Dell InTrust 11.0. Preparing for Auditing CheckPoint Firewall

Similar documents
Dell InTrust Preparing for Auditing Cisco PIX Firewall

Spotlight Management Pack for SCOM

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

Dell Migration Manager for Enterprise Social What Can and Cannot Be Migrated

Dell Statistica. Statistica Document Management System (SDMS) Requirements

Dell InTrust Preparing for Auditing and Monitoring Microsoft IIS

Spotlight Management Pack for SCOM

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Dell InTrust Preparing for Auditing Microsoft SQL Server

Dell Statistica Statistica Enterprise Installation Instructions

Security Analytics Engine 1.0. Help Desk User Guide

Dell Unified Communications Command Suite - Diagnostics 8.0. Data Recorder User Guide

Dell Statistica Document Management System (SDMS) Installation Instructions

New Features and Enhancements

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Enterprise Reporter Report Library

About Recovery Manager for Active

Dell One Identity Cloud Access Manager How to Configure for High Availability

Dell One Identity Manager 7.0. Help Desk Module Administration Guide

Dell One Identity Cloud Access Manager Installation Guide

10.2. Auditing Cisco PIX Firewall with Quest InTrust

Dell NetVault Backup Plug-in for SQL Server

formerly Help Desk Authority Quest Free Network Tools User Manual

Dell NetVault Backup Plug-in for SQL Server 6.1

Dell NetVault Backup Plug-in for Advanced Encryption 2.2. User s Guide

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Dell One Identity Cloud Access Manager SonicWALL Integration Overview

Dell One Identity Quick Connect for Cloud Services 3.6.1

Introduction to Version Control in

Dell One Identity Quick Connect for Cloud Services 3.6.0

Dell Enterprise Reporter 2.5. Configuration Manager User Guide

Dell InTrust 11.0 Best Practices Report Pack

ChangeAuditor 6.0 For Windows File Servers. Event Reference Guide

ChangeAuditor 5.6. For Windows File Servers Event Reference Guide

Object Level Authentication

Dell Spotlight on Active Directory Deployment Guide

4.0. Offline Folder Wizard. User Guide

Dell Migration Manager for Exchange Product Overview

About Dell Statistica

Quest vworkspace Virtual Desktop Extensions for Linux

formerly Help Desk Authority Upgrade Guide

Dell InTrust Real-Time Monitoring Guide

Dell One Identity Cloud Access Manager How to Develop OpenID Connect Apps

Dell Client Profile Updating Utility 5.5.6

Dell NetVault Backup Plug-in for SharePoint 1.3. User s Guide

2007 Quest Software, Inc. ALL RIGHTS RESERVED. TRADEMARKS. Disclaimer

Security Explorer 9.5. About Security Explorer 9.5. New features. June 2014

formerly Help Desk Authority HDAccess Administrator Guide

Dell Recovery Manager for Active Directory 8.6.3

Dell InTrust Auditing and Monitoring Microsoft Windows

Defender Delegated Administration. User Guide

Dell NetVault Backup Plug-in for Hyper-V User s Guide

Toad for Apache Hadoop 1.1.0

Quick Connect Express for Active Directory

Dell Recovery Manager for Active Directory 8.6.0

Go beyond basic up/down monitoring

Top 10 Most Popular Reports in Enterprise Reporter

How to Deploy Models using Statistica SVB Nodes

DATA GOVERNANCE EDITION

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

Toad for Apache Hadoop 1.2.0

Organized, Hybridized Network Monitoring

FOR WINDOWS FILE SERVERS

Spotlight on Messaging. Evaluator s Guide

Desktop Authority vs. Group Policy Preferences

Foglight. Managing Java EE Systems Supported Platforms and Servers Guide

2.0. Quick Start Guide

Security Explorer 9.5. User Guide

Dell One Identity Defender 5.8.1

NetVault LiteSpeed for SQL Server version Integration with TSM

Foglight Managing SQL Server Database Systems Getting Started Guide. for SQL Server

Quest SQL Optimizer 6.5. for SQL Server. Installation Guide

Dell Recovery Manager for Active Directory 8.6. Deployment Guide

formerly Help Desk Authority HDAccess User Manual

Dell MessageStats for Lync and the MessageStats Report Pack for Lync & OCS 7.3. User Guide

Web Portal Installation Guide 5.0

Active Directory Auditing: What It Is, and What It Isn t

Foglight for Oracle. Managing Oracle Database Systems Getting Started Guide

Best Practices for an Active Directory Migration

8.7. Resource Kit User Guide

SharePlex for SQL Server

Quest ChangeAuditor 5.1 FOR ACTIVE DIRECTORY. User Guide

Quest ChangeAuditor 4.8

Foglight Managing SQL Server Database Systems Getting Started Guide. for SQL Server

Foglight. Dashboard Support Guide

Logging and Alerting for the Cloud

Quest InTrust for Active Directory. Product Overview Version 2.5

Foglight for SQL Server Getting Started Guide

Quest Privilege Manager Console Installation and Configuration Guide

Foglight Cartridge for Active Directory Installation Guide

10.6. Auditing and Monitoring Quest ActiveRoles Server

How to Quickly Create Custom Applications in SharePoint 2010 or 2013 without Custom Code

System Requirements and Platform Support Guide

Quest Collaboration Services 3.5. How it Works Guide

About Dell SonicWALL Analyzer 8.1

Quest Collaboration Services How it Works Guide

Transcription:

