We are providing you the steps to integrate your Checkpoint Firewall with Seceon SIEM so that you can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to CCE (Collection and Control Engine ). In this document, we are guiding you through the steps for Netflows and Syslog forwarding.
Checkpoint does not provide traffic logs by default. The customer needs to apply the patch on the checkpoint firewall, To apply the patch, Need to contact Checkpoint support to get the proper traffic logs.
1.Login to your checkpoint firewall
2.Under Network Management , go to "System Management → System Logging" and then to Remote System Logging and click Add.
Ensure that the two audit logs checkbox is checked.
Click on "Netflow export"
Click on "add"
3. Fill the CCE IP address which will receive the netflow
UDP port → 9995
Export Format : Netflow_9
check the "enable" box
and click "OK"
4. Your Changes will seen as below
STEP1: Login to UI >> SYSTEM>> LOGS AND FLOWS COLLECTION STATUS .
STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .
STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.