Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

ForeScout NAC Integration with checkpoint management Server

Jump to solution

Hi Team,

We are trying to integrate Forcscout with the checkpoint.

Gaia OS R80.20 with jumbo take_103

Communication happens in between Checkpoint MGMT and  Forescout.

From Forescout able to telnet with 18184 port to Checkpoint MGMT.

Refer the below screenshot for details

1.png02.png4.png5.png

Still, face the below error:-

3.png

 

Pls, help to resolve the issue.

 

Regards,

@Chinmaya_Naik 

1 Solution

Accepted Solutions
Highlighted

Hi Team,

We resolved the issue.

Reason: Time and date are not up to date😉

We also disable the smart event blade because by default smartevent also works on the same port 18184.

Also make sure that the OPSEC object name on checkpoint and the object name define on the third-party ForceScout name should same.

Additional Information:- You need to download and add the add-ons (Checkpoint Threat Prevention) on ForeScout to able to see the detection and Remediate information on ForeScout and also ForeScout required an additional license.

For Reference :

112233

Thanks and Regards

@Chinmaya_Naik 

View solution in original post

7 Replies
Highlighted

Hi Team,

We resolved the issue.

Reason: Time and date are not up to date😉

We also disable the smart event blade because by default smartevent also works on the same port 18184.

Also make sure that the OPSEC object name on checkpoint and the object name define on the third-party ForceScout name should same.

Additional Information:- You need to download and add the add-ons (Checkpoint Threat Prevention) on ForeScout to able to see the detection and Remediate information on ForeScout and also ForeScout required an additional license.

For Reference :

112233

Thanks and Regards

@Chinmaya_Naik 

View solution in original post

Highlighted

Hi, 

 

Did you run log and management in the same server? We are able to establish SIC but we are not receiving events. 

Highlighted

HIi @Hamid_Nabil 

Yes, we have only one Management Server for policy configuration and also store the logs.

Also, refer the below links.

https://community.checkpoint.com/t5/Logging-and-Reporting/Forescout-NAC-Integration-with-checkpoint-...

Regards

@Chinmaya_Naik 

0 Kudos
Highlighted

Hi,

I also integrated CheckPoint (R80.30 take 111) with Forescout. All events from Gateway works fine and are recognize with CounterACT but it ignore logs form Endpoints (SandBlast Agents). 

I can't find any information what kind of blades/products ForeScout understand. Does anybody know is it should feed IOCs from endpoint also?

Rafal

Highlighted

@Rafal_NIedbala  Is your ForeScout checkpoint plugin integrated with log server or management? I ask this because my management server is receiving indexed logs from log server. I could not establish SIC between ForeScout and log-server but it was established with management server. And still no event being was sent to ForeScout. 😞

Highlighted

With management all logs form Endpoint and form Gateway are send to management.

All other events like Antibot or Anti-Virus or TE that are generated by Gateway are visible on ForeScout. Only problem is with logs from Endpoint Client. 

 

0 Kudos

Hi @Rafal_NIedbala 

In Forescout we able to see Checkpoint Anti-Bot Threat Detections, Checkpoint Anti-Virus Threat Detections, Checkpoint Threat Emulation Threat Detection is only for CP Firewall which also required additional adds on.

For Checkpoint Endpoint Client you need to create a custom policy in ForeScout.

Refer below link for more details.

https://community.checkpoint.com/t5/Logging-and-Reporting/ForeScout-NAC-Integration-with-checkpoint-...

Regards

@Chinmaya_Naik 

 

0 Kudos