Integrations

All Check Point clients must enable the Check Point Log Exporter feature to allow forwarding logs from the gateway or log server. Set the log format for the Check Point Log Exporter to Common Event Format (CEF) and aggregate all logs to the Check Point Management Server. Configure each Security Gateway to forward its logs to the Check Point Management Server so that it can process them. Doing so makes sure that the Illumio application receives a unified and complete view of Check Point data and makes sure that the Check Point Management Server acts as a central point for sending logs to the Illumio application. See Log Exporter and Configuring the Security Management Server and Security Gateways.

You must have a firewall policy that allows egress traffic to the internet.

Enhance the CEF logs to include the Tenant ID. The Illumio application requires each log entry to be associated with the correct tenant, so the CEF logs must include the Tenant ID field. You may need to customize the Check Point Log Exporter or use a log-enrichment script to inject the Tenant ID into each log record before it is forwarded.

Enable mTLS between the Check Point Management Server and Illumio HAProxy. To secure log transmission, you must configure mTLS between the Check Point Management Server and the Illumio ingestion endpoint (typically HAProxy). You need to generate and install certificates on the client side and update the respective configurations to include mTLS.