VMware Aria Operations for Networks supports Check Point Security Manager (SmartCenter) and the Check Point Multi-Domain Security (MDS) Management Servers.

Prerequisites

You must ensure that:

  • The data source and its version is supported in VMware Aria Operations for Networks. For more information, see Supported Products and Versions.
  • The data source follows VMware Ports and Protocols supported in VMware Aria Operations for Networks. For more information, see VMware Ports and Protocols.
VMware Aria Operations for Networks requires read-only privileges for the Web-API access for fetching most of the Check Point data. There are few exceptions as follows:
  • If a non-VSX physical gateway is attached to the management server, the user should have read-write access privileges for the Web API. This is required to fetch the gateway routes for using the run script Web API for the VM-VM path computation.
  • If a VSX gateway is attached to the management server, the user should have the SSH access with the same password. In addition, the user should have access to the CLI command vsx_util view_vs_conf. This command is used to fetch the VSX gateway routes for the VM-VM path computation.
  • For MDS server IP as data-source, the user should have the Web API access to all domains including the MDS domain and the global domain. It is required to fetch rules, policy packages and other data from all the domains.

Procedure

  1. From the left navigation pane, go to Settings > Accounts and Data Sources.
  2. Click Add Source.
  3. Under the Firewall group, click Check Point Management Server.
  4. In the Add a New Check Point Management Server Account or Source page, provide the required information.
    Option Action
    Collector VM Select a collector VM from the drop-down menu.
    IP Address/FQDN Enter the IP address or the FQDN details.
    Note: If you are adding the Check Point MDS Management server, you must provide the IP of the MDS server. You cannot add the domain management server IP of an MDS server as an individual data source.
    Username Enter the user name.
    Password Enter the password.
  5. Click Validate.
  6. Define the polling interval for the configuration data collection. You can set the polling interval from 10 minutes to 7 days.
    • Preset - Select the interval time from the predefined time set.
    • Custom Interval - Set a value and select Minutes, Hours, and Days.
    • Fixed Schedule - Select the days and set the time to schedule the interval.
  7. (Optional) In the Nickname text box, enter a nickname.
  8. (Optional) In the Tags (Optional) key-value pair text box, enter a key and a value.
    Key-value pair could be any text. For example, you can use Layer Access as key-value pair where layer is the key and access is the value.
    1. To apply the tag in all the associated entities, click the Apply above tag operations to all associated entities check box. For more details about the associated entities, see Working with Local Tags.
      If you clear the Apply above tag operations to all associated entities check box, the assigned tag is removed from all the associated entities.
  9. (Optional) In the Notes text box, add a note if necessary.
  10. Click Submit.

What to do next

VMware Aria Operations for Networks supports the following features of Check Point firewall:
  • VLAN
  • Layer 3 Routing (IPv4)
  • Virtual Wire (in network assurance and verification)
  • Security Policy
  • Security Zone (in network assurance and verification)
  • NAT (Network Address Translation). This feature is not supported in network assurance and verification.
  • Cluster (Not supported in network assurance and verification)
  • Virtual System (Not supported in network assurance and verification)
    Note: VMware Aria Operations for Networks does not support Check Point Virtual Switch and Virtual Router.