https://community.checkpoint.com/t5/General-Topics/Identity-Broker-certificate-monitoring-since-R81-20-JHF-T-26/m-p/193564#M32393 <P>Hi Vince,<BR /><BR />The ability to monitor and alert once we approach the expiration date of the Identity Broker certificate has been added to R81.20&nbsp; jumbo take 26, we are working on adding it to R81 and R81.10 jumbos as well.<BR />This functionality is enabled by default, we have added a new alert logs + warning/error status to the relevant Subscriber object.<BR /><BR />The behavior is as follows:<BR /><BR />Certificate expiration date &lt; 90 days:</P> <UL> <LI>GW/Cluster changes to warning with an appropriate message (as can be seen in the screenshot below).</LI> <LI>Alert log triggered in SmartConsole once a day (as can be seen in the screenshot below)</LI> </UL> <P>Certificate expiration date &lt; 30 days :</P> <UL> <LI>GW/Cluster status changes to <U><STRONG>error</STRONG> </U>with an appropriate message.</LI> <LI>Alert log will be still triggered in SmartConsole once a day</LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Netanel_Cohen_0-1695721639358.jpeg" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22572i4F892FA7C1FA8808/image-size/medium?v=v2&amp;px=400" role="button" title="Netanel_Cohen_0-1695721639358.jpeg" alt="Netanel_Cohen_0-1695721639358.jpeg" /></span></P> <P>&nbsp;</P> <P><BR /><BR /></P> Tue, 26 Sep 2023 09:56:44 GMT Netanel_Cohen 2023-09-26T09:56:44Z https://community.checkpoint.com/t5/General-Topics/Identity-Broker-certificate-monitoring-since-R81-20-JHF-T-26/m-p/193214#M32335 <P>Hi mates,<BR /><BR />release notes of take 26 shows:<BR /><BR /></P><TABLE width="932px" cellspacing="0"><TBODY><TR><TD width="84.9531px"><P>PRJ-45912,<BR />IDA-4843</P></TD><TD width="133.922px"><P>Identity Awareness</P></TD><TD width="712.125px"><P><STRONG>UPDATE</STRONG>: Implemented monitoring functionality and alerts for tracking the expiration date of Identity Broker certificates.</P></TD></TR></TBODY></TABLE><P>&nbsp;</P><P>does anybody know how to use this functionality?<BR /><BR /></P><P>Cheers<BR />Vince</P> Thu, 21 Sep 2023 06:31:05 GMT https://community.checkpoint.com/t5/General-Topics/Identity-Broker-certificate-monitoring-since-R81-20-JHF-T-26/m-p/193214#M32335 Vincent_Bacher 2023-09-21T06:31:05Z https://community.checkpoint.com/t5/General-Topics/Identity-Broker-certificate-monitoring-since-R81-20-JHF-T-26/m-p/193268#M32340 <P>I suspect this is part of a larger project to allow for mass renewal of the various platform/VPN certificates, something that we plan to provide in the near future.<BR />Which means the full functionality may not be exposed just yet.<BR />Let me see what I can find out.</P> Thu, 21 Sep 2023 16:02:01 GMT https://community.checkpoint.com/t5/General-Topics/Identity-Broker-certificate-monitoring-since-R81-20-JHF-T-26/m-p/193268#M32340 PhoneBoy 2023-09-21T16:02:01Z https://community.checkpoint.com/t5/General-Topics/Identity-Broker-certificate-monitoring-since-R81-20-JHF-T-26/m-p/193564#M32393 <P>Hi Vince,<BR /><BR />The ability to monitor and alert once we approach the expiration date of the Identity Broker certificate has been added to R81.20&nbsp; jumbo take 26, we are working on adding it to R81 and R81.10 jumbos as well.<BR />This functionality is enabled by default, we have added a new alert logs + warning/error status to the relevant Subscriber object.<BR /><BR />The behavior is as follows:<BR /><BR />Certificate expiration date &lt; 90 days:</P> <UL> <LI>GW/Cluster changes to warning with an appropriate message (as can be seen in the screenshot below).</LI> <LI>Alert log triggered in SmartConsole once a day (as can be seen in the screenshot below)</LI> </UL> <P>Certificate expiration date &lt; 30 days :</P> <UL> <LI>GW/Cluster status changes to <U><STRONG>error</STRONG> </U>with an appropriate message.</LI> <LI>Alert log will be still triggered in SmartConsole once a day</LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Netanel_Cohen_0-1695721639358.jpeg" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22572i4F892FA7C1FA8808/image-size/medium?v=v2&amp;px=400" role="button" title="Netanel_Cohen_0-1695721639358.jpeg" alt="Netanel_Cohen_0-1695721639358.jpeg" /></span></P> <P>&nbsp;</P> <P><BR /><BR /></P> Tue, 26 Sep 2023 09:56:44 GMT https://community.checkpoint.com/t5/General-Topics/Identity-Broker-certificate-monitoring-since-R81-20-JHF-T-26/m-p/193564#M32393 Netanel_Cohen 2023-09-26T09:56:44Z https://community.checkpoint.com/t5/General-Topics/Identity-Broker-certificate-monitoring-since-R81-20-JHF-T-26/m-p/193572#M32395 <P>Thanks for your explanation. So we'll see the alert messages on SmartLog and in our case via LogExporter in our elastic stack as well.<BR />An option to monitor this via api, prometheus, snmp is not present or planned?<BR />thanks<BR />Vince</P> Tue, 26 Sep 2023 11:19:35 GMT https://community.checkpoint.com/t5/General-Topics/Identity-Broker-certificate-monitoring-since-R81-20-JHF-T-26/m-p/193572#M32395 Vincent_Bacher 2023-09-26T11:19:35Z