2014 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser s personal use without the written permission of Dell Inc. The information in this document is provided in connection with Dell products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Dell products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, DELL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL DELL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF DELL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Dell makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Dell does not make any commitment to update the information contained in this document. If you have any questions regarding your potential use of this material, contact: Dell Inc. Attn: LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656 Refer to our Web site (software.dell.com) for regional and international office information. Trademarks Dell and the Dell logo are trademarks of Dell Inc. and/or its affiliates. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims any proprietary interest in the marks and names of others. Legend CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death. IMPORTANT NOTE, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information. Dell InTrust - Updated November 2014 Software Version 11.0

Contents Introduction... 4 Auditing CheckPoint Firewall with InTrust... 4 Sample Export Schedule Script... 5 Appendix. InTrust Reports for CheckPoint Firewall... 6 About Dell... 7 Contacting Dell... 7 Technical support resources... 7 3

Introduction The Firewalls Knowledge Pack expands the auditing and reporting capabilities of Dell InTrust to CheckPoint Firewall. The necessary data is provided by the CheckPoint log in plain text format. Use the following InTrust objects to work with data related to CheckPoint Firewall: CheckPoint Firewall-1 text Log data source CheckPoint Firewall: All Events gathering policy CheckPoint Firewall: All Events import policy CheckPoint Firewall log daily collection task CheckPoint Firewall weekly reporting task All CheckPoint firewalls site The Knowledge Pack also provides the CheckPoint Firewall report pack. You can schedule the reports with the CheckPoint Firewall weekly reporting task. Auditing CheckPoint Firewall with InTrust The predefined CheckPoint data source is configured for logs exported by CheckPoint in ASCII format. The data source works with two log formats created by the following methods: Manual export from the CheckPoint Firewall GUI CheckPoint s standalone export utility To configure gathering of the CheckPoint log 1 Manually export the log to a location that is available to an InTrust agent or directly to the InTrust gathering engine. OR Create a schedule for the CheckPoint export utility that exports the log to a location that is available to an InTrust agent or directly to the InTrust gathering engine. A sample script for Windows is provided further in this document. For UNIX computers, the script is similar as far as export options go, but with a different syntax. 2 In InTrust Manager, edit the CheckPoint data source. Specify the log file name and location; you can use regular expressions and wildcards. If you want to gather without an agent, specify the path using the %COMPUTER_NAME% variable and a share name (\\%COMPUTER_NAME%\share_name). You can supply the name of a special Windows share or a regular Windows or SMB share, depending on where CheckPoint stores or exports logs in your environment. 3 Make sure the All CheckPoint firewalls site includes the computer where the log is located. If you want to gather CheckPoint logs from an SMB share on a Unix host without an agent, make sure that this host is a member of an InTrust site in the Microsoft Windows Environment container. InTrust currently supports gathering from network shares only in Microsoft Windows Environment sites; this workaround makes InTrust aware of the share even though the processed computer is not actually running Windows. 4

4 Schedule the CheckPoint Firewall log daily collection task. Make sure the gathering job within this task uses the CheckPoint Firewall: All Events gathering policy. For agentless gathering from an SMB share, the gathering job must be configured for the site described in the previous step. You also need to create a separate gathering policy under the Gathering Gathering Policies Microsoft Windows Network node and use it in the gathering job instead of CheckPoint Firewall: All Events. In this scenario, the Use agents to execute this job on target computers option must be turned off for the gathering job. 5 Schedule the CheckPoint Firewall log weekly reporting task. Configure the reporting job within this task to create the reports you need. Sample Export Schedule Script @echo off REM Setting Variables SET EXPORTDIR=c:\checkpoint_export if exist %EXPORTDIR% goto 2 :1 echo - Error, [%EXPORTDIR%] does not exist, creating directory... md %EXPORTDIR% goto 2 :2 for /F "tokens=2-4 delims=/ " %%i in ('date /t') do ( set Month=%%i set Day=%%j set Year=%%k ) REM Switching logs echo - Switching log... %FWDIR%\bin\fw logswitch cpfw1_%year%%month%%day%.log REM Removing previously exported logs echo - Removing previously exported logs... rem del %EXPORTDIR%\*.log REM Exporting logs echo - Exporting log... fwm logexport -i %FWDIR%\log\cpfw1_%Year%%Month%%Day%.log -d " " -n -o %EXPORTDIR%\cpfw1_exported_%Year%%Month%%Day%.log 5

Appendix. InTrust Reports for CheckPoint Firewall This section briefly lists the InTrust reports that can be generated on event data collected from CheckPoint Firewall. For complete list of reports and report descriptions, refer to the InTrust Reports for Firewalls HTML document. CheckPoint FireWall-1: CheckPoint Firewall accepted connections CheckPoint Firewall dropped connections CheckPoint Firewall events CheckPoint Firewall rules statistics 6

About Dell Dell listens to customers and delivers worldwide innovative technology, business solutions and services they trust and value. For more information, visit www.software.dell.com. Contacting Dell Technical Support: Online Support Product Questions and Sales: (800) 306-9329 Email: info@software.dell.com Technical support resources Technical support is available to customers who have purchased Dell software with a valid maintenance contract and to customers who have trial versions. To access the Support Portal, go to http://software.dell.com/support/. The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. In addition, the portal provides direct access to product support engineers through an online Service Request system. The site enables you to: Create, update, and manage Service Requests (cases) View Knowledge Base articles Obtain product notifications Download software. For trial software, go to Trial Downloads. View how-to videos Engage in community discussions Chat with a support engineer 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information