Skip to main content

Check Point Firewall

Download With Dependencies

Manage Check Point firewall via API

Check Point Firewall

This pack includes Cortex XSIAM content.

Check Point Firewall

This pack includes Cortex XSIAM content.

Configuration on Server Side

You need to configure Check Point to forward Syslog messages in CEF format.

Go to Checkpoint Log Export, and follow the instructions under Basic Deployment to set up the connection using the following guidelines:

  1. If you use version R77.30 or R80.10, follow the instructions to install a Log Exporter.
  2. Set the Syslog port to 514 or your agent port.
  3. Replace the name and <target-server IP address\> in the CLI with the broker VM name and IP address.
    Set the format to CEF.

Collect Events from Vendor

In order to use the collector, use the Broker VM option.

Broker VM

To create or configure the Broker VM, use the information described here.

You can configure the specific vendor and product for this instance.

  1. Navigate to Settings > Configuration > Data Broker > Broker VMs.
  2. Right-click, and select Syslog Collector > Configure.
  3. When configuring the Syslog Collector, set the following values:
    • vendor as vendor - Checkpoint
    • product as product - Firewall

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedSeptember 23, 2020
Last ReleaseNovember 28, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.