer -…

       

      NetFlow from a Checkpoint Firewall - NetFlow & sFlow Network Monitoring - NetFlowKnights.com

       

      I would like to get some suggestion of the resources that I can monitor (CPU, Memory, traffic stats on the interfaces, VLANs, etc)

       

      Maybe if anyone has some screenshots that they would like to share of their monitored Checkpoint environment

       

      I am asking before I do it as my Checkpoint resource\guru is outsourced and I would like to know what is possible with NPM and NTA to determine if it is worth the paying for Checkpoint configuration work.

        • Re: Traffic Analysis on Checkpoint Firewall R76
          jmarg

          Ok, for the most part it will be monitored like a Linux box with a lot of NIC's (assuming you're using splat or gaia).  To get useful firewall-specific stats you will need to enable the Check Point snmp daemon and create custom pollers.  There is a thread on here where I posted some useful OID's recently.

           

          You can configure Netflow on the firewall and send it to your NTA server, but keep in mind that it only reports on traffic accelerated by SecureXL.  So if you have securexl disabled, or if acceleration is disabled partway through your rulebase (from using time objects, etc) your reports will be incomplete.

          1 of 1 people found this helpful