Integration with a Nokia Firewall by Using OPSEC
JSA can accept Check Point FireWall-1 events from Nokia Firewalls using the Check Point FireWall-1 DSM configured using the OPSEC/LEA protocol.
Before you configure JSA to integrate with a Nokia Firewall device, you must:
Configure Nokia Firewall using OPSEC, see Configuring a Nokia Firewall for OPSEC.
Configure a log source in JSA for your Nokia Firewall using the OPSEC LEA protocol, see OPSEC/LEA Log Source Parameters for Nokia Firewall.
Configuring a Nokia Firewall for OPSEC
You can configure Nokia Firewall by using OPSEC.
- To create a host object for your JSA, open up the Check Point SmartDashboard GUI, and select Manage >Network Objects >New >Node >Host.
- Type the Name, IP address, and an optional comment for your JSA.
- Click OK.
- Select Close.
- To create the OPSEC connection, select Manage >Servers and OPSEC Applications >New >OPSEC Application Properties.
- Type the Name and an optional comment.
The name that you type must be different from the name in Step 2.
- From the Host drop-down menu, select the JSA host object that you created.
- From Application Properties, select User Defined as the Vendor Type.
- From Client Entries, select LEA.
- Select OK and then select Close.
- To install the policy on your firewall, select Policy
For more information on policies, see your vendor documentation. You can now configure a log source for your Nokia Firewall in JSA.
OPSEC/LEA Log Source Parameters for Nokia Firewall
If JSA does not automatically detect the log source, add a Nokia Firewall log source on the JSA Console by using the OPSEC/LEA protocol.
When using the OPSEC/LEA protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect OPSEC/LEA events from Nokia Firewall:
Table 1: OPSEC/LEA Log Source Parameters for the Nokia Firewall DSM
Log Source type
Check Point FireWall-1
Log Source Identifier
Type an IP address, host name, or name to identify the event source. IP addresses or host names are better because they enable JSA to match a log file to a unique event source.