Fortinet white logo
Fortinet white logo

External Systems Configuration Guide

Configuring MLM for Check Point Provider-1 Firewalls

Configuring MLM for Check Point Provider-1 Firewalls

Prerequisites

  • You must configure and discover your Check Point Provider-1 MDS before you configure the Multi-Domain Log Module (MLM). You will need the AO Client SIC that was generated when you created your FortiSIEM OPSEC application in the MDS to set up the access credentials for your MLM in FortiSIEM.

Discover Paired Components on the Same Collector or Supervisor

Discovery of the MLM requires the certificate of the MDS, and discovery of the CLM requires the certificate of the CMA. Make sure that you discover the MDS & MLM pair, and the CMA & CLM pair, on the same Supervisor or Collector. If you attempt to discover them on separate Collectors, discovery will fail.

Configuration

Get MLM Server SIC for Setting Up FortiSIEM Access Credentials
  1. Log in to your Check Point SmartDomain Manager.
  2. In the General tab, click Multi-Domain Server Contents.
  3. Right-click MLM and select Configure Multi-Domain Server....
  4. Next to Communication, note the value for DN.

You can now configure FortiSIEM to communicate with your device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Settings for Access Credentials

Settings for Check Point Provider-1 MLM SSLCA Access Credentials

Use these Access Method Definition settings to allow FortiSIEM to access your Check Point MLM over SSLCA.

SettingValue
NameMLM
Device TypeCheckpoint Provider-1 MLM
Access ProtocolCheckPoint SSLCA
MLM IPThe IPS address of your module
Checkpoint LEA PortThe port used by LEA on your server
AO Client SICThe DN number of your FortiSIEM OPSEC application
MLM Server SICThe DN number of your MLM
CPMI PortThe port used by CPMI on your server
MDS IPThe IP address of your MDS server

Configuring MLM for Check Point Provider-1 Firewalls

Configuring MLM for Check Point Provider-1 Firewalls

Prerequisites

  • You must configure and discover your Check Point Provider-1 MDS before you configure the Multi-Domain Log Module (MLM). You will need the AO Client SIC that was generated when you created your FortiSIEM OPSEC application in the MDS to set up the access credentials for your MLM in FortiSIEM.

Discover Paired Components on the Same Collector or Supervisor

Discovery of the MLM requires the certificate of the MDS, and discovery of the CLM requires the certificate of the CMA. Make sure that you discover the MDS & MLM pair, and the CMA & CLM pair, on the same Supervisor or Collector. If you attempt to discover them on separate Collectors, discovery will fail.

Configuration

Get MLM Server SIC for Setting Up FortiSIEM Access Credentials
  1. Log in to your Check Point SmartDomain Manager.
  2. In the General tab, click Multi-Domain Server Contents.
  3. Right-click MLM and select Configure Multi-Domain Server....
  4. Next to Communication, note the value for DN.

You can now configure FortiSIEM to communicate with your device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Settings for Access Credentials

Settings for Check Point Provider-1 MLM SSLCA Access Credentials

Use these Access Method Definition settings to allow FortiSIEM to access your Check Point MLM over SSLCA.

SettingValue
NameMLM
Device TypeCheckpoint Provider-1 MLM
Access ProtocolCheckPoint SSLCA
MLM IPThe IPS address of your module
Checkpoint LEA PortThe port used by LEA on your server
AO Client SICThe DN number of your FortiSIEM OPSEC application
MLM Server SICThe DN number of your MLM
CPMI PortThe port used by CPMI on your server
MDS IPThe IP address of your MDS server