User guide
ManageEngine Firewall Analyzer :: User Guide
208
Zoho Corp.
Configuring Check Point Firewalls
Firewall Analyzer supports LEA support for R54 and above and log import from most
versions.
Determining the Check Point Version Number
To determine the version number of the Check Point that you are running, use the
following command:
$FWDIR/bin/fw ver
where $FWDIR is the directory where Check Point is installed.
Pre-Requisites
You need to do the following in Smart Dashboard of Check Point Firewall.
Changes in Smart Dashboard :
1. Open the "Smart Dashboard" where all the rules will be displayed. Set the "Track"
value as "Account" instead of "log" for all the rules that are allowing the traffic
through the Firewall. This can be done by right clicking on "Track" value for each
rule and select "Account". When this is set to "Account" the Check Point firewall
will log the information regarding bytes.
2. After setting the "Track" value as "Account"for all the rules, please install all the
policies.
Virtual Firewall (Virtual Domain) logs
There is no separate configuration required in Firewall Analyzer for receving logs from
Virtual Firewalls of the Check Point physical device.
If orig_name attribute is present in the syslog data, then Firewall Analyzer considers
that the log source is virtual firewall (vdom). Otherwise the application considers that
the log source is physical device. The recognition of logs from the virtual firewall is
automatic and no manual configuration is required.
There are two ways of obtaining logs from Check Point firewall:
• Configuring LEA (Log Extraction API) Connection
• Import of Check Point Log Files