Comparing indeni and Check Point’s SmartView Monitor
The summary:
Check Point’s SmartView Monitor is great as a basic tool for identifying the operational health of your firewalls. However, if your network is supporting critical business services and you rely on your firewalls’ uptime to succeed, you need something more capable. indeni provides you with the ability to stay ahead of possible issues in your Check Point firewalls, as well as other devices.
Therefore, if you need in-depth insight into your Check Point firewalls and management servers’ operational health, you need indeni.
The longer version:
From checkpoint.com: “SmartView Monitor is a high-performance network and security analysis system that helps you easily administer your network by establishing work habits based on learned system resource patterns. Based on Check Point’s Security Management Architecture, SmartView Monitor provides a single, central interface for monitoring network activity and performance of Check Point Software Blades.”
If you dig deeper into what SmartView Monitor helps you see, you’ll find:
- Gateway general health information (up/down, cluster fail over, CPU/memory utilization, operating system in use)
- Traffic counters
- Status of VPN tunnels
- Remote users connected via VPN (such as SecuRemote)
- Status of Cooperative Enforcement (Check Point’s NAC solution)
This is sufficient if all you are looking for is the basic health of the firewall. The vast majority of issues, however, cannot be uncovered in this way. SmartView Monitor (also known as RTM), wasn’t constructed to dig deep into the operational health of firewalls. In comparison, here’s a partial list of what indeni can help you uncover:
- Gateway cannot access certificate authority
- Policy installation resulted in high CPU load cluster may failover
- Firewall log file increase rate critical – possible connectivity loss to log server
- Firewall kernel table limit approaching or reached
- ClusterXL member is in a critical state
- Cluster member down due to NIC error
- Some received packets have been dropped by NIC (SA#24915)
- High memory usage (including pin-pointing the cause for the memory usage)
- DNS servers configured but responding too slowly
- Use of NTP servers configured but not operational
- Firewall Connection Table Limit Approaching or Reached
- A NIC has failed recently (SA#24915)
- RX traffic drastically reduced post fail over possible ARP issue
- Two cluster members differ in their routing tables (SA#66322)
- DNS server resolution test failed
- NAT connections (fwx_alloc) table limit approaching or reached
- Errors have been found in packets transmitted by NIC (SA#24915)
- ARP table is approaching its limits (SA#25890)
- VPN gateway is dropping unexpected packets (SA#22255)
- NIC duplex set to half with speed of 10mbps or 100mbps (SA#24967)
The ability of indeni to run such a complicated analysis of the firewalls’ configuration, logs and running parameter, is what allows for these issues to be uncovered. In addition, indeni leverages the world’s knowledge, via indeni Insight. This means that when a given Check Point customer runs into a certain issue and shares it with indeni, all of the other customers benefit.
The bottom line:
Check Point’s SmartView Monitor is great, albeit fairly limited in depth. indeni provides you with far greater insight into the health of your firewalls, and as a result, true proactivity. With indeni, you will solve issues before they even happen.