Nortel Switched Firewall 6000
A JSA Nortel Switched Firewall 6000 DSM records all relevant firewall events by using either syslog or OPSEC.
Before you configure a Nortel Switched Firewall device in JSA, you must configure your device to send events to JSA.
The following information is about configuring a Nortel Switched Firewall 6000 device with JSA by using one of the following methods:
Configuring Syslog for Nortel Switched Firewalls
This method ensures the JSA Nortel Switched Firewall 6000 DSM accepts events by using syslog.
To configure your Nortel Switched Firewall 6000:
Log into your Nortel Switched Firewall device command-line interface (CLI).
Type the following command:
/cfg/sys/log/syslog/add
Type the IP address of your JSA system at the following prompt:
Enter IP address of syslog server:
A prompt is displayed to configure the severity level.
Configure info as the severity level.
For example,
Enter minimum logging severity
(emerg | alert | crit | err | warning | notice | info | debug): info
A prompt is displayed to configure the facility.
Configure auto as the local facility.
For example,
Enter the local facility (auto | local0-local7): auto
Apply the configuration:
apply
You can now configure the log source in JSA.
To configure JSA to receive events from a Nortel Switched Firewall 6000 using syslog: From the Log Source Type list, select the Nortel Switched Firewall 6000 option.
Configuring OPSEC for Nortel Switched Firewalls
This method ensures the JSA Nortel Switched Firewall 6000 DSM accepts Check Point FireWall-1 events by using OPSEC.
Depending on your Operating System, the procedures for the Check Point SmartCenter Server can vary. The following procedures are based on the Check Point SecurePlatform Operating system.
To enable Nortel Switched Firewall and JSA integration, take the following steps:
Reconfigure Check Point SmartCenter Server. See Reconfiguring the Check Point SmartCenter Server.
Configure the OPSEC LEA protocol in JSA.
To configure JSA to receive events from a Check Point SmartCenter Server that uses OPSEC LEA, you must select the LEA option from the Protocol Configuration list when you configure LEA.
Configure the log source in JSA.
To configure JSA to receive events from a Nortel Switched Firewall 6000 device using OPSEC you must select the Nortel Switched Firewall 6000 option from the Log Source Type list.
Reconfiguring the Check Point SmartCenter Server
In the Check Point SmartCenter Server, you can create a host object that represents the JSA system. The leapipe is the connection between the Check Point SmartCenter Server and JSA.
To reconfigure the Check Point SmartCenter Server:
To create a host object, open the Check Point SmartDashboard user interface and select Manage >Network Objects >New >Node >Host.
Type the Name, IP address, and type a comment for your host if you want.
Click OK.
Select Close.
To create the OPSEC connection, select Manage >Servers and OPSEC applications >New >OPSEC Application Properties.
Type the Name, and type a comment if you want.
The name that you type must be different from the name in Step 2.
From the Host drop-down menu, select the host object that you have created in Step 1.
From Application Properties, select User Defined as the vendor.
From Client Entries, select LEA.
Click OK and then click Close.
To install the Security Policy on your firewall, select Policy >Install >OK.
The configuration is complete.