USM Appliance™

Check Point Firewall

When you configure Check Point Firewall-1 to send log data to USM Appliance, you can use the Checkpoint Firewall plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information
Device Details
Vendor Check Point
Device Type Firewall
Connection Type Syslog
Data Source Name fw1-alt
Data Source ID 1590

Integrating Check Point Firewall-1

One way to send logs to USM Appliance is to install the Check Point Log Exporter, and then create a target for the USM Appliance Sensor using its IP address. Depending on your preference, see basic deployment, advanced deployment, or TLS configuration for detailed instructions from the vendor.

Note: The Checkpoint Firewall plugin accepts Syslog format. To use the Common Event Format (CEF), select the Checkpoint Firewall CEF plugin instead.

Plugin Enablement

For plugin enablement information, see Enable Plugins.