This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Chinmaya_Naik
Advisor
‎2019-10-29 10:38 PM

ForeScout NAC Integration with checkpoint management Server

Jump to solution

Hi Team,

We are trying to integrate Forcscout with the checkpoint.

Gaia OS R80.20 with jumbo take_103

Communication happens in between Checkpoint MGMT and  Forescout.

From Forescout able to telnet with 18184 port to Checkpoint MGMT.

Refer the below screenshot for details

1.png02.png4.png5.png

Still, face the below error:-

3.png

 

Pls, help to resolve the issue.

 

Regards,

@Chinmaya_Naik 

Reply
1 Solution

Accepted Solutions
Chinmaya_Naik
Advisor
‎2019-10-30 05:42 AM

Jump to solution

Hi Team,

We resolved the issue.

Reason: Time and date are not up to date😉

We also disable the smart event blade because by default smartevent also works on the same port 18184.

Also make sure that the OPSEC object name on checkpoint and the object name define on the third-party ForceScout name should same.

Additional Information:- You need to download and add the add-ons (Checkpoint Threat Prevention) on ForeScout to able to see the detection and Remediate information on ForeScout and also ForeScout required an additional license.

For Reference :

112233

Thanks and Regards

@Chinmaya_Naik 

View solution in original post

Reply
7 Replies
Chinmaya_Naik
Advisor
‎2019-10-30 05:42 AM

Jump to solution

Hi Team,

We resolved the issue.

Reason: Time and date are not up to date😉

We also disable the smart event blade because by default smartevent also works on the same port 18184.

Also make sure that the OPSEC object name on checkpoint and the object name define on the third-party ForceScout name should same.

Additional Information:- You need to download and add the add-ons (Checkpoint Threat Prevention) on ForeScout to able to see the detection and Remediate information on ForeScout and also ForeScout required an additional license.

For Reference :

112233

Thanks and Regards

@Chinmaya_Naik 

View solution in original post

Reply
Hamid_Nabil
Participant
‎2019-11-18 05:21 AM
In response to Chinmaya_Naik

Jump to solution

Hi, 

 

Did you run log and management in the same server? We are able to establish SIC but we are not receiving events. 

Reply
Chinmaya_Naik
Advisor
‎2020-01-06 12:24 AM
In response to Hamid_Nabil

Jump to solution

HIi @Hamid_Nabil 

Yes, we have only one Management Server for policy configuration and also store the logs.

Also, refer the below links.

https://community.checkpoint.com/t5/Logging-and-Reporting/Forescout-NAC-Integration-with-checkpoint-...

Regards

@Chinmaya_Naik 

0 Kudos
Reply
Rafal_N
Contributor
‎2019-12-16 02:54 PM
In response to Chinmaya_Naik

Jump to solution

Hi,

I also integrated CheckPoint (R80.30 take 111) with Forescout. All events from Gateway works fine and are recognize with CounterACT but it ignore logs form Endpoints (SandBlast Agents). 

I can't find any information what kind of blades/products ForeScout understand. Does anybody know is it should feed IOCs from endpoint also?

Rafal

Reply
Hamid_Nabil
Participant
‎2019-12-18 01:01 AM
In response to Rafal_N

Jump to solution

@Rafal_N  Is your ForeScout checkpoint plugin integrated with log server or management? I ask this because my management server is receiving indexed logs from log server. I could not establish SIC between ForeScout and log-server but it was established with management server. And still no event being was sent to ForeScout. 😞

Reply
Rafal_N
Contributor
‎2020-01-06 12:33 AM
In response to Hamid_Nabil

Jump to solution

With management all logs form Endpoint and form Gateway are send to management.

All other events like Antibot or Anti-Virus or TE that are generated by Gateway are visible on ForeScout. Only problem is with logs from Endpoint Client. 

 

0 Kudos
Reply
Chinmaya_Naik
Advisor
‎2020-01-06 01:39 AM
In response to Rafal_N

Jump to solution

Hi @Rafal_N 

In Forescout we able to see Checkpoint Anti-Bot Threat Detections, Checkpoint Anti-Virus Threat Detections, Checkpoint Threat Emulation Threat Detection is only for CP Firewall which also required additional adds on.

For Checkpoint Endpoint Client you need to create a custom policy in ForeScout.

Refer below link for more details.

https://community.checkpoint.com/t5/Logging-and-Reporting/ForeScout-NAC-Integration-with-checkpoint-...

Regards

@Chinmaya_Naik 

 

0 Kudos
Reply