Check Point NG/AI: Next Generation with Application Intelligence Security Administration

Chapter 9: Tracking and Alerts

Introduction

One important part of firewall security is being aware of what traffic is going through your firewall. For instance, in the event that you are under an attack, you will be able to react appropriately. Check Point VPN-1/FireWall-1 (CP VPN-1/FW-1) provides you with the ability to set up alerts based on certain criteria, and you can add some of these alerts directly into your rulebase under the Track column in your SmartDashboard. You can even decide what action to take if a certain alert is raised.

Check Point is continually praised for the usability and richness of its logging. Using SmartView Tracker, an administrator can easily track down problems, misconfigurations, or simply audit and analyze the network traffic in a concise manner from a single location. You can also receive, consolidate, and correlate logs from other devices, increasing the overall effectiveness of the logs shown in SmartView Tracker.

Alerts Commands

Your main day-to-day interaction with the firewall will be the handling of the alerts that it generates and creating new rules. These alerts are generated by the rules you have configured, and are also customizable. Using the SmartDashboard graphical user interface (GUI), you can customize the various alert types. Select Policy Global Properties and then select the Log and Alert branch from the left. You ll see a screen like the one shown in Figure 9.1.

This panel contains a significant amount of information, but it is all pretty straightforward. The default settings are shown in Figure...