Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Checkpoint collector and SSIM

Created: 08 Jul 2008 • Updated: 23 May 2010 | 4 comments

Hi,

Would like to know if any one has some decent instructions for configuring SSIM to pull in checkpoint fw events. I'm using R65 on a Nokia cluster with a Win2k3 Checkpoint management&Log server. I am a Chkpt novice; we used the SGS previously.

 

Thanks in advance.

Comments 4 CommentsJump to latest comment

lukaszfr's picture

Hi,

If you have access to fileconnect or platinium website, you can download a document called Symantec Event Collector for CheckPoint FW Quick Reference. You will find there guidelines how to integrate SSIM with CheckPoint firewalls.

Regards,
Antilles

Peter Blasko's picture

I have connect SSIM 4.5 and Checkpoint Firewall, but in SSIM I see only logs dropped from Checkpoint. Has everyone successfully connecting SSIM and Checkpoint firewall with all logs (allow, deny, VPN, ...)

 

Thanks for answer.

 

gk's picture

Your Check Point rules have to be configured to log when they're triggered.  By default, they don't.

Peter Blasko's picture

I have rules with Track enabled (Log), allowed packets are logged in checkpoint, but not in SSIM. Denied packets are OK.Do you have any idea?