Fortinet black logo

External Systems Configuration Guide

CLM for Check Point Provider-1

Configuring CLM for Check Point Provider-1 Firewalls

Prequisites

  • You must first configure and discover the Check Point CLA and obtain the AO Client SIC before you can configure the Customer Log Module (CLM). The AO Client SIC is generated when you create the FortiSIEM OPSEC application.

Discover Paired Components on the Same Collector or Supervisor

Discovery of the MLM requires the certificate of the MDS, and discovery of the CLM requires the certificate of the CMA. Make sure that you discover the MDS & MLM pair, and the CMA & CLM pair, on the same Supervisor or Collector. If you attempt to discover them on separate Collectors, discovery will fail.

Configuration

Get CLM Server SIC for Creating FortiSIEM Access Credentials
  1. Log in to your Check Point SmartDomain Manager.
  2. Click the General tab.
  3. Select Domain Contents.
  4. Select the Domain Management Server and right-click to select Launch Application > Smart Dashboard.
  5. Select the Desktop tab.
  6. Click the Network Objects icon.
  7. Under Check Point, select the CLM host and double-click to open the General Properties dialog.
  8. Under Secure Internal Communication, click Test SIC Status... .
  9. In the SIC Status dialog, note the value for DN.
    This is the CLM Server SIC that you will use in setting up access credentials for the CLM in FortiSIEM.
  10. Click Close.
  11. Click OK.
Install the Database
  1. In the Actions menu, select Policy > Install Database... .
  2. Select the MDS Server and the CLM, and then OK.
    The database will install in both locations.

You can now configure FortiSIEM to communicate with your device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Settings for Access Credentials

Settings for Check Point Provider-1 Firewall CLM SSLCA Access Credentials

Use these Access Method Definition settings to allow FortiSIEM to access your Check Point Provider-1 Firewall CMA. When you complete the access credentials, click Generate Certificate to establish access between your firewall and FortiSIEM.

SettingValue
NameCLM
Device TypeCheckpoint Provider-1 CLM
Access ProtocolCheckPoint SSLCA
CLM IPThe IP address of the host where your CLM is located
Checkpoint LEA PortThe port used by LEA on your server
AO Client SICThe DN number of your FortiSIEM OPSEC application
CLM Server SICThe DN number of your server
CPMI PortThe port used by CPMI on your server
CMA IPThe IP address of the host where your CMA is located

Configuring CLM for Check Point Provider-1 Firewalls

Prequisites

  • You must first configure and discover the Check Point CLA and obtain the AO Client SIC before you can configure the Customer Log Module (CLM). The AO Client SIC is generated when you create the FortiSIEM OPSEC application.

Discover Paired Components on the Same Collector or Supervisor

Discovery of the MLM requires the certificate of the MDS, and discovery of the CLM requires the certificate of the CMA. Make sure that you discover the MDS & MLM pair, and the CMA & CLM pair, on the same Supervisor or Collector. If you attempt to discover them on separate Collectors, discovery will fail.

Configuration

Get CLM Server SIC for Creating FortiSIEM Access Credentials
  1. Log in to your Check Point SmartDomain Manager.
  2. Click the General tab.
  3. Select Domain Contents.
  4. Select the Domain Management Server and right-click to select Launch Application > Smart Dashboard.
  5. Select the Desktop tab.
  6. Click the Network Objects icon.
  7. Under Check Point, select the CLM host and double-click to open the General Properties dialog.
  8. Under Secure Internal Communication, click Test SIC Status... .
  9. In the SIC Status dialog, note the value for DN.
    This is the CLM Server SIC that you will use in setting up access credentials for the CLM in FortiSIEM.
  10. Click Close.
  11. Click OK.
Install the Database
  1. In the Actions menu, select Policy > Install Database... .
  2. Select the MDS Server and the CLM, and then OK.
    The database will install in both locations.

You can now configure FortiSIEM to communicate with your device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Settings for Access Credentials

Settings for Check Point Provider-1 Firewall CLM SSLCA Access Credentials

Use these Access Method Definition settings to allow FortiSIEM to access your Check Point Provider-1 Firewall CMA. When you complete the access credentials, click Generate Certificate to establish access between your firewall and FortiSIEM.

SettingValue
NameCLM
Device TypeCheckpoint Provider-1 CLM
Access ProtocolCheckPoint SSLCA
CLM IPThe IP address of the host where your CLM is located
Checkpoint LEA PortThe port used by LEA on your server
AO Client SICThe DN number of your FortiSIEM OPSEC application
CLM Server SICThe DN number of your server
CPMI PortThe port used by CPMI on your server
CMA IPThe IP address of the host where your CMA is located