Checkpoint Next Generation Firewall

  • Published on Jan 28, 2026
  • 1 minute(s) read
Prev Next

Checkpoint NGFW builds on the capabilities of a traditional firewall by incorporating additional features. For example, an NGFW operates at the application layer of the TCP/IP stack to apply intrusion prevention system (IPS), antimalware, sandboxing and other protections. These functions allow an NGFW to identify and block advanced threats before they pose a risk to corporate systems.
For more information on Checkpoint Next Generation Firewall, click here.

Integration Method: Data Collector (syslog)

Tables: Network Activity (4001), Detection Finding (2004)

This integration supports the following events.

Event

Description

URL Filtering Activity

Provides details about the URL filtering operations.

IPS Activity

Provides details about the Intrusion Prevention System activities.

Antivirus Activity

Provides details about the Antivirus operations.

Malware Activity

Provides details about the anti-malware operations.

This integration supports the following versions.

Checkpoint Version Tested

R81.20

Prerequisites

  • Access to login into Checkpoint backend environment as an administrator.

  • The user should have a compatible version of the system in which we can configure the data collector. 

  • The user should have access to the DataBee console.

Configuration Overview

  1. Configure the Data Collector.

  2. Configure syslog on Checkpoint Machine.

  3. Configure Checkpoint New Generation Firewall feed in DataBee Console.

Data Collector Configuration

  1. To install Data Collector, please follow the steps mentioned here.

  2. Verify that the required port (for example, port 514) is open and configured to accept incoming data from the Checkpoint server.

Checkpoint Configuration

  1. Login to the Checkpoint backend as an administrator.
    ex: ssh admin@1.2.3.4

  2. Login to the expert mode.
    expert

  3. Modify the below command and execute in the shell,

    cp_log_export add name {Jobname} target-server {IP} target-port {Port} protocol tcp format json

    Jobname - Can be name of your choice.

    IP - The IP of the machine where the Data Collector is installed.

    Port - The Port which was opened during Data Collector Configuration.

    sample command - cp_log_export add name comcast1 target-server 1.2.5.8 target-port 514 protocol tcp format json

  4. Execute the below command to check the configuration.
    cp_log_export show

DataBee Configuration

  1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
     

  2. Search for the Checkpoint Next Generation Firewall and click it as shown below.
     A screenshot of a computer AI-generated content may be incorrect.

  3. Click on the Data Collector for collection method.
     A screenshot of a computer AI-generated content may be incorrect.

  4. Click on the Syslog option.
     

  5. Enter feed contact information then select the data collector created earlier and scroll down.
     A screenshot of a computer AI-generated content may be incorrect.

  6. In the configuration page, confirm the following:

    • Select the ‘format’ as json from the dropdown.

    • Select the ‘Mode’ as TCP from the dropdown.

    • Fill the ‘Port’ with the port configured during the syslog configuration in the host machine.

    A screenshot of a computer AI-generated content may be incorrect.

  7. Click Submit.

Troubleshooting Tips