Alert-Based Admission Control with Check Point

This section describes how to integrate Check Point Next Generation Firewall with Ivanti Policy Secure to support Alert-based admission control in your network.

Configuring Ivanti Policy Secure

This section describes the integration of Ivanti Policy Secure with Check Point Next Generation firewall. Ivanti Policy Secure integrates with Check Point’s syslog notification mechanism to receive the threat alert information from Check Point and takes an action based on the admin configured policies.

To view and add the admission control templates:

1. Select Endpoint Policy > Admission Control > Templates.

   

2. Select Endpoint Policy > Admission Control > Clients, choose Check Point Software Technologies Ltd-Firewall-Syslog-text as template during the template creation.

   

   

3. Select the new template during policy creation (Endpoint Policy > Admission Control > Policies). Events and severities are populated based on the template.

   

   

Configuring Check Point Firewall

The Ivanti Policy Secure device must be added as a syslog server while configuring the Check Point firewall for sending the logging information. You must add Check Point firewall as syslog client on Ivanti Policy Secure.

For exporting Check Point logs over syslog, see Log Exporter.

Troubleshooting

To verify the event logs on Ivanti Policy Secure, select System > Log/Monitoring > Event. Ensure Admission control events option is enabled in Event logs settings.

You can verify that the event logs are generated every time when an event is received from Check Point.

To verify the user access logs, select System >Logs & Monitoring > User Access to verify the user login related logs.