SUMMARY Configure Configuration Source Management in JSA to connect to the Check Point SMS. Add
the OPSEC Application details from the SmartDashboard, and request a security certificate
from Check Point.
Configure the OPSEC application details in Configuration Source Management and set up the
certificate exchange. After the configuration is complete, use Configuration Source Management to
discover the new entry.
-
Log in to JSA as an administrator.
-
On the navigation menu, click Admin.
- Click Apps or scroll down to find the Configuration Source
Management icon.
- Click the Configuration Source Management icon.
- On the navigation menu, click Credentials.
- From the Network Groups pane, click the (+)
symbol.
- Type a name for the network group.
- In the Add address (IP, CIDR, Wildcard, or Range) field, type the IP
address of your SMS.
- Click (+) to add the IP address.
- Type your SMS SmartDashboard username and password.
To configure the OPSEC fields, use the information from the OPSEC Application
Properties window of the SmartDashboard, where you selected the
CPMI checkbox for the client entity.
- From the DN field, copy and paste this information into the
OPSEC Entity SIC Name field.
- Edit the entry that you pasted into the OPSEC Entity SIC Name by
replacing the CN= property value with: cp_mgmt_hostname where
<hostname> is the Host name that is used for the OPSEC
application Host field.
The following examples show an OPSEC Application DN and OPSEC Application Host, which is used to
create the Entity SIC Name:
Tip:
Use text from the OPSEC Application DN and the OPSEC Application Host to form the
Entity SIC Name:
The Entity SIC Name is
CN=cp_mgmt_Srvxxx-SMS,O=svxxx-CPSMS..bsaobx
The Entity SIC Name in this configuration is based on a Gateway to
Management Server setup. If your SMS IP address is not used as a gateway, use the Management Server
configuration from the table:
Table 1: Entity SIC Name FormatsType |
Name |
Management Server |
CN=cp_mgmt,O=<take_O_value_from_DN_field> |
Gateway to Management Server |
CN=cp_mgmt_<gateway_hostname>,O=<take_O_value
from_DN_field> |
- From the DN field, copy the entry, and paste this information into the
OPSEC Application Object SIC Name field.
- Click Get Certificate.
- Enter the SMS IP address in the Certificate Authority IP field.
- Enter the one-time password in the Pull Certificate Password
field.
The one-time password is from the Communication window in the
OPSEC Application Properties of the SmartDashboard, where you selected the
CPMI checkbox for the client entity.
- Click OK.
If successful, the OPSEC SSL Certificate field is populated and disabled
.
Verify that the Trust State property, in the
Communication window of the OPSEC Application Properties,
changes to Trust established.
The credentials are set up, and now you can run a discovery.
- On the navigation menu, click Discover From Check Point SMS.
- In the CPSMS IP Address field, type the IP address of the SMS.