This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
GomesLucas
Participant
‎2023-10-30 06:19 AM
Jump to solution

Create firewall alert

Good morning!

I would like to create a firewall alert as follows:

When a user with a personal laptop connects to our network and tries to access the internet, the firewall should block it and notify us, generating an alert for this connection.

Is it possible to create this type of alert on the firewall?

0 Kudos
1 Solution

Accepted Solutions
Amir_Senn
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2023-10-30 08:49 AM
Jump to solution

The answer here has 2 steps:

First step - you need the specific traffic to be matched on access policy rule. Here I agree with @Chris_Atkinson , IDA is the way to go here IMO but nothing specific is required except matching a rule.

Second step - enable alerts on the rule and define the alert.

1. Right click "Track" column on the specific rule -> Alert -> Choose alert type (See 1.png).

2. From main menu, go to Global Properties (See 2.png).

3. Navigate to Log and Alert -> Alerts. For each alert you can choose if you want to send alerts to SmartView Monitor, run script or both (See 3.png).

From here you can choose whatever method you see fit to your needs. If you want to define email alert you can use the following SK: https://support.checkpoint.com/results/sk/sk25941

 

Kind regards, Amir Senn

View solution in original post

Preview file
6 KB
Preview file
15 KB
Preview file
33 KB
2 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-10-30 07:05 AM
Jump to solution

Conceptually, but more information is needed here:

- Do you already utilize the Identity Awareness Agent?

- Do you have integration with another NAC solution such as Cisco ISE?

CCSM R77/R80/ELITE
0 Kudos
Amir_Senn
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2023-10-30 08:49 AM
Jump to solution

The answer here has 2 steps:

First step - you need the specific traffic to be matched on access policy rule. Here I agree with @Chris_Atkinson , IDA is the way to go here IMO but nothing specific is required except matching a rule.

Second step - enable alerts on the rule and define the alert.

1. Right click "Track" column on the specific rule -> Alert -> Choose alert type (See 1.png).

2. From main menu, go to Global Properties (See 2.png).

3. Navigate to Log and Alert -> Alerts. For each alert you can choose if you want to send alerts to SmartView Monitor, run script or both (See 3.png).

From here you can choose whatever method you see fit to your needs. If you want to define email alert you can use the following SK: https://support.checkpoint.com/results/sk/sk25941

 

Kind regards, Amir Senn
Preview file
6 KB
Preview file
15 KB
Preview file
33 KB

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events