Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
FGA_Sys_And_Net
Participant

KPI FW and IPS drops

Hello,

I have a smartcenter R81.10 in latest version and with Quantum and SMB firewalls.

I need to know the number of FW (Access Control and Firewall) and IPS drops. Just a daily and monthly value. This will give trends and show which sites are receiving the most attacks, for example.

I'm really having trouble finding this information.

Can anyone help me?

 

Kind regards,

0 Kudos
8 Replies
PhoneBoy
Admin
Admin

Do you have a SmartEvent license?
This is likely needed to get this information unless you want to export the logs elsewhere to do the count.

0 Kudos
FGA_Sys_And_Net
Participant

Hi,

 

I have the license.

Can you explain how to get the information from SmartEvent?

 

Kind regards,

0 Kudos
PhoneBoy
Admin
Admin

Create a new View (tap the plus in the tab bar, tap Views, the New > New View, give it a name and select Access Control).
Then add a widget something like: 
(Note if you are using App Control/URL Filtering, you may wish to add those blades also)

image.png

Something similar can be done for IPS.

0 Kudos
FGA_Sys_And_Net
Participant

Thanks. 

It gives several possibilities, I did the counter, but the value is very low, even over 1 month, it does not exceed 2, on the same filter as you.

If I want to have the daily value. What to do?

0 Kudos
PhoneBoy
Admin
Admin

Set the exact timeframe you want in the view (done in the upper left of the screen).

0 Kudos
FGA_Sys_And_Net
Participant

It's not great, I thought it was possible to have a graph or table showing the daily values and not select each day one by one.

Moreover, even with this filter, the value does not change.

 

2023-10-11_10h58_47.png

 

2023-10-11_10h58_55.png

2023-10-11_10h58_36.png

0 Kudos
PhoneBoy
Admin
Admin

There are other widget methods that might work better here for your use case.
I recommend trying them out and seeing what works for you.

As for the counting issue, I suspect the issue is that your drops are not being indexed by SmartEvent.
Please ensure all drop rules include "Session" logging per: https://support.checkpoint.com/results/sk/sk150452 

0 Kudos
the_rock
Legend
Legend

Sounds like you need to enable smart event to get this.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events