Download Complete PDF Send Feedback Print This Page

Previous

Synchronize Contents

Next

Monitoring Alerts

Related Topics

Alerts

Interfering Actions

Viewing Alerts

System Alerts

System Alert Monitoring Mechanism

Alerts

Alerts provide real-time information about vulnerabilities to computer systems and how they can be eliminated.

Check Point alerts users to potential threats to the security of their systems and provides information about how to avoid, minimize, or recover from the damage.

Alerts are sent by the Security Gateways to the Security Management server. The Security Management server then forwards these alerts to the SmartView Monitor client, which is actively connected to the Security Management server.

Alerts are sent in order to draw the administrator's attention to problematic gateways, and are displayed in SmartView Monitor. These alerts are sent:

  • If certain rules or attributes, which are set to be tracked as alerts, are matched by a passing connection,
  • If system events, also called System Alerts, are configured to trigger an alert when various thresholds are surpassed.

The administrator can define alerts to be sent for different gateways. These alerts are sent under certain conditions, such is if they have been defined for certain policies, or if they have been set for different properties. By default an alert is sent as a pop up message to the administrator's desktop when a new alert arrives to SmartView Monitor. Alerts can also be sent for certain system events. If certain conditions are set, you can get an alert for certain critical situation updates. These are called System Alerts. For example, if free disk space is less than 10%, or if a security policy has been changed. System Alerts are characterized as follows:

  • Per product — For instance you may define certain System Alerts for Unified Package and other System Alerts for Check Point QoS.
  • Global or per gateway — This means that you can set global alert parameters for all gateways in the system, or you can specify particular action to be taken on alert on the level of every Check Point gateway.
  • Display — They are displayed and viewed using the same user-friendly window.

Interfering Actions

After reviewing the status of certain Clients, in SmartView Monitor, you may decide to take decisive action for a particular Client or Cluster Member, for instance:

  • Disconnect client - if you have the correct permissions, you can choose to disconnect one or more of the connected SmartConsole clients.
  • Start/Stop cluster member - All Cluster Members of a given Gateway Cluster can be viewed via SmartView Monitor. You can start or stop a selected Cluster Member.

Viewing Alerts

Alert commands are specified in the Popup Alert Command field in the Log and Alert page of the Global Properties window in SmartDashboard and can be viewed in the Alerts window in SmartView Monitor. The Alerts in this window apply only to Security Gateways.

To view the alerts, choose Alerts from the Tools menu in SmartView Monitor. The Alerts window is displayed. In this window you can set the alert attributes and delete any number of displayed alerts.

System Alerts

System Alerts are defined in the Threshold Settings window, accessible from the Gateways Status view. The window contains these options:

  • Use global settings
  • Configure no threshold settings
  • Use custom settings

Global versus Customized System Alert Parameters

System Alerts can be customized per network object, or they can be set to comply with the global System Alert attributes.

To define the System Alerts option:

  1. Right-click a network object in the Gateways Status view and select Configure Thresholds.
  2. Select one of the options:
    • Use global settings - Indicates that thresholds for the selected gateway are inherited from the Global Threshold Settings. The same system alert parameters are applied to all the gateway objects. If you apply global properties, the System Alert parameters cannot be modified for the selected object.
    • None - Indicates that thresholds are not associated with the selected gateway.
    • Custom - Lets you define object-specific system alert thresholds. Select a checkbox to enable the threshold.
  3. Click OK.

Defining Global Threshold Settings

The Global Threshold Settings window lets you define a set of default system alert parameters (such as CPU utilization) for each installed product and determine the action to be taken (such as log or alert) when that parameter is reached.

To open the Global System Alert Definition window:

  1. Right-click a network object in the Gateways Status view and select Configure Thresholds.
  2. Click Edit Global Settings.

    The Global Threshold Settings window opens.

  3. Select the checkbox next to the threshold you want to enable globally.
  4. Click OK.

GlobalThresholds

System Alert Monitoring Mechanism

Check Point Security Management server has a System Alert monitoring mechanism that takes the System Alert parameters you defined and checks if that System Alert parameter has been reached. If it is reached, it activates the action defined to be taken.

To activate this mechanism, select Tools > Start System Alert Daemon. To stop the System Alert monitoring mechanism, elect Tools > Stop System Alert Daemon.

 
Top of Page ©2013 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print