Monitoring Check Point Devices

For Check Point deployments, TOS Aurora monitors the management platforms (SmartCenters, CMA, MDS, and Smart-1 Cloud) for revision changes, and retrieves logs from Log servers and CLMs. For monitoring and usage analysis of all of your Check Point policies, add all management and log servers to TOS Aurora.

TOS Aurora uses Check Point OPSEC™ protocols and SNMP to monitor Check Point servers in real-time. By default, SNMP traffic is authenticated with MD5, and you can change it to SHA authentication.

Before you add a Check Point server to TOS Aurora, you must:

  • Configure the Check Point server to communicate with TOS Aurora using OPSEC
  • In a Provider-1 environment, define TOS Aurora as a GUI client for the MDSs

Record the details of all of your Check Point devices to make it easier for you to add all of them. To help you organize the information for your devices, you can use the device information worksheet. To see which TOS features are supported for your device, review the feature support table.

After you upgrade a monitored Check Point CMA device to R80.x, you must upgrade the device in TOS Aurora to use Check Point R80.x support.

Configure monitoring of Check Point servers in this order:

  1. Provider-1 MDS

  2. SmartCenter servers and Provider-1 CMAs

  3. Log Servers and CLMs

TOS Aurora and the monitored devices must be synchronized with the correct date and time, either manually or automatically. We recommend that you also configure the devices to resolve DNS queries.

To monitor a Standby Check Point Management Server, see the Technical Note Monitoring a Standby Check Point Management Server.

Notes for Check Point topology:

  • VSX WARP interface connections are shown with the label.
  • To obtain topology information for a VSX and its managed devices, TOS Aurora must monitor the management server (SMC or CMA) that manages the physical VSX box.