This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vincent_Bacher
Advisor
Advisor
‎2023-09-20 11:31 PM

Identity Broker certificate monitoring (since R81.20 JHF T 26)

Hi mates,

release notes of take 26 shows:

PRJ-45912,
IDA-4843

Identity Awareness

UPDATE: Implemented monitoring functionality and alerts for tracking the expiration date of Identity Broker certificates.

 

does anybody know how to use this functionality?

Cheers
Vince

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2023-09-21 09:02 AM

I suspect this is part of a larger project to allow for mass renewal of the various platform/VPN certificates, something that we plan to provide in the near future.
Which means the full functionality may not be exposed just yet.
Let me see what I can find out.

Netanel_Cohen
Employee
Employee
‎2023-09-26 02:55 AM

Hi Vince,

The ability to monitor and alert once we approach the expiration date of the Identity Broker certificate has been added to R81.20  jumbo take 26, we are working on adding it to R81 and R81.10 jumbos as well.
This functionality is enabled by default, we have added a new alert logs + warning/error status to the relevant Subscriber object.

The behavior is as follows:

Certificate expiration date < 90 days:

  • GW/Cluster changes to warning with an appropriate message (as can be seen in the screenshot below).
  • Alert log triggered in SmartConsole once a day (as can be seen in the screenshot below)

Certificate expiration date < 30 days :

  • GW/Cluster status changes to error with an appropriate message.
  • Alert log will be still triggered in SmartConsole once a day

Netanel_Cohen_0-1695721639358.jpeg

 



Vincent_Bacher
Advisor
Advisor
‎2023-09-26 04:19 AM
In response to Netanel_Cohen

Thanks for your explanation. So we'll see the alert messages on SmartLog and in our case via LogExporter in our elastic stack as well.
An option to monitor this via api, prometheus, snmp is not present or planned?
thanks
Vince

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top