Monitoring Check Point Devices

Overview

For Check Point deployments, TOS monitors the management platforms (SmartCenters, CMA, MDS, and Smart-1 Cloud) for revision changes, and retrieves logs from Log servers and CLMs. For monitoring and usage analysis of all of your Check Point policies, add all management and log servers to TOS.

TOS uses uses Check Point API and OPSEC™ protocols to monitor Check Point servers in real-time. By default, SNMP traffic is authenticated with MD5, and you can change it to SHA authentication.

Configure monitoring

Configure monitoring of Check Point servers in this order:

  1. Provider-1 MDS

  2. SmartCenter servers and Provider-1 CMAs

  3. Log Servers and CLMs

TOS and the monitored devices must be synchronized with the correct date and time, either manually or automatically. We recommend that you also configure the devices to resolve DNS queries.

To monitor a Standby Check Point Management Server, see the Technical Note Monitoring a Standby Check Point Management Server.

If the Check Point management device is hardened with TLS 1.2 or later and SecureTrack cannot connect:

  • R25-2 PHF2.1.0 and earlier: Contact support

  • From R25-2 PHF3.0.0: Monitor the Check Point device using a REST API without OPSEC

Notes for Check Point topology

  • VSX WARP interface connections are shown with the label.
  • To obtain topology information for a VSX and its managed devices, TOS must monitor the management server (SMC or CMA) that manages the physical VSX box.