Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Check Point Multi-Domain Management (Provider-1)

 

You can configure JSA to integrate with a Check Point Multi-Domain Management (Provider-1) device.

All events from Check Point Multi-Domain Management (Provider-1) are parsed by using the Check Point Multi-Domain Management (Provider-1) DSM. You can integrate Check Point Multi-Domain Management (Provider-1) using one of the following methods:

Note

Depending on your Operating System, the procedures for using the Check Point Multi-Domain Management (Provider-1) device can vary. The following procedures are based on the Check Point SecurePlatform operating system.

Integrating Syslog for Check Point Multi-Domain Management (Provider-1)

This method ensures that the Check Point Multi-Domain Management (Provider-1) DSM for JSA accepts Check Point Multi-Domain Management (Provider-1) events by using syslog.

JSA records all relevant Check Point Multi-Domain Management (Provider-1) events.

Configure syslog on your Check Point Multi-Domain Management (Provider-1) device:

  1. Type the following command to access the console as an expert user:

    expert

    A password prompt is displayed.

  2. Type your expert console password. Press the Enter key.
  3. Type the following command:

    csh

  4. Select the wanted customer logs:

    mdsenv <customer name>

  5. Input the following command:

    # nohup $FWDIR/bin/fw log -ftn | /usr/bin/logger -p <facility>.<priority> 2>&1 &

    Where:

    • <facility> is a syslog facility, for example, local3.

    • <priority> is a syslog priority, for example, info.

    You are now ready to configure the log source in JSA.

    The configuration is complete. The log source is added to JSA as the Check Point Multi-Domain Management Provider-1 syslog events are automatically discovered. Events that are forwarded to JSA are displayed on the Log Activity tab.

Configuring a Log Source

JSA automatically discovers and creates a log source for syslog events from Check Point Multi-Domain Management (Provider-1) as Check Point FireWall-1 events.

The following configuration steps are optional. To manually configure a log source for Check Point Multi-Domain Management (Provider-1) syslog events:

  1. Log in to JSA.
  2. Click the Admin tab.
  3. On the navigation menu, click Data Sources.

    The Data Sources pane is displayed.

  4. Click the Log Sources icon.

    The Log Sources window is displayed.

  5. Click Add.

    The Add a log source window is displayed.

  6. In the Log Source Name field, type a name for your log source.
  7. In the Log Source Description field, type a description for the log source.
  8. From the Log Source Type list, select Check Point Firewall-1.
  9. Using the Protocol Configuration list, select Syslog.

    The syslog protocol configuration is displayed.

  10. Configure the following values:

    Table 1: Syslog Parameters

    Parameter

    Description

    Log Source Identifier

    Type the IP address or host name for the log source as an identifier for events from your Check Point Multi-Domain Management (Provider-1) appliance.

  11. Click Save.
  12. On the Admin tab, click Deploy Changes.

Configuring OPSEC for Check Point Multi-Domain Management (Provider-1)

This method ensures that the JSA Check Point FireWall-1 DSM accepts Check Point Multi-Domain Management (Provider-1) events by using OPSEC.

In the Check Point Multi-Domain Management (Provider-1) Management Domain GUI (MDG), create a host object that represents the JSA. The leapipe is the connection between the Check Point Multi-Domain Management (Provider-1) and JSA.

To reconfigure the Check Point Multi-Domain Management (Provider-1) SmartCenter (MDG):

  1. To create a host object, open the Check Point SmartDashboard user interface and select Manage >Network Objects >New >Node >Host.
  2. Type the Name, IP address, and write comments if needed.
  3. Click OK.
  4. Select Close.
  5. To create the OPSEC connection, select Manage >Servers and OPSEC Applications >New >OPSEC Application Properties.
  6. Type a Name, and write comments if needed.

    The Name that you enter must be different than the name used in Step 2.

  7. From the Host drop-down menu, select the JSA host object that you created.
  8. From Application Properties, select User Defined as the Vendor type.
  9. From Client Entries, select LEA.
  10. Select OK and then Close.
  11. To install the Policy on your firewall, select Policy >Install >OK.

Configuring an OPSEC Log Source

You can configure the log source in JSA:

  1. Login to JSA.
  2. Click the Admin tab.
  3. On the navigation menu, click Data Sources.

    The Data Sources pane is displayed.

  4. Click the Log Sources icon.

    The Log Sources window is displayed.

  5. Click Add.

    The Add a log source window is displayed.

  6. From the Log Source Type list, select Check Point FireWall-1.
  7. Using the Protocol Configuration list, select OPSEC/LEA.

    The OPSEC/LEA protocol parameters are displayed

  8. Log Source Name Type a name for the log source.
  9. Log Source Identifier Type the IP address for the log source. This value must match the value that you typed in the Server IP parameter.
  10. Server IP Type the IP address of the Check Point Multi-Domain Management (Provider-1).
  11. Server Port Type the Port number that is used for OPSEC/LEA. The default is 18184.

    You must ensure that the existing firewall policy allows the LEA/OPSEC connection from your JSA.

  12. OPSEC Application Object SIC Attribute Type the SIC DN of the OPSEC Application Object.
  13. Log Source SIC Attribute Type the SIC Name for the server that generates the log source.

    SIC attribute names can be up to 255 characters in length and are case-sensitive.

  14. Specify Certificate Ensure that the Specify Certificate check box is clear.
  15. Certificate Authority IP Type the Check Point Manager Server IP address.
  16. OPSEC Application Type the name of the OPSEC Application that requests a certificate.
  17. Click Save.
  18. On the Admin tab, click Deploy Changes.