Automation & APIs

Infrastructure Automation with Indeni 7.6

Last updated: July 31, 2025

An avatar of the author
Ulrica de Fort-Menares
Knowledge Explorer UI showing a searchable rules table with rule names, vendors, OS, categories, and enabled status

Notice: This blog post was originally published on Indeni before its acquisition by BlueCat.

The content reflects the expertise and perspectives of the Indeni team at the time of writing. While some references may be outdated, the insights remain valuable. For the latest updates and solutions, explore the rest of our blog

Check Point Device Hardening 

Device hardening is a necessary step to ensure your security devices do not have any potential loopholes which can be exploited by hackers. In 7.6.1, we added new Auto-Detect Elements (ADE) to harden Check Point firewalls. These checks apply to Check Point GAiA devices as well as Maestro devices. 

  1. Check for Strong passwords 
    • Ensure minimum password length is set to a user defined length.  
    • Ensure the password contains a combination of uppercase and lowercase letters, numbers and special characters.
  1. Ensure password complexity is set to 3. 
  1. Close inactive SSH sessions automatically. Ensure a timeout for automatic disconnection for inactive sessions is set. The wait time is >0 and <10 minutes by default. The timeout value is user configurable. 
  1. Ensure “Login Banner” is set to prohibit unauthorized access.
  1. Ensure remote management is using SSH v2 and not SSH v1. 
  1. Ensure that the local admin user accounts will not be blocked by checking that the CLI accounts are not being blocked under any circumstances.  

SecureXL Disabled Enhancements

Prior to 7.6, Indeni only collected the global status of SecureXL and alerted based on enable/disable status. In 7.6, Indeni will alert if SecureXL is disabled by the firewall as a result of certain conditions. 

Three new ADE’s were added to collect the state of the three SecureXL templates used to accelerate the connections: Accept, Drop and NAT. Indeni will alert if any one of these templates is disabled. 

These templates are available in version R80.10 later. The new rules are only applicable to Check Point GAiA devices.

Other New Auto-Detect Elements

  1. Check Point Light Out Management (LOM)
    • New ADE to collect the TLS version, IP address and Firmware information. Indeni will alert if the LOM interface was configured with default values. 
  1. Extended the support of the “configuration mismatch” rule to Palo Alto Networks devices. 

Next Steps

To see a complete list of features and bug fixes, refer to the release notes page on our website. You can download the latest list of Auto-Detect Elements for Maestro here. As always, if you have questions or comments, we’re here to help. 

Key Takeaways
  • Version 7.6.1 introduces new Auto-Detect Elements (ADEs) to harden Check Point GAiA and Maestro devices by enforcing password strength, complexity, and minimum length policies.
  • Idle SSH sessions on Check Point devices can now be automatically disconnected based on a user-configurable timeout between greater than 0 and less than 10 minutes.
  • The hardening checks verify that login banners prohibit unauthorized access, remote management uses SSH v2 instead of SSH v1, and local CLI admin accounts cannot be blocked.
  • Indeni 7.6 enhances SecureXL monitoring by alerting when SecureXL is disabled due to specific conditions and when any of the Accept, Drop, or NAT acceleration templates are disabled on Check Point GAiA R80.10 and later.
  • A new ADE for Check Point Lights Out Management (LOM) collects TLS version, IP address, and firmware details and alerts if the LOM interface is still using default configuration values.
  • The existing “configuration mismatch” detection rule has been extended to support Palo Alto Networks devices in addition to prior platforms.

Published in:

Automation & APIs

Published on: April 9, 2021

An avatar of the author

Ulrica de Fort-Menares is the Vice President of Product Management for Infrastructure Assurance.

Related content

Flock of geese flying in formation across a blue sky, framed by a pink graphic border, symbolizing coordinated network migrat
Blog

Automate your DDI modernization path by migrating with Micetro

Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.

Read more
Three armored figures walking toward a futuristic Las Vegas skyline with pyramids, glowing orb, and "Welcome to Fabulous Las
Blog

Your journey to intelligent NetOps begins at Cisco Live

Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.

Read more
Stacked colorful wooden directional arrows on a post by a calm seaside with distant hills and blue sky
Blog

Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)

Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.

Read more
Row of orange industrial robotic arms positioned along an automated conveyor belt in a factory setting
Blog

Automate it all in Integrity with REST v2 API-first DDI management

Discover API-first DDI with Integrity X by using REST v2 to automate DNS, DHCP, and IPAM for scalable, secure network operations.

Read more