Check Point MEPP

When you configure your Check Point Media Encryption and Port Protection (MEPP) to send log data to USM Appliance, you can use the checkpoint-mepp plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin.

Plugin Information
Device Details
Vendor Check Point
Device Type Data protection
Connection Type Syslog
Data Source Name checkpoint-mepp
Data Source ID 1854

Integrating Check Point MEPP

Before you configure the Check Point Media Encryption and Port Protection (MEPP) integration, you must have the IP Address of the USM Appliance Sensor.

To configure Check Point MEPP to send Syslog messages to USM Appliance

  1. In the Smart Dashboard, click the Firewall tab.
  2. In the Servers and OPSEC Applications object tree, right-click and select Servers > New > Syslog.
  3. In the Syslog Properties window, enter or select:
    • Name (for example: AV-USM)
    • Optional comment
    • Host (IP Address/Hostname of USM Appliance)
    • Port (Default = 514 )
    • Version (Syslog Protocol )
  4. In the Smart Dashboard, select Gateway Properties > Logs.
  5. In the Send logs and alerts to these log servers table, click the Green button to add the Syslog server defined earlier.
  6. Click OK.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

Sending Check Point Logs to a Syslog Server

For troubleshooting, refer to the vendor documentation:

Note: Subscription privileges required to access the troubleshooting web link.