Alert-Based Admission Control with Check Point

This section describes how to integrate Check Point Next Generation Firewall with PPS to support Alert-based admission control in your network.

Configuring Pulse Policy Secure

This section describes the integration of PPS with Check Point Next Generation firewall. PPS integrates with Check Point’s syslog notification mechanism to receive the threat alert information from Check Point and takes an action based on the admin configured policies.

To view and add the admission control templates:

1.Select Endpoint Policy > Admission Control > Templates.

2.Select Endpoint Policy > Admission Control > Clients, choose Check Point Software Technologies Ltd-Firewall-Syslog-text as template during the template creation.

3.Select the new template during policy creation (Endpoint Policy > Admission Control > Policies). Events and severities are populated based on the template.

Configuring Check Point Firewall

The PPS device must be added as a syslog server while configuring the Check Point firewall for sending the logging information. You must add Check Point firewall as syslog client on PPS.

For exporting Check Point logs over syslog, see Log Exporter.

Troubleshooting

To verify the event logs on PPS, select System > Log/Monitoring > Event. Ensure Admission control events option is enabled in Event logs settings.

You can verify that the event logs are generated every time when an event is received from Check Point.

To verify the user access logs, select System >Logs & Monitoring > User Access to verify the user login related logs.