Nortel Switched Firewall 5100
A JSA Nortel Switched Firewall 5100 DSM records all relevant firewall events by using either syslog or OPSEC.
Before you configure a Nortel Switched Firewall device in JSA, you must configure your device to send events to JSA.
See information about configuring a Nortel Switched Firewall by using one the following methods:
Integrating Nortel Switched Firewall by Using Syslog
This method ensures the JSA Nortel Switched Firewall 5100 DSM accepts events by using syslog.
To configure your Nortel Switched Firewall 5100:
Log into your Nortel Switched Firewall device command-line interface (CLI).
Type the following command:
/cfg/sys/log/syslog/add
Type the IP address of your JSA system at the following prompt:
Enter IP address of syslog server:
A prompt is displayed to configure the severity level.
Configure info as the severity level.
For example,
Enter minimum logging severity
(emerg | alert | crit | err | warning | notice | info | debug): info
A prompt is displayed to configure the facility.
Configure auto as the local facility.
For example,
Enter the local facility (auto | local0-local7): auto
Apply the configuration:
apply
Repeat for each firewall in your cluster.
You are now ready to configure the log source in JSA.
To configure JSA to receive events from a Nortel Switched Firewall 5100 device by using syslog: From the Log Source Type list, select the Nortel Switched Firewall 5100 option.
Integrate Nortel Switched Firewall by Using OPSEC
This method ensures the JSA Nortel Switched Firewall 5100 DSM accepts Check Point FireWall-1 events by using OPSEC.
Depending on your Operating System, the procedures for the Check Point SmartCenter Server can vary. The following procedures are based on the Check Point SecurePlatform Operating system.
To enable Nortel Switched Firewall and JSA integration, take the following steps:
Reconfigure Check Point SmartCenter Server.
Configure the log source in JSA.
Configuring a Log Source
Configure the log source in JSA.
To configure JSA to receive events from a Nortel Switched Firewall 5100 device that uses OPSEC, you must select the Nortel Switched Firewall 5100 option from the Log Source Type list.
To configure JSA to receive events from a Check Point SmartCenter Server that uses OPSEC LEA, you must select the LEA option from the Protocol Configuration list when you configure your protocol configuration.