Check Point
Firewall
The Check Point Management Server
should accept API access from the Collector IP address.
You can set up the access from Check Point
SmartConsole application. Go to , and in the
Management API Setting
window, select
All IP addresses
. If Check Point MDS is added as data-source,
VMware Aria
Operations for Networks
fetches data from all the user-defined
domains and the global domain. VMware Aria
Operations for Networks
uses Check Point public Web API for fetching the data from the
Check Point management server. If the VSX gateway is attached to the management server,
we use SSH-based CLI commands to fetch the VSX-managed Virtual System VS routing table
to support display of the VS gateway in the VM-VM path. You can perform a query for all the Check Point
entities that are supported by
VMware Aria
Operations for Networks
. All the entities are prefixed by Check
Point
.
Entities in Check Point | Keywords | Queries |
|---|---|---|
IPset | Check Point Address Range Check Point Network | vm where Address Range = <> vm where Address Range = <> Check Point Address Range where Translated VM = <>
|
Grouping | Check Point Network Group | Check Point Network Group where Translated VM =
<> vm where Network Group = <> |
Service/ Service Group | Check Point
Service Check Point
Service Group | Check point service where Port = <> Check point service where protocol = <> |
Access Layer | Check Point Access Layer | Check Point Policy where Access Layer = <> |
Domain | Check Point Domain | check point
domain where ip address = <> check point policy where domain = <> check point
access layer where domain = <> |
Gateways and Gateway Cluster | Check Point
Gateway Check Point
Gateway Cluster | Check Point Gateway Cluster where Policy Package =
<> |
Policy Package | Check Point Policy package | Check Point Policy where Policy Package = <>
Check Point Policy Package where Rule =
<> |
Policy | Check Point Policy | Check point policy where source ip = <> and
Destination IP = <> Rule where source ip = <> and Destination IP =
<> (will display other rules- nsx, redirect along with
check point policies in the system) |
If the Check Point device is present in the
VM-VM path, you can see the device's physical gateways and virtual system in the VM
topology. When you click the device icon, you can see basic information such as
interfaces, routes, and applicable Check Point firewall rules.
VMware Aria
Operations for Networks
supports Check Point integration with NSX-V through
service-insertion. If Check Point service VM exists on host in the VM-VM path, then it
will show applicable Check Point firewall rules on the host. For the VM-VM path,
VMware Aria
Operations for Networks
does not support the VSX cluster containing Virtual Switch
and Virtual Router. Here are some scenarios for which the system
alerts are generated for Check Point:
- The NSX fabric agent is not found on the ESX for the Check Point gateway.
- The Check Point service VM is not found.
- The Check point gatewaysicstatus is not communicating.
- The discovery and update alerts features for the Check Point entities like address range, networks, policies, groups, policy package, service, service group, and so on.