- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Supported OS
Check Point Next Generation Firewall is a security gateway that includes application control and IPS protection, with integrated management of security events. Additional features include Identity Awareness, URL Filtering, Anti-Bot, Anti-Virus, and Anti-Spam.
This integration ingests URL Filtering logs, Anti Bot logs, Application Control, Firewall, Identity Awareness, IPS, Threat Emulation, and miscellaneous event types with the integration log pipeline to enrich the logs and normalizes data to Datadog standard attributes. This integration offers dashboard visualizations with detailed insights into allowed or blocked URLs, bot details, insights into accessed application data, events generated by firewall, mapping between computer identities and machine IP address, and more.
To install the Checkpoint Quantum Firewall integration, follow the steps below:
Note: This step is not necessary for Agent version >= 7.52.0.
checkpoint_quantum_firewall==1.0.0
).Checkpoint Quantum Firewall:
Collecting logs is disabled by default in the Datadog Agent. Enable it in the datadog.yaml
file:
logs_enabled: true
Add this configuration block to your checkpoint_quantum_firewall.d/conf.yaml
file to start collecting your Checkpoint Quantum Firewall logs.
See the sample checkpoint_quantum_firewall.d/conf.yaml for available configuration options.
logs:
- type: tcp/udp
port: <PORT>
service: checkpoint-quantum-firewall
source: checkpoint-quantum-firewall
Configure Syslog Message Forwarding from Checkpoint Quantum Firewall:
cp_log_export add name <Name of Log Exporter Configuration> target-server <HostName or IP address of Target Server> target-port <Port on Target Server> protocol {tcp | udp} format json
In the commands above, specify the following Syslog Server Details:
datadog_syslog
.cp_log_export restart name <Name of Log Exporter Configuration>
Run the Agent’s status subcommand and look for checkpoint_quantum_firewall
under the Checks section.
The Checkpoint Quantum Firewall integration collects Firewall, URL Filtering, IPS, Identity Awareness, Application Control, Threat Emulation, Audit, Anti Ransomware, Anti Spam & Email Security, Anti Exploit, Anti Bot, Anti Virus, HTTPS Inspection, DLP, and Anti Malware logs.
The Checkpoint Quantum Firewall integration does not include any metrics.
The Checkpoint Quantum Firewall integration does not include any events.
The Checkpoint Quantum Firewall integration does not include any service checks.
Checkpoint Quantum Firewall:
If you see a Permission denied error while port binding in the Agent logs, see the following instructions:
Binding to a port number under 1024 requires elevated permissions. Follow the instructions below to set this up.
Grant access to the port using the setcap
command:
sudo setcap CAP_NET_BIND_SERVICE=+ep /opt/datadog-agent/bin/agent/agent
Verify the setup is correct by running the getcap
command:
sudo getcap /opt/datadog-agent/bin/agent/agent
With the expected output:
/opt/datadog-agent/bin/agent/agent = cap_net_bind_service+ep
Note: Re-run this setcap
command every time you upgrade the Agent.
Make sure that traffic is bypassed from the configured port if the firewall is enabled.
If you see the Port <PORT-NO> Already in Use error, see the following instructions. The example below is for PORT-NO = 514:
On systems using Syslog, if the Agent listens for Checkpoint Quantum Firewall logs on port 514, the following error can appear in the Agent logs: Can't start UDP forwarder on port 514: listen udp :514: bind: address already in use
.
This error occurs because by default, Syslog listens on port 514. To resolve this error, take one of the following steps:
For further assistance, contact Datadog support.