Appendix H - Using Infoblox DHCP - Syslog as the IoT Discovery Engine

You can set up an IoT discovery engine on the Check Point Management Server to discover IoT assets in your network. The IoT discovery engine uses the network devices in the network, such as switches, routers, gateways, or Network Access Control (NAC) devices to discover IoT assets.

You can use the Infoblox DHCP server as an IoT discovery engine. It maintains a pool of IP addresses and leases an IP address to every new DHCP-enabled client.

Infoblox DHCP - Syslog integration is based on Syslog messages generated by Infoblox DHCP server. Such Syslog message includes the MAC address of the device and the leased IP address. Syslog uses port 514 to send log messages over TCP or UDP.

Prerequisites

1. Add the Check Point Management Server on which the integration is installed as an external log server.

   1. Log in to Infoblox.

   2. Go to Grid > Grid Manager > Members.

   3. Go to Grid Properties > Monitoring > Basic.

   

2. Set the relevant Access Control rules on the relevant gateway, to allow Syslog traffic between the Infoblox DHCP server and the Check Point Management Server.

   

Setting Up Infoblox DHCP - Syslog as the IoT Discovery Engine

To set up Infoblox DHCP - Syslog as the IoT Discovery Engine:

1. Enable Infoblox DHCP - Syslog as the IoT discovery engine in Quantum IoT Protect.

   Notes: When you install the Infoblox DHCP - Syslog built-in discovery engine, it modifies the configuration of the Check Point Management Server on which it is installed and enables it to receive Syslog messages. Make sure no other user is logged in to SmartConsole.

   1. Log in to the Check Point Infinity Portal.

   2. In the Quantum section, go to IoT Protect > IoT > Profiles.

   3. Click and select IoT Discovery Source Profile.

      

   4. Enter these:

      1. In the Discovery Source section, from the Discovery source type list, select Infoblox DHCP Server (Syslog).

      2. In the Discovery Source Settings section, in the Server hostname field, enter the hostname of the Infoblox DHCP server.

      3. In the Run Discovery On section, select your Check Point Management Server.

         

      4. In the Gateways That Use This Service section, select the gateways relevant to your discovered assets, or select the policy-package for all gateways.

         

   5. Click Enforce.

      The system installs the Infoblox DHCP - Syslog discovery engine and starts running on the Check Point Management Server.

Testing the Infoblox DHCP - Syslog IoT Discovery Engine

1. Access the Check Point Management Server through SSH, for example using PuTTY.

2. Run:

   cpnano -s

   

3. Make sure that these nano services are running:

   1. Check Point Orchestration

      

   2. Check Point IoT Infoblox DHCP

      

Troubleshooting the Infoblox DHCP - Syslog IoT Discovery Engine

1. Log in to SmartConsole.

2. Go to Gateway & Services > Check Point > Management Server.

3. Expand Logs > Additional Logging.

   

4. Select Accept Syslog messages.

5. Click OK.

6. Enable Syslog traffic from the Infoblox DHCP server to the Check Point Management Server.

   To enable, access the Infoblox DHCP server through SSH, and run:

   Infoblox > set maintenancemode

   Maintenance Mode > show network_connectivity proto udp <IP Address of Management Server> 514

   Expected output:

   

7. To access any Unix terminal through SSH hosted in the same network on which the Check Point Management Server is hosted, run:

   echo "Syslog Test Message - #1" | nc -u <IP Address of Management Server> 514

   Expected output: in SmartConsole > Logs & Monitor view:

   

8. Filter by: blade: syslog

   

9. To access the Check Point Management Server through SSH, run:

   cp_log_export show

   Expected output: