Appendix F - Using Unix DHCP as the IoT Discovery Engine

You can set up an IoT discovery engine on the Check Point Security Gateway or Management Server to discover IoT assets in your network. The IoT discovery engine uses the network devices in the network, such as switches, routers, gateways, or Network Access Control (NAC) devices to discover IoT assets.

You can use Unix DHCP server as an IoT discovery engine. It maintains a pool of IP addresses and provides an IP address to every new DHCP-enabled client.

Unix DHCP integration is based on log files for events which are created by Unix DHCP server. Such events may include the MAC address of the device and the leased IP address. Unix DHCP integration reads the actual log files from a local directory to which these files are copied.

Prerequisites

• Unix DHCP server with Cron installed. If Cron is not installed, install it using the package manager for your Linux distribution.

• IP address and login credentials of your Check Point Security Gateway / Management Server that is used to discover IoT assets in your network.

• On your Check Point Security Gateway / Management Server, the default shell must be the Expert mode (/bin/bash).

  To change the default user shell:

  1. Connect to the command line on the Check Point Security Gateway / Management Server (over SSH or console).

  2. Next step depends on the current configuration:

     • If you default shell is the Expert mode, then the prompt shows the word "Expert" in front of the hostname.

       There is nothing else to configure.

       Example:

       

     • If you default shell is Gaia Clish, then the prompt shows only the hostname.

       Example:

       

       You can change the default shell in one of these ways:

       • In Gaia Portal, configure:

         1. Go to User Management > Users.

         2. Select and edit the admin user.

         3. In the Shell field, select /bin/bash.

         4. Click OK.

       • In Gaia Clish, run:

         1. set user admin shell /bin/bash

         2. save config

  3. Restart your SSH session and check if you are in Expert mode by default.

     If you are still in Clish mode, make sure you have entered the correct commands and restart the SSH session.

  4. Connect to the command line on the Check Point Security Gateway / Management Server (over SSH or console) again.

  5. The prompt must show the word "Expert" in front of the hostname.

Setting Up Unix DHCP as the IoT Discovery Engine

To set up Unix DHCP as the IoT Discovery Engine:

1. Create a Cron task to copy the log files from the Unix DHCP server to the Check Point Security Gateway server / Management Server:

   1. Download the unix-dest.sh file:

      1. Click here.

         The Download Details page appears.

      2. Click Download.

         The system downloads the file.

   2. Transfer the file to the Unix DHCP server.

   3. Connect to the command line on your Unix DHCP server (over SSH or console).

   4. Log in with your administrator credentials.

      Output:

      

   5. Run:

      sudo bash unix-dest.sh

      Output:

      

   6. Enter the administrator password.

      Output:

      

      Note - If the following output appears, you must install Cron. See Prerequisites.

   7. To install the discovery engine, enter 1 and press Enter.

      Output:

      

   8. Enter the IP address of your Check Point Security Gateway server / Management Server, and press Enter.

      Output:

      

   9. Enter the IP address of the Unix DHCP server.

      Output:

      

   10. Enter y and press Enter.

       Output:

       

       Note - If this output appears, make sure that the Unix DHCP server is up and running, and enter the correct IP address. Resolve the issue and repeat step i.

   11. Enter the Expert mode password of your Check Point Security Gateway server / Management Server, and press Enter.

       Output:

       

       The discovery engine setup is complete.

   12. To close the setup tool, press any key.

       After the installation, the system copies the DHCP logs to your Security Gateway / Management Server at one-minute intervals.

2. Configure Unix-DHCP as the discovery engine in Quantum IoT Protect:

   1. Log in to Check Point Infinity Portal.

   2. In the Quantum section, go to IoT Protect > IoT > Profiles.

   3. Click and select IoT Discovery Source Profile.

      

   4. Enter these:

      1. In the Discovery Source section, from the Discovery source type list, select Unix DHCP Server.

      2. In the Discovery Source Settings section, in the IP address field, enter the IP address of the Unix DHCP server.

      3. In the Run Discovery On section, select the Security Gateway from the list.

         If you use a Standalone or Management Server, select Install discovery settings on management.

         

      4. In the Gateways That Use This Service section, select the gateways relevant to your discovered assets, or select the policy-package for all gateways.

         

   5. Click Enforce.

      The system installs the Unix-DHCP discovery engine and starts running on the Check Point Security Gateway / Management Server.

Testing the Unix DHCP IoT Discovery Engine

1. Connect to the command line on the Check Point Security Gateway / Management Server (over SSH or console).

2. Log in to the Expert mode.

3. Run:

   cpnano -s

   Note - The output for this command may take time to appear depending on how long the system takes to enforce the profile. If you do not see the output, then verify whether you have selected the correct Security Gateway in the Profiles setting.

4. These nano services must be running:

   1. Check Point Orchestration

   2. Check Point IoT Unix DHCP

   Output:

   

Removing Unix DHCP as the IoT Discovery Engine

To remove Unix DHCP as the IoT discovery engine from the Unix DHCP server:

1. Connect to the command line on your Unix DHCP server (over SSH or console).

2. Log in with administrator credentials.

   Output:

   

3. Run:

   sudo bash unix-dest.sh

   Output:

   

4. Enter the administrator password.

   Output:

   

5. To uninstall the discovery engine, enter 2 and press Enter.

   Output:

   

6. To confirm, enter y and press Enter.

   The system removes the scheduled copy task and uninstalls the Unix DHCP server as the discovery engine.

   Output:

   

7. To close the tool, press any key.

   DHCP logs are no longer copied to the Check Point Security Gateway / Management Server.

To remove the IoT Discovery Source Profile in Quantum IoT Protect:

1. Log in to Check Point Infinity Portal.

2. In the Quantum section, go to IoT Protect > IoT > Profiles.

3. On the Unix-DHCP discovery engine profile, click and then Delete.

   

4. Click OK.

   

5. Click Enforce.

Troubleshooting the Unix DHCP IoT Discovery Engine

1. Connect to the command line on the Check Point Security Gateway / Management Server (over SSH or console).

2. Log in to the Expert mode.

3. The DHCP logs files are available in this location:

   /var/log/iot-discovery/unix-dhcp-logs