Realm.Security Documentation

Appearance

Checkpoint Firewall

Realm Security integrates with Checkpoint Firewall for monitoring of firewall data.

Setup Checkpoint Firewall Source in Realm

  1. Login to Realm console.
  2. Go to Sources > Add > Checkpoint Firewall and add a new Source.

    Name: Checkpoint FirewallDescription: Checkpoint Firewall logs

  3. If a collector is already set up, go to Collectors and select your collector. If not, go to Collectors > Add and give it a name and description.
  4. Add a Checkpoint Firewall stream to the Collector. Click Add Stream.

    Product Format: Checkpoint FirewallPort: Select a unique port for this collector Framing: Octet CountingSource: Checkpoint Firewall

  5. Click Add Stream.
  6. Take note of the port assigned to the Checkpoint Firewall stream. You will need it when configuring Checkpoint Firewall to forward syslog messages to Realm.

Prerequisites

  • Ensure you have access to your Checkpoint firewall SmartConsole.
  • Realm collector is set up and running. See Realm Collector install guide for setting up a collector.
  • Realm Security Collector IP address or FQDN.

Setup Checkpoint Firewall Log Export in SmartConsole

For CLI instructions, see the Checkpoint CLI Log Exporter guide.

Otherwise, follow the Log Exporter - Check Point Log Export guide. Details and screenshots are provided below.

  1. Create a new Log Exporter/SIEM object via Objects > Server > New Log Exporter/SIEM.

    • For General > Target Server, provide the IP address or FQDN of the Realm Security Collector.
    • For General > Target Port, provide the port number assigned to the Checkpoint Firewall stream. ObjectsMenuLogExporter
    • For Data Manipulation > Format, select Common Event Format (CEF). CEFDataFormat
    • Click OK.

  2. Configure the Management Server or Dedicated Log Server / SmartEvent Server object via Gateways & Servers > Management Server or Dedicated Log Server/SmartEvent Server > Logs > Export.

    • Click [+] and select the Log Exporter / SIEM object you configured earlier.
    • Click OK.

  3. Install the Database via Menu > Install database. InstallDataBase

    • Select all objects.
    • Click Install.

Note: The Realm Security Collector expects logs formatted as CEF (Common Event Format). Make sure to select CEF when configuring the log export, and use the port assigned to the Checkpoint stream in the Collector.

For more in-depth documentation, see the Log Exporter Administration Guide.

Support

For additional details, refer to the official Checkpoint Firewall documentation.

If you encounter any issues or require assistance, contact Realm Security support.