This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
FGA_Sys_And_Net
Participant
‎2023-10-04 06:29 AM

KPI FW and IPS drops

Hello,

I have a smartcenter R81.10 in latest version and with Quantum and SMB firewalls.

I need to know the number of FW (Access Control and Firewall) and IPS drops. Just a daily and monthly value. This will give trends and show which sites are receiving the most attacks, for example.

I'm really having trouble finding this information.

Can anyone help me?

 

Kind regards,

0 Kudos
8 Replies
PhoneBoy
Admin
Admin
‎2023-10-06 08:54 AM

Do you have a SmartEvent license?
This is likely needed to get this information unless you want to export the logs elsewhere to do the count.

0 Kudos
FGA_Sys_And_Net
Participant
‎2023-10-09 12:35 AM
In response to PhoneBoy

Hi,

 

I have the license.

Can you explain how to get the information from SmartEvent?

 

Kind regards,

0 Kudos
PhoneBoy
Admin
Admin
‎2023-10-09 01:02 PM
In response to FGA_Sys_And_Net

Create a new View (tap the plus in the tab bar, tap Views, the New > New View, give it a name and select Access Control).
Then add a widget something like: 
(Note if you are using App Control/URL Filtering, you may wish to add those blades also)

image.png

Something similar can be done for IPS.

0 Kudos
FGA_Sys_And_Net
Participant
‎2023-10-10 12:12 AM
In response to PhoneBoy

Thanks. 

It gives several possibilities, I did the counter, but the value is very low, even over 1 month, it does not exceed 2, on the same filter as you.

If I want to have the daily value. What to do?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-10-10 01:07 PM
In response to FGA_Sys_And_Net

Set the exact timeframe you want in the view (done in the upper left of the screen).

0 Kudos
FGA_Sys_And_Net
Participant
‎2023-10-11 02:09 AM
In response to PhoneBoy

It's not great, I thought it was possible to have a graph or table showing the daily values and not select each day one by one.

Moreover, even with this filter, the value does not change.

 

2023-10-11_10h58_47.png

 

2023-10-11_10h58_55.png

2023-10-11_10h58_36.png

0 Kudos
PhoneBoy
Admin
Admin
‎2023-10-11 07:58 AM
In response to FGA_Sys_And_Net

There are other widget methods that might work better here for your use case.
I recommend trying them out and seeing what works for you.

As for the counting issue, I suspect the issue is that your drops are not being indexed by SmartEvent.
Please ensure all drop rules include "Session" logging per: https://support.checkpoint.com/results/sk/sk150452 

0 Kudos
the_rock
Legend
Legend
‎2023-10-08 02:54 PM

Sounds like you need to enable smart event to get this.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top