Submit a ticketCall us

Bridging the ITSM Divide
Integrated help desk and remote support software for faster resolution

Join us on Wednesday, November 29, 2017 at 11 a.m. CT, as we discuss the benefits of effectively integrating your help desk software with remote support solutions to help increase the efficiency of IT administration, improve communication, and decrease mean time to resolution (MTTR) for IT issues of all sizes. This directly impacts end-user satisfaction and your business’ bottom line. Register Now.

Home > Success Center > Firewall Security Manager (FSM) > Configure Check Point to allow the FSM server to collect log files

Configure Check Point to allow the FSM server to collect log files

Created by Randall Harwood, last modified by Mariusz Handke on Oct 11, 2017

Views: 46 Votes: 0 Revisions: 10

Overview

This article describes how to configure CheckPoint to allow the FSM server to collect log files.

Environment

FSM 6.6

Steps

The Check Point management server uses a certificate to establish a secure connection with the FSM server so it can collect logs. Use the following procedures to:

  1. Generate the Check Point certificate.
  2. Transfer the certificate to the FSM server.
  3. Configure the Check Point log collector on the FSM server.

Important: All of the steps in these procedures are critical. If you skip a step, the FSM configuration will fail, which requires additional work to reset the connection to the Check Point management server. For additional information, see Reset Procedure below.

Requirements

The procedures in this article require the following conditions and information:

  • Network connectivity between the Check Point management server and the FSM server. This requires the following ports to be open:
    • tcp/18184
    • tcp/18210
    Note: The FSM server and LEA server should not be in separate remote sites.
  • At least 30GB disk space on the FSM server.
  • The IP address of the Check Point management server.
  • The IP address and hostname of the FSM server.
  • If your LEA server is not hosted on the Check Point management server, the IP address and hostname of the LEA server.
  • A text editor like Notepad to store information used across multiple steps.

Check Point Configuration Procedure

Complete the following procedure on the Check Point management server. This procedure creates a Check Point OPSEC object on the Check Point management server for the FSM server and generates the requisite security certificate.

To create the FSM OPSEC object on the Check Point management server:

  1. Open the Check Point SmartDashboard, and then connect to the Check Point management server.
  2. Click the Manage menu, and then select Servers and OPSEC Applications.
  3. In the Servers and OPSEC Applications window, click New and select OPSEC Application.
  4. Enter a name for the FSM OPSEC application. For example, enter FSM_LEA.
  5. Next to the Host field, click New to configure your FSM server as the host for the new application:
    1. Enter the hostname of your FSM server in the Name field.
    2. Next to the IP Address field, click Resolve from Name to automatically populate the IP Address field with your FSM server's IP address. If the Check Point management server cannot resolve the IP address, manually enter it.
    3. Click OK.
  6. Under Client Entities, select LEA.
  7. Under Secure Internal Communication, click Communication to set the one-time password that will be used to establish trust between your FSM server and Check Point management server:
    1. Enter and confirm a one-time password in the fields provided.
      Important: Note this password in your text editor. You will need it for a later step.
    2. Click Initialize.
    3. If the initialization is successful, the Trust state value will change to Initialized but trust not established.
    4. Click Close.
  8. Click OK.
  9. Back in the Servers and OPSEC Applications window, select the application you just created, and then click Edit to open the OPSEC Application Properties window:
    1. Under Secure Internal Communication, copy the value in the DN field into your text editor. You will need it for a later step.
    2. Close the OPSEC Application Properties window.
  10. Close the Servers and OPSEC Applications window.
  11. Back in the main SmartDashboard window, click the Policy menu, select Install Database, and then specify the Check Point hosts on which to install the new OPSEC application object:
    1. Select the hosts you want to specify. If the LEA server is separate from the management server, be sure to select it too.
    2. Click OK.
    3. After the install process finishes, click Close.
  12. Click the File menu, and then select Save to save the new object.

FSM Configuration Procedure

Complete the following procedure in the FSM console to configure the Check Point Log Collector. Do not complete this procedure until you have met the requirements and completed the procedure noted previously.

To configure the Check Point Log Collector in FSM:

  1. In the FSM console, select all of the firewalls for which the Check Point management server hosts policy packages.
  2. Click the Optimize menu, and then select Configure Check Point Log Collector.
  3. In the Check Point Log Collector dialog, enter the IP address of the Check Point management server in the Management Server IP Address field.
  4. In the FirePAC OPSEC SIC DN field, enter the DN you copied in Step 9a of the previous procedure.
  5. In the Activation Key field, enter the password you set in Step 7a of the previous procedure.
  6. If your LEA server is not hosted on the Check Point management server,select LEA Server is different from Management Server, and then complete the following steps:
    1. In the LEA Server IP Address field, enter the IP address of the LEA server.
    2. In the LEA Server DN field, enter the DN of the LEA server. This is identical to the FSM DN you copied in Step 9a of the previous procedure, except the LEA DN will have the LEA server's hostname in the CN parameter.
      Note: The Check Point R75 management server does not show the DN for the LEA server.
  7. Click Finish.

If the FSM server is able to establish a connection to the Check Point management server, it uses the Activation Key to pull the requisite certificate from the management server. After FSM establishes this secure connection, the connection is ongoing unless the IP address for the log collector host changes.

If the FSM server is not able to establish a connection to the Check Point management server, complete the procedure in the following section to reset the OPSEC connection.

Reset Procedure

Complete the following procedure only if the LEA setup fails. This procedure resets the OPSEC connection between the FSM server and the Check Point management server.

To reset the OPSEC connection:

  1. Open the Check Point SmartDashboard, and then connect to the Check Point application server.
  2. Click the Manage menu, and then select Servers and OPSEC Applications.
  3. Select the OPSEC application for your FSM server, and then click Edit to open the OPSEC Application Properties window:
    1. Under Secure Internal Communication, click Communication.
    2. In the Communications dialog, click Reset, and then click Yes to confirm.
    3. When the reset finishes, repeat the previous procedures, starting with Step 7a of the first procedure.

 

 

Last modified

Tags

Classifications

Public