Checkpoint collector and SSIM
Created: 08 Jul 2008 | Updated: 23 May 2010 | 4 comments
Hi,
Would like to know if any one has some decent instructions for configuring SSIM to pull in checkpoint fw events. I'm using R65 on a Nokia cluster with a Win2k3 Checkpoint management&Log server. I am a Chkpt novice; we used the SGS previously.
Thanks in advance.
Discussion Filed Under:
Comments 4 Comments • Jump to latest comment
Hi,
If you have access to fileconnect or platinium website, you can download a document called Symantec Event Collector for CheckPoint FW Quick Reference. You will find there guidelines how to integrate SSIM with CheckPoint firewalls.
Regards,
Antilles
I have connect SSIM 4.5 and Checkpoint Firewall, but in SSIM I see only logs dropped from Checkpoint. Has everyone successfully connecting SSIM and Checkpoint firewall with all logs (allow, deny, VPN, ...)
Thanks for answer.
Your Check Point rules have to be configured to log when they're triggered. By default, they don't.
I have rules with Track enabled (Log), allowed packets are logged in checkpoint, but not in SSIM. Denied packets are OK.Do you have any idea?
Would you like to reply?
Login or Register to post your comment.