Checkpoint Quantum Firewall
Checkpoint Quantum Firewall - Audit
Checkpoint Quantum Firewall - Application Control
Checkpoint Quantum Firewall - URL Filtering
Checkpoint Quantum Firewall - Identity Awareness
Checkpoint Quantum Firewall - IPS
Checkpoint Quantum Firewall - Firewall
Checkpoint Quantum Firewall - Threat Emulation
Checkpoint Quantum Firewall - Anti Bot
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Overview
Check Point Next Generation Firewall is a security gateway that includes application control and IPS protection, with integrated management of security events. Additional features include Identity Awareness, URL Filtering, Anti-Bot, Anti-Virus, and Anti-Spam.
This integration ingests URL Filtering logs, Anti Bot logs, Application Control, Firewall, Identity Awareness, IPS, Threat Emulation, and miscellaneous event types with the integration log pipeline to enrich the logs and normalizes data to Datadog standard attributes. This integration offers dashboard visualizations with detailed insights into allowed or blocked URLs, bot details, insights into accessed application data, events generated by firewall, mapping between computer identities and machine IP address, and more.
Setup
Installation
To install the Checkpoint Quantum Firewall integration, follow the steps below:
Note: This step is not necessary for Agent version >= 7.52.0.
- Install the 1.0 release (
checkpoint_quantum_firewall==1.0.0
).
Configuration
Log collection
Checkpoint Quantum Firewall:
Collecting logs is disabled by default in the Datadog Agent. Enable it in the datadog.yaml
file:
Add this configuration block to your checkpoint_quantum_firewall.d/conf.yaml
file to start collecting your Checkpoint Quantum Firewall logs.
See the sample checkpoint_quantum_firewall.d/conf.yaml for available configuration options.
logs:
- type: tcp/udp
port: <PORT>
service: checkpoint-quantum-firewall
source: checkpoint-quantum-firewall
Restart the Agent.
Configure Syslog Message Forwarding from Checkpoint Quantum Firewall:
- Connect to the command line on the Management Server / Log Server.
- Login to the Expert mode. Enter your administrative credentials (after entering credentials, expert mode is enabled).
- In order to configure a new target for the exported logs, enter the following commands:
cp_log_export add name <Name of Log Exporter Configuration> target-server <HostName or IP address of Target Server> target-port <Port on Target Server> protocol {tcp | udp} format json
- In order to save and add the syslog server configuration, use the following command:
cp_log_export restart name <Name of Log Exporter Configuration>
- For more information about configuring syslog, see the official Checkpoint documentation.
Validation
Run the Agent’s status subcommand and look for checkpoint_quantum_firewall
under the Checks section.
Data Collected
Logs
The Checkpoint Quantum Firewall integration collects Firewall, URL Filtering, IPS, Identity Awareness, Application Control, Threat Emulation, Audit, Anti Ransomware, Anti Spam & Email Security, Anti Exploit, Anti Bot, Anti Virus, HTTPS Inspection, DLP, and Anti Malware logs.
Metrics
The Checkpoint Quantum Firewall integration does not include any metrics.
Events
The Checkpoint Quantum Firewall integration does not include any events.
Service Checks
The Checkpoint Quantum Firewall integration does not include any service checks.
Troubleshooting
Checkpoint Quantum Firewall:
Permission denied while port binding
If you see a Permission denied error while port binding in the Agent logs, see the following instructions:
Binding to a port number under 1024 requires elevated permissions. Follow the instructions below to set this up.
Grant access to the port using the setcap
command:
sudo setcap CAP_NET_BIND_SERVICE=+ep /opt/datadog-agent/bin/agent/agent
Verify the setup is correct by running the getcap
command:
sudo getcap /opt/datadog-agent/bin/agent/agent
With the expected output:
/opt/datadog-agent/bin/agent/agent = cap_net_bind_service+ep
Note: Re-run this setcap
command every time you upgrade the Agent.
Restart the Agent.
Data is not being collected
Make sure that traffic is bypassed from the configured port if the firewall is enabled.
Port already in use
If you see the Port <PORT-NO> Already in Use error, see the following instructions. The example below is for PORT-NO = 514:
On systems using Syslog, if the Agent listens for Checkpoint Quantum Firewall logs on port 514, the following error can appear in the Agent logs: Can't start UDP forwarder on port 514: listen udp :514: bind: address already in use
.
This error occurs because by default, Syslog listens on port 514. To resolve this error, take one of the following steps:
- Disable Syslog
- Configure the Agent to listen on a different, available port
For further assistance, contact Datadog support.