Monitoring and Handling Alerts

Alerts provide real-time information about possible security threats, and how to avoid, minimize, or recover from the damage. The administrator can define alerts to be sent for different Security Gateways and for certain policies or properties.

The Security Gateways send alerts to the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.. The Security Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. forwards these alerts to SmartView Monitor. By default, an alert is sent as a pop-up message to the administrator desktop when a new alert arrives to SmartView Monitor.

You can set global alert parameters for all Security Gateways in the system, or specify an action to send an alert for a particular Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

Alerts are sent when:

  • Rules or attributes which are set to be tracked as alerts are matched by a passing connection.

  • System events (also called System Alerts) are configured to cause an alert when different predefined thresholds are surpassed.

System Alerts are sent for predefined system events or for important situation updates. For example, if free disk space is less than 10%, or if a security policyClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. is changed. System Alerts can also be defined for each product. For example, you can define other System Alerts for Check Point QoSClosed Check Point Software Blade on a Security Gateway that provides policy-based traffic bandwidth management to prioritize business-critical traffic and guarantee bandwidth and control latency..

Viewing Alerts

Alert commands are set in SmartConsole > Global Properties > Log and Alert > Alerts page. The Alerts in this window apply only to Security Gateways.

To see alerts:

  1. Open SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. > Logs & Monitor view > External Apps.

  2. Click Tunnel & User Monitoring.

    SmartView Monitor opens.

  3. Click the Alerts icon in the toolbar.

    The Alerts window opens. Use this window to monitor or delete alerts.

System Alert Monitoring Mechanism

The Check PointSecurity Management Server System Alert monitoring mechanism uses the defined System Alert thresholds. If a threshold is reached, it activates the defined action.

To activate System Alert monitoring:

Go to Tools > Start System Alert Daemon.

To stop the System Alert monitoring:

Go to Tools > Stop System Alert Daemon.