To set up Check Point Firewall-1 Collector, do the following steps, below:
Enable Check Point Firewall Collector
Install the XDR Collector
Configure the Firewall
Open the port on the XDR Collector Host
Enable Check Point Firewall Collector
In Barracuda XDR Dashboard, navigate to Administration > Integrations.
On the Check Point Firewall Collector card, click Setup.
Select the Enable check box.
Click Save.
Install the XDR Collector
If you haven't already set up the XDR Collector, do one of the following:
Configuring the Firewall
In Check Point, the Logs & Monitoring > Log Servers page lets you configure external log servers for security and system logs for additional logging storage.
External Syslog Server Configuration
You can configure a gateway to send logs to multiple external syslog servers.
To configure an external syslog server
In Check Point, under Syslog Servers, click Configure.
The External Syslog Server window opens.Enter a Name and IP address.
Enter a Port (9201).
Select Enable log server.
Optionally, select Show Obfuscated Fields.
Obfuscated packets are shown as plain text.Select logs to forward:
System logs
Security logs
Both system and security logs
Click Apply.
Open the Port on the XDR Collector Host
Ensure incoming traffic is allowed on UDP port 9201.
Linux
sudo ufw allow 9201/udp
Windows
netsh advfirewall firewall add rule name="Check Point Firewall Events" dir=in action=allow protocol=UDP localport=9201