Check Point Firewall

Check Point Firewall

Cyfin will quickly and efficiently run a report for viewing all user searches or unacceptable visits, detection of anomalies and patterns, tracking virus-related Web traffic, evaluation of productivity for auditing or performance reviews, compliance with government and industry regulations such as CIPA and HIPAA, analyzing shadow IT, or use in forensic analysis.

Company Overview

Established in 1993, Check Point Software Technologies Ltd. provides a range of products and services for IT security. The company offers enterprises a platform to deploy independent, modular, and interoperable security applications (Software Blades), such as firewall, virtual private network (VPN), intrusion prevention system (IPS), application control, and data loss prevention (DLP). It has product offerings that include Next-Generation Firewall, Next-Generation Threat Prevention, Next-Generation Secure Web Gateway, and Next-Generation Data Protection.

Cyfin - Check Point Configuration

Cyfin is installed on a server, not on the Check Point appliance.

Log File Setup

Log File Type:  Check Point Syslog

Check Point Configuration Steps

In order to set up Check Point Syslog firewall logs in Cyfin, you must first get the CPtoSyslog utility. Contact Check Point Support to request the hotfix that contains the utility. If you are running Check Point R77.30, the utility may not be needed. Confirm with Check Point Support. The utility gives Check Point the ability to port the syslog data from the firewall to a specified IP address and port. You will want to forward the “URL filtering” logs from Check Point to the Cyfin syslog server.

Once the CPtoSyslog utility is installed, Check Point must be configured to have the syslog data pointed to an IP address and port. These will point to the Cyfin server’s IP address and port of choice (default port is UDP 514 for syslog). Once this part is completed in Check Point, you can then open Cyfin, go to Data Management – Log Data Source – Setup, and run through the Log Data Source Setup wizard. Select the Check Point Syslog log file type and the same port you chose in the Check Point setup.

Upon completing the Log Data Source Setup wizard below, you should start to see data in the file “SyslogXXXXXXX.txt” in the log file directory that you chose in the wizard.

Cyfin Configuration Steps

Cyfin Syslog Server listens for syslog messages from your Check Point device. Both UDP-based and TCP-based messages are supported.

  1. Select the Check Point Syslog log file configuration in Cyfin for your Check Point device.
  2. Specify the Directory in which the log files will be created. The default directory is [InstallPath]\wc\cf\log.
  3. Select Enable Syslog Server.
  4. For Port Type, select UDP or TCP for the Internet protocol you want to use.
  5. In the Listening Port field, the default port number is 1455. The listening port will be used by your Check Point device to transfer the data. You may change this number if necessary.
  6. At your Check Point device, specify the IP address of the Cyfin server and the listening port, and submit the syslog messages.
  7. Your log files will be created and displayed in the Log File Viewer in Cyfin.
  8. If you have many of the same Check Point devices, use one log file configuration with one listening port, and point each Check Point device to the same listening port.

Configuration Video

© Copyright 1996-2018 Wavecrest Computing. All Rights Reserved.

Trusted Worldwide

Free Trial
Price Quote
"We discovered that Cyfin was flexible, providing us with the details needed to make adjustments to our Policies and Bandwidth, as well as increasing employee’s productivity."

-Allen Lochamy, Atlanta Bonded Warehouse
LEGAL PRIVACY | © Copyright 1996-2018 Wavecrest Computing. All Rights Reserved.
Facebook Twitter Linkedin Blog Google+ YouTube Knowledge Base