The Check Point Management Server should accept API access from the Collector IP address.

You can set up the access from Check Point SmartConsole application. Go to Manage & Settings > Blades, and in the Management API Setting window, select All IP addresses.

If Check Point MDS is added as data-source, vRealize Network Insight Cloud fetches data from all the user-defined domains and the global domain.

vRealize Network Insight Cloud uses Check Point public Web API for fetching the data from the Check Point management server. If the VSX gateway is attached to the management server, we use SSH-based CLI commands to fetch the VSX-managed Virtual System VS routing table to support display of the VS gateway in the VM-VM path.

You can perform a query for all the Check Point entities that are supported by vRealize Network Insight Cloud. All the entities are prefixed by Check Point.
Table 1. Sample Queries for Check Point
Entities in Check Point Keywords Queries
IPset

Check Point Address Range

Check Point Network

vm where Address Range = <>

vm where Address Range = <>

Check Point Address Range where Translated VM = <>

Grouping Check Point Network Group

Check Point Network Group where Translated VM = <>

vm where Network Group = <>

Service/ Service Group

Check Point Service

Check Point Service Group

Check point service where Port = <>

Check point service where protocol = <>

Access Layer Check Point Access Layer Check Point Policy where Access Layer = <>
Domain Check Point Domain

check point domain where ip address = <>

check point policy where domain = <>

check point access layer where domain = <>

Gateways and Gateway Cluster

Check Point Gateway

Check Point Gateway Cluster

Check Point Gateway Cluster where Policy Package = <>
Policy Package Check Point Policy package

Check Point Policy where Policy Package = <>

Check Point Policy Package where Rule = <>

Policy Check Point Policy

Check point policy where source ip = <> and Destination IP = <>

Rule where source ip = <> and Destination IP = <> (will display other rules- nsx, redirect along with check point policies in the system)

If the Check Point device is present in the VM-VM path, you can see the device's physical gateways and virtual system in the VM topology. When you click the device icon, you can see basic information such as interfaces, routes, and applicable Check Point firewall rules.

vRealize Network Insight Cloud supports Check Point integration with NSX-V through service-insertion. If Check Point service VM exists on host in the VM-VM path, then it will show applicable Check Point firewall rules on the host.
Note: For the VM-VM path, vRealize Network Insight Cloud does not support the VSX cluster containing Virtual Switch and Virtual Router.
Here are some scenarios for which the system alerts are generated for Check Point:
  • The NSX fabric agent is not found on the ESX for the Check Point gateway.
  • The Check Point service VM is not found.
  • The Check point gateway sic status is not communicating.
  • The discovery and update alerts features for the Check Point entities like address range, networks, policies, groups, policy package, service, service group, and so on.