https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Umbrella-Integration/m-p/149837#M24062 <P>No - are you aware of any CheckPoint Log File for the Tracking with "UserAlert1"?</P> Tue, 31 May 2022 15:11:19 GMT D_W 2022-05-31T15:11:19Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Umbrella-Integration/m-p/149832#M24058 <P>Hi Mates,</P><P>anyone here that uses the Cisco Umbrella CheckPoint Integration?</P><P><A href="https://support.umbrella.com/hc/en-us/articles/231248788" target="_blank">https://support.umbrella.com/hc/en-us/articles/231248788</A></P><P>&nbsp;</P><P>We're here on GW R80.40 and Management R81.10. Script is located in $FWDIR/bin on the Gateway. UserAlert1 is defined in GlobalProperties and a ThreatPrevention Rule is set to execute UserAlert1 when matched. But issue is that the script never gets triggered.</P><P>Manually execution of the script show's that it is communication with the Umbrella destination.<BR />Every hint is very much appreciated <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> !</P><P>Cheers,</P><P>David</P> Tue, 31 May 2022 14:16:59 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Umbrella-Integration/m-p/149832#M24058 D_W 2022-05-31T14:16:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Umbrella-Integration/m-p/149833#M24059 <P>Just a shot in the dark here, but do you see any relevant logs in dashboard? Anything related to script not being executed? If there is specific IP related to Cisco side, you can always try run fw ctl zdebug + drop | grep x.x.x.x on CP fw (just replace with relevant IP address)</P> <P>Andy</P> Tue, 31 May 2022 14:38:55 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Umbrella-Integration/m-p/149833#M24059 the_rock 2022-05-31T14:38:55Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Umbrella-Integration/m-p/149835#M24060 <P>I see a log to <SPAN>67.215.70.75</SPAN> (<SPAN>s-platform.api.opendns.com</SPAN>) when I manually execute the script.</P><P>I see the Threat Prevention rule matches and a log is generated with Type "Alert" but not log that shows outgoing traffic to <SPAN>67.215.70.75</SPAN>.<BR />Also I added some code that writes into a file when the script is running for logging if the script was executed or not but nothing...<BR /><BR /></P> Tue, 31 May 2022 14:47:20 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Umbrella-Integration/m-p/149835#M24060 D_W 2022-05-31T14:47:20Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Umbrella-Integration/m-p/149836#M24061 <P>any errors?</P> <P>Andy</P> Tue, 31 May 2022 15:09:48 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Umbrella-Integration/m-p/149836#M24061 the_rock 2022-05-31T15:09:48Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Umbrella-Integration/m-p/149837#M24062 <P>No - are you aware of any CheckPoint Log File for the Tracking with "UserAlert1"?</P> Tue, 31 May 2022 15:11:19 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Umbrella-Integration/m-p/149837#M24062 D_W 2022-05-31T15:11:19Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Umbrella-Integration/m-p/149841#M24063 <P>Have not seen it in a while.</P> Tue, 31 May 2022 16:00:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Umbrella-Integration/m-p/149841#M24063 the_rock 2022-05-31T16:00:41Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Umbrella-Integration/m-p/149847#M24066 <P>Do the scripts exist on the gateways and can you confirm they execute correctly?</P> Tue, 31 May 2022 16:17:32 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Umbrella-Integration/m-p/149847#M24066 PhoneBoy 2022-05-31T16:17:32Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Umbrella-Integration/m-p/149909#M24086 <P>Yes I can confirm that the script is on the GW and executes correctly when started manually... see below the details of the script and what comes back when I send bogus information executed manually.<BR />In the curl_cli I had to add "-k" because the Let'SEncrypt Cert cannot be validated by the GW <span class="lia-unicode-emoji" title=":expressionless_face:">😑</span></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2022-06-01_08-30.png" style="width: 936px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/16781i7D4C4F523D0C3ECA/image-size/large?v=v2&amp;px=999" role="button" title="2022-06-01_08-30.png" alt="2022-06-01_08-30.png" /></span></P> Wed, 01 Jun 2022 07:09:09 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Umbrella-Integration/m-p/149909#M24086 D_W 2022-06-01T07:09:09Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Umbrella-Integration/m-p/198367#M37129 <P>Do you solve the problem?</P> Mon, 20 Nov 2023 09:31:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Umbrella-Integration/m-p/198367#M37129 starmen2000 2023-11-20T09:31:03Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Umbrella-Integration/m-p/198649#M37202 <P>I'm also interested in the solution.</P> Wed, 22 Nov 2023 13:46:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Umbrella-Integration/m-p/198649#M37202 6a8496cf-c878-4 2023-11-22T13:46:27Z