For Check Point R80.x devices, create a user with the Domain Manager profile who has the Read Only All Permission Profile configured for All Global Domains.
Create a Check Point user with Rest API Access to retrieve revisions:
SecureTrack uses Check Point APIs to connect to (and monitor) Check Point R80.x devices. A user with the SmartCenter Manager or Domain Manager profile who has the Read Only All Permission Profile configured for All Global Domains with the required collection access via the Check Point APIs can retrieve revisions for the device. On an SMC or a CMA:
To maintain the password you defined for the Check Point user with REST API access, in Set Password, uncheck User must change password on next login.
Monitor a Check Point Device
To configure SecureTrack to monitor the policy revisions of a Check Point device:
In Settings > Monitoring, select Manage Devices:
In Start monitoring a new device, select the appropriate device type:
Configure the device settings:
Depending on the Check Point server type, some or all of the following options will appear:
Device Type: Check Point CMA (filled automatically)
The Domain field is only available when initially adding a device. To subsequently change the Domain, migrate it.
MDS (optional for CMA devices): The MDS that manages the CMA.
Get revisions from: One of the following:
IP Address: Revisions are retrieved automatically
Offline File: (If available) Revisions are manually uploaded to SecureTrack for Offline Analysis This option is not available for R80.x CMA devices
Usage Analysis -select the relevant options:
Collect traffic logs for rule usage analysis is necessary for Rule Usage reports.
Collect traffic logs for object usage analysis is necessary for reporting on unused objects and services in Rule Usage Reports.
Object usage analysis requires plenty of free disk space (depending on the number of gateways and the amount of traffic logs generated). If disk space is limited, you can configure SecureTrack to limit the number of days that data is kept.
We recommend that you enable SecureTrack administrative alerts, which notify you if there is low disk space on the server. When disk utilization exceeds 90% in the partition that has the database, SecureTrack sends an alert.
Enable Topology: Collects routing information for building the network Interactive Map. Topology options for Advanced management mode are configured when you import managed devices.
Check Point CMA Version: Select the Check Point version installed on the SMC/CMA:
Version R77 or earlier
After you save the device configuration, you cannot change this setting.
Configure OPSEC Secure Internal Communication (SIC):
Enter SecureTrack's OPSEC Application Name as you defined it for this Check Point server (case sensitive).
Enter the Activation Key as defined when the OPSEC object was created.
Click Retrieve Certificate to setup encrypted communication between SecureTrack and the Check Point device.
The certificate appears, and the following message is displayed:
In the OPSEC Settings:
Configure the LEA Authentication fields:
Authentication Mode - Some options require you to enter an SL or FWN1 Secret Key in the Authentication Keys section and Establish Authentication Key.
To define specific timing settings for this device, select Custom, then select Custom settings, and configure:
'Save policy' interval: When a Save Policy event is followed within this time interval by an Install Policy event for the same policy, SecureTrack tries to combine the two events into a single revision. The default value is 60 seconds.
'Install policy' interval: When two or more Install Policy events for the same policy occur within this time interval, SecureTrack combines the events into a single Install Policy revision (Default: 60 seconds)
To obtain topology information for VSX virtual devices, SecureTrack must also monitor the CMA management server that manages the physical VSX box. To ensure that topology information is being retrieved, verify that the relevant CMA is monitored by SecureTrack.
In the following example, the vsx_cluster is managed by the Domain47 CMA. To properly monitor this cluster and retrieve its topology information, you must verify that Domain47 has also been added to SecureTrack.