When connecting a Check Point Security Management Server to SecureTrack, there are two possibilities to gather the topology:
Check Point Security Management Server only
In this case, Secure Internal Communication is set up to have a secure connection between the SecureTrack Server and the Check Point Management.
The Topology for SecureTrack is read from the Interface information defined in the Check Point Firewall and Cluster, respectively. Anti-Spoofing information is also read to get as much information as possible about the Topology.
Check Point OS Monitoring
In this case, the Topology is read from the monitored devices directly using SNMP. Other information isn't gathered - information from the object defined in the Security Mangagement Server is ignored.
Lesson learned:
If Check Point OS monitoring is activated and the SecureTrack Server has no possibility to read information using SNMP (161/udp), no information about the Topology is imported and therefore this device isn't shown in the SecureTrack Topology. Allowing SNMPv3 between the SecureTrack Server and the firewall device helps to avoit this potential problem.
