Tuesday, February 28, 2012

3D Reporting tool, quick HOWTO and tips

As I have mentioned recently, Check Point has release so called 3D Analysis tool to help partner in showing added values of Check Point technologies by analyzing live production traffic.



Although this tool is a great thing, there are some tips and tricks to make it work even better:

1. Licensing. The downloadable tool from Check Point has an expired license. Use your quick eval license on it.
2. Tapping. The official guide mentions tapping on the external interface of the cusotmer's FW. In this case bandwidth utilization will not show internal hosts. Identity Awareness information will also be unavailable. You may want to mirror the internal interface of the customer FW, in case topology in place is simple.
3. DLP policy is not set to customer's case. Do not forget to configure email domain properly before deploying the tool.
4. identity Awareness is not activated. If you want to enable it, mind p.2. Also do not forget to arrange connectivity to AD from the physical machine hosting 3D VM tool.
5. Policy installation. VM does not have any policy installed when you start it, do not forget this tiny detail.

If you have some other tips, please kindly share them in the comments.

12 comments:

  1. Hi Valery,

    We are using this tool at Vmplayer on a notebook (with one ethernet interface).
    If you want Mirror port kit to communicate with DC or to update IPS signatures, you should use either WiFi or USB-Ethernet card.

    And, btw, it seems to IPS signatures don't update correctly, because everytime we starting dashboard, it updates with big packages.

    May it be due not correct service activation in SmartUpdate?
    Best regards

    ReplyDelete
  2. Thanks, Pavel!

    I am using dual NIC setup as well, this way it works much better. Concerning the IPS updates, it does not seem to be an issue in ma case, but I will take a closer look.

    ReplyDelete
  3. Hi Valery,

    I get the VM tool from Check Point. It has 2 virtual nic: mirror and NAT. When I import the VM, but I can not connect the VM via Smart Console tool. How CAN I do?

    ReplyDelete
  4. Check your VMware host machine has NAT interface configured on the same network as VM from the kit, should do the trick. You won't able to connect from an external machine though, not without changing networking.

    IP addressing is documented in the kit, actually.

    ReplyDelete
  5. Now, I can not used Smart Console tool to connect the VM. Check Point told me to renew VM's Demo license key.

    What license can I use? I used P808 Demo License key, and used cplic command to import the license via ssh. SmartCenter license is success, but module is failed.

    ReplyDelete
  6. You have to do that from SmartUpdate

    ReplyDelete
    Replies
    1. Dear Valery,

      Thanks for your help. ^^

      When I install P808 License via SmartUpdate, after reboot. The VM is lock, I can not use ssh/web console or SmartConsole to connect it. How can I do to active the VM normally?

      Delete
  7. go to VM console and see what's wrong there

    ReplyDelete
    Replies
    1. Dear Valery,

      Sorry,

      How can I check, when I login the VM console?

      Delete
  8. it is hard to see from the blog, you know. if you cannot connect, it can be a policy problem or a connectivity problem. basic troubleshooting should be enough.

    also i would appreciate you spelling my name correctly.

    ReplyDelete
  9. Dear Valeri,

    Thanks for your help. :)

    ReplyDelete