When it comes to your Check Point infrastructure, its actually pretty difficult to monitor and report on your inventory, hardware models, OS versions, device health, and license information.
This is where Zabbix comes into play. Zabbix is an open source monitoring solution for virtually any device in your organization. It can be used to monitor endpoints, servers, switches, routers and firewalls from virtually any vendor via SNMP, IPMI, or an agent. In this article we will dive into what Zabbix is and how it can be used to monitor your entire Check Point infrastructure.
List of section headers:
I. What is Zabbix?
II. Monitoring Check Point devices with Zabbix
III. Adding Check Point devices to Zabbix
I. What is Zabbix?
Zabbix is open source software that allows the monitoring of servers, VMs, cloud services, and network devices. Zabbix has an agent that can be installed on the OS of your servers to make monitoring easier, but it can also monitor devices using SNMP. Zabbix also provides a deep level of granularity when it comes to monitoring devices and alerting based on conditions on the device.
Zabbix is a highly scalable solution, being able to monitor thousands of devices and is really only limited by the hardware that you install Zabbix on. In a large organization, there will be thousands of servers, network devices, firewalls, and with Zabbix these can all be monitored in one place. This allows the organization to obtain information about the entire network in a single place. Zabbix also has an inventory section for each host, allowing you to document and check important information about all of your devices in one place. Below is a screenshot of the inventory section of Zabbix.
Zabbix Inventory
Zabbix also allows you to create your own dashboards with information that is being obtained from the devices on your network. This is a very important feature as it allows you to see the state of your network in a single page and see any devices that are triggering an alert. In the next section we will show a dashboard with statistics about all of the Check Point devices in Zabbix.
Zabbix Documentation: https://www.zabbix.com/documentation/current/
Zabbix Installation Documentation: https://www.zabbix.com/documentation/current/manual/installation
II. Monitoring Check Point devices with Zabbix
Check Point has no tool for monitoring anything outside of a firewall. Sure you can see the state of firewalls but you also need to see switches, servers, routers and any other network device. Zabbix is the solution to this problem. All of the devices found in Zabbix are monitored constantly, you can alert on any statistic pulled from the gateways with SNMP, you can monitor other vendor devices, and you can get an overview of the entire infrastructure in a glance with dashboards.
Zabbix allows you to monitor all of the hardware and software information of the Check Point devices, as well as the routers and other network devices so you can determine where a problem may be occurring. By monitoring all of the statistics of your Check Point devices, such as CPU usage, fan speed, power consumption, temperature, and connection states, you can alert if any of these reach a level that is abnormal. Being able to see all of these statistics in one place makes Zabbix a powerful tool in any network.
Below is a small example of the information that can be pulled from a Check Point device using SNMP and an example of a dashboard displaying information on the entire network of Check Point devices. The first image shows that we can pull license information, connection table information, and CPU utilization information. The dashboard shows that we can see statistics on a large number Check Point devices and see any alerts from those devices in a single place.
Check Point SNMP data
Zabbix Dashboard
III. Adding Check Point devices to Zabbix
There are several ways to add all of your Check Point devices to Zabbix. For one they can be added by hand, but this is very tedious and time consuming. If you have hundreds of gateways, this could be completely out of the question. Another option is to use SNMP discovery. SNMP discovery is unreliable due to issues with SNMP being filtered, not configured correctly, or not even enabled on some devices. The answer to this for Check Point devices is the Check Point API. We have written a script that will populate Zabbix with all of the Check Point devices in a network using the Check Point API. This saves weeks of time versus adding them manually, and is much more efficient than using SNMP discovery. Below is an example of the script running and adding devices to Zabbix. The script connects to an MDS as well as an SMS to show functionality for both.
Script Output
The Check Point API allows you to obtain all of the gateways directly from the Check Point servers that are managing them. This allows quick integration of your Check Point infrastructure into Zabbix and other monitoring solutions, checking of gateways for misconfigured SNMP, and a generated inventory of the Check Point environment. If you have any interest in a this solution or want more information, contact us at contact@spikefishsolutions.com.