Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.
Configuring Netflows and Syslog from Checkpoint Firewall
Overview
We are providing you the steps to integrate your Checkpoint Firewall with Seceon SIEM so that you can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to CCE (Collection and Control Engine ). In this document, we are guiding you through the steps for Netflows and Syslog forwarding.
Prerequisite
Checkpoint does not provide traffic logs by default. The customer needs to apply the patch on the checkpoint firewall, To apply the patch, Need to contact Checkpoint support to get the proper traffic logs.
Steps of Configuration
1.Login to your checkpoint firewall
Syslog Forwarding
2.Under Network Management , go to "System Management → System Logging" and then to Remote System Logging and click Add.
Ensure that the two audit logs checkbox is checked.
NetFlow Forwarding
Click on "Netflow export"
Click on "add"
3. Fill the CCE IP address which will receive the netflow
UDP port → 9995
Export Format : Netflow_9
check the "enable" box
and click "OK"
4. Your Changes will seen as below
Verification
STEP1: Login to UI >> SYSTEM>> LOGS AND FLOWS COLLECTION STATUS .
STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .
STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.
Seceon Inc. All rights reserved. https://www.seceon.com