Adding Check Point Devices

For Check Point deployments, TOS Classic monitors the management servers (SmartCenters, CMAs, and MDSs) for revision changes, and retrieves logs from Log servers and CLMs. For monitoring and usage analysis of all of your Check Point policies, add all management and log servers to TOS Classic.

TOS Classic uses Check Point OPSECâ„¢ protocols and SNMP to monitor Check Point servers in real-time. At startup, TOS Classic establishes a LEA session to the management server and monitors the LEA connection. By default, SNMP traffic is authenticated with MD5, and you can change it to SHA authentication.

Before you add a Check Point server to TOS Classic, you must:

  • Configure the Check Point server to communicate with TOS Classic using OPSEC
  • In a Provider-1 environment, define TOS Classic as a GUI client for the MDSs

Record the details of all of your Check Point devices to make it easier for you to add all of them. To help you organize the information for your devices, you can use the device information worksheet. To see which TOS features are supported for your device, review the feature support table.

After you upgrade a monitored Check Point CMA device to R80.x, you must upgrade the device in TOS Classic to use Check Point R80.x support.

Configure monitoring of Check Point servers in this order:

  1. Provider-1 MDS
  2. SmartCenter servers and Provider-1 CMAs

  3. Log Servers and CLMs

TOS Classic and the monitored devices must be synchronized with the correct date and time, either manually or automatically. We recommend that you also configure the devices to resolve DNS queries.

To monitor the system configuration and performance of a gateway, enable Firewall OS Monitoring.

To monitor a Standby Check Point Management Server, see the Technical Note Monitoring a Standby Check Point Management Server.

To monitor a Check Point Management Server with Non-Standard LEA Authentication, see the Technical Note Monitoring a Check Point Management Server with Non-Standard LEA Authentication.

Notes for Check Point topology:

  • In Check Point environments, if Firewall OS Monitoring is enabled, TOS Classic can use it to collect routing information from the gateway. If not, TOS Classic collects routing information from the management server.
  • VSX WARP interface connections are shown with the label.
  • To obtain topology information for a VSX and its managed devices, TOS Classic must monitor the management server (SMC or CMA) that manages the physical VSX box.