This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Omer_Kleinstern
Employee
Employee
‎2020-07-09 02:09 AM

Check Point integration with Venafi

Hi all,

I am glad to announce that we just accomplished integration with Venafi, this integration enables automated discovery, setup and distribution of keys and certificates for HTTPS Inspection.

Integration App is available in Venafi store

 

How it works?

 

Venafi automates SSL/TLS machine identities used in Check Point inbound HTTPS inspection policies. Certificates are defined as Venafi-synced objects within Check Point and automatically kept in sync with the Venafi Platform.

 

  1. Bulk-provisioning jobs in Venafi allow new machine identities, matching specified policy, to be provided to Check Point automatically on a schedule or on-demand.
  2. Expiring certificates are automatically renewed at the CA, provisioned by Venafi to Check Point and applied in the HTTPS inspection policy.
  3.  Inspection policies are always up-to-date with the most recent version of machine identities, ensuring there are no gaps in SSL/TLS visibility, and encrypted threats are never missed.
 
 

We invite you to try it out, please feel free to contact me for questions or feedback at omerkl@checkpoint.com .

 

Thanks,

Omer

 
3 Replies
Will_H
Contributor
‎2021-11-17 03:18 PM

What does this integration do? Can it replace the outgoing SSL inspection certificate for users going from internal to the internet? 

0 Kudos
Omer_Kleinstern
Employee
Employee
‎2021-11-23 07:30 AM
In response to Will_H

Hi,

 

The integration supports certificates for inbound HTTPS traffic inspection.

 

Thanks,

Omer

0 Kudos
rajk
Explorer
‎2022-01-04 08:54 AM
In response to Omer_Kleinstern

Hi Omer,

We are following the below Venafi-Checkpoint integration document to automate the cert installation process on Checkpoint. But we are getting “Handshake exceptions” when we run the job. Wondering if you could help us in this. Below are the steps we have followed,

 

  • Downloaded the powershell script from “https://marketplace.venafi.com/details/check-point-ngfw/” market place
  • Installed the script to “bulk provisioning drivers” folder on Venafi TPP hosts
  • Created a checkpoint user in venafi who has access to install certificates via checkpoint manager
  • Created a Check point device in venafi and configured it to use above checkpoint user for authentication
  • Created a Job in Venafi aperture to use the powershell script to push the certificates to Checkpoint server. But the job runs are failing with below Handshake exceptions.

 

While executing the Bulk Provisioning process named \VED\Policy\test\security cert for checkpoint\checkpoint-bulkjob on \VED\Policy\test\Checkpoint_device\Checkpoint device, the following error occurred: 'Failed to install Certificates with error: The underlying connection was closed: An unexpected error occurred on a send. --> The handshake failed due to an unexpected packet format.'.

Failed to install certificates on \VED\Policy\test\security cert for checkpoint\checkpoint-bulkjob.  Error: The underlying connection was closed: An unexpected error occurred on a send. --> The handshake failed due to an unexpected packet format..  Additional error data    at Venafi.Drivers.AdaptableFramework.PowerShellCommand.Invoke(String driverScript, String pass)

   at Venafi.Drivers.AdaptableFramework.AdaptableDomainDelegate.Invoke(String driverScript, EncryptedCommand command)

   at Venafi.Drivers.AdaptableFramework.AdaptableDomainDelegate.Invoke(String driverScript, EncryptedCommand command)

   at Venafi.Drivers.AdaptableFramework.PowerShellInvoker.Invoke(EncryptedCommand command)

   at Venafi.Drivers.Applications.AdaptableBulk.a(Hashtable A_0, Hashtable A_1)

   at Venafi.Drivers.Applications.AdaptableBulk.BulkProvision(String applicationDN, String deviceDN, List`1 certificates, DeviceProvisioningStatistics statistics, CancellationToken cancellation, Config config, Log log)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events