Checkpoint Firewall

Realm Security integrates with Checkpoint Firewall for monitoring of firewall data.

Setup Checkpoint Firewall Source in Realm

• Login to Realm console
• Add a new Source. Go to Sources > Add > Checkpoint Fireall
  • Name: Checkpoint Firewall
  • Description: Checkpoint Firewall logs
• If a collector is already setup, Go to Collectors > Select your collector. If not, add a new collector
  • To add a new collector, Go to Collectors > Add > Give it a name and description
• Add a Checkpoint Firewall stream to the Collector.
  • Click on Add Stream
  • Select Product Format: Checkpoint Firewall
  • Select a port(must be unique on collector)
  • Framing: Select Octet Counting
  • From Source drop down: Select Checkpoint Firewall source
  • Click Add Stream button
• Take note of the port that was assigned to the Checkpoint Firewall stream. You will need it when configuring Checkpoint Firewall to forward syslog messages to Realm.

Prerequisites

• Ensure you have access to your Checkpoint firewall SmartConsole
• Realm collector is setup and running. See Realm Collector install guide for setting up a collector.
• Realm Security Collector IP address or FQDN

Setup Checkpoint Firewall Log Export in SmartConsole

For CLI Instructions, Click Here.
Otherwise, follow these docs for setting up Checkpoint Firewall Log Export: Log Exporter - Check Point Log Export
Details and screenshots of that process are provided below:

1. Create new Log Exporter/SIEM object: Objects > Server > New Log Exporter/SIEM
   • For the General > Target Server field, provide the IP address or FQDN for the Realm Security Collector
   • For the General > Target Port field, provide the port number chosen for the Checkpoint Firewall stream
   • For the Data Manipulation > Format field, select Common Event Format (CEF)
   • Click OK
2. Configure the Management Server or Dedicated Log Server / SmartEvent Server object Gateways & Servers > Management Server or Dedicated Log Server/SmartEvent Server > Logs > Export
   • Click [+] and select the Log Exporter / SIEM object you configured earlier.
   • Click OK
3. Install the Database Menu > Install database
   • Select all objects
   • Click Install

Some more in depth documentation can be seen here: Log Exporter Administration Guide

Notes:

• The Realm Security Collector deployment expects logs to be formatted as CEF(Common Event Format), so make sure to select CEF when configuring the log export.
• In the export URL, make sure to use the port assigned to Checkpoint in the Collector Stream.

Support

For additional details, refer to the official Checkpoint Firewall documentation.

If you encounter any issues or require assistance, contact Realm Security support.