Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

General Security & Cybersecurity Ecosystem

Reply

Infoblox Integration with Check Point's Next Generation Firewall

[ Edited ]
Techie
Posts: 17
6149     0

We are excited to announce an Infoblox Security Ecosystem integration with Check Point’s Next Generation Firewall (NGFW)

 

Integrating Check Point’s Next Generation Firewall into the Infoblox Security Ecosystem increases the visibility of threats for both network security and incident response teams. Infoblox along with Check Point’s Next Generation Firewall allows effective, and granular control over network assets that include access control, geo policies, and much more. This integration enables security automation, saves valuable administrative time, and effectively increases the leverage and ROI of both products.

 

This integration supports a wide variety of events: ADP, Discovery, Fixed, Host, Lease, Network, RPZ, Range, and Tunnel. A grid with NIOS version 8.3 or higher is required.

 

The Infoblox and Check Point Integration Deployment Guide will cover the steps required to properly deploy this integration. Integration templates are included. The templates are in a .json format and are provided “as-is”. Templates should be fully tested in your lab environment and modified as needed before implementing them into production.

 

The templates require extensible attributes described in the table below. It is recommended to inherit attributes with the default values from the network view level.

Name

Description

CP_AddByHostName

Defines if Host records are to be added to Check Point by name.

CP_AssetSync

Defines if syncing asset events with Check Point is desired or not.

CP_AssetTimestamp

Timestamp that records when the asset was last synced with Check Point.

CP_SecuritySync

Defines if syncing security events with Check Point is desired or not.

CP_SecurityTimestamp

Timestamp that is updated whenever a security event occurs.

 

In addition to the Extensible Attributes, the following Session Variables are also required:

Name

Description

CP_AssetGroup

The Asset Group is a Network Group located on the Check Point firewall. All supported network objects that are populated from Infoblox are members of this group.

CP_SecurityGroup

The Security Group is a Network Group located on the Check Point firewall. When a security event is triggered by a device, the device is added to this group.

 

Below is a demo video which cover use cases and the configuration of this integration:

 

 

Feedback, Comments, or Questions are welcome.

Re: Infoblox Integration with Check Point's Next Generation Firewall

[ Edited ]
New Member
Posts: 3
6150     0

Hello,

 

Thanks for a good deployment guide. We are trying to set this up. It is not working with deleting the network object sync. Trying to find out what notification that should be sent to the Checkpoint Appliance. What should be the name ?

Re: Infoblox Integration with Check Point's Next Generation Firewall

Superuser
Posts: 105
6150     0

Got this error when i try to integrate to checkpoint

 

Checkpoint: Template execution retry limit is reached.Event `{u'member_ip': u'10.254.1.160', u'event_type': 'HOST_ADDRESS_IPV4', u'timestamp': u'2024-01-17T08:25:45Z', u'vnode_oid': 0, u'object_type': u'HostAddress', u'previous_values': {}, u'values': {u'network_view': u'default', u'ipv4addr': u'19.19.19.63', u'mac': u'bb:cc:dd:ee:ff:11', u'host': u'test', u'ms_ad_user_data': {u'active_users_count': 0}, u'extattrs': {u'CP_AssetSync': {u'inheritance_source': {u'_ref': u'networkview/ZG5zLm5ldHdvcmtfdmlldyQw:default/true'}, u'value': u'true'}, u'CP_SecuritySync': {u'inheritance_source': {u'_ref': u'networkview/ZG5zLm5ldHdvcmtfdmlldyQw:default/true'}, u'value': u'true'}, u'CP_AddByHostName': {u'inheritance_source': {u'_ref': u'network/ZG5zLm5ldHdvcmskMTkuMTkuMTkuMC8yNC8w:19.19.19.0/24/default'}, u'value': u'true'}}, u'_ref': u'record:host_ipv4addr/ZG5zLmhvc3RfYWRkcmVzcyQubm9uX0ROU19ob3N0X3Jvb3QuMC4xNzA1NDc5ODkzMTAzLnRlc3QuMTkuMTkuMTkuNjMu:19.19.19.63/test/%20'}, u'member_name': u'gm-nfr.nsid.co', u'operation_type': u'DELETE'}` is skipped
Showing results for 
Search instead for 
Did you mean: 

Recommended for You