Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Configuring MLM for Check Point Provider-1 Firewalls

Prerequisites

  • You must configure and discover your Check Point Provider-1 MDS before you configure the Multi-Domain Log Module (MLM). You will need the AO Client SIC that was generated when you created your FortiSIEM OPSEC application in the MDS to set up the access credentials for your MLM in FortiSIEM.

Discover Paired Components on the Same Collector or Supervisor

Discovery of the MLM requires the certificate of the MDS, and discovery of the CLM requires the certificate of the CMA. Make sure that you discover the MDS & MLM pair, and the CMA & CLM pair, on the same Supervisor or Collector. If you attempt to discover them on separate Collectors, discovery will fail.  

Configuration

Get MLM Server SIC for Setting Up FortiSIEM Access Credentials
  1. Log in to your Check Point SmartDomain Manager.
  2. In the General tab, click Multi-Domain Server Contents.
  3. Right-click MLM and select Configure Multi-Domain Server....
  4. Next to Communication, note the value for DN.

You can now configure FortiSIEM to communicate with your device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Settings for Access Credentials

Settings for Check Point Provider-1 MLM SSLCA Access Credentials

Use these Access Method Definition settings to allow FortiSIEM to access your Check Point MLM over SSLCA.

Setting Value
Name MLM
Device Type Checkpoint Provider-1 MLM
Access Protocol CheckPoint SSLCA
MLM IP The IPS address of your module
Checkpoint LEA Port The port used by LEA on your server
AO Client SIC The DN number of your FortiSIEM OPSEC application
MLM Server SIC The DN number of your MLM
CPMI Port The port used by CPMI on your server
MDS IP The IP address of your MDS server

Configuring MLM for Check Point Provider-1 Firewalls

Prerequisites

  • You must configure and discover your Check Point Provider-1 MDS before you configure the Multi-Domain Log Module (MLM). You will need the AO Client SIC that was generated when you created your FortiSIEM OPSEC application in the MDS to set up the access credentials for your MLM in FortiSIEM.

Discover Paired Components on the Same Collector or Supervisor

Discovery of the MLM requires the certificate of the MDS, and discovery of the CLM requires the certificate of the CMA. Make sure that you discover the MDS & MLM pair, and the CMA & CLM pair, on the same Supervisor or Collector. If you attempt to discover them on separate Collectors, discovery will fail.  

Configuration

Get MLM Server SIC for Setting Up FortiSIEM Access Credentials
  1. Log in to your Check Point SmartDomain Manager.
  2. In the General tab, click Multi-Domain Server Contents.
  3. Right-click MLM and select Configure Multi-Domain Server....
  4. Next to Communication, note the value for DN.

You can now configure FortiSIEM to communicate with your device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Settings for Access Credentials

Settings for Check Point Provider-1 MLM SSLCA Access Credentials

Use these Access Method Definition settings to allow FortiSIEM to access your Check Point MLM over SSLCA.

Setting Value
Name MLM
Device Type Checkpoint Provider-1 MLM
Access Protocol CheckPoint SSLCA
MLM IP The IPS address of your module
Checkpoint LEA Port The port used by LEA on your server
AO Client SIC The DN number of your FortiSIEM OPSEC application
MLM Server SIC The DN number of your MLM
CPMI Port The port used by CPMI on your server
MDS IP The IP address of your MDS server