Notice: This blog post was originally published on Indeni before its acquisition by BlueCat.
The content reflects the expertise and perspectives of the Indeni team at the time of writing. While some references may be outdated, the insights remain valuable. For the latest updates and solutions, explore the rest of our blog
Key Takeaways
Continuous verification of NTP configuration and operation on Check Point gateways is required to prevent time drift that can impact logging, clustering, and security functions.
Interfaces must be monitored for drops, errors, and collisions, along with speed/duplex, IP, and MAC details, to quickly detect and diagnose physical or configuration-related network issues.
Cluster members should be regularly compared for routing tables, acceleration settings, kernel parameters, and configuration files to identify and remediate Check Point cluster misconfigurations.
Key Check Point daemons (such as pdpd, routed, cpd, fwd) need proactive process monitoring to detect crashes, restarts, memory leaks, and abnormal behavior via system process and core dump analysis.
License and support contract states, including capacity limits and renewal dates, must be continuously validated to avoid unexpected feature loss or interruption of IPS signature updates.
High availability management synchronization status and certificate expiration dates (SIC, VPN, OPSEC) must be tracked to ensure management failover readiness and uninterrupted secure communications.
Check Point Firewalls Diagnostic Tool
Below are samples of hidden issues that maybe lurking in your network environment.
Keep the clocks in sync
You’ve gone through the trouble of configuring the use of NTP on all of your firewalls. It worked at the time you’ve configured it. Then, months later, while troubleshooting an issue you realize the clock is no longer set correctly.
indeni constantly tests the current NTP configurations on a gateway. If NTP fails consistently for 24 hours we alert. The reason for the 24 hour threshold is to avoid alerting for any maintenance being done to your NTP server.
Commands used: ntpdate, ntpdq, etc. (depending on OS).
Monitor interfaces for drops, errors, collisions, etc.
Drops usually occur when the traffic load is more than the interface can handle, or the CPU can take off the interface (RX buffers).
Errors usually occur when the duplex settings are wrong.
Collisions usually occur when you have a setup from hell or simply outdated.
Whatever it is, you need someone to keep an eye and tell you when there are more drops, errors and collisions than there should be. It would be great if that someone would also tell you what interface it’s on, the speed+duplex settings for that interface, the IP addresses, MAC address, etc.
Commands used: ifconfig -a, ethtool.
Identify cluster misconfiguration
When configuring a Check Point cluster you need to make sure you get a lot of things right. Then, as time goes by, changes are made to the active member and sometimes they are not made to the standby member.
Or, as we’ve had seen more than once or twice, a device gets RMAed and the configurations on the new device aren’t exactly the same as the old device.
Whatever it is, you need to make sure the configurations match. indeni does that for you.
Commands used: netstat -rn (comparing routes), fw ctl multik stat, fwaccel stat, fw ctl get int <all_kparams>, cpstat fw, etc. Files reviewed: all .conf and .def files.
Track processes, know when there are issues
pdpd, routed, gated, cpd, fwd, … all these daemons need watching. You need to know when they crash, recycle, core dump, memory leak or simply behave funny.
indeni is well aware of these processes and the need to track them. The moment a process misbehaves, you will be notified.
Commands used: ps (various flags). Data sources: various directories containing core dump files.
Ensure you’re covered – with licenses and contracts
Do you have the right licenses? Are you exceeding capacity? Are your contracts being renewed on time? Will you continue to get your IPS signature updates?
Sometimes it can be difficult to stay on top of everything. In case you’ve missed something, indeni is there to point it out to you. Not saying you will, but just in case.
Data sources: licenses and contracts stored in the management database. Commands used: cplic print.
Discover Management HA sync issues before your next DR exercise
You’ve set up two management servers in HA. It all worked flawlessly and you’re ready for when your primary data center disappears. Or at least, the next DR exercise.
Then, when you actually want to switch to the standby server you discover you’re in a bit of a situation. It didn’t sync for months and nobody noticed. Do not worry, indeni notices.
Commands used: our little secret :)
Certificate expiration tracking
Certificates are commonly used in secure communications. In the case of Check Point Firewalls, they are used in SIC (Secure Internal Communication), VPNs (some) and OPSEC connections.
Keeping track of which certificate is being used and when it’s about to expire can be tricky. indeni does that for you. You’ll get an alert before a certificate expires, so you have enough time to renew it.
Data sources: the certificates stored in the internal CA.
Ready to learn more? Download the Check Point solution brief here.
Discover API-first DDI with Integrity X by using REST v2 to automate DNS, DHCP, and IPAM for scalable, secure network operations.
Read more
We’re using cookies on this website to improve your experience. Cookies help us learn how you interact with our website and remember you when you come back so we can tailor it to your interests.
To learn more about cookies and how we use them, read our cookie notice.
Some cookies are essential, while others help us to improve your experience by giving us insight into how you are using our website. You may adjust your preferences for non-essential cookies below.
To learn more about cookies and how we use them, read our cookie notice. You can also review our privacy policy for more details on the personal data we collect, use, hold, and disclose when you visit our website or use our products and services.
Functional cookies
Functional cookies are essential cookies that allow us to remember choices or changes you have made (such as to language settings or your choices regarding the use of cookies). These cookies cannot be turned off since they are essential for the operation of our Websites.
Analytics cookies
Analytics cookies are non-essential cookies that collect information on how visitors use our Websites. We use this information with your consent to measure the number of visitors to our Websites, determine whether specific content or communication has been viewed, and to help us improve our Websites and communication. These cookies can be turned off.
Personalisation Storage
Personalisation cookies are non-essential cookies that collect information when you fill out a form on this website. We only use this information with your consent to pre-fill other forms on the site. These cookies can be turned off.
Marketing cookies
Marketing cookies are cookies that are placed by third parties to collect information about your visits and actions on our Websites so that they or we can deliver ads to you later, such as when you are on certain third-party sites or platforms. These cookies may be used by those third parties to build a profile of your interests and show you relevant ads on other websites. These cookies also enable visitors to our Websites to share content on social networks and to enable and evaluate interactions with our communication and social media tools. These cookies can be turned off.
